Trojan 32win\Agent.trn

michaLek79 · 11 Luty 2013 15:21

Problemy z komputerem po przreskaniu ESETEM komunikat win32/Agent.trn

po pryeskanowaniu OTL dwie notatkię

Pierwsya to

OTL logfile created on: 2013-02-11 15:55:35 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michał\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,16% Memory free

5,99 Gb Paging File | 4,85 Gb Available in Paging File | 80,92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 97,56 Gb Total Space | 41,81 Gb Free Space | 42,85% Space Free | Partition Type: NTFS

Drive D: | 175,78 Gb Total Space | 152,66 Gb Free Space | 86,85% Space Free | Partition Type: NTFS

Drive E: | 192,32 Gb Total Space | 105,47 Gb Free Space | 54,84% Space Free | Partition Type: NTFS

Computer Name: MICHAŁ-KOMPUTER | User Name: Michał | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-02-11 15:55:26 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Users\Michał\Desktop\OTL.exe

PRC - [2013-02-09 21:48:17 | 000,699,248 | ---- | M] (Adobe Systems Incorporated) – C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe

PRC - [2013-01-18 09:55:38 | 000,541,608 | ---- | M] (Valve Corporation) – C:\Program Files\Common Files\Steam\SteamService.exe

PRC - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) – C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012-12-04 08:04:20 | 001,354,736 | ---- | M] (Valve Corporation) – D:\Program Files\Steam\steam.exe

PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\taskhost.exe

PRC - [2012-10-10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) – C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012-10-02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) – C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2012-10-02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) – C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) – C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) – C:\Windows\explorer.exe

PRC - [2010-07-12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) – C:\Program Files\Winamp\winampa.exe

PRC - [2010-02-08 15:51:32 | 001,015,808 | ---- | M] (Ares Development Group) – C:\Program Files\Ares\Ares.exe

PRC - [2008-02-28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) – C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

========== Modules (No Company Name) ==========

MOD - [2013-01-18 09:55:42 | 000,647,168 | ---- | M] () – D:\Program Files\Steam\sdl.dll

MOD - [2013-01-18 09:55:38 | 020,320,240 | ---- | M] () – D:\Program Files\Steam\bin\libcef.dll

MOD - [2013-01-18 09:55:38 | 001,100,800 | ---- | M] () – D:\Program Files\Steam\bin\avcodec-53.dll

MOD - [2013-01-18 09:55:38 | 000,969,640 | ---- | M] () – D:\Program Files\Steam\bin\chromehtml.dll

MOD - [2013-01-18 09:55:38 | 000,192,000 | ---- | M] () – D:\Program Files\Steam\bin\avformat-53.dll

MOD - [2013-01-18 09:55:38 | 000,124,416 | ---- | M] () – D:\Program Files\Steam\bin\avutil-51.dll

========== Services (SafeList) ==========

SRV - [2013-02-09 22:48:25 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)

SRV - [2013-02-09 13:25:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] – C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe – (MozillaMaintenance)

SRV - [2013-01-18 09:55:38 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] – C:\Program Files\Common Files\Steam\SteamService.exe – (Steam Client Service)

SRV - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] – C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe – (AdobeARMservice)

SRV - [2012-10-10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] – C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe – (nvUpdatusService)

SRV - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] – C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe – (Stereo Service)

SRV - [2010-07-08 09:32:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\Wat\WatAdminSvc.exe – (WatAdminSvc)

SRV - [2009-07-14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\StorSvc.dll – (StorSvc)

SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\sensrsvc.dll – (SensrSvc)

SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\PeerDistSvc.dll – (PeerDistSvc)

SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)

SRV - [2007-05-31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\WindowsMobile\wcescomm.dll – (WcesComm)

SRV - [2007-05-31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\WindowsMobile\rapimgr.dll – (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - [2012-10-10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\nvlddmkm.sys – (nvlddmkm)

DRV - [2011-08-17 08:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\usbser_lowerfltj.sys – (UsbserFilt)

DRV - [2011-08-17 08:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\usbser_lowerflt.sys – (upperdev)

DRV - [2011-08-17 08:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ccdcmbo.sys – (nmwcdc)

DRV - [2011-08-17 08:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\ccdcmb.sys – (nmwcd)

DRV - [2010-11-20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\Windows\System32\drivers\vmbus.sys – (vmbus)

DRV - [2010-11-20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] – C:\Windows\System32\drivers\vmstorfl.sys – (storflt)

