Igfxupdate.exe- Zużywa 100% GPU

Maey · 27 Listopad 2012 00:35

Witam chciałbym dowiedziec sie co to jest. Nie moge tego zamknac ani usunac, przed tym robilem jeszcze skanowanie Nod’em ktory nie wykryl zadnych wirusow Za wczasu dam juz logi Pozdrawiam

HijackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:12:22, on 2012-11-27

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal


Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe


--

End of file - 3349 bytes

OTL

OTL logfile created on: 2012-11-27 01:25:08 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mati\Desktop

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


3,19 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 61,03% Memory free

6,37 Gb Paging File | 5,15 Gb Available in Paging File | 80,89% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 97,65 Gb Total Space | 59,92 Gb Free Space | 61,36% Space Free | Partition Type: NTFS

Drive D: | 200,43 Gb Total Space | 111,30 Gb Free Space | 55,53% Space Free | Partition Type: NTFS

Drive F: | 465,76 Gb Total Space | 423,12 Gb Free Space | 90,84% Space Free | Partition Type: NTFS


Computer Name: MATI-KOMPUTER | User Name: Mati | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2012-11-27 01:14:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mati\Desktop\OTL.exe

PRC - [2012-11-23 13:15:26 | 000,410,112 | ---- | M] (Intel Corporation) -- C:\Windows\System32\update\igfxupdate.exe

PRC - [2012-11-23 13:15:26 | 000,269,824 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxupdate.exe

PRC - [2012-10-27 18:37:58 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012-10-02 23:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012-10-02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2012-10-02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2012-08-20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2012-05-29 16:38:00 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

PRC - [2012-05-29 16:38:00 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

PRC - [2012-05-29 16:35:20 | 000,130,912 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\Report.exe

PRC - [2012-05-29 16:35:18 | 001,120,096 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\Integrator.exe

PRC - [2012-05-29 16:35:18 | 000,352,608 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\ProcessManager.exe

PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010-11-20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010-08-12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2012-11-23 13:15:26 | 000,322,048 | ---- | M] () -- C:\Windows\System32\update\libcurl-4.dll

MOD - [2012-11-23 13:15:26 | 000,224,256 | ---- | M] () -- C:\Windows\System32\update\libidn-11.dll

MOD - [2012-11-23 13:15:26 | 000,122,368 | ---- | M] () -- C:\Windows\System32\update\zlib1.dll

MOD - [2012-10-27 18:37:56 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012-02-09 13:07:02 | 013,416,256 | ---- | M] () -- C:\Program Files\TuneUp Utilities 2012\libcef.dll

MOD - [2010-07-04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll



[color=#E56717]========== Services (SafeList) ==========[/color]


SRV - [2012-11-22 02:20:41 | 000,371,200 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SearchIndexer.dll -- (SearchIndexer)

SRV - [2012-10-02 23:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012-08-29 11:03:36 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- D:\hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2012-07-13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012-05-29 16:38:00 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2012-05-29 16:37:58 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2012-04-04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012-01-20 16:25:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2012-01-18 12:25:22 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2012-01-18 12:22:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010-08-12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV - [2010-08-12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ctoss2k.sys -- (ossrv)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)

DRV - [2012-10-02 23:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012-08-23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012-08-23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2012-01-17 23:18:12 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011-11-08 12:47:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010-07-29 13:31:26 | 000,136,632 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)

DRV - [2010-07-29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)

DRV - [2010-07-29 13:31:26 | 000,096,920 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)

DRV - [2010-07-04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

DRV - [2010-04-27 16:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)

DRV - [2010-04-27 16:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)

DRV - [2010-04-27 16:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)

DRV - [2010-04-27 14:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)

DRV - [2009-04-21 13:58:06 | 001,147,392 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)

DRV - [2009-03-18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2006-11-02 07:57:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-2814583038-1491226290-3412054775-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2814583038-1491226290-3412054775-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2814583038-1491226290-3412054775-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1

FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.12



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-27 18:37:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-01-17 22:49:26 | 000,000,000 | ---D | M]


[2012-01-17 21:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mati\AppData\Roaming\mozilla\Extensions

[2012-11-23 16:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\kw7otjca.default\extensions

[2012-11-21 19:40:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\kw7otjca.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012-11-21 14:51:19 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- C:\Users\Mati\AppData\Roaming\mozilla\Firefox\Profiles\kw7otjca.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack

[2012-06-25 11:50:42 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Mati\AppData\Roaming\mozilla\firefox\profiles\kw7otjca.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi

[2012-11-23 16:08:57 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Mati\AppData\Roaming\mozilla\firefox\profiles\kw7otjca.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012-11-21 18:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012-01-17 23:16:18 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de

[2012-10-27 18:37:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012-02-02 16:51:15 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2012-02-02 16:51:15 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2012-02-02 16:51:14 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2012-02-02 16:51:14 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2012-02-02 16:51:14 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012-02-02 16:51:14 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


[color=#E56717]========== Chrome ==========[/color]


CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://battlelog.battlefield.com/bf3/pl/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Mati\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mati\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mati\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Szukaj w Google = C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\


O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2814583038-1491226290-3412054775-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-2814583038-1491226290-3412054775-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnails = 1

O7 - HKU\S-1-5-21-2814583038-1491226290-3412054775-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2814583038-1491226290-3412054775-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O13 - gopher Prefix: missing

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F099E84-A80B-41D5-B142-BEDAADFFE2DC}: DhcpNameServer = 62.179.1.62 62.179.1.63

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)

O27 - HKLM IFEO\hamachi-2-ui.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)

O27 - HKLM IFEO\nvstlink.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)

O27 - HKLM IFEO\nvstview.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)

O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)

O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\PMLauncher.exe (TuneUp Software)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [NTFS]

O33 - MountPoints2\{90dbfb1b-4153-11e1-bc62-001966d3f8c2}\Shell - "" = AutoRun

O33 - MountPoints2\{90dbfb1b-4153-11e1-bc62-001966d3f8c2}\Shell\AutoRun\command - "" = G:\autorun.exe

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_the_witcher_2_ee_3.0.1.17.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

NetSvcs: SearchIndexer - C:\Windows\System32\SearchIndexer.dll (Microsoft Corporation)

NetSvcs: SearchIndexer - C:\Windows\System32\SearchIndexer.dll (Microsoft Corporation)

NetSvcs: SearchIndexer - C:\Windows\System32\SearchIndexer.dll (Microsoft Corporation)

NetSvcs: SearchIndexer - C:\Windows\System32\SearchIndexer.dll (Microsoft Corporation)

NetSvcs: SearchIndexer - C:\Windows\System32\SearchIndexer.dll (Microsoft Corporation)

NetSvcs: SearchIndexer - C:\Windows\System32\SearchIndexer.dll (Microsoft Corporation)

NetSvcs: SearchIndexer - C:\Windows\System32\SearchIndexer.dll (Microsoft Corporation)


MsConfig - StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

MsConfig - StartUpReg: [b]LogMeIn Hamachi Ui[/b] - hkey= - key= - D:\hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

MsConfig - State: "startup" - 2


SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices


SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Hamachi2Svc - D:\hamachi\hamachi-2.exe (LogMeIn Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2012-11-27 01:14:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mati\Desktop\OTL.exe

[2012-11-27 00:16:25 | 000,000,000 | ---D | C] -- C:\Windows\LastGood

[2012-11-27 00:15:27 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll

[2012-11-27 00:15:27 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll

[2012-11-27 00:15:27 | 015,309,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll

[2012-11-27 00:15:27 | 010,837,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys

[2012-11-27 00:15:27 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll

[2012-11-27 00:15:27 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll

[2012-11-27 00:15:27 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll

[2012-11-27 00:15:27 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll

[2012-11-27 00:15:26 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll

[2012-11-26 23:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA

[2012-11-26 23:57:23 | 003,965,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll

[2012-11-26 23:57:23 | 002,853,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll

[2012-11-26 23:57:23 | 002,557,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll

[2012-11-26 23:57:23 | 000,108,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll

[2012-11-26 23:57:23 | 000,062,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll

[2012-11-26 23:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2012-11-26 15:36:11 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\ESN

[2012-11-25 23:18:07 | 000,000,000 | ---D | C] -- C:\Users\Mati\Desktop\Nowy folder

[2012-11-24 07:55:22 | 000,269,824 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxupdate.exe

[2012-11-23 15:24:00 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft

[2012-11-22 02:18:35 | 000,410,112 | ---- | C] (Intel Corporation) -- C:\Windows\System32\taskhost.rs

[2012-11-22 02:18:35 | 000,371,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.dll

