x-kom hosting

Profilaktyka po kilku objawach

danny889
utworzono
utworzono

Witam. 

 

Ostatnio mam problemy z bramką VOIP, chciałbym się upewnić że system jest czysty. Ponadto prosiłbym o pomoc jak wyłączyć pewne procesy które aktywują się od razu przy starcie systemu jak np KIES ( oprogramowanie do telefonu od samsuga. mało go używam a zawsze proces jest aktywny i zabiera pamięc ). Zresztą pewnie wszystko wyjdzie w logach ;)

 

OTL

 

LOG

[log]

OTL logfile created on: 2013-10-05 12:19:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Pulpit\skan
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,48 Mb Total Physical Memory | 281,39 Mb Available Physical Memory | 27,49% Memory free
2,40 Gb Paging File | 1,68 Gb Available in Paging File | 70,03% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 23,51 Gb Free Space | 48,15% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 76,40 Gb Free Space | 76,24% Space Free | Partition Type: NTFS

Computer Name: DOM | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-10-05 12:07:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\skan\OTL.exe
PRC - [2013-08-15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013-08-01 13:08:00 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013-08-01 13:03:26 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013-07-26 21:43:52 | 000,844,656 | ---- | M] (Samsung) -- D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013-07-26 21:43:46 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Program Files\Kies\KiesTrayAgent.exe
PRC - [2013-07-26 21:43:44 | 001,564,016 | ---- | M] (Samsung) -- D:\Program Files\Kies\Kies.exe
PRC - [2013-07-23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013-07-10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013-07-04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013-07-04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013-07-04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013-06-08 14:58:43 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Admin\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013-03-18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012-09-23 16:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011-01-17 19:01:46 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011-01-17 19:01:46 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009-07-20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008-04-14 23:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-03-02 17:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe


========== Modules (No Company Name) ==========

MOD - [2013-09-12 09:41:41 | 016,177,544 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013-08-15 12:04:13 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013-08-15 12:02:13 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\14d1a28674a9f78c5759e7dcf74a13fd\System.Configuration.ni.dll
MOD - [2013-08-15 11:26:20 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013-08-15 11:23:56 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\2bd89ed2dc0f585328fd1ac4c5a206dd\System.Core.ni.dll
MOD - [2013-08-15 11:23:06 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a283b4d76562af1ff279d465f5488d8c\PresentationFramework.ni.dll
MOD - [2013-08-15 00:54:49 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\6c1a100fe556c7d391f4d1681ab3c615\PresentationCore.ni.dll
MOD - [2013-08-15 00:54:23 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\64441cc39259974a2c3cdf0702a8beb3\WindowsBase.ni.dll
MOD - [2013-08-15 00:53:59 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013-08-15 00:52:56 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013-07-23 10:00:44 | 017,223,680 | ---- | M] () -- D:\Program Files\Kies\Theme\Kies.Theme.dll
MOD - [2013-07-23 09:58:52 | 000,564,736 | ---- | M] () -- D:\Program Files\Kies\Common\Kies.UI.dll
MOD - [2013-07-18 14:52:28 | 000,036,352 | ---- | M] () -- D:\Program Files\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2013-07-18 14:51:44 | 000,023,040 | ---- | M] () -- D:\Program Files\Kies\MVVM\Kies.MVVM.dll
MOD - [2013-07-18 14:34:48 | 000,057,856 | ---- | M] () -- D:\Program Files\Kies\External\MediaModules\ASF_cSharpAPI.dll
MOD - [2013-07-11 05:16:27 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012-12-16 11:30:24 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008-04-14 23:50:38 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013-09-19 19:41:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-08-01 13:08:00 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013-07-23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013-07-04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-06-21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-09-23 16:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2009-07-20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013-09-10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013-09-05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013-07-20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013-07-20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013-07-20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013-07-20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013-07-01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013-06-21 02:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013-06-21 02:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013-03-21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012-12-26 14:51:21 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-12-15 15:04:10 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012-07-03 17:25:19 | 000,124,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2007-07-18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006-11-27 17:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-11-27 17:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-10-18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006-06-19 00:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/?pid=34&r=2013/02/02&hid=4237285098&lg=EN&cc=PL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.good-results.info/?l=1&q={searchTerms}&pid=34&r=2013/02/02&hid=4237285098&lg=EN&cc=PL


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=D89D00241D107220&affID=119357&tsp=4991
IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D89D00241D107220&affID=119357&tsp=4991
IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.good-results.info/?l=1&q={searchTerms}&pid=34&r=2013/02/02&hid=4237285098&lg=EN&cc=PL
IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0



========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013-08-17 10:34:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2013-01-12 14:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions
[2013-08-31 23:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: Dokumenty Google = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KiesTrayAgent] D:\Program Files\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003..\Run: [] D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003..\Run: [AVG-Secure-Search-Update_0913b] C:\Documents and Settings\Admin\Dane aplikacji\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f24ebc066d994aef88a35df57bbede91-0bb1c7f1eb36951b539addb6694f0f009f51487b --CMPID 0913b File not found
O4 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003..\Run: [KiesAirMessage] D:\Program Files\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003..\Run: [KiesPreload] D:\Program Files\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003..\Run: [Spotify Web Helper] C:\Documents and Settings\Admin\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1078081533-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145