DRV - [2010-11-20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\storvsc.sys – (storvsc)

DRV - [2010-11-20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\TsUsbFlt.sys – (TsUsbFlt)

DRV - [2010-11-20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\winusb.sys – (WinUsb)

DRV - [2010-11-20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\VMBusHID.sys – (VMBusHID)

DRV - [2010-11-20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\vms3cap.sys – (s3cap)

DRV - [2010-01-13 18:03:31 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] – C:\Windows\System32\drivers\sptd.sys – (sptd)

DRV - [2009-07-14 00:54:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\usb8023.sys – (USB_RNDIS)

DRV - [2009-07-13 23:09:18 | 000,031,232 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\grserial.sys – (GCR410P)

DRV - [2009-07-13 23:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\e1y6032.sys – (e1yexpress)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=c97fb715- … 1cc092e7c3

IE - HKLM…\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM…\SearchScopes{00799D27-A0FF-44E4-A829-8BDAE91F7F36}: “URL” = http://startsear.ch/?aff=1&src=sp&cf=c9 … 092e7c3&q={searchTerms}

IE - HKLM…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM…\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

IE - HKCU…\SearchScopes,DefaultScope = {E407988A-69CE-431C-B6E1-3440C4197449}

IE - HKCU…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU…\SearchScopes{E407988A-69CE-431C-B6E1-3440C4197449}: “URL” = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7ADFA_pl

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…browser.search.defaultengine: “Web Search”

FF - prefs.js…browser.search.defaultenginename: “Web Search”

FF - prefs.js…browser.search.order.1: “Web Search”

FF - prefs.js…browser.search.selectedEngine: “Google”

FF - prefs.js…browser.startup.homepage: “www.onet.pl”

FF - prefs.js…extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2

FF - prefs.js…keyword.URL: “http://startsear.ch/?aff=1&src=sp&cf=c97fb715-3f97-11e1-9c63-001cc092e7c3&q=”

FF - prefs.js…network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()

FF - HKLM\Software\MozillaPlugins@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins@powerchallenge.com/PowerLoader: C:\Users\MICHA~1\AppData\LocalLow\POWERC~1\nppowerloader.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\Components: C:\Program Files\Mozilla Firefox\components [2013-02-09 13:25:36 | 000,000,000 | —D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-02-09 13:25:34 | 000,000,000 | —D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\Components: C:\Program Files\Mozilla Firefox\components [2013-02-09 13:25:36 | 000,000,000 | —D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-02-09 13:25:34 | 000,000,000 | —D | M]

[2011-05-24 19:49:05 | 000,000,000 | —D | M] (No name found) – C:\Users\Michał\AppData\Roaming\mozilla\Extensions

[2012-10-24 16:42:44 | 000,000,000 | —D | M] (No name found) – C:\Users\Michał\AppData\Roaming\mozilla\Firefox\Profiles\jbdck6pi.default\extensions

[2012-01-15 17:41:52 | 000,000,792 | ---- | M] () – C:\Users\Michał\AppData\Roaming\mozilla\firefox\profiles\jbdck6pi.default\searchplugins\startsear.xml

[2013-02-09 13:25:34 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions

[2013-02-09 13:25:36 | 000,262,552 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011-10-03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) – C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll

[2012-01-14 19:17:33 | 000,002,767 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2012-01-14 19:17:33 | 000,001,406 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2012-01-14 19:17:33 | 000,000,917 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2012-01-14 19:17:33 | 000,000,858 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2012-01-14 19:17:33 | 000,001,183 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2012-01-14 19:17:33 | 000,001,683 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll

CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Micha\u0142\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll

CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll

CHR - Extension: Angry Birds = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

CHR - Extension: YouTube = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Szukaj w Google = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: vshare plugin = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

CHR - Extension: Gmail = C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)

O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O3 - HKLM…\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O3 - HKCU…\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKCU…\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll (VShare Inc.)