[2012-11-22 02:18:35 | 000,269,824 | ---- | C] (Intel Corporation) -- C:\Windows\System32\SearchEngine.rs

[2012-11-22 02:18:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\update

[2012-11-21 19:46:45 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\SKIDROW

[2012-11-21 19:39:58 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Local\Ubisoft Game Launcher

[2012-11-21 19:31:55 | 000,000,000 | ---D | C] -- C:\Users\Mati\Documents\Assassin's Creed III

[2012-11-21 18:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft

[2012-11-21 18:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision

[2012-11-14 09:54:49 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys

[2012-11-14 09:54:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll

[2012-11-14 09:54:29 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll

[2012-11-14 09:54:28 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll

[2012-11-14 09:54:28 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll

[2012-11-14 09:54:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012-11-14 09:54:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012-11-14 09:54:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012-11-14 09:54:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012-11-14 09:54:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012-11-14 09:54:03 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012-11-14 09:54:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012-11-14 09:54:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012-11-14 08:54:33 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll

[2012-11-14 08:54:33 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll

[2012-11-14 08:54:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll

[2012-11-14 08:54:30 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll

[2012-11-14 08:54:29 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012-11-14 08:54:25 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll

[2012-11-14 08:54:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll

[2012-11-14 08:52:22 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys

[2012-11-14 08:52:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

[2012-11-14 08:52:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

[2012-11-14 08:52:20 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll

[2012-11-14 08:52:19 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll

[2012-11-14 08:52:19 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe

[2012-11-14 08:52:19 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys

[2012-11-14 08:52:19 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll

[2012-11-14 08:52:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll

[2012-11-14 08:52:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll

[2012-11-14 08:52:19 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll

[2012-11-14 08:52:18 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll

[2012-11-14 08:52:18 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe

[2012-11-14 08:52:18 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll

[2012-11-14 08:52:18 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll

[2012-11-14 08:51:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2012-11-10 21:49:56 | 000,000,000 | ---D | C] -- C:\Users\Mati\AppData\Roaming\Tibia

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2012-11-27 01:14:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mati\Desktop\OTL.exe

[2012-11-27 01:10:41 | 001,333,809 | ---- | M] () -- C:\Users\Mati\Desktop\Bez tyt4ułu.png

[2012-11-27 01:09:54 | 001,310,759 | ---- | M] () -- C:\Users\Mati\Desktop\Bez tytułu.png

[2012-11-27 00:20:33 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-11-27 00:20:33 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-11-27 00:15:41 | 000,737,730 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2012-11-27 00:15:41 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012-11-27 00:15:41 | 000,154,418 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2012-11-27 00:15:41 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012-11-27 00:11:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-11-26 23:54:40 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat

[2012-11-26 18:39:06 | 000,281,520 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr

[2012-11-26 18:38:40 | 000,140,072 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2012-11-26 18:38:29 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0

[2012-11-25 19:29:57 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012-11-25 19:29:57 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012-11-23 15:50:01 | 000,000,697 | ---- | M] () -- C:\Users\Mati\Desktop\Assassin's Creed III.lnk

[2012-11-23 15:24:00 | 000,001,163 | ---- | M] () -- C:\Users\Mati\Desktop\Uplay.lnk

[2012-11-23 13:15:26 | 000,410,112 | ---- | M] (Intel Corporation) -- C:\Windows\System32\taskhost.rs

[2012-11-23 13:15:26 | 000,269,824 | ---- | M] (Intel Corporation) -- C:\Windows\System32\SearchEngine.rs

[2012-11-23 13:15:26 | 000,269,824 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxupdate.exe

[2012-11-22 02:20:41 | 000,371,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.dll

[2012-11-22 02:18:35 | 000,000,008 | ---- | M] () -- C:\Windows\System32\SearchEngine.dat

[2012-11-16 14:40:33 | 000,270,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2012-11-27 01:10:40 | 001,333,809 | ---- | C] () -- C:\Users\Mati\Desktop\Bez tyt4ułu.png

[2012-11-27 01:09:54 | 001,310,759 | ---- | C] () -- C:\Users\Mati\Desktop\Bez tytułu.png

[2012-11-26 23:54:40 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat

[2012-11-23 15:49:36 | 000,000,697 | ---- | C] () -- C:\Users\Mati\Desktop\Assassin's Creed III.lnk

