Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RAT + General infection cleanup on


  • This topic is locked This topic is locked
16 replies to this topic

#1 shival

shival

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 24 June 2014 - 05:45 PM

Goodmorning Bleepingcomputer.com.

This time its not a false-positive alarm!

Its my friend computer. It was full of viruses. But they were pretty easy to get rid off.

While disarming keylogger, I discovered that this person should no longer be my friend (Sorry, but who wouldnt check messagess with a third side, which is a enemy of mine and friend of my now ex-friend), but because Im a honorable (and drunk) bastard I decided to help her cleanup to the end. Im sorry for asking for help in such a petty case, but;

1. Im heartbroken but I promised to help

2. You will surely do it better than me

As you already have my firstborn son, this time Im going to give you my best cattle and 9001 yards of land.

 

She haves RAT for sure, we once ran teamviever remote admin and something started moving mouse (and it wasnt her for sure)

 

Majority of Infecions was already deleted with dr web, tdss killer, rogue killer. But still there is something. Please, help. I dont want that stupid [sigh] run into more trouble.

 

 

DDS Latest

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by robert chciuk at 23:52:16 on 2014-06-24
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3067.1579 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r211990\stacsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DigitalPersona\Bin\dpagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\blueconnect\DataCardMonitor.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\KiesAirMessage.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\screenSHU\screenSHU.exe
C:\Program Files\YDP\YdpDict\Watch.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Opera\22.0.1471.70\opera.exe
C:\Program Files\Opera\22.0.1471.70\opera_crashreporter.exe
C:\Program Files\Opera\22.0.1471.70\opera.exe
C:\Program Files\Opera\22.0.1471.70\opera.exe
C:\Program Files\Opera\22.0.1471.70\opera.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Documents and Settings\Robert Chciuk\Moje dokumenty\aswMBR.exe
C:\Program Files\Opera\22.0.1471.70\opera.exe
C:\Program Files\Opera\22.0.1471.70\opera.exe
C:\Documents and Settings\All Users\Dane aplikacji\rvlkl\rvlkl.exe
C:\Program Files\Jitsi\Jitsi.exe
C:\Program Files\Jitsi\Jitsi.exe
C:\Program Files\Opera\22.0.1471.70\opera.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Opera\22.0.1471.70\opera.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gazeta.pl/0,0.html?p=180&d=20140615
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gazeta.pl/0,0.html?p=180&d=20140615
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Winamp Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\winamp toolbar\winamptb.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - c:\program files\winamp toolbar\winamptb.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DigitalPersona Fingerprint Software Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: QUICKfind BHO Object: {C08DF07A-3E49-4E25-9AB0-D3882835F153} - c:\program files\textware\quickfind\plugins\IEHelp.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.16.16\bh\delta.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.16.16\deltaTlbr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [ALLUpdate] "c:\program files\allplayer\ALLUpdate.exe" "sleep"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [HP Deskjet 3520 series (NET)] "c:\program files\hp\hp deskjet 3520 series\bin\ScanToPCActivationApp.exe" -deviceID "CN3591C8GB05SZ:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
uRun: [screenSHU] "c:\program files\screenshu\screenSHU.exe" --hidden
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [DataCardMonitor] c:\program files\blueconnect\DataCardMonitor.exe
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\playmemories home\PMBVolumeWatcher.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\aktywa~1.lnk - c:\program files\ydp\ydpdict\Watch.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\philip~1.lnk - c:\program files\philips\gogear sa018 device manager\GoGear_SA018_DeviceManager.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Winamp Search - c:\documents and settings\all users\dane aplikacji\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\robert chciuk\menu start\programy\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259239979811
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259240065280
TCP: NameServer = 192.168.168.254 80.48.136.251
TCP: Interfaces\{5F8D5C6D-9122-47C7-9944-6D7E7CFE96BE} : DHCPNameServer = 192.168.168.254 80.48.136.251
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - c:\windows\system32\textwareilluminatorbaseProtocol.dll
Notify: DPWLN   - c:\program files\digitalpersona\bin\DPWLEvHd.dll
AppInit_DLLs= c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{c16c1~1\bitguard.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages =  scecli DPPWDFLT
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\robert chciuk\dane aplikacji\mozilla\firefox\profiles\u9564br6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/0,0.html?p=180&d=20140615
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-11 96408]
R2 DCService.exe;DCService.exe;c:\documents and settings\all users\dane aplikacji\datacardservice\DCService.exe [2010-8-19 229376]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\playmemories home\PMBDeviceInfoProvider.exe [2012-2-15 459832]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-6-23 5037888]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-3 112512]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-2-10 63616]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-11-3 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-11-3 41760]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-11-3 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-11-3 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-11-3 235840]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S3 CEUD;CEUD;c:\docume~1\robert~1\ustawi~1\temp\CEUD.exe [2014-6-15 523136]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-12-12 83168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-2-10 101504]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys [2011-2-10 7552]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2011-2-10 69504]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-6-23 54232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-6-23 113880]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-12-12 181344]
S3 YHH;YHH;c:\docume~1\robert~1\ustawi~1\temp\YHH.exe [2014-6-15 527232]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-23 17:59:55    --------    d-----w-    c:\documents and settings\robert chciuk\dane aplikacji\TeamViewer
2014-06-23 17:59:43    --------    d-----w-    c:\program files\TeamViewer
2014-06-23 16:23:20    --------    d-----w-    c:\documents and settings\all users\dane aplikacji\Malwarebytes
2014-06-23 16:22:58    --------    d-----w-    c:\documents and settings\all users\dane aplikacji\Malwarebytes' Anti-Malware (portable)
2014-06-23 16:22:57    113880    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-23 16:18:17    54232    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-22 12:05:20    --------    d-----w-    c:\documents and settings\robert chciuk\ustawienia lokalne\dane aplikacji\Ubisoft Game Launcher
2014-06-22 12:05:15    --------    d-----w-    c:\documents and settings\robert chciuk\dane aplikacji\Might & Magic Heroes VI
2014-06-21 21:38:48    --------    d-sh--w-    C:\found.000
2014-06-19 21:17:39    26624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-06-19 21:17:39    --------    d-----w-    C:\Documents
2014-06-19 21:17:33    --------    d-----w-    c:\documents and settings\all users\dane aplikacji\RogueKiller
2014-06-15 16:41:04    --------    d-----w-    c:\documents and settings\robert chciuk\Doctor Web
2014-06-15 16:28:15    --------    d-s---w-    C:\ComboFix
2014-06-15 10:13:33    --------    d-----w-    c:\documents and settings\all users\dane aplikacji\rvlkl
2014-06-14 13:39:31    --------    d-----w-    c:\program files\McAfee Security Scan
2014-06-03 14:58:57    --------    d-----w-    c:\documents and settings\robert chciuk\ustawienia lokalne\dane aplikacji\screenSHU
2014-06-03 14:58:12    --------    d-----w-    c:\program files\screenSHU
.
==================== Find3M  ====================
.
2014-05-21 13:59:14    231760    ----a-w-    c:\windows\system32\drivers\truecrypt.sys
2014-04-09 20:20:50    33608    ----a-w-    c:\windows\system32\drivers\tap0901.sys
2014-03-31 20:46:48    130712    ----a-w-    c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46:48    1070232    ----a-w-    c:\windows\system32\MSCOMCTL.OCX
.
============= FINISH: 23:53:02,50 ===============

 

Rogue Killer First Scan
RogueKiller V9.0.3.0 [Jun 17 2014] od Adlice Software
mail : http://www.adlice.com/contact/
Dodaj opinię : http://forum.adlice.com
Strona internetowa : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

System Operacyjny : Windows XP (5.1.2600 Dodatek Service Pack 3) 32 bits version
Uruchomiono z : Tryb normalny
Użytkownik : Robert Chciuk [Uprawnienia Administratora]
Tryb : Skanuj -- Data : 06/19/2014  23:54:23

¤¤¤ Szkodliwe procesy : 4 ¤¤¤
[Suspicious.Path] OEM13Mon.exe -- C:\WINDOWS\OEM13Mon.exe[7] -> ZAKOŃCZONO [TermProc]
[Suspicious.Path] 5krze6ec.exe -- c:\documents and settings\robert chciuk\ustawienia lokalne\temp\5F10AEE2-86F35936-434D954E-B1E9D34E\5krze6ec.exe[x] -> ZAKOŃCZONO [TermThr]
[Suspicious.Path] jfe0n1uk.exe -- c:\documents and settings\robert chciuk\ustawienia lokalne\temp\5F10AEE2-86F35936-434D954E-B1E9D34E\jfe0n1uk.exe[x] -> ZAKOŃCZONO [TermThr]
[Suspicious.Path] io9gml51.exe -- c:\documents and settings\robert chciuk\ustawienia lokalne\temp\5F10AEE2-86F35936-434D954E-B1E9D34E\io9gml51.exe[x] -> ZAKOŃCZONO [TermThr]

¤¤¤ Wpisy w Rejestrze : 15 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | OEM13Mon.exe : C:\WINDOWS\OEM13Mon.exe  -> ZNALEZIONO
[Suspicious.Path] HKEY_USERS\S-1-5-21-3699752211-3086036438-1984491010-1005\Software\Microsoft\Windows\CurrentVersion\Run | NVIDIA driver monitor : c:\windows\nvsvc32.exe  -> ZNALEZIONO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CEUD -> ZNALEZIONO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\YHH -> ZNALEZIONO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CEUD -> ZNALEZIONO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\YHH -> ZNALEZIONO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CEUD -> ZNALEZIONO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\YHH -> ZNALEZIONO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.168.254 192.168.0.1  -> ZNALEZIONO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.168.254 192.168.0.1  -> ZNALEZIONO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5F8D5C6D-9122-47C7-9944-6D7E7CFE96BE} | DhcpNameServer : 192.168.168.254 192.168.0.1  -> ZNALEZIONO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5F8D5C6D-9122-47C7-9944-6D7E7CFE96BE} | DhcpNameServer : 192.168.168.254 192.168.0.1  -> ZNALEZIONO
[PUM.Policies] HKEY_USERS\S-1-5-21-3699752211-3086036438-1984491010-1005\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0  -> ZNALEZIONO
[PUM.SysRestore] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1  -> ZNALEZIONO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> ZNALEZIONO

¤¤¤ Zaplanowane zadania : 1 ¤¤¤
[Suspicious.Path] EPUpdater.job -- C:\DOCUME~1\ROBERT~1\DANEAP~1\BABSOL~1\Shared\BabMaint.exe -> ZNALEZIONO

¤¤¤ Pliki : 0 ¤¤¤

¤¤¤ Plik HOSTS : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 30 ¤¤¤
[SSDT:Addr] NtAssignProcessToJobObject[19] : Unknown @ 0x89814c90
[SSDT:Addr] NtCreateSection[50] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff7d20
[SSDT:Addr] NtCreateThread[53] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff7ea4
[SSDT:Addr] NtDebugActiveProcess[57] : Unknown @ 0x89815200
[SSDT:Addr] NtDuplicateObject[68] : Unknown @ 0x898152f0
[SSDT:Addr] NtMakeTemporaryObject[105] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff7c96
[SSDT:Addr] NtOpenProcess[122] : Unknown @ 0x89814590
[SSDT:Addr] NtOpenSection[125] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff4a24
[SSDT:Addr] NtOpenThread[128] : Unknown @ 0x89814800
[SSDT:Addr] NtProtectVirtualMemory[137] : Unknown @ 0x89814fd0
[SSDT:Addr] NtQueueApcThread[180] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff7fc2
[SSDT:Addr] NtSetContextThread[213] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff80e2
[SSDT:Addr] NtSetInformationThread[229] : Unknown @ 0x89814d90
[SSDT:Addr] NtSetSecurityObject[237] : Unknown @ 0x89811da0
[SSDT:Addr] NtSetSystemInformation[240] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff47e0
[SSDT:Addr] NtSetSystemTime[242] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff4996
[SSDT:Addr] NtSuspendProcess[253] : Unknown @ 0x89814b90
[SSDT:Addr] NtSuspendThread[254] : Unknown @ 0x89814a80
[SSDT:Addr] NtSystemDebugControl[255] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff44ba
[SSDT:Addr] NtTerminateProcess[257] : Unknown @ 0x898146e0
[SSDT:Addr] NtTerminateThread[258] : Unknown @ 0x89814a50
[SSDT:Addr] NtUnmapViewOfSection[267] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff7c08
[SSDT:Addr] NtWriteVirtualMemory[277] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff5ec2
[ShwSSDT:Addr] NtUserCallTwoParam[324] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff6b9e
[ShwSSDT:Addr] NtUserMessageCall[460] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff418a
[ShwSSDT:Addr] NtUserPostMessage[475] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff4126
[ShwSSDT:Addr] NtUserPostThreadMessage[476] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff3d62
[ShwSSDT:Addr] NtUserQueryWindow[483] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff3b62
[ShwSSDT:Addr] NtUserSendInput[502] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff6b48
[ShwSSDT:Addr] NtUserSwitchDesktop[558] : c:\documents and settings\robert chciuk\ustawienia lokalne\temp\E5CE08028.sys @ 0x9aff38e8

¤¤¤ przeglądarki internetowe : 1 ¤¤¤
[PUP][CHROME:Addon] Default : Delta Toolbar [eooncjejnppfjjklapaamhcdmjbilmde] -> ZNALEZIONO

¤¤¤ Sprawdzenie MBR : ¤¤¤
+++++ PhysicalDrive0: ST9320423ASG +++++
--- User ---
[MBR] 538a3855f66ec5e91aaaacc51d19c0ad
[BSP] 5d023283715873d5fcabf50fb62547a4 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 305204 MB
User = LL1 ... OK
User = LL2 ... OK