O4 - HKLM…\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKCU…\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)

O4 - HKCU…\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - HKCU…\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKCU…\Run: [Java] C:\Users\Michał\AppData\Roaming\Microsoft\jushed.exe ()

O4 - HKCU…\Run: [steam] D:\Program Files\Steam\steam.exe (Valve Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc … tor/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s … wflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{C49EE774-3C8D-44E5-B5CF-EB258BF40C0E}: DhcpNameServer = 192.168.1.1 192.168.1.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat – [NTFS]

O33 - MountPoints2{be6fe1c3-d0ec-11e1-8b9d-001cc092e7c3}\Shell - “” = AutoRun

O33 - MountPoints2{be6fe1c3-d0ec-11e1-8b9d-001cc092e7c3}\Shell\AutoRun\command - “” = G:\Startme.exe

O33 - MountPoints2{dd3d507e-0065-11df-8028-0023481b0421}\Shell - “” = AutoRun

O33 - MountPoints2{dd3d507e-0065-11df-8028-0023481b0421}\Shell\AutoRun\command - “” = K:\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = comfile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-02-11 15:55:24 | 000,602,112 | ---- | C] (OldTimer Tools) – C:\Users\Michał\Desktop\OTL.exe

[2013-02-10 16:18:57 | 000,000,000 | -HSD | C] – C:\Config.Msi

[2013-02-10 16:00:27 | 000,000,000 | —D | C] – C:\Users\Michał\AppData\Roaming\TuneUp Software

[2013-02-10 15:59:49 | 000,000,000 | —D | C] – C:\ProgramData\TuneUp Software

[2013-02-10 15:59:29 | 000,000,000 | -HSD | C] – C:\ProgramData{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

[2013-02-10 15:56:55 | 000,000,000 | -H-D | C] – C:\ProgramData\Common Files

[2013-02-10 15:56:55 | 000,000,000 | —D | C] – C:\Users\Michał\AppData\Local\MFAData

[2013-02-10 15:56:55 | 000,000,000 | —D | C] – C:\ProgramData\MFAData

[2013-02-10 15:56:55 | 000,000,000 | —D | C] – C:\Users\Michał\AppData\Local\Avg2013

[2013-02-09 13:25:34 | 000,000,000 | —D | C] – C:\Program Files\Mozilla Firefox

[2013-02-09 09:01:08 | 000,000,000 | —D | C] – C:\Users\Michał\Desktop\marta

[2013-02-09 08:49:27 | 000,000,000 | —D | C] – C:\Users\Michał\Desktop\Bajki

[2013-02-09 08:45:01 | 000,000,000 | —D | C] – C:\Users\Michał\Desktop\kot

========== Files - Modified Within 30 Days ==========

[2013-02-11 15:55:51 | 000,021,376 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013-02-11 15:55:51 | 000,021,376 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013-02-11 15:55:26 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Users\Michał\Desktop\OTL.exe

[2013-02-11 15:50:51 | 000,001,032 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013-02-11 15:50:46 | 000,067,584 | --S- | M] () – C:\Windows\bootstat.dat

[2013-02-11 15:50:42 | 2413,027,328 | -HS- | M] () – C:\hiberfil.sys

[2013-02-11 15:48:00 | 000,000,930 | ---- | M] () – C:\Windows\tasks\Adobe Flash Player Updater.job

[2013-02-11 15:45:24 | 000,456,808 | ---- | M] () – C:\Users\Michał\Desktop\OTL(19450).exe

[2013-02-11 13:13:00 | 000,001,036 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013-02-10 18:28:34 | 075,186,176 | ---- | M] () – C:\Users\Michał\Desktop\ess_nt32_plk.msi

[2013-02-09 22:48:25 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) – C:\Windows\System32\FlashPlayerApp.exe

[2013-02-09 22:48:25 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) – C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013-02-07 21:05:36 | 014,261,760 | ---- | M] () – C:\Windows\System32\perfh015.dat

[2013-02-07 21:05:36 | 005,325,194 | ---- | M] () – C:\Windows\System32\perfh009.dat

[2013-02-07 21:05:36 | 004,789,818 | ---- | M] () – C:\Windows\System32\perfc015.dat

[2013-02-07 21:05:36 | 004,606,870 | ---- | M] () – C:\Windows\System32\perfc009.dat

[2013-01-24 14:30:43 | 344,699,063 | ---- | M] () – C:\Windows\MEMORY.DMP

[2013-01-17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) – C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2013-02-11 15:46:55 | 000,456,808 | ---- | C] () – C:\Users\Michał\Desktop\OTL(19450).exe

[2013-02-10 18:30:15 | 075,186,176 | ---- | C] () – C:\Users\Michał\Desktop\ess_nt32_plk.msi

[2012-03-11 12:08:50 | 000,881,664 | ---- | C] () – C:\Windows\System32\xvidcore.dll