O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72543206-BEBF-4EB1-BB8B-FFFC5DB6F30D}: DhcpNameServer = 8.8.8.8 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-12-15 13:37:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013-09-02 20:31:14 | 000,444,754 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
O33 - MountPoints2\{de2d6ce6-476d-11e2-b84a-00241d107220}\Shell\AutoRun\command - "" = G:\__eego\eego.exe
O33 - MountPoints2\{de2d6ce6-476d-11e2-b84a-00241d107220}\Shell\verb0\command - "" = G:\__eego\eego.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-10-05 12:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\skan
[2013-10-04 19:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\GIGABYTE
[2013-09-27 20:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome
[2013-09-27 20:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Deployment
[2013-09-15 22:13:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2013-09-15 14:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013-09-13 16:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\CrashDump
[2013-09-13 09:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AVG
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[290 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-10-05 12:15:50 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013-10-05 12:14:01 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-10-05 12:13:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-10-05 11:44:22 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-10-05 11:43:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
[2013-10-05 11:41:16 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-10-05 11:16:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-10-04 10:18:45 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2013-09-28 09:59:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2013-09-25 10:39:56 | 000,143,399 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Faktura VAT nr FS-78480_13_L.pdf
[2013-09-24 10:25:54 | 001,295,722 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20130924_102555.jpg
[2013-09-24 10:25:52 | 001,292,802 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20130924_102551.jpg
[2013-09-24 09:49:22 | 001,317,308 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20130924_094922.jpg
[2013-09-24 09:49:18 | 001,400,109 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20130924_094916.jpg
[2013-09-21 14:43:34 | 061,765,253 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Vademecum Matematyka - Matura Rozszerzona Operon 2010.pdf
[2013-09-19 19:41:35 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-09-19 19:41:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-09-17 10:39:53 | 001,459,379 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20130917_103953.jpg
[2013-09-17 10:39:47 | 001,556,215 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20130917_103947.jpg
[2013-09-13 09:54:54 | 000,220,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-09-13 09:35:27 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG 2013.lnk
[2013-09-10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[290 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-09-28 17:50:17 | 001,317,308 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20130924_094922.jpg
[2013-09-28 17:50:17 | 001,295,722 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20130924_102555.jpg
[2013-09-28 17:50:17 | 001,292,802 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20130924_102551.jpg
[2013-09-28 17:50:16 | 001,400,109 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20130924_094916.jpg
[2013-09-27 20:29:48 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
[2013-09-27 20:28:09 | 000,001,034 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-09-27 20:28:09 | 000,001,030 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-09-25 10:39:55 | 000,143,399 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Faktura VAT nr FS-78480_13_L.pdf
[2013-09-21 14:41:33 | 061,765,253 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Vademecum Matematyka - Matura Rozszerzona Operon 2010.pdf
[2013-09-17 12:18:46 | 001,556,215 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20130917_103947.jpg
[2013-09-17 12:18:46 | 001,459,379 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20130917_103953.jpg
[2013-08-25 23:33:14 | 000,129,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2013-07-18 14:32:38 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013-07-18 14:32:34 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013-07-18 14:32:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013-07-18 14:32:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013-07-18 14:32:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2013-06-18 12:58:44 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Admin\Dane aplikacji\skype.ini
[2013-06-18 10:56:23 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013-01-08 17:22:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013-01-06 20:34:21 | 000,167,936 | ---- | C] () -- C:\Documents and Settings\Admin\Dane aplikacji\skype.dat
[2012-12-25 18:54:57 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-12-16 11:45:20 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-12-16 11:00:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012-12-16 11:00:15 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2012-12-15 15:59:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat
[2012-12-15 15:43:25 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-12-15 15:43:25 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-12-15 15:43:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-12-15 15:43:09 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-12-15 15:41:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-12-15 14:52:59 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-12-15 14:48:11 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012-12-15 14:25:36 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-12-15 14:24:13 | 000,220,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-12-15 13:39:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-12-15 13:34:06 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2013-03-06 20:16:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012-10-31 13:32:21 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 12:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 23:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-08-01 12:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\AVG2013
[2013-08-31 23:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Babylon
[2013-09-03 11:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\DAEMON Tools Lite
[2012-12-25 21:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu
[2012-12-15 15:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10
[2013-10-05 12:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\GG
[2012-12-30 15:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\NapiProjekt
[2012-12-16 11:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\OpenOffice.org
[2012-12-15 15:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Opera
[2013-03-06 20:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Podatnik.info
[2013-09-13 16:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Samsung
[2013-02-02 12:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\SendSpace
[2013-06-08 16:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Spotify
[2012-12-16 13:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Thunderbird
[2013-08-01 12:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\TuneUp Software
[2013-10-02 22:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
[2013-08-15 15:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG2013
[2013-08-31 23:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Babylon
[2013-08-01 15:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Browse2save
[2012-12-26 15:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2013-09-03 11:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FelCAD
[2012-12-15 15:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2013-01-01 17:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG
[2013-10-04 19:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GIGABYTE
[2013-02-08 16:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate
[2013-10-05 11:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
[2013-02-02 12:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RightClick
[2013-08-25 17:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Samsung
[2013-09-16 13:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SystemRequirementsLab
[2013-08-15 11:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\TuneUp Software

========== Purity Check ==========



< End of report >
[/log]

 

EXTRAS

[log]

OTL Extras logfile created on: 2013-10-05 12:19:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Pulpit\skan
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,48 Mb Total Physical Memory | 281,39 Mb Available Physical Memory | 27,49% Memory free
2,40 Gb Paging File | 1,68 Gb Available in Paging File | 70,03% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 23,51 Gb Free Space | 48,15% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 76,40 Gb Free Space | 76,24% Space Free | Partition Type: NTFS

Computer Name: DOM | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Download\half-life\hl.exe" = D:\Download\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Program Files\SopCast\SopCast.exe" = D:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\Documents and Settings\Admin\Dane aplikacji\Spotify\spotify.exe" = C:\Documents and Settings\Admin\Dane aplikacji\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"D:\Program Files\Winamp\winamp.exe" = D:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalator AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\NapiProjekt\napisy.exe" = C:\Program Files\NapiProjekt\napisy.exe:*:Enabled:NapiProjekt -- ()
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Ochrona Sieci -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:Diagnostyka AVG 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Uniwersalny skaner poczty email -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0141D498-16DA-4221-A529-1D7A64BE8B05}" = OpenOffice.org 3.3
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BFD3F1F-E5FD-4358-988F-FC9A9446286D}" = System Requirements Lab (Test)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Polish
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 306.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Sterownik dźwięku HD 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c5f1e590-7c8e-4528-9f0b-9eec5e70a961}" = Nero 9 Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E362724E-9320-4946-AF34-874E7B6B2927}" = System Requirements Lab CYRI
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Google Chrome" = Google Chrome
"Heroes of Might and Magic III - Złota Edycja_is1" = Heroes of Might and Magic III - Złota Edycja
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.6.5 (Full)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Thunderbird 17.0.8 (x86 pl)" = Mozilla Thunderbird 17.0.8 (x86 pl)
"NapiProjekt_is1" = NapiProjekt (2.1.1.2314)
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.16.1860" = Opera 12.16
"uTorrent" = µTorrent
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bitowy)
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GG" = GG
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
"Winamp Detect" = Detektor Winampa

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013-06-25 16:28:34 | Computer Name = DOM | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący
błąd d3d9.dll, wersja 5.3.2600.5512, adres błędu 0x00089eab.

Error - 2013-06-25 16:35:26 | Computer Name = DOM | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący
błąd d3d9.dll, wersja 5.3.2600.5512, adres błędu 0x00089eab.

Error - 2013-06-25 16:51:56 | Computer Name = DOM | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd gta_sa.exe, wersja 0.0.0.0, moduł powodujący
błąd d3d9.dll, wersja 5.3.2600.5512, adres błędu 0x00089eab.

Error - 2013-07-02 07:13:58 | Computer Name = DOM | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca iexplore.exe, wersja 8.0.6001.18702, moduł
zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2013-07-25 09:31:29 | Computer Name = DOM | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca opera.exe, wersja 12.15.1748.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2013-07-29 04:37:23 | Computer Name = DOM | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd opera.exe, wersja 12.15.1748.0, moduł powodujący
błąd opera.dll, wersja 12.15.1748.0, adres błędu 0x00232550.