Rogue Killer Latest Scan

RogueKiller V9.0.3.0 [Jun 17 2014] od Adlice Software
mail : http://www.adlice.com/contact/
Dodaj opinię : http://forum.adlice.com
Strona internetowa : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

System Operacyjny : Windows XP (5.1.2600 Dodatek Service Pack 3) 32 bits version
Uruchomiono z : Tryb awaryjny
Użytkownik : Robert Chciuk [Uprawnienia Administratora]
Tryb : Skanuj -- Data : 06/24/2014  18:18:58

¤¤¤ Szkodliwe procesy : 0 ¤¤¤

¤¤¤ Wpisy w Rejestrze : 15 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CEUD -> ZNALEZIONO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\YHH -> ZNALEZIONO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CEUD -> ZNALEZIONO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\YHH -> ZNALEZIONO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CEUD -> ZNALEZIONO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\YHH -> ZNALEZIONO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.168.254 80.48.136.251  -> ZNALEZIONO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.168.254 80.48.136.251  -> ZNALEZIONO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 192.168.168.254 192.168.0.1  -> ZNALEZIONO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5F8D5C6D-9122-47C7-9944-6D7E7CFE96BE} | DhcpNameServer : 192.168.168.254 80.48.136.251  -> ZNALEZIONO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5F8D5C6D-9122-47C7-9944-6D7E7CFE96BE} | DhcpNameServer : 192.168.168.254 80.48.136.251  -> ZNALEZIONO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5F8D5C6D-9122-47C7-9944-6D7E7CFE96BE} | DhcpNameServer : 192.168.168.254 192.168.0.1  -> ZNALEZIONO
[PUM.Policies] HKEY_USERS\S-1-5-21-3699752211-3086036438-1984491010-1005\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0  -> ZNALEZIONO
[PUM.SysRestore] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1  -> ZNALEZIONO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> ZNALEZIONO

¤¤¤ Zaplanowane zadania : 0 ¤¤¤

¤¤¤ Pliki : 0 ¤¤¤

¤¤¤ Plik HOSTS : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ przeglądarki internetowe : 1 ¤¤¤
[PUP][CHROME:Addon] Default : Delta Toolbar [eooncjejnppfjjklapaamhcdmjbilmde] -> ZNALEZIONO

¤¤¤ Sprawdzenie MBR : ¤¤¤
+++++ PhysicalDrive0: ST9320423ASG +++++
--- User ---
[MBR] 538a3855f66ec5e91aaaacc51d19c0ad
[BSP] 5d023283715873d5fcabf50fb62547a4 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 305204 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_06202014_185400.log - RKreport_SCN_06192014_235423.log - RKreport_SCN_06202014_095309.log - RKreport_SCN_06202014_095730.log
RKreport_SCN_06202014_184748.log

 

DDS attach.txt in Attachment



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:48 PM

Posted 29 June 2014 - 05:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/538883 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 30 June 2014 - 10:22 AM

Steps performed so far:

there is NOD antivirus running on this computer normally

dr web scan + roguekiller scan + tdsskiller scan

 

Problems:

Slow speed, paranormal internet activity, suspicious things happening on the computer (like someone entered by remote admin tools and changed something).

 

Please tell us if you have your original Windows CD/DVD available.

sadly - no.

 

Fresh DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by Robert Chciuk at 17:05:11 on 2014-06-30
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.3067.2076 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r211990\stacsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DigitalPersona\Bin\dpagent.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\blueconnect\DataCardMonitor.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\screenSHU\screenSHU.exe
C:\Program Files\YDP\YdpDict\Watch.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gazeta.pl/0,0.html?p=180&d=20140615
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gazeta.pl/0,0.html?p=180&d=20140615
uProxyServer = hxxp=;ftp=;https=;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Winamp Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\winamp toolbar\winamptb.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - c:\program files\winamp toolbar\winamptb.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DigitalPersona Fingerprint Software Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: QUICKfind BHO Object: {C08DF07A-3E49-4E25-9AB0-D3882835F153} - c:\program files\textware\quickfind\plugins\IEHelp.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files\delta\delta\1.8.16.16\bh\delta.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files\delta\delta\1.8.16.16\deltaTlbr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.132.0\BingExt.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [ALLUpdate] "c:\program files\allplayer\ALLUpdate.exe" "sleep"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [HP Deskjet 3520 series (NET)] "c:\program files\hp\hp deskjet 3520 series\bin\ScanToPCActivationApp.exe" -deviceID "CN3591C8GB05SZ:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
uRun: [screenSHU] "c:\program files\screenshu\screenSHU.exe" --hidden
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [DataCardMonitor] c:\program files\blueconnect\DataCardMonitor.exe
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\aktywa~1.lnk - c:\program files\ydp\ydpdict\Watch.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\philip~1.lnk - c:\program files\philips\gogear sa018 device manager\GoGear_SA018_DeviceManager.exe
StartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Winamp Search - c:\documents and settings\all users\dane aplikacji\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Wyślij do urządzenia &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\robert chciuk\menu start\programy\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259239979811
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1259240065280
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - c:\windows\system32\textwareilluminatorbaseProtocol.dll
Notify: DPWLN   - c:\program files\digitalpersona\bin\DPWLEvHd.dll
AppInit_DLLs= c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{c16c1~1\bitguard.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages =  scecli DPPWDFLT
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 64.120.230.288 karachan.org
Hosts: 54.204.28.26 nikdaiaidiiiogaidkkekcmokkcgcdeac
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\robert chciuk\dane aplikacji\mozilla\firefox\profiles镤br6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl/0,0.html?p=180&d=20140615
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll
FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-11 96408]
R2 DCService.exe;DCService.exe;c:\documents and settings\all users\dane aplikacji\datacardservice\DCService.exe [2010-8-19 229376]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-3 112512]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-2-10 63616]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-11-3 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-11-3 41760]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-11-3 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-11-3 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-11-3 235840]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S3 CEUD;CEUD;c:\docume~1\robert~1\ustawi~1\temp\CEUD.exe [2014-6-15 523136]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-12-12 83168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-2-10 101504]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys [2011-2-10 7552]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2011-2-10 69504]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-6-23 54232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-6-23 113880]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-12-12 181344]
S3 YHH;YHH;c:\docume~1\robert~1\ustawi~1\temp\YHH.exe [2014-6-15 527232]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-30 14:49:20    --------    d-----w-    c:\program files\FreeHideIP
2014-06-26 10:34:30    --------    d-----w-    c:\documents and settings\robert chciuk\ustawienia lokalne\dane aplikacji\Chromium
2014-06-23 17:59:55    --------    d-----w-    c:\documents and settings\robert chciuk\dane aplikacji\TeamViewer
2014-06-23 17:59:43    --------    d-----w-    c:\program files\TeamViewer
2014-06-23 16:23:20    --------    d-----w-    c:\documents and settings\all users\dane aplikacji\Malwarebytes
2014-06-23 16:22:58    --------    d-----w-    c:\documents and settings\all users\dane aplikacji\Malwarebytes' Anti-Malware (portable)
2014-06-23 16:22:57    113880    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-23 16:18:17    54232    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-22 12:05:20    --------    d-----w-    c:\documents and settings\robert chciuk\ustawienia lokalne\dane aplikacji\Ubisoft Game Launcher
2014-06-22 12:05:15    --------    d-----w-    c:\documents and settings\robert chciuk\dane aplikacji\Might & Magic Heroes VI
2014-06-21 21:38:48    --------    d-sh--w-    C:\found.000
2014-06-19 21:17:39    26624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-06-19 21:17:39    --------    d-----w-    C:\Documents
2014-06-19 21:17:33    --------    d-----w-    c:\documents and settings\all users\dane aplikacji\RogueKiller
2014-06-15 16:41:04    --------    d-----w-    c:\documents and settings\robert chciuk\Doctor Web
2014-06-15 16:28:15    --------    d-s---w-    C:\ComboFix
2014-06-15 10:13:33    --------    d-----w-    c:\documents and settings\all users\dane aplikacji\rvlkl
2014-06-14 13:39:31    --------    d-----w-    c:\program files\McAfee Security Scan
2014-06-03 14:58:57    --------    d-----w-    c:\documents and settings\robert chciuk\ustawienia lokalne\dane aplikacji\screenSHU
2014-06-03 14:58:12    --------    d-----w-    c:\program files\screenSHU
.
==================== Find3M  ====================
.
2014-05-21 13:59:14    231760    ----a-w-    c:\windows\system32\drivers\truecrypt.sys
2014-04-09 20:20:50    33608    ----a-w-    c:\windows\system32\drivers\tap0901.sys
.
============= FINISH: 17:06:00,79 ===============


Edited by shival, 30 June 2014 - 10:28 AM.


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:48 PM

Posted 06 July 2014 - 06:57 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi shival,

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner scan log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 06 July 2014 - 09:45 AM

# AdwCleaner v3.214 - Log utworzony 06/07/2014 o 16:16:13
# Aktualizacja 29/06/2014 przez Xplode
# System operacyjny : Microsoft Windows XP Dodatek Service Pack 3 (32 bits)
# Użytkownik : Robert Chciuk - DELLRC
# Ścieżka : C:\Documents and Settings\Robert Chciuk\Moje dokumenty\AdwCleaner.exe
# Opcja : Szukaj

***** [ Usługi ] *****


***** [ Pliki / Foldery ] *****

Folder Znaleziono : C:\DOCUME~1\ROBERT~1\USTAWI~1\Temp\mt_ffx
Folder Znaleziono : C:\Documents and Settings\All Users\Dane aplikacji\Babylon
Folder Znaleziono : C:\Documents and Settings\All Users\Dane aplikacji\coiNttinueetosavoe
Folder Znaleziono : C:\Documents and Settings\All Users\Dane aplikacji\rvlkl
Folder Znaleziono : C:\Documents and Settings\All Users\Dane aplikacji\StarApp
Folder Znaleziono : C:\Documents and Settings\All Users\Dane aplikacji\Tarma Installer
Folder Znaleziono : C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
Folder Znaleziono : C:\Documents and Settings\All Users\Menu Start\goforfiles
Folder Znaleziono : C:\Documents and Settings\All Users\Menu Start\Programy\coiNttinueetosavoe
Folder Znaleziono : C:\Documents and Settings\All Users\Menu Start\Programy\Uniblue
Folder Znaleziono : C:\Documents and Settings\All Users\Menu Start\Programy\Uniblue\SpeedUpMyPC
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\BabSolution
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Babylon
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Delta
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\goforfiles
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\OpenCandy
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\PriceGong
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Solvusoft
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Uniblue
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Uniblue\SpeedUpMyPC
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Yontoo
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Menu Start\Programy\BitGuard
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Conduit
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\OpenCandy
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Softonic_Deutsch_FF
Folder Znaleziono : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Winamp Toolbar
Folder Znaleziono : C:\Program Files\Conduit
Folder Znaleziono : C:\Program Files\continuetosave
Folder Znaleziono : C:\Program Files\Delta
Folder Znaleziono : C:\Program Files\goforfiles
Folder Znaleziono : C:\Program Files\Softonic_Deutsch_FF
Folder Znaleziono : C:\Program Files\Uniblue
Folder Znaleziono : C:\Program Files\Uniblue\SpeedUpMyPC
Folder Znaleziono : C:\Program Files\Winamp Toolbar
Folder Znaleziono : C:\Program Files\Yontoo
Plik Znaleziono : C:\Documents and Settings\All Users\Pulpit\speedupmypc.lnk
Plik Znaleziono : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk
Plik Znaleziono : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\bProtector Web Data
Plik Znaleziono : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\bprotectorpreferences
Plik Znaleziono : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
Plik Znaleziono : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage
Plik Znaleziono : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage-journal
Plik Znaleziono : C:\END
Plik Znaleziono : C:\WINDOWS\system32\conduitEngine.tmp
Plik Znaleziono : C:\WINDOWS\system32\roboot.exe
Plik Znaleziono : C:\WINDOWS\Tasks\GoforFilesUpdate.job
Plik Znaleziono : C:\WINDOWS\Tasks\SpeedUpMyPC.job
Plik Znaleziono : C:\WINDOWS\Tasks\spmonitor.job