[2011-06-14 15:08:22 | 000,066,048 | ---- | C] () – C:\Windows\System32\PrintBrmUi.exe

[2010-07-25 19:20:13 | 000,003,584 | ---- | C] () – C:\Users\Michał\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-01-15 14:53:05 | 000,001,024 | ---- | C] () – C:\Users\Michał.rnd

========== ZeroAccess Check ==========

[2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

“” = %SystemRoot%\system32\shell32.dll – [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

“” = %systemroot%\system32\wbem\fastprox.dll – [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

“” = %systemroot%\system32\wbem\wbemess.dll – [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Both

< End of report >

Druga to

OTL Extras logfile created on: 2013-02-11 15:55:35 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michał\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,16% Memory free

5,99 Gb Paging File | 4,85 Gb Available in Paging File | 80,92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 97,56 Gb Total Space | 41,81 Gb Free Space | 42,85% Space Free | Partition Type: NTFS

Drive D: | 175,78 Gb Total Space | 152,66 Gb Free Space | 86,85% Space Free | Partition Type: NTFS

Drive E: | 192,32 Gb Total Space | 105,47 Gb Free Space | 54,84% Space Free | Partition Type: NTFS

Computer Name: MICHAŁ-KOMPUTER | User Name: Michał | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]

.cpl [@ = cplfile] – C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] – C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] – C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes]

.html [@ = ChromeHTML] – Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\shell[command]\command]

batfile [open] – “%1” %*

cmdfile [open] – “%1” %*

comfile [open] – “%1” %*

cplfile [cplopen] – %SystemRoot%\System32\control.exe “%1”,%* (Microsoft Corporation)

exefile [open] – “%1” %*

helpfile [open] – Reg Error: Key error.

hlpfile [open] – %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] – “C:\Program Files\Google\Chrome\Application\chrome.exe” – “%1” (Google Inc.)

https [open] – “C:\Program Files\Google\Chrome\Application\chrome.exe” – “%1” (Google Inc.)

inffile [install] – %SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation)

piffile [open] – “%1” %*

regfile [merge] – Reg Error: Key error.

scrfile [config] – “%1”

scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] – “%1” /S

txtfile [edit] – Reg Error: Key error.

Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] – cmd.exe /s /k pushd “%V” (Microsoft Corporation)

Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] – “C:\Program Files\Winamp\winamp.exe” /BOOKMARK “%1” (Nullsoft, Inc.)

Directory [Winamp.Enqueue] – “C:\Program Files\Winamp\winamp.exe” /ADD “%1” (Nullsoft, Inc.)

Directory [Winamp.Play] – “C:\Program Files\Winamp\winamp.exe” “%1” (Nullsoft, Inc.)

Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] – Reg Error: Value error.

Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

“cval” = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

“VistaSp1” = Reg Error: Unknown registry data type – File not found

“AntiVirusOverride” = 0

“AntiSpywareOverride” = 0

“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

“EnableFirewall” = 1

“DisableNotifications” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

“EnableFirewall” = 1

“DisableNotifications” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

“EnableFirewall” = 1

“DisableNotifications” = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

“{0C9ED0D0-D279-4AAE-83F6-AB772768D7CC}” = lport=23766 | protocol=6 | dir=in | name=bitcomet 23766 tcp |

“{8019CFE8-693D-4261-A637-53121B7D55D9}” = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |

“{8C5C9494-720D-4B4C-B538-07E196A433FD}” = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

“{A42C3362-0450-4F30-9B7A-08BA0F74D88B}” = lport=23766 | protocol=17 | dir=in | name=bitcomet 23766 udp |

“{AEA40EC9-465F-4F02-85EF-98FD73D9C0EB}” = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

“{D93FDF9F-80A5-43E9-9B40-7744CA228305}” = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

“{D9880CDE-719B-4C3F-8EE7-C20FE52EE3AB}” = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

“{F75F1A06-6A77-4A2B-9808-2BA176DA47D6}” = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

“{067A853B-0478-401A-8985-9C756B683863}” = protocol=6 | dir=in | app=d:\gry\steam\steam.exe |

“{10974A00-86BF-470F-8888-149E4ABCAF7E}” = protocol=6 | dir=in | app=d:\gry\2k games\firaxis games\sid meier’s civilization iv colonization\colonization.exe |

“{2C25F973-1CAE-49DC-BCB8-73C05BB153DE}” = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

