danny889 utworzono 5 października 2013 utworzono 5 października 2013 Witam. Ostatnio mam problemy z bramką VOIP, chciałbym się upewnić że system jest czysty. Ponadto prosiłbym o pomoc jak wyłączyć pewne procesy które aktywują się od razu przy starcie systemu jak np KIES ( oprogramowanie do telefonu od samsuga. mało go używam a zawsze proces jest aktywny i zabiera pamięc ). Zresztą pewnie wszystko wyjdzie w logach ;) OTL LOG [log] OTL logfile created on: 2013-10-05 12:19:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Pulpit\skan Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 281,39 Mb Available Physical Memory | 27,49% Memory free 2,40 Gb Paging File | 1,68 Gb Available in Paging File | 70,03% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 23,51 Gb Free Space | 48,15% Space Free | Partition Type: NTFS Drive D: | 100,21 Gb Total Space | 76,40 Gb Free Space | 76,24% Space Free | Partition Type: NTFS Computer Name: DOM | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ========== PRC - [2013-10-05 12:07:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\skan\OTL.exe PRC - [2013-08-15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe PRC - [2013-08-01 13:08:00 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013-08-01 13:03:26 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2013-07-26 21:43:52 | 000,844,656 | ---- | M] (Samsung) -- D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013-07-26 21:43:46 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Program Files\Kies\KiesTrayAgent.exe PRC - [2013-07-26 21:43:44 | 001,564,016 | ---- | M] (Samsung) -- D:\Program Files\Kies\Kies.exe PRC - [2013-07-23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe PRC - [2013-07-10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe PRC - [2013-07-04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe PRC - [2013-07-04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe PRC - [2013-07-04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe PRC - [2013-06-08 14:58:43 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Admin\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe PRC - [2013-03-18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe PRC - [2012-09-23 16:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011-01-17 19:01:46 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011-01-17 19:01:46 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009-07-20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008-04-14 23:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-03-02 17:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe========== Modules (No Company Name) ========== MOD - [2013-09-12 09:41:41 | 016,177,544 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll MOD - [2013-08-15 12:04:13 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll MOD - [2013-08-15 12:02:13 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\14d1a28674a9f78c5759e7dcf74a13fd\System.Configuration.ni.dll MOD - [2013-08-15 11:26:20 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll MOD - [2013-08-15 11:23:56 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\2bd89ed2dc0f585328fd1ac4c5a206dd\System.Core.ni.dll MOD - [2013-08-15 11:23:06 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a283b4d76562af1ff279d465f5488d8c\PresentationFramework.ni.dll MOD - [2013-08-15 00:54:49 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\6c1a100fe556c7d391f4d1681ab3c615\PresentationCore.ni.dll MOD - [2013-08-15 00:54:23 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\64441cc39259974a2c3cdf0702a8beb3\WindowsBase.ni.dll MOD - [2013-08-15 00:53:59 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll MOD - [2013-08-15 00:52:56 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2013-07-23 10:00:44 | 017,223,680 | ---- | M] () -- D:\Program Files\Kies\Theme\Kies.Theme.dll MOD - [2013-07-23 09:58:52 | 000,564,736 | ---- | M] () -- D:\Program Files\Kies\Common\Kies.UI.dll MOD - [2013-07-18 14:52:28 | 000,036,352 | ---- | M] () -- D:\Program Files\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll MOD - [2013-07-18 14:51:44 | 000,023,040 | ---- | M] () -- D:\Program Files\Kies\MVVM\Kies.MVVM.dll MOD - [2013-07-18 14:34:48 | 000,057,856 | ---- | M] () -- D:\Program Files\Kies\External\MediaModules\ASF_cSharpAPI.dll MOD - [2013-07-11 05:16:27 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll MOD - [2012-12-16 11:30:24 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2008-04-14 23:50:38 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll========== Services (SafeList) ========== SRV - [2013-09-19 19:41:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-08-01 13:08:00 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013-07-23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2013-07-04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013-06-21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-09-23 16:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2009-07-20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013-09-10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013-09-05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2013-07-20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx) DRV - [2013-07-20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013-07-20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013-07-20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013-07-01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013-06-21 02:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2013-06-21 02:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2013-03-21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012-12-26 14:51:21 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012-12-15 15:04:10 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2012-07-03 17:25:19 | 000,124,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2007-07-18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2006-11-27 17:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006-11-27 17:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006-10-18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata) DRV - [2006-06-19 00:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)========== Standard Registry (SafeList) ==================== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/?pid=34&r=2013/02/02&hid=4237285098&lg=EN&cc=PL IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.good-results.info/?l=1&q={searchTerms}&pid=34&r=2013/02/02&hid=4237285098&lg=EN&cc=PL IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=D89D00241D107220&affID=119357&tsp=4991 IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D89D00241D107220&affID=119357&tsp=4991 IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.good-results.info/?l=1&q={searchTerms}&pid=34&r=2013/02/02&hid=4237285098&lg=EN&cc=PL IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013-08-17 10:34:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013-01-12 14:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions [2013-08-31 23:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - Extension: Dokumenty Google = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Dysk Google = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ CHR - Extension: Gmail = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (SweetIM Toolbar) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [KiesTrayAgent] D:\Program Files\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003..\Run: [] D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003..\Run: [AVG-Secure-Search-Update_0913b] C:\Documents and Settings\Admin\Dane aplikacji\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f24ebc066d994aef88a35df57bbede91-0bb1c7f1eb36951b539addb6694f0f009f51487b --CMPID 0913b File not found O4 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003..\Run: [KiesAirMessage] D:\Program Files\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003..\Run: [KiesPreload] D:\Program Files\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003..\Run: [Spotify Web Helper] C:\Documents and Settings\Admin\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1482476501-1078081533-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72543206-BEBF-4EB1-BB8B-FFFC5DB6F30D}: DhcpNameServer = 8.8.8.8 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-12-15 13:37:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2013-09-02 20:31:14 | 000,444,754 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O33 - MountPoints2\{de2d6ce6-476d-11e2-b84a-00241d107220}\Shell\AutoRun\command - "" = G:\__eego\eego.exe O33 - MountPoints2\{de2d6ce6-476d-11e2-b84a-00241d107220}\Shell\verb0\command - "" = G:\__eego\eego.