Error - 2013-08-15 05:43:11 | Computer Name = DOM | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 — Błąd
27007. CA_Error27007: Wait4StartWD(0xC0070426): Oczekiwanie na uruchomienie usługi
watchdog nie powiodło się

Error - 2013-08-15 05:43:11 | Computer Name = DOM | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Produkt: AVG 2013 — Błąd
27007. CA_Error27007: Wait4StartWD(0xC0070426): Oczekiwanie na uruchomienie usługi
watchdog nie powiodło się

Error - 2013-08-19 07:37:43 | Computer Name = DOM | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca explorer.exe, wersja 6.0.2900.5512, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2013-09-07 06:47:03 | Computer Name = DOM | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd opera.exe, wersja 12.16.1860.0, moduł powodujący
błąd ntdll.dll, wersja 5.1.2600.6055, adres błędu 0x00019af2.

[ System Events ]
Error - 2013-09-29 12:21:37 | Computer Name = DOM | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił
następujący błąd: %%5.

Error - 2013-09-30 02:47:37 | Computer Name = DOM | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił
następujący błąd: %%5.

Error - 2013-09-30 13:48:29 | Computer Name = DOM | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił
następujący błąd: %%5.

Error - 2013-10-01 01:57:54 | Computer Name = DOM | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił
następujący błąd: %%5.

Error - 2013-10-01 07:16:52 | Computer Name = DOM | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił
następujący błąd: %%5.

Error - 2013-10-02 01:40:31 | Computer Name = DOM | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił
następujący błąd: %%5.

Error - 2013-10-02 10:09:29 | Computer Name = DOM | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił
następujący błąd: %%5.

Error - 2013-10-03 03:55:24 | Computer Name = DOM | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił
następujący błąd: %%5.

Error - 2013-10-04 02:43:53 | Computer Name = DOM | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił
następujący błąd: %%5.

Error - 2013-10-05 05:17:10 | Computer Name = DOM | Source = Service Control Manager | ID = 7006
Description = Wywołanie ScRegSetValueExW dla FailureActions nie powiodło się i wystąpił
następujący błąd: %%5.


< End of report >
[/log]

 

RSIT 

 

LOG

[log]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2013-10-05 12:31:21
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 24 GB (48%) free of 50 GB
Total RAM: 1023 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:31:32, on 2013-10-05
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
D:\Program Files\Kies\KiesTrayAgent.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Admin\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe
D:\Program Files\Kies\Kies.exe
D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Admin\Pulpit\skan\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=D89D00241D107220&affID=119357&tsp=4991
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/?pid=34&r=2013/02/02&hid=4237285098&lg=EN&cc=PL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: SweetIM Toolbar - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [KiesTrayAgent] D:\Program Files\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Documents and Settings\Admin\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [KiesPreload] D:\Program Files\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] D:\Program Files\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0913b] C:\Documents and Settings\Admin\Dane aplikacji\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f24ebc066d994aef88a35df57bbede91-0bb1c7f1eb36951b539addb6694f0f009f51487b --CMPID 0913b
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-21-1482476501-1078081533-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7675 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-01 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-01 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-09-23 15512424]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-09-23 1634112]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-12 663552]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"AVG_UI"=C:\Program Files\AVG\AVG2013\avgui.exe [2013-08-15 4411440]
"KiesTrayAgent"=D:\Program Files\Kies\KiesTrayAgent.exe [2013-07-26 311152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Spotify Web Helper"=C:\Documents and Settings\Admin\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe [2013-06-08 1104384]
"KiesPreload"=D:\Program Files\Kies\Kies.exe [2013-07-26 1564016]
"KiesAirMessage"=D:\Program Files\Kies\KiesAirMessage.exe -startup []
""=D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe [2013-07-26 844656]
"AVG-Secure-Search-Update_0913b"=C:\Documents and Settings\Admin\Dane aplikacji\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f24ebc066d994aef88a35df57bbede91-0bb1c7f1eb36951b539addb6694f0f009f51487b --CMPID 0913b []

C:\Documents and Settings\Admin\Menu Start\Programy\Autostart
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Download\half-life\hl.exe"="D:\Download\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\SopCast\SopCast.exe"="D:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Documents and Settings\Admin\Dane aplikacji\Spotify\spotify.exe"="C:\Documents and Settings\Admin\Dane aplikacji\Spotify\spotify.exe:*:Enabled:Spotify"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Program Files\Winamp\winamp.exe"="D:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG2013\avgmfapx.exe"="C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalator AVG"
"C:\Program Files\NapiProjekt\napisy.exe"="C:\Program Files\NapiProjekt\napisy.exe:*:Enabled:NapiProjekt"
"C:\Program Files\AVG\AVG2013\avgnsx.exe"="C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Ochrona Sieci"
"C:\Program Files\AVG\AVG2013\avgdiagex.exe"="C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:Diagnostyka AVG 2013"
"C:\Program Files\AVG\AVG2013\avgemcx.exe"="C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Uniwersalny skaner poczty email"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-10-05 12:31:23 ----D---- C:\Program Files\trend micro
2013-10-05 12:31:21 ----D---- C:\rsit
2013-10-04 19:34:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\GIGABYTE
2013-09-15 14:38:04 ----D---- C:\Program Files\Google
2013-09-13 09:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2876315$
2013-09-13 09:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2013-09-13 09:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$

======List of files/folders modified in the last 1 month======

2013-10-05 12:31:23 ----RD---- C:\Program Files
2013-10-05 12:31:22 ----D---- C:\WINDOWS\Prefetch
2013-10-05 12:30:45 ----D---- C:\WINDOWS\system32\CatRoot2
2013-10-05 12:16:32 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\GG
2013-10-05 12:14:50 ----D---- C:\WINDOWS\Temp
2013-10-05 12:12:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-10-05 11:24:39 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
2013-10-04 10:20:32 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Skype
2013-10-02 22:42:39 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
2013-09-28 09:59:01 ----A---- C:\WINDOWS\BRWMARK.INI
2013-09-28 09:53:48 ----D---- C:\WINDOWS\system32
2013-09-27 20:33:02 ----SHD---- C:\WINDOWS\Installer
2013-09-27 20:28:09 ----SD---- C:\WINDOWS\Tasks
2013-09-19 19:41:35 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-17 08:29:29 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Winamp
2013-09-16 13:34:18 ----D---- C:\Program Files\SystemRequirementsLab
2013-09-16 13:34:17 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\SystemRequirementsLab
2013-09-16 11:13:55 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Media Player Classic
2013-09-16 10:07:07 ----D---- C:\WINDOWS
2013-09-13 16:57:56 ----D---- C:\Documents and Settings\Admin\Dane aplikacji\Samsung
2013-09-13 09:35:16 ----HD---- C:\WINDOWS\inf
2013-09-13 09:35:16 ----D---- C:\WINDOWS\system32\drivers
2013-09-13 09:12:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-13 09:11:38 ----D---- C:\Program Files\Internet Explorer
2013-09-13 09:11:23 ----D---- C:\WINDOWS\ie8updates
2013-09-07 10:43:14 ----D---- C:\Program Files\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2013-07-20 60216]
R0 Avglogx;AVG Logging Driver; C:\WINDOWS\system32\DRIVERS\avglogx.sys [2013-07-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2013-07-01 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2013-09-05 39224]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-10-18 105472]
R0 ohci1394;Kontroler hosta IEEE 1394 VIA zgodny z OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43520]
R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2013-07-20 208184]
R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22328]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2013-07-20 171320]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-12-26 242240]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-09-23 12557728]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2012-07-03 124264]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-06-21 84248]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-06-21 181912]
S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2013-07-23 283136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-08-01 182184]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-09-23 164200]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-09-23 1258856]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-27 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-06-21 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-27 116648]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
[/log]