“{3BD5D954-6575-48BC-B9E2-376C8BE4627E}” = dir=in | app=d:\gry\cdp.pl\farming simulator 2013\farmingsimulator2013game.exe |

“{520EF69A-0053-4BCF-BD9B-5051E21B03ED}” = protocol=17 | dir=in | app=d:\gry\steam\steam.exe |

“{6A031061-00D3-418A-B0B4-DB5B88E7D414}” = protocol=17 | dir=in | app=f:\fscommand\cksocketserver.exe |

“{8F6EFE34-9FA8-46AC-9570-E1B565252269}” = protocol=17 | dir=in | app=d:\gry\2k games\firaxis games\sid meier’s civilization iv colonization\colonization.exe |

“{9C3464CD-664C-4174-A33C-494FDE3938E7}” = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

“{A88B4387-B13C-42A2-91A7-03B451ED9B56}” = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

“{CF13DA5F-3CB0-433F-8D1F-0184FFA24DB0}” = dir=in | app=d:\gry\cdp.pl\farming simulator 2013\farmingsimulator2013.exe |

“{D8F73542-B621-4359-AC82-8C0DFF05F1F7}” = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

“{DF93E304-955E-4E67-B4D8-51C9B1523418}” = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\football manager 2012\fm.exe |

“{E053E73C-B13B-4947-BE14-DB6A37CEB9C3}” = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\football manager 2012\fm.exe |

“{EC47080A-5066-4290-BA7D-2B8DDBC4CE48}” = protocol=6 | dir=in | app=f:\fscommand\cksocketserver.exe |

“{FAB90C7B-8153-4E21-9A42-CEA692230A66}” = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |

“TCP Query User{1D4357D9-20D5-4F86-8D6E-38EF60D96DB2}C:\program files\bitcomet\bitcomet.exe” = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

“TCP Query User{916828F4-993A-4F04-9C91-CD95BA951FAB}C:\program files\sopcast\adv\sopadver.exe” = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

“TCP Query User{C3C0D224-4F67-4D36-8C0C-90AEE2986A5A}C:\program files\ares\ares.exe” = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |

“TCP Query User{D8A10828-393F-4577-81E7-76324A8FE13E}C:\program files\sopcast\sopcast.exe” = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |

“UDP Query User{1F286060-8762-4B0F-B410-0B3A18423F0B}C:\program files\bitcomet\bitcomet.exe” = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

“UDP Query User{65BE583A-C649-48A9-AEDE-2CF2B42697F9}C:\program files\ares\ares.exe” = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

“UDP Query User{9B0B0E85-AB52-409D-BCC0-A040877DE34D}C:\program files\sopcast\sopcast.exe” = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

“UDP Query User{EE6518F0-BC81-4CE1-8F2A-C5E10A0A9F9E}C:\program files\sopcast\adv\sopadver.exe” = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

“{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}” = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

“{048298C9-A4D3-490B-9FF9-AB023A9238F3}” = Steam

“{1C4551A6-4743-4093-91E4-1477CD655043}” = NVIDIA PhysX

“{2157961D-0507-44A8-BCF2-1EE2D439E8DF}” = Civilization III Complete Edition

“{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}” = Microsoft .NET Framework 4 Client Profile PLK Language Pack

“{3514C22B-C3A9-41C6-A818-FAEF474CA879}_is1” = ALLConverter to iPhone

“{3921A67A-5AB1-4E48-9444-C71814CF3027}” = VCRedistSetup

“{3C3901C5-3455-3E0A-A214-0B093A5070A6}” = Microsoft .NET Framework 4 Client Profile

“{3D3E663D-4E7E-4577-A560-7ECDDD45548A}” = PVSonyDll

“{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}” = SimCity 4 Deluxe

“{52644103-70EE-47F6-9BBB-AA4514B59615}_is1” = Farming Simulator 2013

“{56C049BE-79E9-4502-BEA7-9754A3E60F9B}” = neroxml

“{6068A42A-C1CF-45F2-9859-5DB16287FE5D}” = msvcrt_installer

“{612C34C7-5E90-47D8-9B5C-0F717DD82726}” = swMSM

“{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}” = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight

“{8C3727F2-8E37-49E4-820C-03B1677F53B6}” = Twierdza Krzyżowiec

“{90120000-0015-0415-0000-0000000FF1CE}” = Microsoft Office Access MUI (Polish) 2007