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)========== Files/Folders - Created Within 30 Days ========== [2013-10-05 12:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\skan [2013-10-04 19:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\GIGABYTE [2013-09-27 20:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome [2013-09-27 20:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Deployment [2013-09-15 22:13:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent [2013-09-15 14:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013-09-13 16:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\CrashDump [2013-09-13 09:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AVG [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ] [290 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ========== [2013-10-05 12:15:50 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2013-10-05 12:14:01 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013-10-05 12:13:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-10-05 11:44:22 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013-10-05 11:43:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2013-10-05 11:41:16 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013-10-05 11:16:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-10-04 10:18:45 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2013-09-28 09:59:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2013-09-25 10:39:56 | 000,143,399 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Faktura VAT nr FS-78480_13_L.pdf [2013-09-24 10:25:54 | 001,295,722 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20130924_102555.jpg [2013-09-24 10:25:52 | 001,292,802 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20130924_102551.jpg [2013-09-24 09:49:22 | 001,317,308 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20130924_094922.jpg [2013-09-24 09:49:18 | 001,400,109 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20130924_094916.jpg [2013-09-21 14:43:34 | 061,765,253 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Vademecum Matematyka - Matura Rozszerzona Operon 2010.pdf [2013-09-19 19:41:35 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013-09-19 19:41:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013-09-17 10:39:53 | 001,459,379 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20130917_103953.jpg [2013-09-17 10:39:47 | 001,556,215 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20130917_103947.jpg [2013-09-13 09:54:54 | 000,220,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013-09-13 09:35:27 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG 2013.lnk [2013-09-10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys [290 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ========== [2013-09-28 17:50:17 | 001,317,308 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20130924_094922.jpg [2013-09-28 17:50:17 | 001,295,722 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20130924_102555.jpg [2013-09-28 17:50:17 | 001,292,802 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20130924_102551.jpg [2013-09-28 17:50:16 | 001,400,109 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20130924_094916.jpg [2013-09-27 20:29:48 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2013-09-27 20:28:09 | 000,001,034 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013-09-27 20:28:09 | 000,001,030 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013-09-25 10:39:55 | 000,143,399 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Faktura VAT nr FS-78480_13_L.pdf [2013-09-21 14:41:33 | 061,765,253 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Vademecum Matematyka - Matura Rozszerzona Operon 2010.pdf [2013-09-17 12:18:46 | 001,556,215 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20130917_103947.jpg [2013-09-17 12:18:46 | 001,459,379 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20130917_103953.jpg [2013-08-25 23:33:14 | 000,129,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2013-07-18 14:32:38 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2013-07-18 14:32:34 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2013-07-18 14:32:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2013-07-18 14:32:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2013-07-18 14:32:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2013-06-18 12:58:44 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Admin\Dane aplikacji\skype.ini [2013-06-18 10:56:23 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini [2013-01-08 17:22:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2013-01-06 20:34:21 | 000,167,936 | ---- | C] () -- C:\Documents and Settings\Admin\Dane aplikacji\skype.dat [2012-12-25 18:54:57 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012-12-16 11:45:20 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-12-16 11:00:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2012-12-16 11:00:15 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2012-12-15 15:59:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat [2012-12-15 15:43:25 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012-12-15 15:43:25 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012-12-15 15:43:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012-12-15 15:43:09 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012-12-15 15:41:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-12-15 14:52:59 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012-12-15 14:48:11 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2012-12-15 14:25:36 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012-12-15 14:24:13 | 000,220,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-12-15 13:39:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012-12-15 13:34:06 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat========== ZeroAccess Check ========== [2013-03-06 20:16:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012-10-31 13:32:21 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 12:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 23:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both========== LOP Check ========== [2013-08-01 12:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\AVG2013 [2013-08-31 23:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Babylon [2013-09-03 11:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\DAEMON Tools Lite [2012-12-25 21:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu [2012-12-15 15:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10 [2013-10-05 12:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\GG [2012-12-30 15:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\NapiProjekt [2012-12-16 11:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\OpenOffice.org [2012-12-15 15:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Opera [2013-03-06 20:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Podatnik.info [2013-09-13 16:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Samsung [2013-02-02 12:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\SendSpace [2013-06-08 16:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Spotify [2012-12-16 13:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Thunderbird [2013-08-01 12:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\TuneUp Software [2013-10-02 22:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent [2013-08-15 15:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG2013 [2013-08-31 23:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon [2013-08-01 15:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Browse2save [2012-12-26 15:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2013-09-03 11:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FelCAD [2012-12-15 15:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2013-01-01 17:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG [2013-10-04 19:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GIGABYTE [2013-02-08 16:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate [2013-10-05 11:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData [2013-02-02 12:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RightClick [2013-08-25 17:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Samsung [2013-09-16 13:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SystemRequirementsLab [2013-08-15 11:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\TuneUp Software========== Purity Check ========== < End of report > [/log] EXTRAS [log] OTL Extras logfile created on: 2013-10-05 12:19:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Pulpit\skan Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 281,39 Mb Available Physical Memory | 27,49% Memory free 2,40 Gb Paging File | 1,68 Gb Available in Paging File | 70,03% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 23,51 Gb Free Space | 48,15% Space Free | Partition Type: NTFS Drive D: | 100,21 Gb Total Space | 76,40 Gb Free Space | 76,24% Space Free | Partition Type: NTFS Computer Name: DOM | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) "C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "D:\Download\half-life\hl.exe" = D:\Download\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve) "D:\Program Files\SopCast\SopCast.exe" = D:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application "C:\Documents and Settings\Admin\Dane aplikacji\Spotify\spotify.exe" = C:\Documents and Settings\Admin\Dane aplikacji\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd) "D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.) "D:\Program Files\Winamp\winamp.exe" = D:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalator AVG -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\NapiProjekt\napisy.exe" = C:\Program Files\NapiProjekt\napisy.exe:*:Enabled:NapiProjekt -- () "C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Ochrona Sieci -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:Diagnostyka AVG 2013 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Uniwersalny skaner poczty email -- (AVG Technologies CZ, s.r.o.)