***** [ Skróty ] *****


***** [ Rejestr ] *****

Dane Znaleziono : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{c16c1~1\bitguard.dll
Klucz Znaleziono : HKCU\Software\86d9d8e13eec14
Klucz Znaleziono : HKCU\Software\AppDataLow\SProtector
Klucz Znaleziono : HKCU\Software\BABSOLUTION
Klucz Znaleziono : HKCU\Software\BabylonToolbar
Klucz Znaleziono : HKCU\Software\Conduit
Klucz Znaleziono : HKCU\Software\DataMngr
Klucz Znaleziono : HKCU\Software\DataMngr_Toolbar
Klucz Znaleziono : HKCU\Software\Delta
Klucz Znaleziono : HKCU\Software\filescout
Klucz Znaleziono : HKCU\Software\GoforFiles
Klucz Znaleziono : HKCU\Software\InstallCore
Klucz Znaleziono : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klucz Znaleziono : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klucz Znaleziono : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\GoforFiles
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8473687D-CE93-4DE2-AA88-D20FFC7583CB}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Klucz Znaleziono : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GoforFiles
Klucz Znaleziono : HKCU\Software\Myfree Codec
Klucz Znaleziono : HKCU\Software\Optimizer Pro
Klucz Znaleziono : HKCU\Software\PriceGong
Klucz Znaleziono : HKCU\Software\SmartBar
Klucz Znaleziono : HKCU\Software\Softonic
Klucz Znaleziono : HKCU\Software\Softonic_Deutsch_FF
Klucz Znaleziono : HKCU\Software\Winamp Toolbar
Klucz Znaleziono : HKCU\Software\YahooPartnerToolbar
Klucz Znaleziono : HKCU\Toolbar
Klucz Znaleziono : HKLM\SOFTWARE\86d9d8e13eec14
Klucz Znaleziono : HKLM\Software\Babylon
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Klucz Znaleziono : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{8473687D-CE93-4DE2-AA88-D20FFC7583CB}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Conduit.Engine
Klucz Znaleziono : HKLM\SOFTWARE\Classes\d
Klucz Znaleziono : HKLM\SOFTWARE\Classes\delta.deltaappCore
Klucz Znaleziono : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Klucz Znaleziono : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Klucz Znaleziono : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\escort.escortIEPane
Klucz Znaleziono : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Klucz Znaleziono : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Znaleziono : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Klucz Znaleziono : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\speedupmypc
Klucz Znaleziono : HKLM\SOFTWARE\Classes\Toolbar.CT2206084
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Klucz Znaleziono : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Klucz Znaleziono : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Klucz Znaleziono : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Klucz Znaleziono : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Klucz Znaleziono : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Klucz Znaleziono : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Klucz Znaleziono : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Klucz Znaleziono : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Klucz Znaleziono : HKLM\Software\Conduit
Klucz Znaleziono : HKLM\Software\DataMngr
Klucz Znaleziono : HKLM\Software\Delta
Klucz Znaleziono : HKLM\Software\GoforFiles
Klucz Znaleziono : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Klucz Znaleziono : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Klucz Znaleziono : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8ED04A57-1B6D-40C9-A870-CBE8E4EE33DD}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5BF8768-BA00-4E37-832C-3A16C96A206A}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_Deutsch_FF Toolbar
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8473687D-CE93-4DE2-AA88-D20FFC7583CB}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch_FF Toolbar
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_09b71135
Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Klucz Znaleziono : HKLM\Software\Myfree Codec
Klucz Znaleziono : HKLM\Software\Softonic_Deutsch_FF
Klucz Znaleziono : HKLM\Software\SP Global
Klucz Znaleziono : HKLM\Software\SProtector
Klucz Znaleziono : HKLM\Software\Tarma Installer
Klucz Znaleziono : HKLM\Software\Uniblue
Klucz Znaleziono : HKLM\Software\Uniblue\DriverScanner
Klucz Znaleziono : HKLM\Software\Uniblue\SpeedUpMyPC
Klucz Znaleziono : HKLM\Software\Winamp Toolbar
Wartość Znaleziono : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wartość Znaleziono : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wartość Znaleziono : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D81AF43-DE53-48D0-A199-42C2A226B24C}]
Wartość Znaleziono : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wartość Znaleziono : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Wartość Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Wartość Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wartość Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wartość Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Wartość Znaleziono : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\GoforFiles.exe]
Wartość Znaleziono : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\goforfilesdl.exe]

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v8.0.6001.18702

Ustawienie Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www2.delta-search.com/?affID=119294&tt=gc_050513_d9119_gc_&babsrc=NT_ss&mntrId=C0710CEEE6F10E05
Ustawienie Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs] - hxxp://www2.delta-search.com/?affID=119294&tt=gc_050513_d9119_gc_&babsrc=NT_ss&mntrId=C0710CEEE6F10E05

-\\ Mozilla Firefox v29.0.1 (en-US)

[ Plik : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Mozilla\Firefox\Profiles镤br6.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Plik : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\preferences ]

Znaleziono [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Znaleziono [Extension] : eooncjejnppfjjklapaamhcdmjbilmde

*************************

AdwCleaner[R0].txt - [21645 octets] - [06/07/2014 16:16:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [21706 octets] ##########

 



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:48 PM

Posted 06 July 2014 - 09:53 AM

Hi shival,
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner clean log
  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 06 July 2014 - 11:00 AM

# AdwCleaner v3.214 - Log utworzony 06/07/2014 o 16:56:52
# Aktualizacja 29/06/2014 przez Xplode
# System operacyjny : Microsoft Windows XP Dodatek Service Pack 3 (32 bits)
# Użytkownik : Robert Chciuk - DELLRC
# Ścieżka : C:\Documents and Settings\Robert Chciuk\Moje dokumenty\AdwCleaner.exe
# Opcja : Usuń

***** [ Usługi ] *****


***** [ Pliki / Foldery ] *****

Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\Babylon
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\rvlkl
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\StarApp
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\Tarma Installer
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\coiNttinueetosavoe
Folder Usunięto : C:\Documents and Settings\All Users\Menu Start\Programy\Uniblue
Folder Usunięto : C:\Documents and Settings\All Users\Menu Start\Programy\coiNttinueetosavoe
Folder Usunięto : C:\Program Files\Conduit
Folder Usunięto : C:\Program Files\continuetosave
Folder Usunięto : C:\Program Files\Delta
Folder Usunięto : C:\Program Files\goforfiles
Folder Usunięto : C:\Program Files\Uniblue
Folder Usunięto : C:\Program Files\Winamp Toolbar
Folder Usunięto : C:\Program Files\Yontoo
Folder Usunięto : C:\Program Files\Softonic_Deutsch_FF
Folder Usunięto : C:\DOCUME~1\ROBERT~1\USTAWI~1\Temp\mt_ffx
Folder Usunięto : C:\Documents and Settings\All Users\Menu Start\goforfiles
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Conduit
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\OpenCandy
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Winamp Toolbar
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Softonic_Deutsch_FF
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\BabSolution
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Babylon
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Delta
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\goforfiles
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\OpenCandy
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\PriceGong
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Solvusoft
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Uniblue
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Yontoo
Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Menu Start\Programy\BitGuard
[!] Folder Usunięto : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Plik Usunięto : C:\END
Plik Usunięto : C:\Documents and Settings\All Users\Pulpit\speedupmypc.lnk
Plik Usunięto : C:\WINDOWS\system32\conduitEngine.tmp
Plik Usunięto : C:\WINDOWS\system32\roboot.exe
Plik Usunięto : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk
Plik Usunięto : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\bProtector Web Data
Plik Usunięto : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\bprotectorpreferences
Plik Usunięto : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
Plik Usunięto : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage
Plik Usunięto : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage-journal
Plik Usunięto : C:\WINDOWS\Tasks\GoforFilesUpdate.job
Plik Usunięto : C:\WINDOWS\Tasks\SpeedUpMyPC.job
Plik Usunięto : C:\WINDOWS\Tasks\spmonitor.job

***** [ Skróty ] *****


***** [ Rejestr ] *****

Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Klucz Usunięto : HKCU\Toolbar
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Klucz Usunięto : HKLM\SOFTWARE\Classes\Conduit.Engine
Klucz Usunięto : HKLM\SOFTWARE\Classes\d
Klucz Usunięto : HKLM\SOFTWARE\Classes\delta.deltaappCore
Klucz Usunięto : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Klucz Usunięto : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Klucz Usunięto : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\escort.escortIEPane
Klucz Usunięto : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Klucz Usunięto : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Usunięto : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Klucz Usunięto : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\speedupmypc
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Klucz Usunięto : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Klucz Usunięto : HKCU\Software\86d9d8e13eec14
Klucz Usunięto : HKLM\SOFTWARE\86d9d8e13eec14
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_09b71135
Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT2206084
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{8473687D-CE93-4DE2-AA88-D20FFC7583CB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8473687D-CE93-4DE2-AA88-D20FFC7583CB}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8473687D-CE93-4DE2-AA88-D20FFC7583CB}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8ED04A57-1B6D-40C9-A870-CBE8E4EE33DD}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5BF8768-BA00-4E37-832C-3A16C96A206A}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D81AF43-DE53-48D0-A199-42C2A226B24C}]
Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Wartość Usunięto : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\goforfilesdl.exe]
Wartość Usunięto : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\GoforFiles\GoforFiles.exe]
Klucz Usunięto : HKCU\Software\BABSOLUTION
Klucz Usunięto : HKCU\Software\BabylonToolbar
Klucz Usunięto : HKCU\Software\Conduit
Klucz Usunięto : HKCU\Software\DataMngr
[#] Klucz Usunięto : HKCU\Software\DataMngr_Toolbar
Klucz Usunięto : HKCU\Software\Delta
Klucz Usunięto : HKCU\Software\filescout
Klucz Usunięto : HKCU\Software\GoforFiles
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKCU\Software\Myfree Codec
Klucz Usunięto : HKCU\Software\Optimizer Pro
Klucz Usunięto : HKCU\Software\PriceGong
Klucz Usunięto : HKCU\Software\SmartBar
Klucz Usunięto : HKCU\Software\Softonic
Klucz Usunięto : HKCU\Software\Winamp Toolbar
Klucz Usunięto : HKCU\Software\YahooPartnerToolbar
Klucz Usunięto : HKCU\Software\Softonic_Deutsch_FF
Klucz Usunięto : HKCU\Software\AppDataLow\SProtector
Klucz Usunięto : HKLM\Software\Babylon
Klucz Usunięto : HKLM\Software\Conduit
Klucz Usunięto : HKLM\Software\DataMngr
Klucz Usunięto : HKLM\Software\Delta
Klucz Usunięto : HKLM\Software\GoforFiles
Klucz Usunięto : HKLM\Software\Myfree Codec
Klucz Usunięto : HKLM\Software\SP Global
Klucz Usunięto : HKLM\Software\SProtector
Klucz Usunięto : HKLM\Software\Tarma Installer
Klucz Usunięto : HKLM\Software\Uniblue
Klucz Usunięto : HKLM\Software\Winamp Toolbar
Klucz Usunięto : HKLM\Software\Softonic_Deutsch_FF
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\GoforFiles
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch_FF Toolbar
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\GoforFiles
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_Deutsch_FF Toolbar
Dane Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\docume~1\alluse~1\daneap~1\bitguard\271832~1.68\{c16c1~1\bitguard.dll

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v8.0.6001.18702

Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]

-\\ Mozilla Firefox v29.0.1 (en-US)

[ Plik : C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Mozilla\Firefox\Profiles镤br6.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ Plik : C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\preferences ]

Usunięto [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&affID=119294&tt=gc_050513_d9119_gc_&babsrc=SP_ss&mntrId=C0710CEEE6F10E05
Usunięto [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Usunięto [Extension] : eooncjejnppfjjklapaamhcdmjbilmde

*************************

AdwCleaner[R0].txt - [21787 octets] - [06/07/2014 16:16:13]
AdwCleaner[S0].txt - [20735 octets] - [06/07/2014 16:56:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20796 octets] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Robert Chciuk (administrator) on DELLRC on 06-07-2014 17:43:04
Running from C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp
Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) OS Language: Polski
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(IDT, Inc.) C:\drivers\audio\R211990\stacsv.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
() C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(O2Micro International) C:\WINDOWS\system32\drivers\o2flash.exe
() C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Creative Technology Ltd.) C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(DivX, LLC) C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
(Huawei Technologies Co., Ltd.) C:\Program Files\blueconnect\DataCardMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files\Picasa2\PicasaMediaDetector.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
() C:\Program Files\screenSHU\screenSHU.exe
(Young Digital Poland) C:\Program Files\YDP\YdpDict\Watch.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Philips) C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe
() C:\Program Files\Opera\22.0.1471.70\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe
(GG Network S.A.) C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe
(GG Network S.A.) C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\GG\Application\ggapp.exe
(GG Network S.A.) C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ggdrive.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(GG Network S.A.) C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\gghub.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe
(Opera Software) C:\Program Files\Opera\22.0.1471.70\opera.exe
(Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [217088 2009-04-01] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2009-02-23] (IDT, Inc.)
HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [729088 2009-02-23] (Andrea Electronics Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13590528 2009-01-22] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NVHotkey] => C:\WINDOWS\system32\nvHotkey.dll [90112 2009-01-22] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMCTray.dll [86016 2009-01-22] (NVIDIA Corporation)
HKLM\...\Run: [DELL Webcam Manager] => C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-28] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2220032 2008-12-12] (Dell Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-05] (CyberLink Corp.)
HKLM\...\Run: [DpAgent] => C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-05-13] (DigitalPersona, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2054360 2009-09-11] (ESET)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [37888 2009-07-01] ()
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-09-26] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-01-11] ()
HKLM\...\Run: [DivX Download Manager] => C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe [63360 2010-12-08] (DivX, LLC)
HKLM\...\Run: [DataCardMonitor] => C:\Program Files\blueconnect\DataCardMonitor.exe [253952 2011-02-10] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [309688 2012-12-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\DPWLN  : C:\Program Files\DigitalPersona\Bin\DPWLEvHd.dll (DigitalPersona, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3699752211-3086036438-1984491010-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-15] (Microsoft Corporation)
HKU\S-1-5-21-3699752211-3086036438-1984491010-1005\...\Run: [Picasa Media Detector] => C:\Program Files\Picasa2\PicasaMediaDetector.exe [443968 2007-10-23] (Google Inc.)
HKU\S-1-5-21-3699752211-3086036438-1984491010-1005\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [1432064 2010-11-02] ()
HKU\S-1-5-21-3699752211-3086036438-1984491010-1005\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3699752211-3086036438-1984491010-1005\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [967608 2012-12-04] (Samsung)
HKU\S-1-5-21-3699752211-3086036438-1984491010-1005\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [577536 2012-11-28] (Samsung Electronics)
HKU\S-1-5-21-3699752211-3086036438-1984491010-1005\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843704 2012-12-04] (Samsung)
HKU\S-1-5-21-3699752211-3086036438-1984491010-1005\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3699752211-3086036438-1984491010-1005\...\Run: [screenSHU] => C:\Program Files\screenSHU\screenSHU.exe [2112000 2013-09-04] ()
HKU\S-1-5-21-3699752211-3086036438-1984491010-1005\...\Run: [GG] => C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe [4023360 2014-06-17] (GG Network S.A.)
HKU\S-1-5-21-3699752211-3086036438-1984491010-1005\...\MountPoints2: D - D:\autorun.exe
HKU\S-1-5-21-3699752211-3086036438-1984491010-1005\...\MountPoints2: {799bb4b4-3547-11e0-b5e5-0ceee6f10e05} - E:\AutoRun.exe
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Aktywacja Testera.lnk
ShortcutTarget: Aktywacja Testera.lnk -> C:\Program Files\YDP\YdpDict\Watch.exe (Young Digital Poland)
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Philips GoGear SA018 Device Manager.lnk
ShortcutTarget: Philips GoGear SA018 Device Manager.lnk -> C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe (Philips)
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=180&d=20140615
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=180&d=20140615
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {32F63000-DA2C-4030-BD23-1EC2A1C75600} URL = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Adres - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Łącza - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259239979811
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll ()
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-25] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.168.254 80.48.136.251