“{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}” = Microsoft Office 2007 Service Pack 3 (SP3)

“{90120000-0016-0415-0000-0000000FF1CE}” = Microsoft Office Excel MUI (Polish) 2007

“{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}” = Microsoft Office 2007 Service Pack 3 (SP3)

“{90120000-0018-0415-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (Polish) 2007

“{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}” = Microsoft Office 2007 Service Pack 3 (SP3)

“{90120000-0019-0415-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (Polish) 2007

“{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}” = Microsoft Office 2007 Service Pack 3 (SP3)

“{90120000-001A-0415-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (Polish) 2007

“{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}” = Microsoft Office 2007 Service Pack 3 (SP3)

“{90120000-001B-0415-0000-0000000FF1CE}” = Microsoft Office Word MUI (Polish) 2007

“{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}” = Microsoft Office 2007 Service Pack 3 (SP3)

“{90120000-001F-0407-0000-0000000FF1CE}” = Microsoft Office Proof (German) 2007

“{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

“{90120000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2007

“{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

“{90120000-001F-0415-0000-0000000FF1CE}” = Microsoft Office Proof (Polish) 2007

“{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

“{90120000-002C-0415-0000-0000000FF1CE}” = Microsoft Office Proofing (Polish) 2007

“{90120000-0030-0000-0000-0000000FF1CE}” = Microsoft Office Enterprise 2007

“{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}” = Microsoft Office 2007 Service Pack 3 (SP3)

“{90120000-0044-0415-0000-0000000FF1CE}” = Microsoft Office InfoPath MUI (Polish) 2007

“{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}” = Microsoft Office 2007 Service Pack 3 (SP3)

“{90120000-006E-0415-0000-0000000FF1CE}” = Microsoft Office Shared MUI (Polish) 2007

“{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}” = Microsoft Office 2007 Service Pack 3 (SP3)

“{90120000-00A1-0415-0000-0000000FF1CE}” = Microsoft Office OneNote MUI (Polish) 2007

“{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}” = Microsoft Office 2007 Service Pack 3 (SP3)

“{90120000-00BA-0415-0000-0000000FF1CE}” = Microsoft Office Groove MUI (Polish) 2007

“{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}” = Microsoft Office 2007 Service Pack 3 (SP3)

“{90140000-2005-0000-0000-0000000FF1CE}” = Microsoft Office File Validation Add-In

“{904CCF62-818D-4675-BC76-D37EB399F917}” = Centrum obsługi urządzeń z systemem Windows Mobile

“{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

“{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

“{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper

“{AC76BA86-7AD7-1045-7B44-AA1000000001}” = Adobe Reader X (10.1.5) - Polish

“{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision” = NVIDIA Sterownik 3D Vision 306.97

“{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel” = Panel sterowania NVIDIA 306.97

“{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver” = NVIDIA Sterownik graficzny 306.97

“{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update” = Aktualizacje NVIDIA 1.10.8

“{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer” = NVIDIA Install Application

“{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update” = NVIDIA Update Components

“{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}” = Nokia Connectivity Cable Driver

“{D6D5CB84-0E6E-4E69-B300-C690B6911045}” = Nero 8

“{DE29025A-091F-4998-AD2D-24C84421190F}” = Railroad Tycoon 3

“{EF36A836-BF89-4A4F-B079-057B0C68C1E0}” = Sid Meier’s Civilization IV Colonization

“Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX

“Adobe Flash Player Plugin” = Adobe Flash Player 11 Plugin

“Adobe Shockwave Player” = Adobe Shockwave Player 11.6

“ALLConverter to 3GP_is1” = ALLConverter to 3GP

“ALLConverter to PSP_is1” = ALLConverter to PSP

“ALLPlayer_is1” = ALLPlayer V4.X

“Ares” = Ares 2.1.5

“BitComet” = BitComet 1.17

“ENTERPRISE” = Microsoft Office Enterprise 2007

“ffdshow_is1” = ffdshow [rev 3200] [2010-01-12]

“FM Genie Scout 12_is1” = FM Genie Scout 12 version 1.1

“Gadu-Gadu” = Gadu-Gadu 7.7

“Google Chrome” = Google Chrome

“InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}” = Civilization III Complete Edition

“Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile

“Microsoft .NET Framework 4 Client Profile PLK Language Pack” = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile

“Mozilla Firefox 18.0.2 (x86 pl)” = Mozilla Firefox 18.0.2 (x86 pl)

