
Zoek.exe v5.0.0.1 Updated 08-October-2015
Tool run by alex on 2015-10-11 at 20:18:33,76.
Microsoft Windows XP Professional 5.1.2600 Dodatek Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: D:\Moje Dokumenty\Pobrane\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

2015-10-11 20:23:56 Zoek.exe System Restore Point Created Successfully.

==== Deleting Files \ Folders ======================

"C:\WINNT\Installer\432f71.msi" deleted
"C:\WINNT\Installer\43853f.msi" deleted
"C:\WINNT\Installer\2d18547.msi" deleted
"C:\WINNT\Installer\11fb5cc.msi" deleted
"C:\WINNT\Installer\17da34.msi" deleted
"C:\WINNT\Installer\219bb19.msi" deleted
"C:\WINNT\Installer\213fab8.msi" deleted
"C:\WINNT\Installer\1578025.msi" deleted
"C:\WINNT\Installer\22f6aec.msi" deleted
"C:\WINNT\Installer\1e8b635.msi" deleted
"C:\WINNT\Installer\2107133.msi" deleted
"C:\WINNT\Installer\accb8b.msi" deleted
"C:\WINNT\Installer\1ad5d48.msi" deleted
"C:\WINNT\Installer\203354.msi" deleted
"C:\WINNT\Installer\1de24a5.msi" deleted
"C:\WINNT\Installer\161abee.msi" deleted
"C:\WINNT\Installer\67d20b.msi" deleted
"C:\WINNT\Installer\12a20e7.msi" deleted
"C:\WINNT\Installer\e16cee.msi" deleted
"C:\WINNT\Installer\a2acf0.msi" deleted
"C:\WINNT\Installer\180c4b.msi" deleted
"C:\WINNT\Installer\166b1c.msi" deleted

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100D03810 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100D03820 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100D03830 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100D03840 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100D03850 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100D03860 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100D03870 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100D03880 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100D03890 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100D038A0 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100D038B0 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100307810 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100307820 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100307830 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100307840 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100307850 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100307860 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100307870 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100307880 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B380454580315844FB71110100307890 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D8301} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D8302} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D8303} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D8304} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D8305} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D8306} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D8307} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D8308} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D8309} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D830A} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D830B} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-111000038701} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-111000038702} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-111000038703} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-111000038704} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-111000038705} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-111000038706} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-111000038707} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-111000038708} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-111000038709} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{45A66726-69BC-466B-A7A4-12FCBA4883D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A089CE062ADB6BC44A720BA745894BAC deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100D03810 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100D03820 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100D03830 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100D03840 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100D03850 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100D03860 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100D03870 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100D03880 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100D03890 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100D038A0 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100D038B0 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100307810 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100307820 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100307830 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100307840 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100307850 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100307860 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100307870 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100307880 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B380454580315844FB71110100307890 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\62766A54CB96B6647A4A21CFAB84387D deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1801674531-413027322-839522115-1006\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1801674531-413027322-839522115-1006\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?')
O4 - HKUS\S-1-5-21-1801674531-413027322-839522115-1009\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Adam')
O4 - HKUS\S-1-5-21-1801674531-413027322-839522115-1009\..\Run: [GG] "C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe" (User 'Adam')
O4 - HKUS\S-1-5-21-1801674531-413027322-839522115-1009\..\Run: [Flvto YouTube Downloader] "C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\Flvto YouTube Downloader\FlvtoYoutubeDownloader.exe" /minimize (User 'Adam')
O4 - HKUS\S-1-5-21-1801674531-413027322-839522115-1009\..\Run: [uTorrent] "E:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED (User 'Adam')
O4 - HKUS\S-1-5-21-1801674531-413027322-839522115-1009\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun (User 'Adam')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1801674531-413027322-839522115-1009 Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Adam')
O4 - S-1-5-21-1801674531-413027322-839522115-1009 User Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Adam')
O4 - S-1-5-18 Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

==== C:\zoek_backup content ======================

C:\zoek_backup (files=23 folders=0 24574558 bytes)

==== EOF on 2015-10-11 at 20:26:34,87 ======================