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Mozilla\Firefox\Profiles镤br6.default
FF Homepage: hxxp://www.gazeta.pl/0,0.html?p=180&d=20140615
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\FirefoxExt [2009-11-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-26]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-02-01]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-02-01]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-11-26]
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\firefoxext [2009-11-02]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage:
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-03]
CHR Extension: (Dysk Google) - C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-03]
CHR Extension: (YouTube) - C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-03]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-23]
CHR Extension: (Szukaj w Google) - C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-03]
CHR Extension: (DivX HiQ) - C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2013-08-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-08-11]
CHR Extension: (Gmail) - C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-03]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2010-12-08]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2010-12-08]

========================== Services (Whitelisted) =================

R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2006-05-25] (Broadcom Corporation.) [File not signed]
S3 CEUD; C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\CEUD.exe [523136 2014-06-15] (Sysinternals - www.sysinternals.com) [File not signed]
R2 DCService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe [229376 2010-08-19] () [File not signed]
R2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [322624 2009-05-13] (DigitalPersona, Inc.) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [20680 2009-09-11] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [735960 2009-09-11] (ESET)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-03-13] (Oracle Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool; C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [196912 2011-01-14] (Nitro PDF Software)
R2 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [72224 2009-01-21] (O2Micro International)
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 STacSV; c:\drivers\audio\r211990\stacsv.exe [249938 2009-02-23] (IDT, Inc.)
R2 UserAccess; C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe [53248 2001-12-21] () [File not signed]
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1961984 2008-12-12] (Dell Inc.) [File not signed]
S3 YHH; C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\YHH.exe [527232 2014-06-15] (Sysinternals - www.sysinternals.com) [File not signed]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-18] (Microsoft Corporation)
R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [112512 2009-02-23] (Andrea Electronics Corporation)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1952512 2009-04-05] (Broadcom Corporation)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [328237 2006-05-25] (Broadcom Corporation.) [File not signed]
S3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30427 2006-05-25] (Broadcom Corporation.) [File not signed]
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [851434 2006-05-25] (Broadcom Corporation.) [File not signed]
R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2006-05-25] (Broadcom Corporation.) [File not signed]
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [148900 2006-05-25] (Broadcom Corporation.) [File not signed]
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [45683 2006-05-25] (Broadcom Corporation.) [File not signed]
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [30285 2006-05-25] (Broadcom Corporation.) [File not signed]
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [66488 2006-05-25] (Broadcom Corporation.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [116008 2009-09-11] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [108792 2009-09-11] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [96408 2009-09-11] (ESET)
S3 filtertdidriver; C:\WINDOWS\System32\drivers\ewfiltertdidriver.sys [7552 2009-02-27] (Huawei Technologies Co., Ltd.) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [69504 2010-04-09] (Huawei Technologies Co., Ltd.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54232 2014-06-23] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2014-06-23] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 O2MDGRDR; C:\WINDOWS\System32\DRIVERS\o2mdg.sys [51616 2009-01-21] (O2Micro )
R3 O2SDGRDR; C:\WINDOWS\System32\DRIVERS\o2sdg.sys [41760 2009-01-21] (O2Micro )
R3 OEM13Afx; C:\WINDOWS\system32\Drivers\OEM13Afx.sys [141376 2009-01-19] (Creative Technology Ltd.)
R3 OEM13Vfx; C:\WINDOWS\System32\DRIVERS\OEM13Vfx.sys [7424 2009-01-19] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\WINDOWS\System32\DRIVERS\OEM13Vid.sys [235840 2009-01-19] (Creative Technology Ltd.)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1548339 2009-02-23] (IDT, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [33608 2014-04-09] (The OpenVPN Project)
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [26624 2014-06-24] () [File not signed]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [117504 2010-03-20] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-06 17:43 - 2014-07-06 17:43 - 00000000 ____D () C:\FRST
2014-07-06 17:25 - 2014-07-06 17:25 - 01074688 _____ (Farbar) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\FRST.exe
2014-07-06 17:11 - 2014-07-06 17:11 - 00001188 _____ () C:\Documents and Settings\Robert Chciuk\Menu Start\Programy\GG.lnk
2014-07-06 17:11 - 2014-07-06 17:11 - 00001182 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\GG.lnk
2014-07-06 17:09 - 2014-07-06 17:09 - 00399112 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\gg-install (1).exe
2014-07-06 17:06 - 2014-07-06 17:06 - 00020877 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\mau1.txt
2014-07-06 16:40 - 2014-07-06 16:40 - 00021787 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\mau.txt
2014-07-06 16:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-06 16:16 - 2014-07-06 16:58 - 00000000 ____D () C:\AdwCleaner
2014-07-06 16:12 - 2014-07-06 16:12 - 01346519 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\AdwCleaner.exe
2014-07-05 16:48 - 2014-07-05 16:48 - 00106496 _____ () C:\WINDOWS\Minidump\Mini070514-01.dmp
2014-07-03 21:34 - 2014-07-06 17:12 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Dane aplikacji\GG
2014-07-03 21:34 - 2014-07-06 17:11 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\GG
2014-07-03 21:34 - 2014-07-03 21:35 - 00000000 ___SD () C:\Documents and Settings\Robert Chciuk\GG dysk
2014-07-03 21:34 - 2014-07-03 21:34 - 00001227 _____ () C:\Documents and Settings\Robert Chciuk\Menu Start\Programy\OpenFM.lnk
2014-07-03 21:34 - 2014-07-03 21:34 - 00001221 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\OpenFM.lnk
2014-07-03 21:34 - 2014-07-03 21:34 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\OpenFM
2014-07-03 21:32 - 2014-07-03 21:32 - 00399112 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\gg-install.exe
2014-07-02 21:19 - 2014-07-02 21:40 - 00509587 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Nowy Archiwum WinRARa (ZIP) (3).zip
2014-06-30 17:15 - 2014-06-30 17:15 - 00011452 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Nowy Archiwum WinRARa (ZIP).zip
2014-06-30 17:06 - 2014-06-30 17:06 - 00030632 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\attach.txt
2014-06-30 17:06 - 2014-06-30 17:06 - 00017532 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\dds.txt
2014-06-30 17:05 - 2014-06-30 17:05 - 00000457 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Skrót do dds.lnk
2014-06-30 16:57 - 2014-06-30 16:58 - 00688992 ____R (Swearware) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\dds (1).com
2014-06-30 16:48 - 2014-06-30 16:48 - 00702504 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Free-Hide-IP(31946).exe
2014-06-28 18:53 - 2014-06-28 18:53 - 00106496 _____ () C:\WINDOWS\Minidump\Mini062814-01.dmp
2014-06-26 12:34 - 2014-06-26 12:34 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Chromium
2014-06-25 14:36 - 2014-06-25 14:36 - 00023251 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Nowy Archiwum WinRARa (3).rar
2014-06-25 00:05 - 2014-06-25 00:06 - 00023251 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Nowy Archiwum WinRARa (3).rar
2014-06-25 00:01 - 2014-06-25 00:01 - 00029612 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\attach.txt
2014-06-25 00:01 - 2014-06-25 00:01 - 00018756 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\dds.txt
2014-06-24 23:50 - 2014-06-24 23:50 - 00688992 ____R (Swearware) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\dds.com
2014-06-24 22:44 - 2014-06-24 22:45 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\aswMBR.exe
2014-06-24 22:38 - 2014-06-24 22:38 - 00000000 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Nowy Dokument tekstowy.txt
2014-06-24 16:59 - 2014-06-25 00:02 - 00406470 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Nowy Archiwum WinRARa (ZIP) (2).zip
2014-06-24 16:44 - 2014-06-30 17:07 - 00011452 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Nowy Archiwum WinRARa (ZIP).zip
2014-06-24 16:16 - 2014-06-24 16:16 - 00000552 _____ () C:\WINDOWS\system32\d3d8caps.dat
2014-06-24 16:09 - 2014-06-24 16:09 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-06-23 19:59 - 2014-06-23 19:59 - 00000000 ____D () C:\Program Files\TeamViewer
2014-06-23 19:59 - 2014-06-23 19:59 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Dane aplikacji\TeamViewer
2014-06-23 19:56 - 2014-06-23 19:57 - 06255864 _____ (TeamViewer GmbH) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\TeamViewer_Setup_pl.exe
2014-06-23 18:23 - 2014-06-23 18:23 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-06-23 18:22 - 2014-06-23 18:23 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes' Anti-Malware (portable)
2014-06-23 18:22 - 2014-06-23 18:22 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 18:20 - 2014-06-23 18:21 - 00392279 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Gav (1).7z
2014-06-23 18:18 - 2014-06-23 18:18 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-23 18:17 - 2014-06-23 18:17 - 00724152 _____ (Elex do Brasil Participações Ltda) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\yet_another_cleaner_mat.exe
2014-06-23 18:17 - 2014-06-23 18:17 - 00392279 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Gav.7z
2014-06-23 18:16 - 2014-06-23 18:16 - 14349744 _____ (Malwarebytes Corp.) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\mbar-1.07.0.1012.exe
2014-06-23 18:16 - 2014-06-23 18:16 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Pulpit\mbar
2014-06-23 18:13 - 2014-06-23 18:13 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\tdsskiller.exe
2014-06-22 14:05 - 2014-06-26 12:39 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Might & Magic Heroes VI
2014-06-22 14:05 - 2014-06-26 12:34 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Might & Magic Heroes VI
2014-06-22 14:05 - 2014-06-22 14:05 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Ubisoft Game Launcher
2014-06-22 13:40 - 2014-06-22 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Ubisoft
2014-06-22 13:37 - 2014-06-22 13:37 - 00000856 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Uplay.lnk
2014-06-22 13:37 - 2014-06-22 13:37 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Menu Start\Programy\Ubisoft
2014-06-22 13:18 - 2014-06-22 13:37 - 00000000 ____D () C:\Program Files\Ubisoft
2014-06-21 23:38 - 2014-06-21 23:38 - 00000000 __SHD () C:\found.000
2014-06-21 12:48 - 2014-06-21 12:48 - 00106496 _____ () C:\WINDOWS\Minidump\Mini062114-01.dmp
2014-06-19 23:17 - 2014-06-24 18:14 - 00026624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\RogueKiller
2014-06-19 23:15 - 2014-06-19 23:15 - 04707328 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\RogueKiller.exe
2014-06-19 21:19 - 2014-06-19 21:36 - 151102600 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\jq7im80r.exe
2014-06-19 00:09 - 2014-05-03 12:39 - 28498716 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Kopia Hizz.rar
2014-06-15 20:55 - 2014-06-24 18:23 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt
2014-06-15 18:47 - 2014-06-15 18:54 - 00002704 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Rkill.txt
2014-06-15 18:41 - 2014-06-15 20:54 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor W.evt
2014-06-15 18:41 - 2014-06-15 19:41 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Doctor Web
2014-06-15 18:30 - 2014-06-15 18:40 - 150902016 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\cureit.exe
2014-06-15 18:28 - 2014-06-15 18:28 - 00000000 ___SD () C:\ComboFix
2014-06-15 18:07 - 2014-06-15 18:28 - 00000000 ____D () C:\WINDOWS\erdnt
2014-06-15 18:07 - 2014-06-15 18:07 - 00000000 ___RD () C:\Documents and Settings\Robert Chciuk\Menu Start\Programy\Narzędzia administracyjne
2014-06-15 18:06 - 2014-06-15 18:06 - 05206928 _____ (Swearware) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\ComboFix (1).exe
2014-06-15 17:54 - 2014-06-15 17:54 - 00000000 ___RD () C:\Documents and Settings\LocalService\Moje dokumenty
2014-06-15 17:54 - 2014-06-15 17:54 - 00000000 _____ () C:\WINDOWS\system32\RootkitReveal.txt
2014-06-15 14:21 - 2014-06-15 15:25 - 13457488 _____ () C:\WINDOWS\system32\SBMIGJJ
2014-06-15 14:08 - 2014-06-15 14:14 - 10335348 _____ () C:\WINDOWS\system32\DOBBEYPK
2014-06-15 14:02 - 2014-06-15 14:02 - 00000000 _____ () C:\WINDOWS\system32\QGJLLH
2014-06-15 13:52 - 2006-11-01 13:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Robert Chciuk\Pulpit\RootkitRevealer.exe
2014-06-15 12:13 - 2014-06-15 12:13 - 01411136 _____ (Logixoft) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\rkfree_setup.exe
2014-06-15 12:13 - 2014-06-15 12:13 - 01411136 _____ (Logixoft) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\rkfree_setup (1).exe
2014-06-14 15:39 - 2014-06-14 15:39 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-14 15:39 - 2014-06-14 15:39 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus
2014-06-11 21:26 - 2014-06-11 21:48 - 00237568 ___SH () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Thumbs.db
2014-06-11 17:30 - 2014-06-11 17:30 - 00045444 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\masterplan (4).rar
2014-06-11 15:52 - 2014-06-11 15:54 - 00000165 ____H () C:\Documents and Settings\Robert Chciuk\Pulpit\~$Nowy Prezentacja programu Microsoft Office PowerPoint 2007.pptx
2014-06-10 21:36 - 2014-06-10 21:36 - 01289658 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Desktop (1).rar
2014-06-10 21:36 - 2014-06-10 21:36 - 00035294 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\prezentacja (1).odt
2014-06-10 21:29 - 2014-06-10 21:29 - 05936054 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\swim.avi
2014-06-09 14:37 - 2014-06-09 14:37 - 03767517 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\7-5-programy (1).zip
2014-06-09 14:36 - 2014-06-09 14:36 - 03767517 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\7-5-programy.zip