“MozillaMaintenanceService” = Mozilla Maintenance Service

“NVIDIA Display Control Panel” = NVIDIA Display Control Panel

“NVIDIAStereo” = NVIDIA Stereoscopic 3D Driver

“RealAlt_is1” = Real Alternative 2.0.1

“SkanerOnline” = Skaner on-line mks_vir

“SopCast” = SopCast 3.3.2

“Steam App 71270” = Football Manager 2012

“vShare.tv plugin” = vShare.tv plugin 1.3

“Winamp” = Winamp

“WinRAR archiver” = Archiwizator WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

“Power Loader” = Power Challenge Game Plugin

“Winamp Detect” = Detektor Winampa

========== Last 20 Event Log Errors ==========

[Application Events]

Error - 2013-02-06 16:09:42 | Computer Name = Michał-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy

proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance.

Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych

Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis

DWORD w sekcji Data.

Error - 2013-02-06 16:09:43 | Computer Name = Michał-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy

proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance.

Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych

Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis

DWORD w sekcji Data.

Error - 2013-02-06 16:09:43 | Computer Name = Michał-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl

(WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.

Error - 2013-02-07 16:05:32 | Computer Name = Michał-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy

proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance.

Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych

Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis

DWORD w sekcji Data.

Error - 2013-02-07 16:05:33 | Computer Name = Michał-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3012

Description = Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy

proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance.

Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych

Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis

DWORD w sekcji Data.

Error - 2013-02-07 16:05:33 | Computer Name = Michał-Komputer | Source = Microsoft-Windows-LoadPerf | ID = 3011

Description = Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl

(WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.

Error - 2013-02-10 09:15:54 | Computer Name = Michał-Komputer | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: iexplore.exe, wersja: 9.0.8112.16457,

sygnatura czasowa: 0x50a2f9e3 Nazwa modułu powodującego błąd: mks_engn.dll, wersja:

0.0.0.0, sygnatura czasowa: 0x46bc4d4d Kod wyjątku: 0xc000000d Przesunięcie błędu:

0x00054001 Identyfikator procesu powodującego błąd: 0x1530 Godzina uruchomienia aplikacji

powodującej błąd: 0x01ce0790bad23d36 Ścieżka aplikacji powodującej błąd: C:\Program

Files\Internet Explorer\iexplore.exe Ścieżka modułu powodującego błąd: C:\Program

Files\SkanerOnline\mks_engn.dll Identyfikator raportu: ff574328-7383-11e2-9069-001cc092e7c3

Error - 2013-02-10 11:12:51 | Computer Name = Michał-Komputer | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: MksClean.exe, wersja: 1.0.0.1, sygnatura

czasowa: 0x419c8288 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7601.17725,

sygnatura czasowa: 0x4ec49b60 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00055fa8

Identyfikator

procesu powodującego błąd: 0x16c0 Godzina uruchomienia aplikacji powodującej błąd:

0x01ce07a0fd55ca6a Ścieżka aplikacji powodującej błąd: C:\Users\Michał\Downloads\MksClean.exe

Ścieżka

modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll Identyfikator raportu: 55c3b18d-7394-11e2-9069-001cc092e7c3

Error - 2013-02-10 11:13:54 | Computer Name = Michał-Komputer | Source = Application Error | ID = 1000

Description = Nazwa aplikacji powodującej błąd: MksClean.exe, wersja: 1.0.0.1, sygnatura

czasowa: 0x419c8288 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7601.17725,

sygnatura czasowa: 0x4ec49b60 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00056a9d

Identyfikator

procesu powodującego błąd: 0x11a0 Godzina uruchomienia aplikacji powodującej błąd:

0x01ce07a129d76ace Ścieżka aplikacji powodującej błąd: C:\Users\Michał\Desktop\MksClean.exe

Ścieżka

modułu powodującego błąd: C:\Windows\SYSTEM32\ntdll.dll Identyfikator raportu: 7b34beb6-7394-11e2-9069-001cc092e7c3

Error - 2013-02-10 11:18:56 | Computer Name = Michał-Komputer | Source = Microsoft-Windows-RestartManager | ID = 10006

Description = Nie można zamknąć aplikacji lub usługi Eksplorator Windows.

[System Events]

Error - 2013-02-10 12:08:51 | Computer Name = Michał-Komputer | Source = Ntfs | ID = 262199