[2012-11-23 15:24:00 | 000,001,163 | ---- | C] () -- C:\Users\Mati\Desktop\Uplay.lnk

[2012-11-22 02:18:35 | 000,000,008 | ---- | C] () -- C:\Windows\System32\SearchEngine.dat

[2012-11-14 09:54:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012-11-14 09:54:28 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012-06-19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe

[2012-05-22 20:48:09 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2012-01-29 13:49:44 | 000,140,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2012-01-29 13:49:44 | 000,138,056 | ---- | C] () -- C:\Users\Mati\AppData\Roaming\PnkBstrK.sys

[2012-01-29 13:49:20 | 000,281,520 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2012-01-29 13:49:14 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2012-01-20 16:18:41 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL

[2012-01-20 16:18:40 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL

[2012-01-20 16:18:00 | 000,148,992 | ---- | C] () -- C:\Windows\System32\OemSpiE.dll

[2012-01-20 16:17:56 | 000,003,889 | ---- | C] () -- C:\Windows\System32\ludap17.ini

[2012-01-20 16:17:56 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

[2012-01-18 20:44:59 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI

[2012-01-17 23:24:37 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll


[color=#E56717]========== ZeroAccess Check ==========[/color]


[2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]


[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both


[color=#E56717]========== LOP Check ==========[/color]


[2012-01-18 00:40:14 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\.wtw

[2012-03-23 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\2K Sports

[2012-11-25 23:23:27 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\AIMP3

[2012-01-20 17:38:43 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Babylon

[2012-11-26 17:59:31 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\DAEMON Tools Lite

[2012-01-28 22:33:36 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\NapiProjekt

[2012-09-10 21:45:37 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Origin

[2012-11-10 21:51:04 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\Tibia

[2012-01-18 00:32:13 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\TuneUp Software

[2012-11-25 13:52:47 | 000,000,000 | ---D | M] -- C:\Users\Mati\AppData\Roaming\uTorrent


[color=#E56717]========== Purity Check ==========[/color]




[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< >[/color]

[2009-07-14 05:53:46 | 000,032,604 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009-07-14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT


[color=#A23BEC]< %systemdrive%\*.* >[/color]

[2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2010-11-20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2012-01-17 20:59:31 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2012-11-26 23:54:40 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat

[2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2012-11-27 00:11:03 | 3421,822,976 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]

[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys


[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]

[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys


[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]

[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys

[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys


[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]

[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

[2010-11-20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys

[2010-11-20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys

[2010-11-20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys


[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]

[2012-08-22 18:05:16 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=15B74B6283CEBCCE3054C1001CA01B5E -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys

[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

[2012-08-22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\System32\drivers\ndis.sys

[2012-08-22 18:16:46 | 000,712,048 | ---- | M] (Microsoft Corporation) MD5=8C9C922D71F1CD4DEF73F186416B7896 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys

[2010-11-20 13:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys


[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]

[2010-11-20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010-11-20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009-07-14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe


[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]

[2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009-10-28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010-11-20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010-11-20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe


< End of report >

stalesz · 27 Listopad 2012 09:08

Odpowiedż Microsoftu http://answers.microsoft.com/en-us/wind … ac401d56f3 Prawdopodobnie Trojan Generic KDV 792778.Proponuję przeskanować system Malwarebytes po ręcznej aktualizacji bazy wirusów.

stalesz · 27 Listopad 2012 09:59

Zalecenia jak wyżej.Użyj do tłumaczenia postu z podanego wyżej linka translatora http://translate.google.pl/?hl=pl&sa=N&tab=lT# MBAM http://www.dobreprogramy.pl/Malwarebyte … 13117.html

Maey · 27 Listopad 2012 12:22

Robiłem według tego co zostało podane na tej stronie i pewnych czynnikow nie da rady zrobic jak wejscie w tryb awaryjny czy recznie usuniecie tych plikow Co w takim przypadku ?

stalesz · 27 Listopad 2012 14:34

Jeszcze ten opis http://www.sevenforums.com/performance- … dates.html Po aktualizacji MBAM radziiłbym wyłączyć internet,także zajrzec do ustawień Zapory systemowej.

Maey · 27 Listopad 2012 14:53

Dobra udało mi się już pozbyć, także dzięki za wszelką pomoc Pozdrawiam