==================== One Month Modified Files and Folders =======

2014-07-06 17:43 - 2014-07-06 17:43 - 00000000 ____D () C:\FRST
2014-07-06 17:43 - 2009-11-27 10:36 - 00000478 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FDE7323D-2797-4133-9BF9-BEE0976C3E31}.job
2014-07-06 17:43 - 2009-11-26 14:24 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp
2014-07-06 17:41 - 2014-06-03 16:58 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\screenSHU
2014-07-06 17:28 - 2011-02-01 19:48 - 00001050 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-06 17:28 - 2011-02-01 19:48 - 00001046 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-06 17:27 - 2008-05-09 06:57 - 01515000 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-06 17:25 - 2014-07-06 17:25 - 01074688 _____ (Farbar) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\FRST.exe
2014-07-06 17:25 - 2009-11-26 14:24 - 00000000 ___RD () C:\Documents and Settings\Robert Chciuk\Moje dokumenty
2014-07-06 17:12 - 2014-07-03 21:34 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Dane aplikacji\GG
2014-07-06 17:11 - 2014-07-06 17:11 - 00001188 _____ () C:\Documents and Settings\Robert Chciuk\Menu Start\Programy\GG.lnk
2014-07-06 17:11 - 2014-07-06 17:11 - 00001182 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\GG.lnk
2014-07-06 17:11 - 2014-07-03 21:34 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\GG
2014-07-06 17:11 - 2009-11-26 14:24 - 00000000 ___RD () C:\Documents and Settings\Robert Chciuk\Menu Start\Programy
2014-07-06 17:11 - 2009-11-26 14:24 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Pulpit
2014-07-06 17:09 - 2014-07-06 17:09 - 00399112 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\gg-install (1).exe
2014-07-06 17:06 - 2014-07-06 17:06 - 00020877 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\mau1.txt
2014-07-06 17:03 - 2009-11-03 04:45 - 00196673 _____ () C:\WINDOWS\system32\nvapps.xml
2014-07-06 17:03 - 2009-11-02 22:48 - 00095163 _____ () C:\WINDOWS\system32\nvModes.001
2014-07-06 17:02 - 2014-06-03 15:42 - 00000440 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1383603374.job
2014-07-06 17:02 - 2014-03-11 22:51 - 00000238 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job
2014-07-06 17:02 - 2008-05-09 07:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-06 17:02 - 2008-05-09 01:44 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-06 17:02 - 2008-05-08 18:53 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-06 17:02 - 2008-05-08 18:53 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-07-06 17:01 - 2009-11-26 14:24 - 00000188 ___SH () C:\Documents and Settings\Robert Chciuk\ntuser.ini
2014-07-06 17:01 - 2008-05-09 07:01 - 00032616 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-06 16:58 - 2014-07-06 16:16 - 00000000 ____D () C:\AdwCleaner
2014-07-06 16:58 - 2009-11-26 14:24 - 00000000 __RHD () C:\Documents and Settings\Robert Chciuk\Dane aplikacji
2014-07-06 16:58 - 2009-11-26 14:24 - 00000000 ___HD () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji
2014-07-06 16:58 - 2008-05-08 18:50 - 00000000 ____D () C:\Documents and Settings\All Users\Pulpit
2014-07-06 16:57 - 2008-05-08 18:50 - 00000000 __RHD () C:\Documents and Settings\All Users\Dane aplikacji
2014-07-06 16:57 - 2008-05-08 18:50 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy
2014-07-06 16:57 - 2008-05-08 18:50 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start
2014-07-06 16:40 - 2014-07-06 16:40 - 00021787 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\mau.txt
2014-07-06 16:12 - 2014-07-06 16:12 - 01346519 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\AdwCleaner.exe
2014-07-06 15:47 - 2014-04-19 22:17 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Dane aplikacji\IMVU
2014-07-06 14:07 - 2014-02-01 00:34 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Jitsi
2014-07-06 14:00 - 2013-09-08 19:13 - 00000468 _____ () C:\WINDOWS\Tasks\At8.job
2014-07-06 14:00 - 2010-09-19 08:59 - 00000476 _____ () C:\WINDOWS\Tasks\At4.job
2014-07-06 10:10 - 2013-09-08 19:13 - 00000468 _____ () C:\WINDOWS\Tasks\At5.job
2014-07-06 10:10 - 2010-09-19 08:59 - 00000476 _____ () C:\WINDOWS\Tasks\At1.job
2014-07-05 20:40 - 2013-09-08 19:13 - 00000468 _____ () C:\WINDOWS\Tasks\At6.job
2014-07-05 20:40 - 2010-09-19 08:59 - 00000476 _____ () C:\WINDOWS\Tasks\At2.job
2014-07-05 16:48 - 2014-07-05 16:48 - 00106496 _____ () C:\WINDOWS\Minidump\Mini070514-01.dmp
2014-07-05 16:48 - 2010-07-16 07:54 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-05 00:01 - 2009-11-02 23:00 - 00524288 _____ () C:\WINDOWS\system32\config\DPEvent.evt
2014-07-04 19:13 - 2013-09-08 19:13 - 00000468 _____ () C:\WINDOWS\Tasks\At7.job
2014-07-04 15:28 - 2014-02-14 18:24 - 00172427 _____ () C:\WINDOWS\setupapi.log
2014-07-03 21:35 - 2014-07-03 21:34 - 00000000 ___SD () C:\Documents and Settings\Robert Chciuk\GG dysk
2014-07-03 21:34 - 2014-07-03 21:34 - 00001227 _____ () C:\Documents and Settings\Robert Chciuk\Menu Start\Programy\OpenFM.lnk
2014-07-03 21:34 - 2014-07-03 21:34 - 00001221 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\OpenFM.lnk
2014-07-03 21:34 - 2014-07-03 21:34 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\OpenFM
2014-07-03 21:34 - 2009-11-26 14:24 - 00000000 ___RD () C:\Documents and Settings\Robert Chciuk\Ulubione
2014-07-03 21:34 - 2009-11-26 14:24 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk
2014-07-03 21:32 - 2014-07-03 21:32 - 00399112 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\gg-install.exe
2014-07-02 21:40 - 2014-07-02 21:19 - 00509587 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Nowy Archiwum WinRARa (ZIP) (3).zip
2014-06-30 20:39 - 2010-12-19 13:26 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-30 17:15 - 2014-06-30 17:15 - 00011452 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Nowy Archiwum WinRARa (ZIP).zip
2014-06-30 17:07 - 2014-06-24 16:44 - 00011452 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Nowy Archiwum WinRARa (ZIP).zip
2014-06-30 17:06 - 2014-06-30 17:06 - 00030632 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\attach.txt
2014-06-30 17:06 - 2014-06-30 17:06 - 00017532 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\dds.txt
2014-06-30 17:05 - 2014-06-30 17:05 - 00000457 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Skrót do dds.lnk
2014-06-30 16:58 - 2014-06-30 16:57 - 00688992 ____R (Swearware) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\dds (1).com
2014-06-30 16:48 - 2014-06-30 16:48 - 00702504 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Free-Hide-IP(31946).exe
2014-06-29 08:59 - 2010-09-19 08:59 - 00000476 _____ () C:\WINDOWS\Tasks\At3.job
2014-06-28 18:53 - 2014-06-28 18:53 - 00106496 _____ () C:\WINDOWS\Minidump\Mini062814-01.dmp
2014-06-26 22:27 - 2009-12-02 21:01 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Winamp
2014-06-26 12:39 - 2014-06-22 14:05 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Might & Magic Heroes VI
2014-06-26 12:34 - 2014-06-26 12:34 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Chromium
2014-06-26 12:34 - 2014-06-22 14:05 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Dane aplikacji\Might & Magic Heroes VI
2014-06-26 10:43 - 2009-11-02 22:57 - 00071432 _____ () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2014-06-26 10:42 - 2008-05-08 18:49 - 00286112 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-26 00:11 - 2009-11-28 19:49 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Sony Corporation
2014-06-25 19:15 - 2009-11-27 14:31 - 00248832 _____ () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-25 14:36 - 2014-06-25 14:36 - 00023251 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Nowy Archiwum WinRARa (3).rar
2014-06-25 00:06 - 2014-06-25 00:05 - 00023251 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Nowy Archiwum WinRARa (3).rar
2014-06-25 00:02 - 2014-06-24 16:59 - 00406470 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Nowy Archiwum WinRARa (ZIP) (2).zip
2014-06-25 00:01 - 2014-06-25 00:01 - 00029612 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\attach.txt
2014-06-25 00:01 - 2014-06-25 00:01 - 00018756 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\dds.txt
2014-06-24 23:50 - 2014-06-24 23:50 - 00688992 ____R (Swearware) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\dds.com
2014-06-24 22:45 - 2014-06-24 22:44 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\aswMBR.exe
2014-06-24 22:38 - 2014-06-24 22:38 - 00000000 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Nowy Dokument tekstowy.txt
2014-06-24 18:23 - 2014-06-15 20:55 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor Web.evt
2014-06-24 18:14 - 2014-06-19 23:17 - 00026624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-06-24 16:26 - 2008-05-08 18:50 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
2014-06-24 16:16 - 2014-06-24 16:16 - 00000552 _____ () C:\WINDOWS\system32\d3d8caps.dat
2014-06-24 16:10 - 2008-05-09 07:02 - 00000188 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-06-24 16:09 - 2014-06-24 16:09 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-06-24 16:09 - 2008-05-09 07:02 - 00000000 __SHD () C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia
2014-06-24 16:09 - 2008-05-09 07:02 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-06-23 19:59 - 2014-06-23 19:59 - 00000000 ____D () C:\Program Files\TeamViewer
2014-06-23 19:59 - 2014-06-23 19:59 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Dane aplikacji\TeamViewer
2014-06-23 19:57 - 2014-06-23 19:56 - 06255864 _____ (TeamViewer GmbH) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\TeamViewer_Setup_pl.exe
2014-06-23 19:38 - 2009-11-26 14:24 - 00000000 ___RD () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Moje obrazy
2014-06-23 19:31 - 2009-11-02 22:48 - 00095163 _____ () C:\WINDOWS\system32\nvModes.dat
2014-06-23 18:23 - 2014-06-23 18:23 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
2014-06-23 18:23 - 2014-06-23 18:22 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes' Anti-Malware (portable)
2014-06-23 18:22 - 2014-06-23 18:22 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 18:21 - 2014-06-23 18:20 - 00392279 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Gav (1).7z
2014-06-23 18:18 - 2014-06-23 18:18 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-23 18:17 - 2014-06-23 18:17 - 00724152 _____ (Elex do Brasil Participações Ltda) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\yet_another_cleaner_mat.exe
2014-06-23 18:17 - 2014-06-23 18:17 - 00392279 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Gav.7z
2014-06-23 18:16 - 2014-06-23 18:16 - 14349744 _____ (Malwarebytes Corp.) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\mbar-1.07.0.1012.exe
2014-06-23 18:16 - 2014-06-23 18:16 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Pulpit\mbar
2014-06-23 18:13 - 2014-06-23 18:13 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\tdsskiller.exe
2014-06-22 14:05 - 2014-06-22 14:05 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\Ubisoft Game Launcher
2014-06-22 13:40 - 2014-06-22 13:40 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Ubisoft
2014-06-22 13:40 - 2008-05-09 06:56 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2014-06-22 13:37 - 2014-06-22 13:37 - 00000856 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Uplay.lnk
2014-06-22 13:37 - 2014-06-22 13:37 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Menu Start\Programy\Ubisoft
2014-06-22 13:37 - 2014-06-22 13:18 - 00000000 ____D () C:\Program Files\Ubisoft
2014-06-22 13:18 - 2009-11-02 22:57 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-22 13:09 - 2011-07-10 21:10 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\Electronic Arts
2014-06-22 13:09 - 2011-07-10 20:52 - 00000000 ____D () C:\Program Files\Electronic Arts
2014-06-21 23:38 - 2014-06-21 23:38 - 00000000 __SHD () C:\found.000
2014-06-21 12:48 - 2014-06-21 12:48 - 00106496 _____ () C:\WINDOWS\Minidump\Mini062114-01.dmp
2014-06-19 23:17 - 2014-06-19 23:17 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\RogueKiller
2014-06-19 23:15 - 2014-06-19 23:15 - 04707328 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\RogueKiller.exe
2014-06-19 21:36 - 2014-06-19 21:19 - 151102600 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\jq7im80r.exe
2014-06-19 15:43 - 2011-05-19 23:00 - 00000000 ____D () C:\Program Files\Opera
2014-06-15 20:54 - 2014-06-15 18:41 - 00065536 _____ () C:\WINDOWS\system32\config\Doctor W.evt
2014-06-15 20:54 - 2008-05-09 01:44 - 00527454 _____ () C:\WINDOWS\system32\perfh015.dat
2014-06-15 20:54 - 2008-05-09 01:44 - 00099990 _____ () C:\WINDOWS\system32\perfc015.dat
2014-06-15 20:54 - 2008-05-08 18:50 - 01162660 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-15 19:41 - 2014-06-15 18:41 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Doctor Web
2014-06-15 18:54 - 2014-06-15 18:47 - 00002704 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Rkill.txt
2014-06-15 18:40 - 2014-06-15 18:30 - 150902016 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\cureit.exe
2014-06-15 18:28 - 2014-06-15 18:28 - 00000000 ___SD () C:\ComboFix
2014-06-15 18:28 - 2014-06-15 18:07 - 00000000 ____D () C:\WINDOWS\erdnt
2014-06-15 18:28 - 2008-05-09 06:56 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-06-15 18:07 - 2014-06-15 18:07 - 00000000 ___RD () C:\Documents and Settings\Robert Chciuk\Menu Start\Programy\Narzędzia administracyjne
2014-06-15 18:06 - 2014-06-15 18:06 - 05206928 _____ (Swearware) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\ComboFix (1).exe
2014-06-15 17:56 - 2010-08-15 20:08 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-06-15 17:54 - 2014-06-15 17:54 - 00000000 ___RD () C:\Documents and Settings\LocalService\Moje dokumenty
2014-06-15 17:54 - 2014-06-15 17:54 - 00000000 _____ () C:\WINDOWS\system32\RootkitReveal.txt
2014-06-15 17:54 - 2008-05-09 07:01 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-06-15 15:27 - 2008-05-08 18:45 - 00000000 ____D () C:\WINDOWS\system32\ias
2014-06-15 15:25 - 2014-06-15 14:21 - 13457488 _____ () C:\WINDOWS\system32\SBMIGJJ
2014-06-15 14:14 - 2014-06-15 14:08 - 10335348 _____ () C:\WINDOWS\system32\DOBBEYPK
2014-06-15 14:02 - 2014-06-15 14:02 - 00000000 _____ () C:\WINDOWS\system32\QGJLLH
2014-06-15 13:46 - 2009-11-28 19:59 - 00000000 ____D () C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
2014-06-15 12:13 - 2014-06-15 12:13 - 01411136 _____ (Logixoft) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\rkfree_setup.exe
2014-06-15 12:13 - 2014-06-15 12:13 - 01411136 _____ (Logixoft) C:\Documents and Settings\Robert Chciuk\Moje dokumenty\rkfree_setup (1).exe
2014-06-14 15:39 - 2014-06-14 15:39 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-14 15:39 - 2014-06-14 15:39 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus
2014-06-14 15:39 - 2013-03-02 16:39 - 00001781 _____ () C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk
2014-06-14 15:39 - 2013-03-02 16:39 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan
2014-06-12 04:56 - 2009-11-26 14:47 - 00000000 ____D () C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2014-06-12 04:55 - 2013-07-12 17:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-12 04:49 - 2009-11-26 16:07 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-11 22:21 - 2014-04-22 11:05 - 02422727 _____ () C:\Documents and Settings\Robert Chciuk\Pulpit\Nowy Prezentacja programu Microsoft Office PowerPoint 2007.pptx
2014-06-11 21:48 - 2014-06-11 21:26 - 00237568 ___SH () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Thumbs.db
2014-06-11 17:30 - 2014-06-11 17:30 - 00045444 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\masterplan (4).rar
2014-06-11 15:54 - 2014-06-11 15:52 - 00000165 ____H () C:\Documents and Settings\Robert Chciuk\Pulpit\~$Nowy Prezentacja programu Microsoft Office PowerPoint 2007.pptx
2014-06-10 21:36 - 2014-06-10 21:36 - 01289658 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Desktop (1).rar
2014-06-10 21:36 - 2014-06-10 21:36 - 00035294 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\prezentacja (1).odt
2014-06-10 21:29 - 2014-06-10 21:29 - 05936054 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\swim.avi
2014-06-09 14:55 - 2010-11-01 13:35 - 00000000 ____D () C:\Documents and Settings\Robert Chciuk\Pulpit\CADDATA_PL
2014-06-09 14:37 - 2014-06-09 14:37 - 03767517 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\7-5-programy (1).zip
2014-06-09 14:36 - 2014-06-09 14:36 - 03767517 _____ () C:\Documents and Settings\Robert Chciuk\Moje dokumenty\7-5-programy.zip
2014-06-08 15:00 - 2014-03-11 22:51 - 00000232 _____ () C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job