========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3 "{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9BFD3F1F-E5FD-4358-988F-FC9A9446286D}" = System Requirements Lab (Test) "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Polish "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 306.81 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 306.81 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{c5f1e590-7c8e-4528-9f0b-9eec5e70a961}" = Nero 9 Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{E362724E-9320-4946-AF34-874E7B6B2927}" = System Requirements Lab CYRI "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVG" = AVG 2013 "CCleaner" = CCleaner "DAEMON Tools Lite" = DAEMON Tools Lite "Google Chrome" = Google Chrome "Heroes of Might and Magic III - Złota Edycja_is1" = Heroes of Might and Magic III - Złota Edycja "ie8" = Windows Internet Explorer 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 9.6.5 (Full) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Thunderbird 17.0.8 (x86 pl)" = Mozilla Thunderbird 17.0.8 (x86 pl) "NapiProjekt_is1" = NapiProjekt (2.1.1.2314) "NVIDIA Drivers" = NVIDIA Drivers "Opera 12.16.1860" = Opera 12.16 "uTorrent" = µTorrent "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR 4.20 (32-bitowy) "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GG" = GG "MyFreeCodec" = MyFreeCodec "Spotify" = Spotify "Winamp Detect" = Detektor Winampa========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-06-25 16:28:34 | Computer Name = DOM | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący błąd d3d9.dll, wersja 5.3.2600.5512, adres błędu 0x00089eab. Error - 2013-06-25 16:35:26 | Computer Name = DOM | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący błąd d3d9.dll, wersja 5.3.2600.5512, adres błędu 0x00089eab. Error - 2013-06-25 16:51:56 | Computer Name = DOM | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący błąd d3d9.dll, wersja 5.3.2600.5512, adres błędu 0x00089eab. Error - 2013-07-02 07:13:58 | Computer Name = DOM | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2013-07-25 09:31:29 | Computer Name = DOM | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca opera.exe, wersja 12.15.1748.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2013-07-29 04:37:23 | Computer Name = DOM | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd opera.exe, wersja 12.15.1748.0, moduł powodujący błąd opera.dll, wersja 12.15.1748.0, adres błędu 0x00232550. Error - 2013-08-15 05:43:11 | Computer Name = DOM | Source = MsiInstaller | ID = 10005 Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 — Błąd 27007. CA_Error27007: Wait4StartWD(0xC0070426): Oczekiwanie na uruchomienie usługi watchdog nie powiodło się Error - 2013-08-15 05:43:11 | Computer Name = DOM | Source = MsiInstaller | ID = 10005 Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 — Błąd 27007. CA_Error27007: Wait4StartWD(0xC0070426): Oczekiwanie na uruchomienie usługi watchdog nie powiodło się Error - 2013-08-19 07:37:43 | Computer Name = DOM | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca explorer.exe, wersja 6.0.2900.5512, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2013-09-07 06:47:03 | Computer Name = DOM | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd opera.exe, wersja 12.16.1860.0, moduł powodujący błąd ntdll.dll, wersja 5.1.2600.6055, adres błędu 0x00019af2. [ System Events ] Error - 2013-09-29 12:21:37 | Computer Name = DOM | Source = Service Control Manager | ID = 7006 Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd: %%5. Error - 2013-09-30 02:47:37 | Computer Name = DOM | Source = Service Control Manager | ID = 7006 Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd: %%5. Error - 2013-09-30 13:48:29 | Computer Name = DOM | Source = Service Control Manager | ID = 7006 Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd: %%5. Error - 2013-10-01 01:57:54 | Computer Name = DOM | Source = Service Control Manager | ID = 7006 Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd: %%5. Error - 2013-10-01 07:16:52 | Computer Name = DOM | Source = Service Control Manager | ID = 7006 Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd: %%5. Error - 2013-10-02 01:40:31 | Computer Name = DOM | Source = Service Control Manager | ID = 7006 Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd: %%5. Error - 2013-10-02 10:09:29 | Computer Name = DOM | Source = Service Control Manager | ID = 7006 Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd: %%5. Error - 2013-10-03 03:55:24 | Computer Name = DOM | Source = Service Control Manager | ID = 7006 Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd: %%5. Error - 2013-10-04 02:43:53 | Computer Name = DOM | Source = Service Control Manager | ID = 7006 Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd: %%5. Error - 2013-10-05 05:17:10 | Computer Name = DOM | Source = Service Control Manager | ID = 7006 Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił następujący błąd: %%5. < End of report > [/log] RSIT LOG [log] Logfile of random's system information tool 1.09 (written by random/random) Run by Admin at 2013-10-05 12:31:21 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 24 GB (48%) free of 50 GB Total RAM: 1023 MB (13% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:31:32, on 2013-10-05 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG2013\avgui.exe D:\Program Files\Kies\KiesTrayAgent.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Admin\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe D:\Program Files\Kies\Kies.exe D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Admin\Pulpit\skan\RSIT.exe C:\Program Files\trend micro\Admin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=D89D00241D107220&affID=119357&tsp=4991 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/?pid=34&r=2013/02/02&hid=4237285098&lg=EN&cc=PL R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: SweetIM Toolbar - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [KiesTrayAgent] D:\Program Files\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Admin\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [KiesPreload] D:\Program Files\Kies\Kies.exe /preload O4 - HKCU\..\Run: [KiesAirMessage] D:\Program Files\Kies\KiesAirMessage.exe -startup O4 - HKCU\..\Run: [] D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0913b] C:\Documents and Settings\Admin\Dane aplikacji\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f24ebc066d994aef88a35df57bbede91-0bb1c7f1eb36951b539addb6694f0f009f51487b --CMPID 0913b O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-21-1482476501-1078081533-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 7675 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-01 463272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-01 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-09-23 15512424] "NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login [] "nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-09-23 1634112] "BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-12 663552] "ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816] "AVG_UI"=C:\Program Files\AVG\AVG2013\avgui.exe [2013-08-15 4411440] "KiesTrayAgent"=D:\Program Files\Kies\KiesTrayAgent.exe [2013-07-26 311152] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Spotify Web Helper"=C:\Documents and Settings\Admin\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe [2013-06-08 1104384] "KiesPreload"=D:\Program Files\Kies\Kies.exe [2013-07-26 1564016] "KiesAirMessage"=D:\Program Files\Kies\KiesAirMessage.exe -startup [] ""=D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-07-26 844656] "AVG-Secure-Search-Update_0913b"=C:\Documents and Settings\Admin\Dane aplikacji\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f24ebc066d994aef88a35df57bbede91-0bb1c7f1eb36951b539addb6694f0f009f51487b --CMPID 0913b [] C:\Documents and Settings\Admin\Menu Start\Programy\Autostart OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= scecli scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10" "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe" "C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\Download\half-life\hl.exe"="D:\Download\half-life\hl.exe:*:Enabled:Half-Life Launcher" "D:\Program Files\SopCast\SopCast.exe"="D:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Documents and Settings\Admin\Dane aplikacji\Spotify\spotify.exe"="C:\Documents and Settings\Admin\Dane aplikacji\Spotify\spotify.exe:*:Enabled:Spotify" "D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "D:\Program Files\Winamp\winamp.exe"="D:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\AVG\AVG2013\avgmfapx.exe"="C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalator AVG" "C:\Program Files\NapiProjekt\napisy.exe"="C:\Program Files\NapiProjekt\napisy.exe:*:Enabled:NapiProjekt" "C:\Program Files\AVG\AVG2013\avgnsx.exe"="C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Ochrona Sieci" "C:\Program Files\AVG\AVG2013\avgdiagex.exe"="C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:Diagnostyka AVG 2013" "C:\Program Files\AVG\AVG2013\avgemcx.exe"="C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Uniwersalny skaner poczty email" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2013-10-05 12:31:23 ----D---- C:\Program Files\trend micro 2013-10-05 12:31:21 ----D---- C:\rsit 2013-10-04 19:34:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\GIGABYTE 2013-09-15 14:38:04 ----D---- C:\Program Files\Google 2013-09-13 09:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$ 2013-09-13 09:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$ 2013-09-13 09:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$ ======List of files/folders modified in the last 1 month====== 2013-10-05 12:31:23 ----RD---- C:\Program Files 2013-10-05 12:31:22 ----D---- C:\WINDOWS\Prefetch 2013-10-05 12:30:45 ----D---- C:\WINDOWS\system32\CatRoot2 2013-10-05 12:16:32 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\GG 2013-10-05 12:14:50 ----D---- C:\WINDOWS\Temp 2013-10-05 12:12:29 ----A---- C:\WINDOWS\SchedLgU.Txt 2013-10-05 11:24:39 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2013-10-04 10:20:32 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Skype 2013-10-02 22:42:39 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent 2013-09-28 09:59:01 ----A---- C:\WINDOWS\BRWMARK.INI 2013-09-28 09:53:48 ----D---- C:\WINDOWS\system32 2013-09-27 20:33:02 ----SHD---- C:\WINDOWS\Installer 2013-09-27 20:28:09 ----SD---- C:\WINDOWS\Tasks 2013-09-19 19:41:35 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe 2013-09-17 08:29:29 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Winamp 2013-09-16 13:34:18 ----D---- C:\Program Files\SystemRequirementsLab 2013-09-16 13:34:17 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\SystemRequirementsLab 2013-09-16 11:13:55 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Media Player Classic 2013-09-16 10:07:07 ----D---- C:\WINDOWS 2013-09-13 16:57:56 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Samsung 2013-09-13 09:35:16 ----HD---- C:\WINDOWS\inf 2013-09-13 09:35:16 ----D---- C:\WINDOWS\system32\drivers 2013-09-13 09:12:17 ----RSHDC---- C:\WINDOWS\system32\dllcache 2013-09-13 09:11:38 ----D---- C:\Program Files\Internet Explorer 2013-09-13 09:11:23 ----D---- C:\WINDOWS\ie8updates 2013-09-07 10:43:14 ----D---- C:\Program Files\Opera ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2013-07-20 60216] R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2013-07-20 246072] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2013-07-01 96568] R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2013-09-05 39224] R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-10-18 105472] R0 ohci1394;Kontroler hosta IEEE 1394 VIA zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43520] R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2013-07-20 208184] R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22328] R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2013-07-20 171320] R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2013-03-21 182072] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-12-26 242240] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-09-23 12557728] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2012-07-03 124264] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-06-21 84248] S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-06-21 181912] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312] R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-08-01 182184] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208] R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-09-23 164200] R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-09-23 1258856] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-27 116648] S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-06-21 162408] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19 257416] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-27 116648] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- [/log] INFO [log] info.txt logfile of random's system information tool 1.09 2013-10-05 12:31:34 ======Uninstall list====== -->MsiExec /X{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent-->"D:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe -maintain plugin Adobe Reader XI (11.0.03) - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-AB0000000001} Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d} Aktualizacja dla systemu Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB2661254-v2)-->"C:\WINDOWS\$NtUninstallKB2661254-v2$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB2736233)-->"C:\WINDOWS\$NtUninstallKB2736233$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB2749655)-->"C:\WINDOWS\$NtUninstallKB2749655$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB2863058)-->"C:\WINDOWS\$NtUninstallKB2863058$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe" Aktualizacja dla systemu Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB2834903)-->"C:\WINDOWS\$NtUninstallKB2834903_WM10L$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB2834904)-->"C:\WINDOWS\$NtUninstallKB2834904_WM11$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB2834904-v2)-->"C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla programu Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2744842)-->"C:\WINDOWS\ie8updates\KB2744842-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2761465)-->"C:\WINDOWS\ie8updates\KB2761465-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2792100)-->"C:\WINDOWS\ie8updates\KB2792100-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2797052)-->"C:\WINDOWS\ie8updates\KB2797052-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2799329)-->"C:\WINDOWS\ie8updates\KB2799329-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2809289)-->"C:\WINDOWS\ie8updates\KB2809289-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2817183)-->"C:\WINDOWS\ie8updates\KB2817183-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2829530)-->"C:\WINDOWS\ie8updates\KB2829530-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2838727)-->"C:\WINDOWS\ie8updates\KB2838727-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2846071)-->"C:\WINDOWS\ie8updates\KB2846071-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2847204)-->"C:\WINDOWS\ie8updates\KB2847204-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2862772)-->"C:\WINDOWS\ie8updates\KB2862772-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2870699)-->"C:\WINDOWS\ie8updates\KB2870699-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2510581)-->"C:\WINDOWS\$NtUninstallKB2510581$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2544521)-->"C:\WINDOWS\$NtUninstallKB2544521$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2655992)-->"C:\WINDOWS\$NtUninstallKB2655992$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2691442)-->"C:\WINDOWS\$NtUninstallKB2691442$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2698365)-->"C:\WINDOWS\$NtUninstallKB2698365$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2705219-v2)-->"C:\WINDOWS\$NtUninstallKB2705219-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2712808)-->"C:\WINDOWS\$NtUninstallKB2712808$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2719985)-->"C:\WINDOWS\$NtUninstallKB2719985$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2723135-v2)-->"C:\WINDOWS\$NtUninstallKB2723135-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2724197)-->"C:\WINDOWS\$NtUninstallKB2724197$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2727528)-->"C:\WINDOWS\$NtUninstallKB2727528$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2753842-v2)-->"C:\WINDOWS\$NtUninstallKB2753842-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2757638)-->"C:\WINDOWS\$NtUninstallKB2757638$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2758857)-->"C:\WINDOWS\$NtUninstallKB2758857$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2761465)-->"C:\WINDOWS\$NtUninstallKB2761465$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2770660)-->"C:\WINDOWS\$NtUninstallKB2770660$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2778344)-->"C:\WINDOWS\$NtUninstallKB2778344$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2779030)-->"C:\WINDOWS\$NtUninstallKB2779030$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2780091)-->"C:\WINDOWS\$NtUninstallKB2780091$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2799494)-->"C:\WINDOWS\$NtUninstallKB2799494$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2802968)-->"C:\WINDOWS\$NtUninstallKB2802968$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2807986)-->"C:\WINDOWS\$NtUninstallKB2807986$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2808735)-->"C:\WINDOWS\$NtUninstallKB2808735$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2813170)-->"C:\WINDOWS\$NtUninstallKB2813170$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2813345)-->"C:\WINDOWS\$NtUninstallKB2813345$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2820197)-->"C:\WINDOWS\$NtUninstallKB2820197$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2820917)-->"C:\WINDOWS\$NtUninstallKB2820917$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2829361)-->"C:\WINDOWS\$NtUninstallKB2829361$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2834886)-->"C:\WINDOWS\$NtUninstallKB2834886$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2839229)-->"C:\WINDOWS\$NtUninstallKB2839229$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2845187)-->"C:\WINDOWS\$NtUninstallKB2845187$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2849470)-->"C:\WINDOWS\$NtUninstallKB2849470$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2850851)-->"C:\WINDOWS\$NtUninstallKB2850851$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2850869)-->"C:\WINDOWS\$NtUninstallKB2850869$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2859537)-->"C:\WINDOWS\$NtUninstallKB2859537$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2864063)-->"C:\WINDOWS\$NtUninstallKB2864063$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2876217)-->"C:\WINDOWS\$NtUninstallKB2876217$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB2876315)-->"C:\WINDOWS\$NtUninstallKB2876315$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla systemu Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe" Aktualizacja zabezpieczeń dla Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Aktualizacje NVIDIA 1.10.8-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update AVG 2013-->"C:\Program Files\AVG\AVG2013\avgmfapx.exe" /AppMode=SETUP /Uninstall AVG 2013-->MsiExec.exe /I{1C8A4EE2-9D97-440F-9D8D-DA19C9657178} AVG 2013-->MsiExec.exe /I{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7} Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}\Setup.exe" -runfromtemp -l0x0015 Brunin03.dll -removeonly CCleaner-->"C:\Program Files\CCleaner\uninst.exe" DAEMON Tools Lite-->D:\Program Files\DAEMON Tools Lite\uninst.exe Google Chrome-->"C:\Program Files\Google\Chrome\Application\30.0.1599.69\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Heroes of Might and Magic III - Złota Edycja-->"D:\Program Files\Heroes of Might and Magic III - Zlota Edycja\unins000.exe" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe Java 7 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF} K-Lite Codec Pack 9.6.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Mozilla Thunderbird 17.0.8 (x86 pl)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} NapiProjekt (2.1.1.2314)-->"C:\Program Files\NapiProjekt\unins000.exe" Nero 9 Essentials-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000" Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a} Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff} Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d} Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA} Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI NVIDIA nView 136.28-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NView NVIDIA Oprogramowanie systemu PhysX 9.12.0604-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX NVIDIA PhysX-->MsiExec.exe /X{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8} NVIDIA Sterownik dźwięku HD 1.3.18.0-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage HDAudio.Driver NVIDIA Sterownik graficzny 306.81-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver OpenOffice.org 3.3-->MsiExec.exe /I{0141D498-16DA-4221-A529-1D7A64BE8B05} Opera 12.16-->"C:\Program Files\Opera\Opera.exe" /uninstall Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_618EA050DAEAC55E2156257D6C6282397D4DF013\amdk8.inf Poprawka dla systemu Windows XP (KB2779562)-->"C:\WINDOWS\$NtUninstallKB2779562$\spuninst\spuninst.exe" Poprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Poprawka dla systemu Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x15 -removeonly Samsung Kies-->"C:\Program Files\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly Samsung Kies-->MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A} SAMSUNG USB Driver for Mobile Phones-->D:\Program Files\USB Drivers\Uninstall.exe Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {939AF4BC-EC42-38D1-AE82-91D4A7ED8911} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8433C01-319F-3370-850E-87C35496299A} /qb+ REBOOTPROMPT="" Skype™ 6.6-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D} System Requirements Lab (Test)-->MsiExec.exe /I{9BFD3F1F-E5FD-4358-988F-FC9A9446286D} System Requirements Lab CYRI-->MsiExec.exe /I{E362724E-9320-4946-AF34-874E7B6B2927} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Winamp-->"D:\Program Files\Winamp\UninstWA.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR 4.20 (32-bitowy)-->C:\Program Files\WinRAR\uninstall.exe ======System event log====== Computer Name: DOM Event Code: 6005 Message: Uruchomiono usługę Dziennik zdarzeń. Record Number: 17578 Source Name: EventLog Time Written: 20130911082253.000000+120 Event Type: informacje User: Computer Name: DOM Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Dodatek Service Pack 3 Uniprocessor Free. Record Number: 17577 Source Name: EventLog Time Written: 20130911082253.000000+120 Event Type: informacje User: Computer Name: DOM Event Code: 6006 Message: Zatrzymano usługę Dziennik zdarzeń. Record Number: 17576 Source Name: EventLog Time Written: 20130910233359.000000+120 Event Type: informacje User: Computer Name: DOM Event Code: 7036 Message: Usługa Adobe Flash Player Update Service weszła w stan zatrzymania. Record Number: 17575 Source Name: Service Control Manager Time Written: 20130910224105.000000+120 Event Type: informacje User: Computer Name: DOM Event Code: 7036 Message: Usługa Adobe Flash Player Update Service weszła w stan uruchomienia. Record Number: 17574 Source Name: Service Control Manager Time Written: 20130910224101.000000+120 Event Type: informacje User: =====Application event log===== Computer Name: DOM Event Code: 1004 Message: Użytkownik zaakceptował Umowę Licencyjną Użytkownika Oprogramowania (EULA). Record Number: 4565 Source Name: WgaSetup Time Written: 20130514071424.000000+120 Event Type: informacje User: Computer Name: DOM Event Code: 1002 Message: Starting interactive setup. Record Number: 4564 Source Name: WgaSetup Time Written: 20130514071423.000000+120 Event Type: informacje User: Computer Name: DOM Event Code: 1006 Message: Umowa Licencyjna Użytkownika Oprogramowania (EULA) została wcześniej zaakceptowana. Record Number: 4563 Source Name: WgaSetup Time Written: 20130514071423.000000+120 Event Type: informacje User: Computer Name: DOM Event Code: 903 Message: Record Number: 4562 Source Name: Office Software Protection Platform Service Time Written: 20130513230801.000000+120 Event Type: User: Computer Name: DOM Event Code: 1003 Message: Record Number: 4561 Source Name: Office Software Protection Platform Service Time Written: 20130513172758.000000+120 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=5f02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- [/log]
Natsuki Kuga komentarz 5 października 2013 komentarz 5 października 2013 Poniżej podany skrypt usunie infekcję i wyłączy niepotrzebne programy z autostartu, czyli nie będą włączać się przy starcie systemu (sterownik od drukarki, update Javy, Samsung Kies, Spotify Web Helper)1. Do OTL w okno Własne opcje skanowania/Skrypt wklej: :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goo...098&lg=EN&cc=PL IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.goo...ts.info/?l=1&q={searchTerms}&pid=34&r=2013/02/02&hid=4237285098&lg=EN&cc=PL IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-se...119357&tsp=4991 IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D89D00241D107220&affID=119357&tsp=4991 IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.goo...ts.info/?l=1&q={searchTerms}&pid=34&r=2013/02/02&hid=4237285098&lg=EN&cc=PL O3 - HKLM\..\Toolbar: (SweetIM Toolbar) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found O4 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003..\Run: [AVG-Secure-Search-Update_0913b] C:\Documents and Settings\Admin\Dane aplikacji\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f24ebc066d994aef88a35df57bbede91-0bb1c7f1eb36951b539addb6694f0f009f51487b --CMPID 0913b File not found :Files C:\Documents and Settings\Admin\Dane aplikacji\Babylon C:\Documents and Settings\All Users\Dane aplikacji\Babylon C:\Documents and Settings\All Users\Dane aplikacji\Browse2save C:\Program Files\SweetIM\Toolbars :Reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "BrMfcWnd"=- "ControlCenter3"=- "Adobe ARM"=- "SunJavaUpdateSched"=- "KiesTrayAgent"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"=- "KiesPreload"=- "KiesAirMessage"=- Kliknij Wykonaj skrypt, pokaż raport.2. Użyj AdwCleaner z opcji Usuń. Pokaż raport.3. Podłącz wszystkie pamięci przenośne jakie posiadasz i użyj USBFix z opcji Research. Pokaż raport.4. Pokaż nowe logi z OTL + log z Gmer: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/ 1