 

INFO

[log] 

info.txt logfile of random's system information tool 1.09 2013-10-05 12:31:34

======Uninstall list======

-->MsiExec /X{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"D:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_8_800_168_Plugin.exe -maintain plugin
Adobe Reader XI (11.0.03) - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-AB0000000001}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
Aktualizacja dla systemu Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB2661254-v2)-->"C:\WINDOWS\$NtUninstallKB2661254-v2$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB2736233)-->"C:\WINDOWS\$NtUninstallKB2736233$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB2749655)-->"C:\WINDOWS\$NtUninstallKB2749655$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB2863058)-->"C:\WINDOWS\$NtUninstallKB2863058$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Aktualizacja dla systemu Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB2834903)-->"C:\WINDOWS\$NtUninstallKB2834903_WM10L$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB2834904)-->"C:\WINDOWS\$NtUninstallKB2834904_WM11$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB2834904-v2)-->"C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2744842)-->"C:\WINDOWS\ie8updates\KB2744842-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2761465)-->"C:\WINDOWS\ie8updates\KB2761465-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2792100)-->"C:\WINDOWS\ie8updates\KB2792100-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2797052)-->"C:\WINDOWS\ie8updates\KB2797052-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2799329)-->"C:\WINDOWS\ie8updates\KB2799329-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2809289)-->"C:\WINDOWS\ie8updates\KB2809289-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2817183)-->"C:\WINDOWS\ie8updates\KB2817183-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2829530)-->"C:\WINDOWS\ie8updates\KB2829530-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2838727)-->"C:\WINDOWS\ie8updates\KB2838727-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2846071)-->"C:\WINDOWS\ie8updates\KB2846071-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2847204)-->"C:\WINDOWS\ie8updates\KB2847204-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2862772)-->"C:\WINDOWS\ie8updates\KB2862772-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2870699)-->"C:\WINDOWS\ie8updates\KB2870699-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2510581)-->"C:\WINDOWS\$NtUninstallKB2510581$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2544521)-->"C:\WINDOWS\$NtUninstallKB2544521$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2655992)-->"C:\WINDOWS\$NtUninstallKB2655992$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2691442)-->"C:\WINDOWS\$NtUninstallKB2691442$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2698365)-->"C:\WINDOWS\$NtUninstallKB2698365$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2705219-v2)-->"C:\WINDOWS\$NtUninstallKB2705219-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2712808)-->"C:\WINDOWS\$NtUninstallKB2712808$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2719985)-->"C:\WINDOWS\$NtUninstallKB2719985$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2723135-v2)-->"C:\WINDOWS\$NtUninstallKB2723135-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2724197)-->"C:\WINDOWS\$NtUninstallKB2724197$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2727528)-->"C:\WINDOWS\$NtUninstallKB2727528$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2753842-v2)-->"C:\WINDOWS\$NtUninstallKB2753842-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2757638)-->"C:\WINDOWS\$NtUninstallKB2757638$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2758857)-->"C:\WINDOWS\$NtUninstallKB2758857$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2761465)-->"C:\WINDOWS\$NtUninstallKB2761465$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2770660)-->"C:\WINDOWS\$NtUninstallKB2770660$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2778344)-->"C:\WINDOWS\$NtUninstallKB2778344$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2779030)-->"C:\WINDOWS\$NtUninstallKB2779030$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2780091)-->"C:\WINDOWS\$NtUninstallKB2780091$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2799494)-->"C:\WINDOWS\$NtUninstallKB2799494$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2802968)-->"C:\WINDOWS\$NtUninstallKB2802968$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2807986)-->"C:\WINDOWS\$NtUninstallKB2807986$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2808735)-->"C:\WINDOWS\$NtUninstallKB2808735$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2813170)-->"C:\WINDOWS\$NtUninstallKB2813170$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2813345)-->"C:\WINDOWS\$NtUninstallKB2813345$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2820197)-->"C:\WINDOWS\$NtUninstallKB2820197$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2820917)-->"C:\WINDOWS\$NtUninstallKB2820917$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2829361)-->"C:\WINDOWS\$NtUninstallKB2829361$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2834886)-->"C:\WINDOWS\$NtUninstallKB2834886$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2839229)-->"C:\WINDOWS\$NtUninstallKB2839229$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2845187)-->"C:\WINDOWS\$NtUninstallKB2845187$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2849470)-->"C:\WINDOWS\$NtUninstallKB2849470$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2850851)-->"C:\WINDOWS\$NtUninstallKB2850851$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2850869)-->"C:\WINDOWS\$NtUninstallKB2850869$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2859537)-->"C:\WINDOWS\$NtUninstallKB2859537$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2864063)-->"C:\WINDOWS\$NtUninstallKB2864063$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2876217)-->"C:\WINDOWS\$NtUninstallKB2876217$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2876315)-->"C:\WINDOWS\$NtUninstallKB2876315$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla systemu Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Aktualizacja zabezpieczeń dla Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aktualizacje NVIDIA 1.10.8-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update
AVG 2013-->"C:\Program Files\AVG\AVG2013\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2013-->MsiExec.exe /I{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}
AVG 2013-->MsiExec.exe /I{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}\Setup.exe" -runfromtemp -l0x0015 Brunin03.dll -removeonly
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools Lite-->D:\Program Files\DAEMON Tools Lite\uninst.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\30.0.1599.69\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Heroes of Might and Magic III - Złota Edycja-->"D:\Program Files\Heroes of Might and Magic III - Zlota Edycja\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java 7 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF}
K-Lite Codec Pack 9.6.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Mozilla Thunderbird 17.0.8 (x86 pl)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NapiProjekt (2.1.1.2314)-->"C:\Program Files\NapiProjekt\unins000.exe"
Nero 9 Essentials-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000"
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
NVIDIA nView 136.28-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NView
NVIDIA Oprogramowanie systemu PhysX 9.12.0604-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA PhysX-->MsiExec.exe /X{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}
NVIDIA Sterownik dźwięku HD 1.3.18.0-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA Sterownik graficzny 306.81-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
OpenOffice.org 3.3-->MsiExec.exe /I{0141D498-16DA-4221-A529-1D7A64BE8B05}
Opera 12.16-->"C:\Program Files\Opera\Opera.exe" /uninstall
Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_618EA050DAEAC55E2156257D6C6282397D4DF013\amdk8.inf
Poprawka dla systemu Windows XP (KB2779562)-->"C:\WINDOWS\$NtUninstallKB2779562$\spuninst\spuninst.exe"
Poprawka dla systemu Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Poprawka dla systemu Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x15 -removeonly
Samsung Kies-->"C:\Program Files\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Samsung Kies-->MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A}
SAMSUNG USB Driver for Mobile Phones-->D:\Program Files\USB Drivers\Uninstall.exe
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {939AF4BC-EC42-38D1-AE82-91D4A7ED8911} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8433C01-319F-3370-850E-87C35496299A} /qb+ REBOOTPROMPT=""
Skype™ 6.6-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
System Requirements Lab (Test)-->MsiExec.exe /I{9BFD3F1F-E5FD-4358-988F-FC9A9446286D}
System Requirements Lab CYRI-->MsiExec.exe /I{E362724E-9320-4946-AF34-874E7B6B2927}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Winamp-->"D:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR 4.20 (32-bitowy)-->C:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: DOM
Event Code: 6005
Message: Uruchomiono usługę Dziennik zdarzeń.

