bezimienny utworzono 2 lipca 2010 utworzono 2 lipca 2010 Po starcie systemu ukazuje mi się jedynie moja piękna tapeta i muszę "zabić" explorer.exe, odpalić go jeszcze raz a następnie wszystkie programy z autostartu. Zamieszczam poniżej log'a, gdyby ktoś mógł rzucić okiem i podzielić się swoimi uwagami to byłbym bardzo wdzięczny. Uprzedzam, że wypróbowałem już większość pomysłów z innych for internetowych i nic nie pomogło. [log]OTL logfile created on: 2010-07-02 14:55:45 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = D:\Download Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 45,31 Gb Total Space | 33,29 Gb Free Space | 73,48% Space Free | Partition Type: NTFS Drive D: | 50,01 Gb Total Space | 11,09 Gb Free Space | 22,18% Space Free | Partition Type: NTFS Drive E: | 202,77 Gb Total Space | 91,55 Gb Free Space | 45,15% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PRYWATNY Current User Name: Krzysiek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-07-02 14:54:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-06-27 16:55:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-06-27 16:55:19 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2010-06-23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010-04-03 19:23:16 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2010-02-09 17:52:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-03-05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Programy\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008-04-14 22:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 22:51:50 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPDEVMGMT] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-05-15 11:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2007-04-18 20:57:48 | 001,617,920 | ---- | M] () -- E:\Programy\M-KbdDrv.exe PRC - [2007-03-21 08:49:20 | 016,126,464 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-09-22 11:58:12 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe PRC - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-07-02 14:54:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 22:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 22:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 22:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 22:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 22:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 22:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 22:50:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2007-05-15 11:31:52 | 000,036,864 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\system32\Amhooker.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010-04-27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010-02-19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009-11-21 14:13:30 | 000,354,560 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008-04-04 15:51:32 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2006-09-22 11:58:12 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-06-24 11:45:36 | 000,137,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2010-05-13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2010-04-04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-02-26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010-02-26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009-12-09 19:03:03 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009-12-09 19:03:03 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-07-12 11:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO) DRV - [2007-05-25 05:35:32 | 000,137,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx) DRV - [2007-05-14 23:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007-05-14 23:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter) DRV - [2007-03-26 13:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-03-15 08:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001) DRV - [2005-10-18 16:01:00 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2005-05-17 14:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005-05-16 15:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2005-05-16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004-04-30 10:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus) DRV - [2004-04-30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-436374069-308236825-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3 FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - prefs.js..extensions.enabledItems: openmedspel@e-medtools.com:1.0.8 FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0 FF - prefs.js..extensions.enabledItems: turntoolviewer@turntool.com:2.9.5.9 FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100629 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-05 19:21:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-03-30 14:08:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-27 16:55:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-27 16:55:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-03-30 14:08:30 | 000,000,000 | ---D | M] [2009-11-21 13:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Extensions [2010-07-01 18:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2010-04-13 18:57:48 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010-04-30 21:35:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-06-04 16:02:08 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2010-02-19 00:23:19 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-01-22 22:49:20 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010-06-29 12:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\nasanightlaunch@example.com [2010-04-09 20:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\openmedspel@e-medtools.com [2010-07-01 18:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\tineye@ideeinc.com [2010-05-26 20:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\turntoolviewer@turntool.com [2010-02-10 14:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\undoclosedtabsbutton@supernova00.biz [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions [2010-02-10 18:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2009-12-05 22:47:12 | 000,005,609 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\searchplugins\nonsensopedia-pl.xml [2010-02-09 22:42:23 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\searchplugins\winamp-search.xml [2010-01-05 23:31:59 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml [2010-07-01 14:45:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-07-17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2010-02-09 19:50:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-02-09 19:50:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-02-09 19:50:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-02-09 19:50:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-02-09 19:50:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-02-09 19:50:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-07-02 14:01:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - No CLSID value found. O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [MutlimediaKbdDriver] E:\Programy\M-KbdDrv.