danny889 komentarz 7 października 2013 Autor komentarz 7 października 2013 (edytowane) 1. Raport [log] ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1482476501-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-1482476501-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-1482476501-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913b deleted successfully. ========== FILES ========== C:\Documents and Settings\Admin\Dane aplikacji\Babylon folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Babylon folder moved successfully. C:\Documents and Settings\All Users\Dane aplikacji\Browse2save folder moved successfully. File\Folder C:\Program Files\SweetIM\Toolbars not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BrMfcWnd deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ControlCenter3 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KiesTrayAgent deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify Web Helper deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesPreload deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesAirMessage deleted successfully. OTL by OldTimer - Version 3.2.69.0 log created on 10072013_135515 [/log] 2. Raport [log] # AdwCleaner v3.006 - Report created 07/10/2013 at 13:57:15 # Updated 01/10/2013 by Xplode # Operating System : Microsoft Windows XP Dodatek Service Pack 3 (32 bits) # Username : Admin - DOM # Running from : C:\Documents and Settings\Admin\Pulpit\skan\adwcleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found C:\Documents and Settings\Admin\Dane aplikacji\SendSpace Folder Found C:\Documents and Settings\All Users\Dane aplikacji\RightClick Folder Found C:\Program Files\Yontoo ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\SProtector Key Found : HKCU\Software\BabSolution Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\Delta Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Found : HKCU\Software\Optimizer Pro Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Found : HKLM\Software\DataMngr Key Found : HKLM\Software\Delta Key Found : HKLM\SOFTWARE\fed78db33dbe41 Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Key Found : HKLM\Software\PIP Key Found : HKLM\Software\SP Global Key Found : HKLM\Software\SProtector ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v30.0.1599.69 [ File : C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4155 octets] - [07/10/2013 13:57:15] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4215 octets] ########## [/log] 3. Raport [log] ############################## | UsbFix V 7.143 | [Research] User: Admin (Administrator) # DOM Updated 05/10/2013 by El Desaparecido - Team SosVirus Started at 13:59:58 | 07/10/2013 Website: http://www.usbfix.net/ Forum : http://www.sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload_malware.php Contact: http://www.usbfix.net/contact/ PC: Gigabyte Technology Co., Ltd. (M61PME-S2) CPU: AMD Athlon(tm) 64 Processor 3500+ RAM -> [Total : 1023 | Free : 328] Bios: Award Software International, Inc. Boot: Normal boot OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3 WB: Windows Internet Explorer 8.0.6001.18702 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 49 Gb (23 Mb free - 48%) [] # NTFS D:\ -> Fixed drive # 100 Gb (76 Mb free - 76%) [] # NTFS F:\ -> CD-ROM G:\ -> CD-ROM I:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [KINGSTON] # FAT32 ################## | Active Processes | C:\WINDOWS\System32\smss.exe (ID 660 |ParentID 4) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (ID 716 |ParentID 700) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (ID 764 |ParentID 716) C:\WINDOWS\system32\winlogon.exe (ID 980 |ParentID 660) C:\WINDOWS\system32\services.exe (ID 1028 |ParentID 980) C:\WINDOWS\system32\lsass.exe (ID 1040 |ParentID 980) C:\WINDOWS\system32\svchost.exe (ID 1200 |ParentID 1028) C:\WINDOWS\System32\svchost.exe (ID 1400 |ParentID 1028) C:\WINDOWS\system32\svchost.exe (ID 1432 |ParentID 1028) C:\WINDOWS\Explorer.EXE (ID 1892 |ParentID 1872) C:\WINDOWS\system32\spoolsv.exe (ID 1928 |ParentID 1028) C:\WINDOWS\RTHDCPL.EXE (ID 532 |ParentID 1892) C:\WINDOWS\system32\RunDLL32.exe (ID 948 |ParentID 1892) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (ID 1360 |ParentID 1892) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID 1596 |ParentID 1892) C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID 1584 |ParentID 1892) C:\Program Files\AVG\AVG2013\avgui.exe (ID 1684 |ParentID 1892) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (ID 1724 |ParentID 1420) D:\Program Files\Kies\KiesTrayAgent.exe (ID 1712 |ParentID 1892) C:\Program Files\AVG\AVG2013\avgidsagent.exe (ID 1820 |ParentID 1028) C:\WINDOWS\system32\ctfmon.exe (ID 2012 |ParentID 1892) C:\Documents and Settings\Admin\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe (ID 2040 |ParentID 1892) D:\Program Files\Kies\Kies.exe (ID 224 |ParentID 1892) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (ID 260 |ParentID 1028) D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe (ID 336 |ParentID 1892) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (ID 832 |ParentID 1360) C:\Program Files\Java\jre7\bin\jqs.exe (ID 1960 |ParentID 1028) C:\Program Files\OpenOffice.org 3\program\soffice.exe (ID 1848 |ParentID 1500) C:\Program Files\OpenOffice.org 3\program\soffice.bin (ID 2648 |ParentID 1848) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (ID 2840 |ParentID 1028) C:\WINDOWS\system32\nvsvc32.exe (ID 3744 |ParentID 1028) C:\Program Files\AVG\AVG2013\avgnsx.exe (ID 2556 |ParentID 260) C:\Program Files\AVG\AVG2013\avgemcx.exe (ID 2880 |ParentID 260) C:\WINDOWS\system32\svchost.exe (ID 2976 |ParentID 1028) C:\WINDOWS\System32\svchost.exe (ID 3476 |ParentID 1028) C:\WINDOWS\system32\wuauclt.exe (ID 1088 |ParentID 1400) C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe (ID 3616 |ParentID 1892) C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe (ID 3324 |ParentID 3616) C:\Program Files\Opera\Opera.exe (ID 3032 |ParentID 1892) C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe (ID 3552 |ParentID 3616) D:\Program Files\uTorrent\uTorrent.exe (ID 1968 |ParentID 3032) C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe (ID 360 |ParentID 3324) C:\UsbFix\Go.exe (ID 1020 |ParentID 1044) ################## | Regedit Run | HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE HKLM\SOFTWARE | Run : [SkyTel] - SkyTel.EXE HKLM\SOFTWARE | Run : [Alcmtr] - ALCMTR.EXE HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\SOFTWARE | Run : [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\SOFTWARE | Run : [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY HKLM\SOFTWARE | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE | Run : [] - D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe HKU\S-1-5-21-1482476501-1078081533-839522115-1004\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE ################## | Files # Infected Folders | Found ! C:\Recycler\S-1-5-21-1482476501-1078081533-839522115-1003 Found ! D:\Recycler\S-1-5-21-1482476501-1078081533-839522115-1003 ################## | Registry | HKCU\.\.\.\.\Explorer\MountPoints2\{de2d6ce6-476d-11e2-b84a-00241d107220} Shell\AutoRun\Command = G:\__eego\eego.exe Shell\verb0\Command = G:\__eego\eego.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net | [/log] 4. Logi OTL [log] OTL logfile created on: 2013-10-07 14:21:09 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Pulpit\skan Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 157,28 Mb Available Physical Memory | 15,37% Memory free 2,40 Gb Paging File | 1,63 Gb Available in Paging File | 67,62% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 23,46 Gb Free Space | 48,05% Space Free | Partition Type: NTFS Drive D: | 100,21 Gb Total Space | 75,73 Gb Free Space | 75,57% Space Free | Partition Type: NTFS Computer Name: DOM | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ========== PRC - [2013-10-05 12:07:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\skan\OTL.exe PRC - [2013-09-04 12:35:15 | 000,076,352 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe PRC - [2013-09-04 12:35:09 | 004,009,024 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe PRC - [2013-09-04 12:35:08 | 000,132,160 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe PRC - [2013-08-15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe PRC - [2013-08-01 13:08:00 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013-08-01 13:03:26 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2013-07-26 21:43:52 | 000,844,656 | ---- | M] (Samsung) -- D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013-07-23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe PRC - [2013-07-10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe PRC - [2013-07-04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe PRC - [2013-07-04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe PRC - [2013-07-04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe PRC - [2013-04-19 13:17:32 | 003,402,304 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe PRC - [2013-03-18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe PRC - [2012-09-23 16:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011-01-17 19:01:46 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011-01-17 19:01:46 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009-07-20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008-04-14 23:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe========== Modules (No Company Name) ========== MOD - [2013-09-12 09:41:41 | 016,177,544 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll MOD - [2013-09-04 12:35:11 | 003,048,960 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\mozjs.dll MOD - [2013-09-04 12:35:02 | 016,166,248 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll MOD - [2012-12-19 11:58:20 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\zlib1.dll MOD - [2012-12-16 11:30:24 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2008-04-14 23:50:38 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll========== Services (SafeList) ========== SRV - [2013-09-19 19:41:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-08-01 13:08:00 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013-07-23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2013-07-04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013-06-21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-09-23 16:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2009-07-20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013-10-07 14:14:06 | 000,324,096 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2013-09-10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013-09-05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2013-07-20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx) DRV - [2013-07-20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013-07-20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013-07-20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013-07-01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013-06-21 02:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2013-06-21 02:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2013-03-21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012-12-26 14:51:21 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012-12-15 15:04:10 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2012-07-03 17:25:19 | 000,124,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2007-07-18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2006-11-27 17:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006-11-27 17:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006-10-18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata) DRV - [2006-06-19 00:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)========== Standard Registry (SafeList) ==================== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013-08-17 10:34:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013-01-12 14:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions [2013-08-31 23:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - Extension: Dokumenty Google = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Dysk Google = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Szukaj w Google = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ CHR - Extension: Gmail = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKCU..\Run: [] D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72543206-BEBF-4EB1-BB8B-FFFC5DB6F30D}: DhcpNameServer = 8.8.8.8 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-12-15 13:37:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2013-09-02 20:31:14 | 000,444,754 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O33 - MountPoints2\{de2d6ce6-476d-11e2-b84a-00241d107220}\Shell\AutoRun\command - "" = G:\__eego\eego.exe O33 - MountPoints2\{de2d6ce6-476d-11e2-b84a-00241d107220}\Shell\verb0\command - "" = G:\__eego\eego.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)========== Files/Folders - Created Within 30 Days ========== [2013-10-07 14:14:05 | 000,324,096 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2013-10-07 13:59:45 | 000,000,000 | ---D | C] -- C:\UsbFix [2013-10-07 13:56:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013-10-07 13:55:15 | 000,000,000 | ---D | C] -- C:\_OTL [2013-10-05 12:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2013-10-05 12:31:21 | 000,000,000 | ---D | C] -- C:\rsit [2013-10-05 12:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\skan [2013-10-04 19:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\GIGABYTE [2013-09-27 20:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome [2013-09-27 20:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Deployment [2013-09-15 22:13:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent [2013-09-15 14:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013-09-13 16:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\CrashDump [2013-09-13 09:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AVG [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ] [290 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ========== [2013-10-07 14:17:59 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2013-10-07 14:17:38 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013-10-07 14:17:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013-10-07 14:12:24 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\SosVirus On Facebook.lnk [2013-10-07 14:12:24 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\UsbFix Faire un Don.lnk [2013-10-07 14:12:24 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\SosVirus Forum.lnk [2013-10-07 13:41:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013-10-07 13:33:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013-10-07 10:11:35 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2013-10-05 11:43:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2013-10-05 11:16:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013-10-01 11:11:08 | 001,332,868 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20131001_111106.jpg [2013-10-01 11:10:48 | 001,345,619 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20131001_111047.jpg [2013-10-01 11:08:26 | 001,306,389 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20131001_110827.jpg [2013-09-28 09:59:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI [2013-09-25 10:39:56 | 000,143,399 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Faktura VAT nr FS-78480_13_L.pdf [2013-09-21 14:43:34 | 061,765,253 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Vademecum Matematyka - Matura Rozszerzona Operon 2010.pdf [2013-09-19 19:41:35 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013-09-19 19:41:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013-09-13 09:54:54 | 000,220,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013-09-13 09:35:27 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG 2013.lnk [2013-09-10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys [290 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ========== [2013-10-07 14:12:24 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\SosVirus On Facebook.lnk [2013-10-07 14:12:24 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\UsbFix Faire un Don.lnk [2013-10-07 14:12:24 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\SosVirus Forum.lnk [2013-10-07 10:56:46 | 001,332,868 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20131001_111106.jpg [2013-10-07 10:56:44 | 001,345,619 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20131001_111047.jpg [2013-10-07 10:56:42 | 001,306,389 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20131001_110827.jpg [2013-09-27 20:29:48 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2013-09-27 20:28:09 | 000,001,034 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013-09-27 20:28:09 | 000,001,030 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013-09-25 10:39:55 | 000,143,399 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Faktura VAT nr FS-78480_13_L.pdf [2013-09-21 14:41:33 | 061,765,253 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Vademecum Matematyka - Matura Rozszerzona Operon 2010.pdf [2013-08-25 23:33:14 | 000,129,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2013-07-18 14:32:38 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2013-07-18 14:32:34 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2013-07-18 14:32:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2013-07-18 14:32:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2013-07-18 14:32:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2013-06-18 12:58:44 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Admin\Dane aplikacji\skype.ini [2013-06-18 10:56:23 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini [2013-01-08 17:22:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-12-25 18:54:57 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2012-12-16 11:45:20 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-12-16 11:00:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2012-12-16 11:00:15 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2012-12-15 15:59:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat [2012-12-15 15:43:25 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012-12-15 15:43:25 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012-12-15 15:43:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012-12-15 15:43:09 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012-12-15 15:41:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-12-15 14:52:59 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012-12-15 14:48:11 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2012-12-15 14:25:36 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012-12-15 14:24:13 | 000,220,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-12-15 13:39:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012-12-15 13:34:06 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat========== ZeroAccess Check ========== [2013-03-06 20:16:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012-10-31 13:32:21 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 12:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 23:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both========== LOP Check ========== [2013-08-01 12:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\AVG2013 [2013-09-03 11:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\DAEMON Tools Lite [2012-12-25 21:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu [2012-12-15 15:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10 [2013-10-07 14:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\GG [2012-12-30 15:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\NapiProjekt [2012-12-16 11:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\OpenOffice.org [2012-12-15 15:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Opera [2013-03-06 20:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Podatnik.info [2013-09-13 16:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Samsung [2013-02-02 12:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\SendSpace [2013-06-08 16:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Spotify [2012-12-16 13:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Thunderbird [2013-08-01 12:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\TuneUp Software [2013-10-07 10:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent [2013-08-15 15:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG2013 [2012-12-26 15:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2013-09-03 11:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FelCAD [2012-12-15 15:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2013-01-01 17:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG [2013-10-04 19:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GIGABYTE [2013-02-08 16:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate [2013-10-07 09:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData [2013-02-02 12:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RightClick [2013-08-25 17:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Samsung [2013-09-16 13:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SystemRequirementsLab========== Purity Check ========== < End of report > [/log] GMER [log] GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-07 15:03:32 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\0000005b ST3160811AS rev.3.AAE 149,05GB Running: gmer.