Some content of TEMP:
====================
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\AskSLib.dll
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\AutoRun.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\AutoRunGUI.dll
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\CEUD.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\DivXSetup.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\EAD300.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\EADA2C9.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\EADEC.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\EADF0.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\EAInstall.dll
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\FFSetupSoftonic260.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\FRST.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\FRST64.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\hpzmsi01.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\hpzscr01.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\htmlayout.dll
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\ikonkasims3.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\installerdll1547241015.dll
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\installerdll1547251406.dll
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\JExplorer32.2.7.1.dll
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\JExplorer32.2.7.1.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\JExplorer64.2.7.1.dll
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\jna1551098637800869249.dll
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\jna6426571702426275981.dll
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\jna6596646434445507968.dll
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\jna6728593840437224323.dll
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\nsv123A.tmp.ConduitEngineEmbbed.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\ose00000.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\PicasaRestore.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\Quarantine.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\rbSolnUpdatePLK.3.3.0.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\restorer1.0.0.1.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\Setup.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\setup_wm.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\The Sims Castaway Stories_uninst.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\toolbar1301458328.exe
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\UninstallEADM.dll
C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\YHH.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
Ran by Robert Chciuk at 2014-07-06 17:56:29
Running from C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ESET NOD32 Antivirus 4.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

==================== Installed Programs ======================

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
50 FREE MP3s +1 Free Audiobook! (HKLM\...\eMusic Promotion) (Version: 1.0.0.1 - eMusic.com Inc)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
Aktualizacja dla systemu Windows Internet Explorer 8 (KB975364) (HKLM\...\KB975364-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB951618-v2) (HKLM\...\KB951618-v2) (Version: 2 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Aktualizacja dla systemu Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Aktualizacja dla systemu Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla Microsoft Windows (KB2564958) (HKLM\...\KB2564958) (Version:  - Microsoft Corporation)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB2378111) (HKLM\...\KB2378111_WM9) (Version:  - Microsoft Corporation)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB2834904) (HKLM\...\KB2834904_WM11) (Version:  - Microsoft Corporation)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB2834904-v2) (HKLM\...\KB2834904-v2_WM11) (Version:  - Microsoft Corporation)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB952069) (HKLM\...\KB952069_WM9) (Version:  - Microsoft Corporation)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB954155) (HKLM\...\KB954155_WM9) (Version:  - Microsoft Corporation)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB968816) (HKLM\...\KB968816_WM9) (Version:  - Microsoft Corporation)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB973540) (HKLM\...\KB973540_WM9) (Version:  - Microsoft Corporation)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB975558) (HKLM\...\KB975558_WM8) (Version:  - Microsoft Corporation)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB978695) (HKLM\...\KB978695_WM9) (Version:  - Microsoft Corporation)
Aktualizacja zabezpieczeń dla programu Windows Media Player (KB979402) (HKLM\...\KB979402_WM9) (Version:  - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2183461) (HKLM\...\KB2183461-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2360131) (HKLM\...\KB2360131-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2416400) (HKLM\...\KB2416400-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2510531) (HKLM\...\KB2510531-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2530548) (HKLM\...\KB2530548-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2544521) (HKLM\...\KB2544521-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2559049) (HKLM\...\KB2559049-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2586448) (HKLM\...\KB2586448-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2618444) (HKLM\...\KB2618444-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2647516) (HKLM\...\KB2647516-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2675157) (HKLM\...\KB2675157-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2699988) (HKLM\...\KB2699988-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2722913) (HKLM\...\KB2722913-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2744842) (HKLM\...\KB2744842-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2761465) (HKLM\...\KB2761465-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2792100) (HKLM\...\KB2792100-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2797052) (HKLM\...\KB2797052-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2799329) (HKLM\...\KB2799329-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2809289) (HKLM\...\KB2809289-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2817183) (HKLM\...\KB2817183-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2829530) (HKLM\...\KB2829530-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2838727) (HKLM\...\KB2838727-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2846071) (HKLM\...\KB2846071-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2847204) (HKLM\...\KB2847204-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2870699) (HKLM\...\KB2870699-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2879017) (HKLM\...\KB2879017-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2888505) (HKLM\...\KB2888505-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2898785) (HKLM\...\KB2898785-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2909210) (HKLM\...\KB2909210-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2909921) (HKLM\...\KB2909921-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2925418) (HKLM\...\KB2925418-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2936068) (HKLM\...\KB2936068-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB2964358) (HKLM\...\KB2964358-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB971961) (HKLM\...\KB971961-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB974455) (HKLM\...\KB974455-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB976325) (HKLM\...\KB976325-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB978207) (HKLM\...\KB978207-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB981332) (HKLM\...\KB981332-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows Internet Explorer 8 (KB982381) (HKLM\...\KB982381-IE8) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2079403) (HKLM\...\KB2079403) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2115168) (HKLM\...\KB2115168) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2121546) (HKLM\...\KB2121546) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2160329) (HKLM\...\KB2160329) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2229593) (HKLM\...\KB2229593) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2259922) (HKLM\...\KB2259922) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2279986) (HKLM\...\KB2279986) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2286198) (HKLM\...\KB2286198) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2296011) (HKLM\...\KB2296011) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2296199) (HKLM\...\KB2296199) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2347290) (HKLM\...\KB2347290) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2360937) (HKLM\...\KB2360937) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2387149) (HKLM\...\KB2387149) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2393802) (HKLM\...\KB2393802) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2412687) (HKLM\...\KB2412687) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2419632) (HKLM\...\KB2419632) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2423089) (HKLM\...\KB2423089) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2436673) (HKLM\...\KB2436673) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2440591) (HKLM\...\KB2440591) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2443105) (HKLM\...\KB2443105) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2476490) (HKLM\...\KB2476490) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2476687) (HKLM\...\KB2476687) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2478960) (HKLM\...\KB2478960) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2478971) (HKLM\...\KB2478971) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2479943) (HKLM\...\KB2479943) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2481109) (HKLM\...\KB2481109) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2483185) (HKLM\...\KB2483185) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2485663) (HKLM\...\KB2485663) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2491683) (HKLM\...\KB2491683) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2503665) (HKLM\...\KB2503665) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2506212) (HKLM\...\KB2506212) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2506223) (HKLM\...\KB2506223) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2507618) (HKLM\...\KB2507618) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2507938) (HKLM\...\KB2507938) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2508272) (HKLM\...\KB2508272) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2508429) (HKLM\...\KB2508429) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2509553) (HKLM\...\KB2509553) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2524375) (HKLM\...\KB2524375) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2535512) (HKLM\...\KB2535512) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2536276) (HKLM\...\KB2536276) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2536276-v2) (HKLM\...\KB2536276-v2) (Version: 2 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2544893) (HKLM\...\KB2544893) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2544893-v2) (HKLM\...\KB2544893-v2) (Version: 2 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2555917) (HKLM\...\KB2555917) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2562937) (HKLM\...\KB2562937) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2566454) (HKLM\...\KB2566454) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2567053) (HKLM\...\KB2567053) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2567680) (HKLM\...\KB2567680) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2570222) (HKLM\...\KB2570222) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2570947) (HKLM\...\KB2570947) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2584146) (HKLM\...\KB2584146) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2585542) (HKLM\...\KB2585542) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2592799) (HKLM\...\KB2592799) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2598479) (HKLM\...\KB2598479) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2603381) (HKLM\...\KB2603381) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2618451) (HKLM\...\KB2618451) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2619339) (HKLM\...\KB2619339) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2620712) (HKLM\...\KB2620712) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2621440) (HKLM\...\KB2621440) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2624667) (HKLM\...\KB2624667) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2631813) (HKLM\...\KB2631813) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2633171) (HKLM\...\KB2633171) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2639417) (HKLM\...\KB2639417) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2641653) (HKLM\...\KB2641653) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2646524) (HKLM\...\KB2646524) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2647518) (HKLM\...\KB2647518) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2653956) (HKLM\...\KB2653956) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2655992) (HKLM\...\KB2655992) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2659262) (HKLM\...\KB2659262) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2660465) (HKLM\...\KB2660465) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2661637) (HKLM\...\KB2661637) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2676562) (HKLM\...\KB2676562) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2685939) (HKLM\...\KB2685939) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2686509) (HKLM\...\KB2686509) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2691442) (HKLM\...\KB2691442) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2695962) (HKLM\...\KB2695962) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2698365) (HKLM\...\KB2698365) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2705219) (HKLM\...\KB2705219) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2707511) (HKLM\...\KB2707511) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2709162) (HKLM\...\KB2709162) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2712808) (HKLM\...\KB2712808) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2718523) (HKLM\...\KB2718523) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2719985) (HKLM\...\KB2719985) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2723135) (HKLM\...\KB2723135) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2724197) (HKLM\...\KB2724197) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2727528) (HKLM\...\KB2727528) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2731847) (HKLM\...\KB2731847) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2753842) (HKLM\...\KB2753842) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2753842-v2) (HKLM\...\KB2753842-v2) (Version: 2 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2757638) (HKLM\...\KB2757638) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2758857) (HKLM\...\KB2758857) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2761226) (HKLM\...\KB2761226) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2770660) (HKLM\...\KB2770660) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2778344) (HKLM\...\KB2778344) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2779030) (HKLM\...\KB2779030) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2780091) (HKLM\...\KB2780091) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2799494) (HKLM\...\KB2799494) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2802968) (HKLM\...\KB2802968) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2807986) (HKLM\...\KB2807986) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2808735) (HKLM\...\KB2808735) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2813170) (HKLM\...\KB2813170) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2813345) (HKLM\...\KB2813345) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2820197) (HKLM\...\KB2820197) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2820917) (HKLM\...\KB2820917) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2829361) (HKLM\...\KB2829361) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2834886) (HKLM\...\KB2834886) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2839229) (HKLM\...\KB2839229) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2845187) (HKLM\...\KB2845187) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2847311) (HKLM\...\KB2847311) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2849470) (HKLM\...\KB2849470) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2850851) (HKLM\...\KB2850851) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2850869) (HKLM\...\KB2850869) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2859537) (HKLM\...\KB2859537) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2862152) (HKLM\...\KB2862152) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2862330) (HKLM\...\KB2862330) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2862335) (HKLM\...\KB2862335) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2864063) (HKLM\...\KB2864063) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2868038) (HKLM\...\KB2868038) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2868626) (HKLM\...\KB2868626) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2876217) (HKLM\...\KB2876217) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2876315) (HKLM\...\KB2876315) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2876331) (HKLM\...\KB2876331) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2883150) (HKLM\...\KB2883150) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2892075) (HKLM\...\KB2892075) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2893294) (HKLM\...\KB2893294) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2893984) (HKLM\...\KB2893984) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2898715) (HKLM\...\KB2898715) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2900986) (HKLM\...\KB2900986) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2914368) (HKLM\...\KB2914368) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2916036) (HKLM\...\KB2916036) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2929961) (HKLM\...\KB2929961) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB2930275) (HKLM\...\KB2930275) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561) (HKLM\...\KB923561) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB938464) (HKLM\...\KB938464) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB946648) (HKLM\...\KB946648) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950762) (HKLM\...\KB950762) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB950974) (HKLM\...\KB950974) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951066) (HKLM\...\KB951066) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951376-v2) (HKLM\...\KB951376-v2) (Version: 2 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951698) (HKLM\...\KB951698) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB951748) (HKLM\...\KB951748) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952004) (HKLM\...\KB952004) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB952954) (HKLM\...\KB952954) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954211) (HKLM\...\KB954211) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954459) (HKLM\...\KB954459) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB954600) (HKLM\...\KB954600) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB955069) (HKLM\...\KB955069) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956572) (HKLM\...\KB956572) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956744) (HKLM\...\KB956744) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956802) (HKLM\...\KB956802) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956803) (HKLM\...\KB956803) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956841) (HKLM\...\KB956841) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB956844) (HKLM\...\KB956844) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957095) (HKLM\...\KB957095) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB957097) (HKLM\...\KB957097) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958215) (Version: 1 - Microsoft Corporation) Hidden