Record Number: 17578
Source Name: EventLog
Time Written: 20130911082253.000000+120
Event Type: informacje
User:

Computer Name: DOM
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Dodatek Service Pack 3 Uniprocessor Free.

Record Number: 17577
Source Name: EventLog
Time Written: 20130911082253.000000+120
Event Type: informacje
User:

Computer Name: DOM
Event Code: 6006
Message: Zatrzymano usługę Dziennik zdarzeń.

Record Number: 17576
Source Name: EventLog
Time Written: 20130910233359.000000+120
Event Type: informacje
User:

Computer Name: DOM
Event Code: 7036
Message: Usługa Adobe Flash Player Update Service weszła w stan zatrzymania.

Record Number: 17575
Source Name: Service Control Manager
Time Written: 20130910224105.000000+120
Event Type: informacje
User:

Computer Name: DOM
Event Code: 7036
Message: Usługa Adobe Flash Player Update Service weszła w stan uruchomienia.

Record Number: 17574
Source Name: Service Control Manager
Time Written: 20130910224101.000000+120
Event Type: informacje
User:

=====Application event log=====

Computer Name: DOM
Event Code: 1004
Message: Użytkownik zaakceptował Umowę Licencyjną Użytkownika Oprogramowania (EULA).

Record Number: 4565
Source Name: WgaSetup
Time Written: 20130514071424.000000+120
Event Type: informacje
User:

Computer Name: DOM
Event Code: 1002
Message: Starting interactive setup.

Record Number: 4564
Source Name: WgaSetup
Time Written: 20130514071423.000000+120
Event Type: informacje
User:

Computer Name: DOM
Event Code: 1006
Message: Umowa Licencyjna Użytkownika Oprogramowania (EULA) została wcześniej zaakceptowana.

Record Number: 4563
Source Name: WgaSetup
Time Written: 20130514071423.000000+120
Event Type: informacje
User:

Computer Name: DOM
Event Code: 903
Message:
Record Number: 4562
Source Name: Office Software Protection Platform Service
Time Written: 20130513230801.000000+120
Event Type:
User:

Computer Name: DOM
Event Code: 1003
Message:
Record Number: 4561
Source Name: Office Software Protection Platform Service
Time Written: 20130513172758.000000+120
Event Type: informacje
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=5f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
[/log]

Natsuki Kuga
komentarz
komentarz

Poniżej podany skrypt usunie infekcję i wyłączy niepotrzebne programy z autostartu, czyli nie będą włączać się przy starcie systemu (sterownik od drukarki, update Javy, Samsung Kies, Spotify Web Helper)

1. Do OTL w okno Własne opcje skanowania/Skrypt wklej:


:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goo...098&lg=EN&cc=PL
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.goo...ts.info/?l=1&q={searchTerms}&pid=34&r=2013/02/02&hid=4237285098&lg=EN&cc=PL
IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-se...119357&tsp=4991
IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=D89D00241D107220&affID=119357&tsp=4991
IE - HKU\S-1-5-21-1482476501-1078081533-839522115-1003\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.goo...ts.info/?l=1&q={searchTerms}&pid=34&r=2013/02/02&hid=4237285098&lg=EN&cc=PL
O3 - HKLM\..\Toolbar: (SweetIM Toolbar) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O4 - HKU\S-1-5-21-1482476501-1078081533-839522115-1003..\Run: [AVG-Secure-Search-Update_0913b] C:\Documents and Settings\Admin\Dane aplikacji\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid f24ebc066d994aef88a35df57bbede91-0bb1c7f1eb36951b539addb6694f0f009f51487b --CMPID 0913b File not found

:Files
C:\Documents and Settings\Admin\Dane aplikacji\Babylon
C:\Documents and Settings\All Users\Dane aplikacji\Babylon
C:\Documents and Settings\All Users\Dane aplikacji\Browse2save
C:\Program Files\SweetIM\Toolbars

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"=-
"ControlCenter3"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"KiesTrayAgent"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"=-
"KiesPreload"=-
"KiesAirMessage"=-

Kliknij Wykonaj skrypt, pokaż raport.

2. Użyj AdwCleaner z opcji Usuń. Pokaż raport.

3. Podłącz wszystkie pamięci przenośne jakie posiadasz i użyj USBFix z opcji Research. Pokaż raport.

4. Pokaż nowe logi z OTL + log z Gmer: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/

 

  • Dobra wypowiedź 1
danny889
komentarz
komentarz (edytowane)

1. Raport

 

[log] 

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1482476501-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1482476501-1078081533-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1482476501-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913b deleted successfully.
========== FILES ==========
C:\Documents and Settings\Admin\Dane aplikacji\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\Browse2save folder moved successfully.
File\Folder C:\Program Files\SweetIM\Toolbars not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BrMfcWnd deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ControlCenter3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KiesTrayAgent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify Web Helper deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesPreload deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesAirMessage deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10072013_135515 [/log]

 

2. Raport

 

[log] 

# AdwCleaner v3.006 - Report created 07/10/2013 at 13:57:15
# Updated 01/10/2013 by Xplode
# Operating System : Microsoft Windows XP Dodatek Service Pack 3 (32 bits)
# Username : Admin - DOM
# Running from : C:\Documents and Settings\Admin\Pulpit\skan\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\Admin\Dane aplikacji\SendSpace
Folder Found C:\Documents and Settings\All Users\Dane aplikacji\RightClick
Folder Found C:\Program Files\Yontoo

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Delta
Key Found : HKLM\SOFTWARE\fed78db33dbe41
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v30.0.1599.69

[ File : C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4155 octets] - [07/10/2013 13:57:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4215 octets] ##########

 

[/log]

 

3. Raport

 

[log] 

############################## | UsbFix V 7.143 | [Research]

User: Admin (Administrator) # DOM
Updated 05/10/2013 by El Desaparecido - Team SosVirus
Started at 13:59:58 | 07/10/2013

Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: Gigabyte Technology Co., Ltd. (M61PME-S2)
CPU: AMD Athlon(tm) 64 Processor 3500+
RAM -> [Total : 1023 | Free : 328]
Bios: Award Software International, Inc.
Boot: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 49 Gb (23 Mb free - 48%) [] # NTFS
D:\ -> Fixed drive # 100 Gb (76 Mb free - 76%) [] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
I:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [KINGSTON] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (ID 660 |ParentID 4)
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (ID 716 |ParentID 700)
C:\Program Files\AVG\AVG2013\avgcsrvx.exe (ID 764 |ParentID 716)
C:\WINDOWS\system32\winlogon.exe (ID 980 |ParentID 660)
C:\WINDOWS\system32\services.exe (ID 1028 |ParentID 980)
C:\WINDOWS\system32\lsass.exe (ID 1040 |ParentID 980)
C:\WINDOWS\system32\svchost.exe (ID 1200 |ParentID 1028)
C:\WINDOWS\System32\svchost.exe (ID 1400 |ParentID 1028)
C:\WINDOWS\system32\svchost.exe (ID 1432 |ParentID 1028)
C:\WINDOWS\Explorer.EXE (ID 1892 |ParentID 1872)
C:\WINDOWS\system32\spoolsv.exe (ID 1928 |ParentID 1028)
C:\WINDOWS\RTHDCPL.EXE (ID 532 |ParentID 1892)
C:\WINDOWS\system32\RunDLL32.exe (ID 948 |ParentID 1892)
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (ID 1360 |ParentID 1892)
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (ID 1596 |ParentID 1892)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID 1584 |ParentID 1892)
C:\Program Files\AVG\AVG2013\avgui.exe (ID 1684 |ParentID 1892)
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (ID 1724 |ParentID 1420)
D:\Program Files\Kies\KiesTrayAgent.exe (ID 1712 |ParentID 1892)
C:\Program Files\AVG\AVG2013\avgidsagent.exe (ID 1820 |ParentID 1028)
C:\WINDOWS\system32\ctfmon.exe (ID 2012 |ParentID 1892)
C:\Documents and Settings\Admin\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe (ID 2040 |ParentID 1892)
D:\Program Files\Kies\Kies.exe (ID 224 |ParentID 1892)
C:\Program Files\AVG\AVG2013\avgwdsvc.exe (ID 260 |ParentID 1028)
D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe (ID 336 |ParentID 1892)
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (ID 832 |ParentID 1360)
C:\Program Files\Java\jre7\bin\jqs.exe (ID 1960 |ParentID 1028)
C:\Program Files\OpenOffice.org 3\program\soffice.exe (ID 1848 |ParentID 1500)
C:\Program Files\OpenOffice.org 3\program\soffice.bin (ID 2648 |ParentID 1848)
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (ID 2840 |ParentID 1028)
C:\WINDOWS\system32\nvsvc32.exe (ID 3744 |ParentID 1028)
C:\Program Files\AVG\AVG2013\avgnsx.exe (ID 2556 |ParentID 260)
C:\Program Files\AVG\AVG2013\avgemcx.exe (ID 2880 |ParentID 260)
C:\WINDOWS\system32\svchost.exe (ID 2976 |ParentID 1028)
C:\WINDOWS\System32\svchost.exe (ID 3476 |ParentID 1028)
C:\WINDOWS\system32\wuauclt.exe (ID 1088 |ParentID 1400)
C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe (ID 3616 |ParentID 1892)
C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe (ID 3324 |ParentID 3616)
C:\Program Files\Opera\Opera.exe (ID 3032 |ParentID 1892)
C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe (ID 3552 |ParentID 3616)
D:\Program Files\uTorrent\uTorrent.exe (ID 1968 |ParentID 3032)
C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe (ID 360 |ParentID 3324)
C:\UsbFix\Go.exe (ID 1020 |ParentID 1044)

################## | Regedit Run |

HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
HKLM\SOFTWARE | Run : [SkyTel] - SkyTel.EXE
HKLM\SOFTWARE | Run : [Alcmtr] - ALCMTR.EXE
HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\SOFTWARE | Run : [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE | Run : [] - D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-1482476501-1078081533-839522115-1004\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE

################## | Files # Infected Folders |

Found ! C:\Recycler\S-1-5-21-1482476501-1078081533-839522115-1003
Found ! D:\Recycler\S-1-5-21-1482476501-1078081533-839522115-1003

################## | Registry |

HKCU\.\.\.\.\Explorer\MountPoints2\{de2d6ce6-476d-11e2-b84a-00241d107220}
Shell\AutoRun\Command = G:\__eego\eego.exe
Shell\verb0\Command = G:\__eego\eego.exe



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net | [/log]

 

4. Logi 

 

OTL

 

[log] 

OTL logfile created on: 2013-10-07 14:21:09 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Pulpit\skan
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,48 Mb Total Physical Memory | 157,28 Mb Available Physical Memory | 15,37% Memory free
2,40 Gb Paging File | 1,63 Gb Available in Paging File | 67,62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 23,46 Gb Free Space | 48,05% Space Free | Partition Type: NTFS
Drive D: | 100,21 Gb Total Space | 75,73 Gb Free Space | 75,57% Space Free | Partition Type: NTFS

Computer Name: DOM | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-10-05 12:07:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\skan\OTL.exe
PRC - [2013-09-04 12:35:15 | 000,076,352 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe
PRC - [2013-09-04 12:35:09 | 004,009,024 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe
PRC - [2013-09-04 12:35:08 | 000,132,160 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe
PRC - [2013-08-15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013-08-01 13:08:00 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013-08-01 13:03:26 | 000,879,456 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2013-07-26 21:43:52 | 000,844,656 | ---- | M] (Samsung) -- D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013-07-23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013-07-10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013-07-04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013-07-04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013-07-04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013-04-19 13:17:32 | 003,402,304 | ---- | M] (GG Network S.A.) -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe
PRC - [2013-03-18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012-09-23 16:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011-01-17 19:01:46 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011-01-17 19:01:46 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009-07-20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008-04-14 23:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013-09-12 09:41:41 | 016,177,544 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013-09-04 12:35:11 | 003,048,960 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\mozjs.dll
MOD - [2013-09-04 12:35:02 | 016,166,248 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll
MOD - [2012-12-19 11:58:20 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\zlib1.dll
MOD - [2012-12-16 11:30:24 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008-04-14 23:50:38 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013-09-19 19:41:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-08-01 13:08:00 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013-07-23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013-07-04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-06-21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-09-23 16:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2009-07-20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013-10-07 14:14:06 | 000,324,096 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2013-09-10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013-09-05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013-07-20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013-07-20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013-07-20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013-07-20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013-07-01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013-06-21 02:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013-06-21 02:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013-03-21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012-12-26 14:51:21 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-12-15 15:04:10 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012-07-03 17:25:19 | 000,124,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2007-07-18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006-11-27 17:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-11-27 17:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-10-18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006-06-19 00:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013-08-17 10:34:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2013-01-12 14:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions
[2013-08-31 23:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: Dokumenty Google = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKCU..\Run: [] D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3