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-21-436374069-308236825-1801674531-1003..\Run: [SpybotSD TeaTimer] E:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0 O8 - Extra context menu item: Download all by FlashGet3 - E:\Programy\FlashGet universal\FlashGet\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - E:\Programy\FlashGet universal\FlashGet\GetUrl.htm () O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O9 - Extra Button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.96.61 82.139.8.7 88.156.63.9 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-11-21 00:27:19 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-07-02 14:41:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$ [2010-07-02 14:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCTools [2010-07-02 14:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\BITS [2010-07-02 14:13:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-07-02 13:56:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-07-02 13:56:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-07-02 13:56:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-07-02 13:56:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010-07-02 13:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-07-02 13:39:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-06-29 12:14:08 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-06-26 18:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\PMB Files [2010-06-26 18:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2010-06-25 12:47:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010-06-23 17:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Moje skanowanie [2010-06-22 20:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Black & White 2 [2010-06-18 20:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\NFS Most Wanted [2010-06-16 21:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Pobieranie [2010-06-14 14:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-06-12 18:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Moje dzieła SPORE [2010-06-12 18:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SPORE [2010-06-12 18:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2010-06-11 18:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TeamViewer [2010-06-11 18:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2010-06-10 17:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-06-10 13:39:30 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll [2010-06-10 13:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine [2010-06-09 16:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010-06-09 16:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DVDVideoSoftIEHelpers [2010-06-09 16:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\DVDVideoSoft [2010-06-07 20:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Image Extract Software [2010-06-04 22:09:27 | 000,000,000 | ---D | C] -- C:\BDS [2010-06-04 22:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\NVIDIA [2010-06-04 20:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia [2010-06-04 16:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FlashGet [2010-05-29 20:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\JustDo [2010-05-27 22:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010-05-26 20:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\TurnTool [2010-05-26 20:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\TurnTool [2010-05-23 18:51:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SecuROM [2010-05-19 19:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-05-18 14:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA Corporation [2010-05-18 14:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010-05-18 14:44:06 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll [2010-05-18 14:43:57 | 000,000,000 | ---D | C] -- C:\NVIDIA [2010-05-18 14:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\BFBC2 [2010-05-05 11:58:09 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys [2010-05-05 11:58:08 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys [2010-05-05 11:58:08 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2010-05-05 11:58:08 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2010-05-05 11:58:07 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2010-05-05 11:58:06 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll [2010-05-05 11:58:06 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2009-12-11 18:33:34 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys [2009-12-11 18:33:34 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-07-02 14:46:40 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\Krzysiek\NTUSER.DAT [2010-07-02 14:44:33 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job [2010-07-02 14:44:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-07-02 14:44:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-07-02 14:34:43 | 000,000,820 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat [2010-07-02 14:01:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-07-02 14:01:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-07-02 11:26:01 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2010-07-02 11:26:01 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\ZoneAlarm Security.lnk [2010-07-02 11:25:59 | 000,420,889 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010-07-02 10:44:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-06-29 12:14:09 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-06-28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-06-28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-06-28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-06-25 13:16:25 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-06-25 13:13:24 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Krzysiek\ntuser.ini [2010-06-25 13:13:04 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010-06-25 13:07:56 | 000,000,793 | ---- | M] () -- C:\WINDOWS\win.ini [2010-06-25 13:07:56 | 000,000,223 | -HS- | M] () -- C:\boot.ini [2010-06-24 22:57:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-06-24 22:57:28 