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pxtdapow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xF77D85D0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xF77D8700] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xF77D8010] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xF77D8300] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xF77D83E0] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xF77D8120] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xF77D8210] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xF77D84D0] ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF58A93C0, 0x843B7A, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe[556] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [C3] .text D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe[556] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 5 Bytes JMP 7C9225C8 C:\WINDOWS\system32\ntdll.dll .text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[2140] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 108B74F7 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[2140] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 108B7568 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[2140] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 108BB116 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[2140] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 108B4B6D C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0143E9A9 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3404] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01EB0D95 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3404] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01EB0DDD C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3404] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01443D66 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll .text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3404] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01EB0E04 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- EOF - GMER 2.1 ---- [/log] P.S. Zauważalna poprawa po wyłączeniu zbędnych aplikacji :)
Natsuki Kuga komentarz 8 października 2013 komentarz 8 października 2013 Podepnij pamięci przenośne i użyj USBFix z opcji [b]Deletion.[/b] Pokaż raport. P.S. Zauważalna poprawa po wyłączeniu zbędnych aplikacji To dobrze. :)
danny889 komentarz 9 października 2013 Autor komentarz 9 października 2013 Podepnij pamięci przenośne i użyj USBFix z opcji Deletion. Pokaż raport. To dobrze. :) Raport: [log] ############################## | UsbFix V 7.143 | [Deletion] User: Admin (Administrator) # DOM Updated 05/10/2013 by El Desaparecido - Team SosVirus Started at 08:52:19 | 09/10/2013 Website: http://www.usbfix.net/ Forum : http://www.sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload_malware.php Contact: http://www.usbfix.net/contact/ PC: Gigabyte Technology Co., Ltd. (M61PME-S2) CPU: AMD Athlon(tm) 64 Processor 3500+ RAM -> [Total : 1023 | Free : 179] Bios: Award Software International, Inc. Boot: Normal boot OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3 WB: Windows Internet Explorer 8.0.6001.18702 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 49 Gb (23 Mb free - 48%) [] # NTFS D:\ -> Fixed drive # 100 Gb (71 Mb free - 71%) [] # NTFS F:\ -> CD-ROM G:\ -> CD-ROM I:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [KINGSTON] # FAT32 ################## | Regedit Run | HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE HKLM\SOFTWARE | Run : [SkyTel] - SkyTel.EXE HKLM\SOFTWARE | Run : [Alcmtr] - ALCMTR.EXE HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\SOFTWARE | Run : [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\SOFTWARE | Run : [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY HKLM\SOFTWARE | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE | Run : [] - D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe HKU\S-1-5-21-1482476501-1078081533-839522115-1004\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE ################## | Stopped processes | Stopped! C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (ID 708 |ParentID 692) Stopped! C:\Program Files\AVG\AVG2013\avgcsrvx.exe (ID 760 |ParentID 708) Stopped! C:\WINDOWS\system32\spoolsv.exe (ID 1784 |ParentID 1024) Stopped! C:\WINDOWS\RTHDCPL.EXE (ID 1300 |ParentID 256) Stopped! C:\WINDOWS\system32\RunDLL32.exe (ID 1468 |ParentID 256) Stopped! C:\Program Files\AVG\AVG2013\avgui.exe (ID 1500 |ParentID 256) Stopped! C:\Program Files\AVG\AVG2013\avgidsagent.exe (ID 1540 |ParentID 1024) Stopped! C:\WINDOWS\system32\ctfmon.exe (ID 1548 |ParentID 256) Stopped! D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe (ID 1620 |ParentID 256) Stopped! C:\Program Files\AVG\AVG2013\avgwdsvc.exe (ID 300 |ParentID 1024) Stopped! C:\Program Files\OpenOffice.org 3\program\soffice.exe (ID 356 |ParentID 1756) Stopped! C:\Program Files\OpenOffice.org 3\program\soffice.bin (ID 164 |ParentID 356) Stopped! C:\Program Files\Java\jre7\bin\jqs.exe (ID 348 |ParentID 1024) Stopped! C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (ID 1640 |ParentID 1024) Stopped! C:\WINDOWS\system32\nvsvc32.exe (ID 2568 |ParentID 1024) Stopped! C:\Program Files\AVG\AVG2013\avgnsx.exe (ID 2864 |ParentID 300) Stopped! C:\Program Files\AVG\AVG2013\avgemcx.exe (ID 3064 |ParentID 300) Stopped! C:\WINDOWS\system32\wuauclt.exe (ID 2052 |ParentID 1352) Stopped! C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe (ID 3864 |ParentID 256) Stopped! C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe (ID 2216 |ParentID 3864) Stopped! C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe (ID 2616 |ParentID 3864) Stopped! C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe (ID 3244 |ParentID 2216) Stopped! C:\Program Files\Opera\opera.exe (ID 424 |ParentID 256) Stopped! C:\WINDOWS\system32\wuauclt.exe (ID 1992 |ParentID 1352) ################## | Files # Infected Folders | Deleted ! C:\Recycler\S-1-5-21-1482476501-1078081533-839522115-1003 Deleted ! D:\Recycler\S-1-5-21-1482476501-1078081533-839522115-1003 (!) Temporary files deleted. ################## | Registry | Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{de2d6ce6-476d-11e2-b84a-00241d107220} ################## | Listing | [15/08/2013 - 15:34:43 | D ] C:\$AVG [07/10/2013 - 13:57:54 | D ] C:\AdwCleaner [15/12/2012 - 13:37:16 | N | 0] C:\AUTOEXEC.BAT [02/09/2013 - 20:31:14 | N | 444754] C:\AutoMapaSetupLog.txt [17/06/2013 - 17:50:24 | N | 257] C:\boot.ini [22/07/2001 - 02:13:54 | N | 4952] C:\Bootfont.bin [15/12/2012 - 13:37:16 | N | 0] C:\CONFIG.SYS [15/12/2012 - 14:53:04 | N | 206] C:\csb.log [15/12/2012 - 15:44:24 | D ] C:\Documents and Settings [04/04/2013 - 15:35:36 | D ] C:\found.000 [15/12/2012 - 13:37:16 | N | 0] C:\IO.SYS [15/12/2012 - 13:37:16 | N | 0] C:\MSDOS.SYS [03/08/2004 - 22:38:34 | N | 47564] C:\NTDETECT.COM [06/01/2013 - 21:14:49 | N | 251152] C:\ntldr [09/10/2013 - 08:49:22 | ASH | 1610612736] C:\pagefile.sys [31/08/2013 - 22:50:52 | D ] C:\Plytki [05/10/2013 - 12:31:23 | D ] C:\Program Files [09/10/2013 - 09:06:27 | SHD ] C:\RECYCLER [15/12/2012 - 14:53:04 | N | 423] C:\RHDSetup.log [05/10/2013 - 12:31:34 | D ] C:\rsit [15/12/2012 - 13:40:59 | SHD ] C:\System Volume Information [09/10/2013 - 09:06:27 | D ] C:\UsbFix [09/10/2013 - 09:07:02 | A | 5699] C:\UsbFix [Clean 1] DOM.txt [07/10/2013 - 14:10:52 | N | 5809] C:\UsbFix [Scan 1] DOM.txt [07/10/2013 - 10:53:36 | D ] C:\WINDOWS [07/10/2013 - 13:55:15 | D ] C:\_OTL [26/09/2013 - 21:05:17 | D ] D:\dokumenty [08/10/2013 - 12:23:18 | D ] D:\Download [05/08/2013 - 22:56:45 | D ] D:\foto [25/04/2011 - 19:26:13 | D ] D:\HOMM3PL [08/02/2013 - 19:08:22 | D ] D:\msdownld.tmp [02/09/2013 - 10:11:45 | D ] D:\Program Files [09/10/2013 - 09:06:27 | SHD ] D:\RECYCLER [04/09/2013 - 12:40:48 | D ] D:\SS [15/12/2012 - 14:50:46 | SHD ] D:\System Volume Information [08/03/2013 - 14:57:46 | RASH | 16384] D:\Thumbs.db ################## | Vaccin | C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |[/log]
Natsuki Kuga komentarz 12 października 2013 komentarz 12 października 2013 Pokaż teraz nowy log z OTL.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.