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958644) (HKLM\...\KB958644) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958687) (HKLM\...\KB958687) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958690) (HKLM\...\KB958690) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB958869) (HKLM\...\KB958869) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB959426) (HKLM\...\KB959426) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960225) (HKLM\...\KB960225) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960714) (Version: 1 - Microsoft Corporation) Hidden
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960715) (HKLM\...\KB960715) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960803) (HKLM\...\KB960803) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB960859) (HKLM\...\KB960859) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961371-v2) (HKLM\...\KB961371-v2) (Version: 2 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961373) (HKLM\...\KB961373) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB961501) (HKLM\...\KB961501) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB963027) (Version: 1 - Microsoft Corporation) Hidden
Aktualizacja zabezpieczeń dla systemu Windows XP (KB968537) (HKLM\...\KB968537) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969059) (HKLM\...\KB969059) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969897) (Version: 1 - Microsoft Corporation) Hidden
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969898) (HKLM\...\KB969898) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB969947) (HKLM\...\KB969947) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB970238) (HKLM\...\KB970238) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB970430) (HKLM\...\KB970430) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971468) (HKLM\...\KB971468) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971486) (HKLM\...\KB971486) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971557) (HKLM\...\KB971557) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971633) (HKLM\...\KB971633) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971657) (HKLM\...\KB971657) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB971961) (Version: 1 - Microsoft Corporation) Hidden
Aktualizacja zabezpieczeń dla systemu Windows XP (KB972260) (Version: 1 - Microsoft Corporation) Hidden
Aktualizacja zabezpieczeń dla systemu Windows XP (KB972270) (HKLM\...\KB972270) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973346) (HKLM\...\KB973346) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973354) (HKLM\...\KB973354) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973507) (HKLM\...\KB973507) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973525) (HKLM\...\KB973525) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973869) (HKLM\...\KB973869) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB973904) (HKLM\...\KB973904) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974112) (HKLM\...\KB974112) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974318) (HKLM\...\KB974318) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974392) (HKLM\...\KB974392) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974455) (HKLM\...\KB974455) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB974571) (HKLM\...\KB974571) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975025) (HKLM\...\KB975025) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975467) (HKLM\...\KB975467) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975560) (HKLM\...\KB975560) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975561) (HKLM\...\KB975561) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975562) (HKLM\...\KB975562) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB975713) (HKLM\...\KB975713) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977165) (HKLM\...\KB977165) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977816) (HKLM\...\KB977816) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB977914) (HKLM\...\KB977914) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978037) (HKLM\...\KB978037) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978251) (HKLM\...\KB978251) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978262) (HKLM\...\KB978262) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978338) (HKLM\...\KB978338) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978542) (HKLM\...\KB978542) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978601) (HKLM\...\KB978601) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB978706) (HKLM\...\KB978706) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979309) (HKLM\...\KB979309) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979482) (HKLM\...\KB979482) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979559) (HKLM\...\KB979559) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979683) (HKLM\...\KB979683) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB979687) (HKLM\...\KB979687) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980195) (HKLM\...\KB980195) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980218) (HKLM\...\KB980218) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980232) (HKLM\...\KB980232) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB980436) (HKLM\...\KB980436) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB981322) (HKLM\...\KB981322) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB981852) (HKLM\...\KB981852) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB981957) (HKLM\...\KB981957) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB981997) (HKLM\...\KB981997) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB982132) (HKLM\...\KB982132) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB982214) (HKLM\...\KB982214) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB982665) (HKLM\...\KB982665) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla systemu Windows XP (KB982802) (HKLM\...\KB982802) (Version: 1 - Microsoft Corporation)
Aktualizacja zabezpieczeń dla Windows XP (KB941569) (HKLM\...\KB941569) (Version:  - Microsoft Corporation)
ALLConverter PRO 1.0 (HKLM\...\{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1) (Version:  - ALLCinema, Inc.)
ALLPlayer V4.X (HKLM\...\ALLPlayer_is1) (Version:  - ALLCinema Ltd.)
Archiwizator WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version:  - )
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
blueconnect (HKLM\...\blueconnect) (Version: 11.302.09.17.49 - Huawei Technologies Co.,Ltd)
BufferChm (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CDex extraction audio (HKLM\...\CDex) (Version:  - )
ClocX (1.5b1) (HKLM\...\ClocX) (Version:  - )
coiNttinueetosavoe (HKLM\...\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}) (Version:  - continue to save) <==== ATTENTION
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.4.102.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Center (HKLM\...\Dell Webcam Center) (Version:  - )
Dell Webcam Manager (HKLM\...\Dell Webcam Manager) (Version:  - )
Destinations (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DeviceFunctionQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DigitalPersona Personal 4.01 (HKLM\...\{3D8AE086-030F-4EF4-B705-63F8130B043E}) (Version: 4.01.3765 - DigitalPersona, Inc.)
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.3.0.20 - DivX, LLC)
English Pronouncing Dictionary (HKLM\...\English Pronouncing Dictionary) (Version:  - )
ESET NOD32 Antivirus (HKLM\...\{5A7B12EE-49F5-4019-8EA1-4BA4C41132E5}) (Version: 4.0.467.0 - Eset spol s r. o.)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
F1 2010 (HKLM\...\GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008600}) (Version: 1.0.0000.134 - Codemasters)
F1 2010 (Version: 1.0.0000.134 - Codemasters) Hidden
FileViewPro (HKLM\...\FileViewPro_is1) (Version: 4.0 - Solvusoft Corporation)
FormatFactory 2.60 (HKLM\...\FormatFactory) (Version: 2.60 - Free Time)
GG (HKCU\...\GG) (Version: 12 - GG Network S.A.)
GoGear SA018 Device Manager (HKLM\...\{DC19A2BC-9698-430E-AD50-456B837B1BCD}) (Version: 01.02 - Philips)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 1050 J410 series Badanie ulepszeń produktu (HKLM\...\{BEA3FF0E-D040-4D9A-B939-9AEB28C2EC64}) (Version: 20.0.771.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Podstawowe oprogramowanie urządzenia (HKLM\...\{496F4FDB-A4A5-4AB1-89C2-7B4FFD37F9F1}) (Version: 20.0.771.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Pomoc (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.56.56 - Hewlett Packard)
HP Deskjet 3520 series — badanie mające na celu poprawę produktów (HKLM\...\{BBCC839C-17FE-4897-ACFC-CD342D596DDD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series — podstawowe oprogramowanie urządzenia (HKLM\...\{1E19C516-9CE5-48F2-BB36-D2239458F7D1}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Pomoc (HKLM\...\{B15746C1-344B-40F8-A54E-85AD2AD8E81E}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 5400 series (HKLM\...\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}) (Version: 5.0 - HP)
HP Imaging Device Functions 5.0 (HKLM\...\HP Imaging Device Functions) (Version: 5.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Solution Center & Imaging Support Tools 5.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 5.0 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDeskjet5400Series (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
IMVU Avatar Chat Software (HKCU\...\IMVU Avatar chat client software BETA) (Version:  - )
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Jitsi (HKLM\...\{6D5A136F-3F1B-4EB7-BAF7-DC4514C598C5}) (Version: 2.4.4997 - Jitsi)
Laptop Integrated Webcam Driver (1.01.01.0529)   (HKLM\...\Creative OEM013) (Version:  - )
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.0817.1 - Creative Technology Ltd.)
Live! Cam Avatar v1.0 (HKLM\...\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}) (Version: 1.0 - Creative Technology Ltd.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Menedzer kopii zapasowej i przywracania Dell (HKLM\...\{11952D5B-66A4-4A39-814B-20060C8B82BD}) (Version: 1.0.0 - Dell, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 — pakiet języka polskiego (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - PLK) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 2.0 Language Pack - PLK (Version: 1.1.50727.42 - Microsoft Corporation) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Polish Language Pack (Version: 3.0.04506.30 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (Polish) (HKLM\...\{95120000-00AF-0415-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Polish) 2007 (Version: 12.0.4518.1020 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (Polish) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Might & Magic Heroes VI - Shades of Darkness (HKLM\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 2.0.0 - Ubisoft)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 CD Converter Professional 5.01 (HKLM\...\MP3 CD Converter Professional_is1) (Version:  - Thomas Yuan)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Narzędzie bezprzewodowej karty sieciowej Dell WLAN (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.18 - Dell Inc.)
Narzędzie The Sims™ 3 Stwórz świat – Beta (HKLM\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version:  - )
Nitro PDF Reader (HKLM\...\{2881063B-C58F-49EB-97FD-8BF58EC580F9}) (Version: 1.4.0.11 - Nitro PDF Software)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenFM (HKCU\...\OpenFM) (Version: 2 - GG Network S.A.)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Opera Stable 22.0.1471.70 (HKLM\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
Origin (HKLM\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Pakiet języka polskiego dla systemu Microsoft .NET Framework 3.0 (HKLM\...\Microsoft .NET Framework 3.0 Polish Language Pack) (Version:  - Microsoft Corporation)
Pakiet zgodności dla systemu Office 2007 (HKLM\...\{90120000-0020-0415-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poprawka dla systemu Windows XP (KB2158563) (HKLM\...\KB2158563) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB2443685) (HKLM\...\KB2443685) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB2570791) (HKLM\...\KB2570791) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB2633952) (HKLM\...\KB2633952) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB2756822) (HKLM\...\KB2756822) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB2779562) (HKLM\...\KB2779562) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB932716-v2) (HKLM\...\KB932716-v2) (Version: 2 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB949764) (HKLM\...\KB949764) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB952287) (HKLM\...\KB952287) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB953955) (HKLM\...\KB953955) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB954434) (HKLM\...\KB954434) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB958347) (HKLM\...\KB958347) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB959252) (HKLM\...\KB959252) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB961118) (HKLM\...\KB961118) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB968764) (HKLM\...\KB968764) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB976098-v2) (HKLM\...\KB976098-v2) (Version: 2 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB979306) (HKLM\...\KB979306) (Version: 1 - Microsoft Corporation)
Poprawka dla systemu Windows XP (KB981793) (HKLM\...\KB981793) (Version: 1 - Microsoft Corporation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
Rapture3D 2.4.4 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12114_1 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12114_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
screenSHU - the fastest screen capture ever. (HKLM\...\screenSHU) (Version:  - )
Słownik YDP (angielsko-polski, polsko-angielski) (HKLM\...\YdpDict100) (Version:  - )
SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version: 2.00 - Sony Corporation)
Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden
SubEdit-Player (HKLM\...\SubEdit-Player_is1) (Version: 4072 - Artur Sikora)
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.62.153 - Electronic Arts)
The Sims™ 3 Kariera (HKLM\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Nie z tego świata (HKLM\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 Po zmroku (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Rajska Wyspa (HKLM\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Skok w Przyszłość (HKLM\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Słodkie niespodzianki Katy Perry (HKLM\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims™ 3 Szybka jazda Akcesoria (HKLM\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 Wymarzone Podróże (HKLM\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0415-0000-0000000FF1CE}_PROHYBRIDR_{840D15BD-72E8-4710-ABDD-8E883B88BD5D}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version:  - Microsoft)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 5.0.1.2609 - Dell)
Winamp (HKLM\...\Winamp) (Version: 5.56  - Nullsoft, Inc)
Windows Communication Foundation Language Pack - PLK (Version: 3.0.04506.30 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Presentation Foundation Language Pack (PLK) (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows Workflow Foundation PL Language Pack (Version: 3.0.4203.2 - Microsoft Corporation) Hidden
XML Paper Specification Shared Components Language Pack 1.0 (Version:  - Microsoft Corporation) Hidden
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2008-05-09 01:43 - 2014-06-29 07:40 - 00000833 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
64.120.230.288 karachan.org
54.204.28.26 nikdaiaidiiiogaidkkekcmokkcgcdeac