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-24 19:52:49 | 001,260,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-06-24 19:52:49 | 000,573,982 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-06-24 19:52:49 | 000,510,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-06-24 19:52:49 | 000,113,268 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-06-24 19:52:49 | 000,091,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-06-24 19:37:51 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Counter-Strike.lnk [2010-06-24 19:37:51 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Half-Life.lnk [2010-06-24 14:40:05 | 000,218,808 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010-06-24 11:45:36 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-06-23 21:14:58 | 000,408,553 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100701-222447.backup [2010-06-23 19:43:18 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Book97.doc [2010-06-23 17:23:05 | 000,031,674 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001_1.htm [2010-06-23 17:22:29 | 000,031,672 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001.htm [2010-06-22 19:29:19 | 000,000,589 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Black & White 2.lnk [2010-06-20 18:51:25 | 000,408,427 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100623-211458.backup [2010-06-18 19:35:47 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Medieval II Total War.lnk [2010-06-18 19:25:05 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Need for Speed™ Most Wanted.lnk [2010-06-17 19:30:36 | 000,099,814 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\fce.jpg [2010-06-14 18:12:06 | 000,404,365 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100620-185125.backup [2010-06-14 14:55:58 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2010-06-12 18:48:23 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\SPORE™.lnk [2010-06-11 19:47:33 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AIMP2.lnk [2010-06-11 18:28:27 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamViewer 5.lnk [2010-06-10 17:47:29 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\EVEREST Home Edition.lnk [2010-06-10 13:39:32 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Cheat Engine.lnk [2010-06-09 20:52:45 | 000,127,587 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\screen.jpg [2010-06-04 22:19:31 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk [2010-06-04 16:01:38 | 000,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI [2010-06-04 16:01:16 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\FlashGet 3.5.lnk [2010-06-03 18:28:10 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\MoorHunt.lnk [2010-05-27 22:26:25 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia Software Updater.lnk [2010-05-23 16:53:57 | 002,940,928 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\CHOROBY sss.ppt [2010-05-18 14:04:27 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Battlefield Bad Company 2.lnk [2010-05-17 15:45:15 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Zeus and Posejdon.lnk [2010-05-14 16:35:28 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Krzysiek\default.pls [2010-05-12 16:32:14 | 000,395,194 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100614-181206.backup [2010-05-08 23:50:55 | 000,393,062 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100512-163214.backup [2010-05-07 18:33:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-05-05 17:41:51 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia Ovi Player.lnk [2010-05-05 13:01:31 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-05-05 12:26:50 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010-05-05 12:26:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010-05-03 23:10:06 | 000,000,514 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-07-02 14:34:43 | 000,000,820 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat [2010-07-02 13:56:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-07-02 13:56:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-07-02 13:56:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-07-02 13:56:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-07-02 13:56:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-07-02 11:26:01 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\ZoneAlarm Security.lnk [2010-06-24 19:37:51 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Counter-Strike.lnk [2010-06-24 19:37:51 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Half-Life.lnk [2010-06-23 19:43:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Book97.doc [2010-06-23 17:23:03 | 000,031,674 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001_1.htm [2010-06-23 17:22:26 | 000,031,672 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001.htm [2010-06-22 19:29:19 | 000,000,589 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Black & White 2.lnk [2010-06-18 20:15:05 | 000,030,560 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\pzn-nfst.exe [2010-06-18 19:35:47 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Medieval II Total War.lnk [2010-06-18 19:25:05 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Need for Speed™ Most Wanted.lnk [2010-06-17 19:30:29 | 000,099,814 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\fce.jpg [2010-06-14 14:55:58 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2010-06-12 18:48:23 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\SPORE™.lnk [2010-06-11 18:28:27 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamViewer 5.lnk [2010-06-10 17:47:29 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\EVEREST Home Edition.lnk [2010-06-10 13:39:32 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Cheat Engine.lnk [2010-06-10 13:39:30 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2010-06-09 20:52:31 | 000,127,587 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\screen.jpg [2010-06-04 22:19:31 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk [2010-06-04 16:01:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI [2010-06-04 16:01:16 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\FlashGet 3.5.lnk [2010-05-23 16:52:16 | 002,940,928 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\CHOROBY sss.ppt [2010-05-18 14:44:06 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb [2010-05-18 14:44:04 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010-05-18 14:04:27 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Battlefield Bad Company 2.lnk [2010-05-14 19:12:07 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Zeus and Posejdon.lnk [2010-05-05 12:26:50 