O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72543206-BEBF-4EB1-BB8B-FFFC5DB6F30D}: DhcpNameServer = 8.8.8.8 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-12-15 13:37:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013-09-02 20:31:14 | 000,444,754 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
O33 - MountPoints2\{de2d6ce6-476d-11e2-b84a-00241d107220}\Shell\AutoRun\command - "" = G:\__eego\eego.exe
O33 - MountPoints2\{de2d6ce6-476d-11e2-b84a-00241d107220}\Shell\verb0\command - "" = G:\__eego\eego.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-10-07 14:14:05 | 000,324,096 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2013-10-07 13:59:45 | 000,000,000 | ---D | C] -- C:\UsbFix
[2013-10-07 13:56:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013-10-07 13:55:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-10-05 12:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013-10-05 12:31:21 | 000,000,000 | ---D | C] -- C:\rsit
[2013-10-05 12:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Pulpit\skan
[2013-10-04 19:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\GIGABYTE
[2013-09-27 20:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome
[2013-09-27 20:27:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Deployment
[2013-09-15 22:13:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2013-09-15 14:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013-09-13 16:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\CrashDump
[2013-09-13 09:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\AVG
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[290 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-10-07 14:17:59 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013-10-07 14:17:38 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-10-07 14:17:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013-10-07 14:12:24 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\SosVirus On Facebook.lnk
[2013-10-07 14:12:24 | 000,001,777 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\UsbFix Faire un Don.lnk
[2013-10-07 14:12:24 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\SosVirus Forum.lnk
[2013-10-07 13:41:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013-10-07 13:33:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-10-07 10:11:35 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2013-10-05 11:43:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
[2013-10-05 11:16:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013-10-01 11:11:08 | 001,332,868 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20131001_111106.jpg
[2013-10-01 11:10:48 | 001,345,619 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20131001_111047.jpg
[2013-10-01 11:08:26 | 001,306,389 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\20131001_110827.jpg
[2013-09-28 09:59:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2013-09-25 10:39:56 | 000,143,399 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Faktura VAT nr FS-78480_13_L.pdf
[2013-09-21 14:43:34 | 061,765,253 | ---- | M] () -- C:\Documents and Settings\Admin\Pulpit\Vademecum Matematyka - Matura Rozszerzona Operon 2010.pdf
[2013-09-19 19:41:35 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013-09-19 19:41:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013-09-13 09:54:54 | 000,220,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013-09-13 09:35:27 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG 2013.lnk
[2013-09-10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[290 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-10-07 14:12:24 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\SosVirus On Facebook.lnk
[2013-10-07 14:12:24 | 000,001,777 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\UsbFix Faire un Don.lnk
[2013-10-07 14:12:24 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\SosVirus Forum.lnk
[2013-10-07 10:56:46 | 001,332,868 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20131001_111106.jpg
[2013-10-07 10:56:44 | 001,345,619 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20131001_111047.jpg
[2013-10-07 10:56:42 | 001,306,389 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\20131001_110827.jpg
[2013-09-27 20:29:48 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
[2013-09-27 20:28:09 | 000,001,034 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013-09-27 20:28:09 | 000,001,030 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013-09-25 10:39:55 | 000,143,399 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Faktura VAT nr FS-78480_13_L.pdf
[2013-09-21 14:41:33 | 061,765,253 | ---- | C] () -- C:\Documents and Settings\Admin\Pulpit\Vademecum Matematyka - Matura Rozszerzona Operon 2010.pdf
[2013-08-25 23:33:14 | 000,129,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2013-07-18 14:32:38 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013-07-18 14:32:34 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013-07-18 14:32:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013-07-18 14:32:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013-07-18 14:32:34 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2013-06-18 12:58:44 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Admin\Dane aplikacji\skype.ini
[2013-06-18 10:56:23 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013-01-08 17:22:32 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012-12-25 18:54:57 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-12-16 11:45:20 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-12-16 11:00:15 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012-12-16 11:00:15 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2012-12-15 15:59:09 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat
[2012-12-15 15:43:25 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012-12-15 15:43:25 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012-12-15 15:43:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012-12-15 15:43:09 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012-12-15 15:41:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-12-15 14:52:59 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012-12-15 14:48:11 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012-12-15 14:25:36 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-12-15 14:24:13 | 000,220,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-12-15 13:39:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-12-15 13:34:06 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2013-03-06 20:16:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012-10-31 13:32:21 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 12:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 23:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-08-01 12:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\AVG2013
[2013-09-03 11:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\DAEMON Tools Lite
[2012-12-25 21:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu
[2012-12-15 15:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10
[2013-10-07 14:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\GG
[2012-12-30 15:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\NapiProjekt
[2012-12-16 11:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\OpenOffice.org
[2012-12-15 15:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Opera
[2013-03-06 20:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Podatnik.info
[2013-09-13 16:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Samsung
[2013-02-02 12:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\SendSpace
[2013-06-08 16:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Spotify
[2012-12-16 13:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Thunderbird
[2013-08-01 12:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\TuneUp Software
[2013-10-07 10:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\uTorrent
[2013-08-15 15:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG2013
[2012-12-26 15:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2013-09-03 11:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FelCAD
[2012-12-15 15:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2013-01-01 17:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GG
[2013-10-04 19:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\GIGABYTE
[2013-02-08 16:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InstallMate
[2013-10-07 09:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
[2013-02-02 12:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\RightClick
[2013-08-25 17:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Samsung
[2013-09-16 13:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SystemRequirementsLab

========== Purity Check ==========



< End of report > [/log]

 

GMER

 

[log] 

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-07 15:03:32
Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\0000005b ST3160811AS rev.3.AAE 149,05GB
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\USTAWI~1\Temp\pxtdapow.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xF77D85D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xF77D8700]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xF77D8010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xF77D8300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xF77D83E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xF77D8120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xF77D8210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xF77D84D0]

---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF58A93C0, 0x843B7A, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe[556] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [C3]
.text D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe[556] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 5 Bytes JMP 7C9225C8 C:\WINDOWS\system32\ntdll.dll
.text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[2140] USER32.dll!DefWindowProcA + 11A 7E37C298 7 Bytes JMP 108B74F7 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[2140] USER32.dll!SetWindowLongA + 19 7E37C2B6 7 Bytes JMP 108B7568 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[2140] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 108BB116 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe[2140] USER32.dll!GetMenuContextHelpId + 1A 7E3B5319 7 Bytes JMP 108B4B6D C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0143E9A9 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3404] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01EB0D95 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3404] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01EB0DDD C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3404] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01443D66 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll
.text C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe[3404] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01EB0E04 C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys

---- EOF - GMER 2.1 ----

[/log]

 

 

P.S. Zauważalna poprawa po wyłączeniu zbędnych aplikacji :)

Natsuki Kuga
komentarz
komentarz

Podepnij pamięci przenośne i użyj USBFix z opcji [b]Deletion.[/b] Pokaż raport.