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At5.job => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At6.job => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At7.job => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At8.job => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\hpwebreg_CN07D2N3P205HW.job => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HpWebReg.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1383603374.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{FDE7323D-2797-4133-9BF9-BEE0976C3E31}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2009-11-02 22:58 - 2008-12-12 03:38 - 00024064 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2009-11-02 22:58 - 2008-12-12 03:37 - 00753664 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2010-08-19 10:52 - 2010-08-19 10:52 - 00229376 _____ () C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe
2011-02-15 22:31 - 2001-12-21 18:31 - 00053248 _____ () C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
2011-02-15 22:40 - 2001-08-10 15:23 - 00388608 _____ () C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll
2006-05-25 02:29 - 2006-05-25 02:29 - 00053248 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2008-05-09 01:43 - 2008-04-15 14:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2009-11-02 22:58 - 2008-12-12 03:38 - 00143360 _____ () C:\WINDOWS\system32\preflib.dll
2009-07-01 18:37 - 2009-07-01 18:37 - 00037888 _____ () C:\Program Files\Winamp\winampa.exe
2011-01-11 01:25 - 2011-01-11 01:25 - 01230704 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2011-01-11 01:25 - 2011-01-11 01:25 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2012-11-28 15:44 - 2012-11-28 15:44 - 00034816 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
2012-11-28 15:45 - 2012-11-28 15:45 - 12564480 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
2012-11-28 15:45 - 2012-11-28 15:45 - 00569344 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
2012-11-28 15:44 - 2012-11-28 15:44 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
2012-11-28 15:19 - 2012-11-28 15:19 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
2013-09-04 19:21 - 2013-09-04 19:21 - 02112000 _____ () C:\Program Files\screenSHU\screenSHU.exe
2011-06-08 09:32 - 2011-06-08 09:32 - 00011362 _____ () C:\Program Files\screenSHU\mingwm10.dll
2011-06-08 09:32 - 2011-06-08 09:32 - 00043008 _____ () C:\Program Files\screenSHU\libgcc_s_dw2-1.dll
2010-01-15 16:35 - 2009-03-24 11:43 - 00135168 _____ () C:\Program Files\Philips\GoGear SA018 Device Manager\Scsi_nt.dll
2014-06-19 15:43 - 2014-06-19 15:43 - 01396344 _____ () C:\Program Files\Opera\22.0.1471.70\opera_crashreporter.exe
2013-06-11 22:06 - 2013-06-11 22:06 - 16033160 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
2011-02-01 20:08 - 2008-03-29 17:42 - 00159744 _____ () C:\Program Files\SubEdit-Player\codec\MatroskaSplitter\mmfinfo.dll
2011-02-01 20:08 - 2008-03-29 17:41 - 00023552 _____ () C:\Program Files\SubEdit-Player\codec\MatroskaSplitter\mkunicode.dll
2014-06-19 15:43 - 2014-06-19 15:43 - 00957048 _____ () C:\Program Files\Opera\22.0.1471.70\ffmpegsumo.dll
2014-06-13 20:24 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 20:24 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 20:24 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-17 13:53 - 2014-06-17 13:53 - 03205184 _____ () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\GG\Application\xulrunner\mozjs.dll
2014-06-17 13:53 - 2014-06-17 13:53 - 00122432 _____ () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\GG\Application\ggdrive\ZLIB1.dll
2014-06-17 13:53 - 2014-06-17 13:53 - 16361120 _____ () C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Dane aplikacji\GG\Application\FMSBWChecker\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Karta sieciowa 1394
Description: Karta sieciowa 1394
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2014 09:25:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Aplikacja zawieszająca ALLUpdate.exe, wersja 1.1.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error: (07/04/2014 05:46:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Aplikacja zawieszająca Might & Magic Heroes VI.exe, wersja 2.0.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error: (07/01/2014 11:08:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Aplikacja zawieszająca Might & Magic Heroes VI.exe, wersja 2.0.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error: (07/01/2014 09:58:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Aplikacja zawieszająca Uplay.exe, wersja 4.6.0.3208, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error: (07/01/2014 09:58:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Aplikacja zawieszająca Uplay.exe, wersja 4.6.0.3208, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error: (07/01/2014 09:57:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Aplikacja zawieszająca Might & Magic Heroes VI.exe, wersja 2.0.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error: (07/01/2014 09:56:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Aplikacja zawieszająca taskmgr.exe, wersja 5.1.2600.5512, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error: (07/01/2014 07:48:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacja powodująca błąd might & magic heroes vi.exe, wersja 2.0.0.0, moduł powodujący błąd might & magic heroes vi.exe, wersja 2.0.0.0, adres błędu 0x0013feb9.
Przetwarzanie zdarzenia określonego nośnika dla [might & magic heroes vi.exe!ws!]

Error: (07/01/2014 06:29:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Aplikacja zawieszająca Might & Magic Heroes VI.exe, wersja 2.0.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error: (07/01/2014 04:25:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Aplikacja zawieszająca mspaint.exe, wersja 5.1.2600.5918, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


System errors:
=============
Error: (07/06/2014 05:00:34 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\iaStor0

Error: (07/06/2014 09:24:28 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Adres IP połączenia 172.16.15.250 dla karty sieciowej o adresie 0CEEE6CC4105 został
zabroniony przez serwer DHCP 192.168.0.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error: (07/05/2014 07:35:55 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Adres IP połączenia 172.16.15.250 dla karty sieciowej o adresie 0CEEE6CC4105 został
zabroniony przez serwer DHCP 192.168.0.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error: (07/05/2014 04:51:43 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Kod błędu 1000008e, parametr 1 c0000005, parametr 2 805c31bb, parametr 3 a83cba48, parametr 4 00000000.

Error: (07/03/2014 08:27:32 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Adres IP połączenia 172.16.15.250 dla karty sieciowej o adresie 0CEEE6CC4105 został
zabroniony przez serwer DHCP 192.168.0.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error: (07/03/2014 07:07:29 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Adres IP połączenia 172.16.15.250 dla karty sieciowej o adresie 0CEEE6CC4105 został
zabroniony przez serwer DHCP 192.168.0.1 (Serwer DHCP wysłał komunikat DHCPNACK).

Error: (07/03/2014 03:31:43 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Adres IP połączenia 172.16.15.250 dla karty sieciowej o adresie 0CEEE6CC4105 został
zabroniony przez serwer DHCP 192.168.0.1 (Serwer DHCP wysłał komunikat DHCPNACK).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 3066.88 MB
Available physical RAM: 1282.12 MB
Total Pagefile: 4952.02 MB
Available Pagefile: 2902.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:298.05 GB) (Free:18.7 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HOMMVI SOD) (CDROM) (Total:7.33 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 3FAD4246)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

PS; if you need translation of some of logs elements, please tell me. I forgot its in polish. Sorry.


Edited by shival, 06 July 2014 - 11:52 AM.


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:48 PM

Posted 06 July 2014 - 02:21 PM

Hi shival,
 
Okay, thank you, I can figure out most things, but I may need to ask
 
We need to remove programs using  "Add/Remove Programs"
 
Click "Start" on the taskbar and then click on the "Control Panel" icon.
Please double-click the "Add or Remove Programs" icon.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

coiNttinueetosavoe

Additional instructions can be found here if needed.
 
--------------
 
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Malwarebytes log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 08 July 2014 - 08:33 AM

It was scanning without looking for rootkits, thats o-kay?

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2014-07-08
Scan Time: 12:37:39
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.08.04
Rootkit Database: v2014.07.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Robert Chciuk

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359252
Time Elapsed: 1 hr, 2 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Backdoor.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\TERMINAL SERVER\INSTALL\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NVIDIA driver monitor, c:\windows\nvsvc32.exe, Quarantined, [a4705f3edaa19b9b75903942887bdd23]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Conduit.A, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\ct3318151, Quarantined, [ea2a108d87f4c96df72cb0eb33cfdf21],

Files: 20
Keylogger.Logixoft, C:\Documents and Settings\Robert Chciuk\Pulpit\Nowy Archiwum WinRARa (ZIP) (2).zip, Quarantined, [d93b6a33b0cb40f6e707ecb23ec6ad53],
PUP.Optional.TenkiTechnology, C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Downloads\FreeHideIP-3.9.7.2.Setup.exe, Quarantined, [33e15647fc7f2b0bcdfd0483d52f748c],
PUP.Optional.TenkiTechnology, C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Downloads\FreeHideIP-3.9.7.8.Setup.exe, Quarantined, [997b84196f0c76c085454245887c5ba5],
Keylogger.Logixoft, C:\RECYCLER\S-1-5-21-3699752211-3086036438-1984491010-1005\Dc100.rar, Quarantined, [aa6ab7e67308c670fef0f4aab252f010],
PUP.Optional.PerformerSoft.A, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\81E7.tmp, Quarantined, [d143c6d7e19aba7c0133021bfb06ce32],
Trojan.RotBrowse, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\14C0.tmp, Quarantined, [1301edb0522953e306bcc2c08f757f81],
PUP.Optional.PerformerSoft.A, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\C9D.tmp, Quarantined, [9c78623bb9c225113301180508f93bc5],
PUP.Optional.Conduit.A, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\32BB.tmp, Quarantined, [61b35b4247341b1b86f68c9b3cc5d22e],
Trojan.RotBrowse, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\F7E3.tmp, Quarantined, [858fa2fbe497d264d4ec255d61a30000],
PUP.Optional.MediaTech.A, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\D.tmp, Quarantined, [19fb7e1f5d1eca6c7b1510727094f30d],
PUP.Optional.Babylon.A, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\04D81918-BAB0-7891-A279-5BF650413FCC\Latest\BExternal.dll, Quarantined, [ba5a0f8eb3c869cd48b4c45e49b737c9],
PUP.Optional.Babylon.A, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\BE9488A3-BAB0-7891-BEE5-A77328EA59E5\Latest\BExternal.dll, Quarantined, [c450dcc177048aac956776ac3ec2eb15],
PUP.Optional.Babylon.A, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\BE9488A3-BAB0-7891-BEE5-A77328EA59E5\Latest\CrxInstaller.dll, Quarantined, [e72d7b22fd7e3bfb594c62bd07fa4ab6],
PUP.Optional.CRX.A, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\bus5ECB\CrxUpdater_d.exe, Quarantined, [7e967b2242394fe72d041f3a24e0b34d],
PUP.Optional.CRX.A, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\bus8525\CrxUpdater_d.exe, Quarantined, [f51fd4c90e6d8bab1918b8a116ee8080],
PUP.Optional.CRX.A, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\bus85C2\CrxUpdater_d.exe, Quarantined, [8d87435a5a21ff377fb2f06956aea060],
PUP.Optional.CRX.A, C:\Documents and Settings\Robert Chciuk\Ustawienia lokalne\Temp\bus89D0\CrxUpdater_d.exe, Quarantined, [e1336b3277048bab52df9fbaf50fdf21],
PUP.Optional.InstallCore, C:\Documents and Settings\Robert Chciuk\Moje dokumenty\Free-Hide-IP(31946).exe, Quarantined, [080caaf3b1ca4aec1b24473f06fe5fa1],
Keylogger.Logixoft, C:\Documents and Settings\Robert Chciuk\Moje dokumenty\rkfree_setup (1).exe, Quarantined, [6ea694098cef6dc9b638168813f12ad6],
Keylogger.Logixoft, C:\Documents and Settings\Robert Chciuk\Moje dokumenty\rkfree_setup.exe, Quarantined, [0c082974a7d4c5719b53bae4ad57ef11],

Physical Sectors: 0
(No malicious items detected)


(end)



#10 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 09 July 2014 - 08:19 AM

Also, I/We discovered something strange about... login in to pages. All the fields for e-mails are yellow. The person (who has this computer) says it started, when some of the bigger problems started. It looks like this:
 

 

http://scr.hu/2dhj/75ug6

 

http://scr.hu/2dhj/dt6gs

 

http://scr.hu/2dhj/326kn

 

 

 

 

any idea if this can mean something, or this is just an effect of some changes to browser settings?


Edited by shival, 09 July 2014 - 08:20 AM.


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:48 PM

Posted 09 July 2014 - 01:44 PM

Hi shival,
 
Does the user use saved passwords/details?
 
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
     
     
    tds2.jpg
  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
     
     
    2012081514h0118.png
  • Click Start Scan and allow the scan process to run
     
     
    tds4-1.jpg
  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue
     
     
    tds6.jpg
  • Click Reboot computer
  • Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • TDSSKiller log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 09 July 2014 - 02:16 PM

Does the user use saved passwords/details?

 

What do you mean by that? If remember password is active in browsers? She says its not active. Yellow field started showing some time ago, it wasnt always like that, so...

 

Thank you for the info on the backdoor. I think the OS will be reinstalled soon, but it needs to survive a little more. Lets clean further :)

TDSS logs are coming in a moment,


Edited by shival, 09 July 2014 - 02:26 PM.


#13 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 09 July 2014 - 02:42 PM

Edit - gave the wrong log, give me a moment please!

Edit2 - New, good log in link, because its too big to attach and too long to paste.

 

http://www73.zippyshare.com/v/84715490/file.html

 

checked both link and file in virustotal, says its fine.

(url is classified as Suspicious site by AutoShun)


Edited by shival, 09 July 2014 - 03:00 PM.


#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:48 PM

Posted 10 July 2014 - 01:23 PM

Hi shival,
 
TDSSKiller log is clean so no rootkits :)
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • ESET log
  • Emsisoft log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:48 PM

Posted 10 July 2014 - 02:58 PM

She decided to do a system reinstall and bought an OS now, thanks for all help, you can close the topic now :3

 

Here is your land;

<insert land here>

 

thanks again!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users