 

P.S. Zauważalna poprawa po wyłączeniu zbędnych aplikacji

To dobrze. :)

danny889
komentarz
komentarz

Podepnij pamięci przenośne i użyj USBFix z opcji Deletion. Pokaż raport.

 

 

 

To dobrze. :)

 

Raport:

 

[log]

############################## | UsbFix V 7.143 | [Deletion]

User: Admin (Administrator) # DOM
Updated 05/10/2013 by El Desaparecido - Team SosVirus
Started at 08:52:19 | 09/10/2013

Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/

PC: Gigabyte Technology Co., Ltd. (M61PME-S2)
CPU: AMD Athlon(tm) 64 Processor 3500+
RAM -> [Total : 1023 | Free : 179]
Bios: Award Software International, Inc.
Boot: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 49 Gb (23 Mb free - 48%) [] # NTFS
D:\ -> Fixed drive # 100 Gb (71 Mb free - 71%) [] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM
I:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [KINGSTON] # FAT32

################## | Regedit Run |

HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
HKLM\SOFTWARE | Run : [SkyTel] - SkyTel.EXE
HKLM\SOFTWARE | Run : [Alcmtr] - ALCMTR.EXE
HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\SOFTWARE | Run : [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-21-1482476501-1078081533-839522115-1003\SOFTWARE | Run : [] - D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-1482476501-1078081533-839522115-1004\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE

################## | Stopped processes |

Stopped! C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (ID 708 |ParentID 692)
Stopped! C:\Program Files\AVG\AVG2013\avgcsrvx.exe (ID 760 |ParentID 708)
Stopped! C:\WINDOWS\system32\spoolsv.exe (ID 1784 |ParentID 1024)
Stopped! C:\WINDOWS\RTHDCPL.EXE (ID 1300 |ParentID 256)
Stopped! C:\WINDOWS\system32\RunDLL32.exe (ID 1468 |ParentID 256)
Stopped! C:\Program Files\AVG\AVG2013\avgui.exe (ID 1500 |ParentID 256)
Stopped! C:\Program Files\AVG\AVG2013\avgidsagent.exe (ID 1540 |ParentID 1024)
Stopped! C:\WINDOWS\system32\ctfmon.exe (ID 1548 |ParentID 256)
Stopped! D:\Program Files\Kies\External\FirmwareUpdate\KiesPDLR.exe (ID 1620 |ParentID 256)
Stopped! C:\Program Files\AVG\AVG2013\avgwdsvc.exe (ID 300 |ParentID 1024)
Stopped! C:\Program Files\OpenOffice.org 3\program\soffice.exe (ID 356 |ParentID 1756)
Stopped! C:\Program Files\OpenOffice.org 3\program\soffice.bin (ID 164 |ParentID 356)
Stopped! C:\Program Files\Java\jre7\bin\jqs.exe (ID 348 |ParentID 1024)
Stopped! C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (ID 1640 |ParentID 1024)
Stopped! C:\WINDOWS\system32\nvsvc32.exe (ID 2568 |ParentID 1024)
Stopped! C:\Program Files\AVG\AVG2013\avgnsx.exe (ID 2864 |ParentID 300)
Stopped! C:\Program Files\AVG\AVG2013\avgemcx.exe (ID 3064 |ParentID 300)
Stopped! C:\WINDOWS\system32\wuauclt.exe (ID 2052 |ParentID 1352)
Stopped! C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe (ID 3864 |ParentID 256)
Stopped! C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe (ID 2216 |ParentID 3864)
Stopped! C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe (ID 2616 |ParentID 3864)
Stopped! C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe (ID 3244 |ParentID 2216)
Stopped! C:\Program Files\Opera\opera.exe (ID 424 |ParentID 256)
Stopped! C:\WINDOWS\system32\wuauclt.exe (ID 1992 |ParentID 1352)

################## | Files # Infected Folders |

Deleted ! C:\Recycler\S-1-5-21-1482476501-1078081533-839522115-1003
Deleted ! D:\Recycler\S-1-5-21-1482476501-1078081533-839522115-1003

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{de2d6ce6-476d-11e2-b84a-00241d107220}

################## | Listing |

[15/08/2013 - 15:34:43 | D ] C:\$AVG
[07/10/2013 - 13:57:54 | D ] C:\AdwCleaner
[15/12/2012 - 13:37:16 | N | 0] C:\AUTOEXEC.BAT
[02/09/2013 - 20:31:14 | N | 444754] C:\AutoMapaSetupLog.txt
[17/06/2013 - 17:50:24 | N | 257] C:\boot.ini
[22/07/2001 - 02:13:54 | N | 4952] C:\Bootfont.bin
[15/12/2012 - 13:37:16 | N | 0] C:\CONFIG.SYS
[15/12/2012 - 14:53:04 | N | 206] C:\csb.log
[15/12/2012 - 15:44:24 | D ] C:\Documents and Settings
[04/04/2013 - 15:35:36 | D ] C:\found.000
[15/12/2012 - 13:37:16 | N | 0] C:\IO.SYS
[15/12/2012 - 13:37:16 | N | 0] C:\MSDOS.SYS
[03/08/2004 - 22:38:34 | N | 47564] C:\NTDETECT.COM
[06/01/2013 - 21:14:49 | N | 251152] C:\ntldr
[09/10/2013 - 08:49:22 | ASH | 1610612736] C:\pagefile.sys
[31/08/2013 - 22:50:52 | D ] C:\Plytki
[05/10/2013 - 12:31:23 | D ] C:\Program Files
[09/10/2013 - 09:06:27 | SHD ] C:\RECYCLER
[15/12/2012 - 14:53:04 | N | 423] C:\RHDSetup.log
[05/10/2013 - 12:31:34 | D ] C:\rsit
[15/12/2012 - 13:40:59 | SHD ] C:\System Volume Information
[09/10/2013 - 09:06:27 | D ] C:\UsbFix
[09/10/2013 - 09:07:02 | A | 5699] C:\UsbFix [Clean 1] DOM.txt
[07/10/2013 - 14:10:52 | N | 5809] C:\UsbFix [Scan 1] DOM.txt
[07/10/2013 - 10:53:36 | D ] C:\WINDOWS
[07/10/2013 - 13:55:15 | D ] C:\_OTL
[26/09/2013 - 21:05:17 | D ] D:\dokumenty
[08/10/2013 - 12:23:18 | D ] D:\Download
[05/08/2013 - 22:56:45 | D ] D:\foto
[25/04/2011 - 19:26:13 | D ] D:\HOMM3PL
[08/02/2013 - 19:08:22 | D ] D:\msdownld.tmp
[02/09/2013 - 10:11:45 | D ] D:\Program Files
[09/10/2013 - 09:06:27 | SHD ] D:\RECYCLER
[04/09/2013 - 12:40:48 | D ] D:\SS
[15/12/2012 - 14:50:46 | SHD ] D:\System Volume Information
[08/03/2013 - 14:57:46 | RASH | 16384] D:\Thumbs.db

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
[/log]

Natsuki Kuga
komentarz
komentarz

Pokaż teraz nowy log z OTL.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.