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010-05-05 12:26:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010-04-10 16:18:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2010-01-10 16:49:31 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-12-31 15:21:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-12-07 23:18:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2009-11-21 16:29:14 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL [2009-11-21 16:29:14 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini [2009-11-21 16:29:13 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll [2009-11-21 16:29:13 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll [2009-11-21 16:29:13 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll [2009-11-21 16:29:13 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll [2009-11-21 16:29:12 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll [2009-11-21 16:29:12 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll [2009-11-21 16:29:12 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll [2009-11-21 16:29:12 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll [2009-11-21 14:39:56 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-11-21 14:39:32 | 000,000,309 | ---- | C] () -- C:\WINDOWS\game.ini [2009-11-21 13:44:59 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2009-11-21 13:36:02 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-11-21 13:36:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-11-21 13:36:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-11-21 00:08:55 | 000,014,277 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009-11-21 00:08:55 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009-11-21 00:08:48 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007-06-28 18:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2010-06-14 14:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-05-19 19:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-05-27 22:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-11-21 13:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier [2010-03-29 20:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-03-29 19:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaMusic [2009-11-22 14:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-03-29 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OviInstallerCache [2010-03-29 20:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-06-26 22:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2010-07-02 14:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-11-21 14:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2010-03-06 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft [2010-01-30 18:38:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C} [2010-06-30 22:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\AIMP [2010-07-02 14:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\BITS [2009-12-09 17:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Broad Intelligence [2010-03-20 16:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\COWON [2009-12-19 21:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dev-Cpp [2009-11-21 13:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dual Vibration Game pad [2009-11-21 13:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dual Vibration Gamepad [2010-06-09 16:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DVDVideoSoftIEHelpers [2009-12-06 20:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FileZilla [2010-06-04 16:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FlashGet [2009-12-06 22:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Free Mp3 Wma Ogg Converter [2009-11-21 13:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Gadu-Gadu [2009-11-21 14:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Gadu-Gadu 10 [2009-12-19 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Leadertech [2010-04-06 20:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mp3tag [2010-03-29 20:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nokia [2010-06-22 22:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu [2009-11-22 14:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\OpenFM [2010-03-30 14:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\PC Suite [2010-01-07 21:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SoundSpectrum [2010-06-12 19:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SPORE [2010-06-11 18:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TeamViewer [2009-11-24 21:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TigerPlayer [2009-11-21 14:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TuneUp Software [2010-03-06 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Ubisoft [2009-11-21 14:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\URSoft [2010-07-02 14:44:33 | 000,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-06-25 13:07:56 | 000,000,223 | -HS- | M] () -- C:\boot.ini [2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-11-20 23:43:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-11-20 23:43:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-07-02 14:44:19 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 368 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13 @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ECF54A0E < End of report > [/log]
Gość komentarz 2 lipca 2010 komentarz 2 lipca 2010 wg mnie - ok full scan mbamem -> http://www.malwarebytes.org/mbam.php
Tomek01 komentarz 2 lipca 2010 komentarz 2 lipca 2010 (edytowane) Jest coś do usunięcia: C:\WINDOWS\System32\secustat.dat Ale może tak pokazałbyś też log z Combofix'a skoro już go użyłeś. Edytowane 2 lipca 2010 przez Tomek01
bezimienny komentarz 8 lipca 2010 Autor komentarz 8 lipca 2010 (edytowane) Panowie, Windows zmienny jest jak kobieta. Dziękuje za okazaną pomoc. Wszystko już działa No to sobie komputer podziałał. Znowu nawala. [log]OTL logfile created on: 2010-07-06 11:55:37 - Run 1 OTL by OldTimer - Version 3.2.7.1 Folder = D:\Download Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 45,31 Gb Total Space | 32,61 Gb Free Space | 71,96% Space Free | Partition Type: NTFS Drive D: | 50,01 Gb Total Space | 11,09 Gb Free Space | 22,18% Space Free | Partition Type: NTFS Drive E: | 202,77 Gb Total Space | 91,41 Gb Free Space | 45,08% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PRYWATNY Current User Name: Krzysiek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-07-06 11:54:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe PRC - [2010-07-05 21:30:07 | 000,219,128 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-06-27 16:55:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-06-27 16:55:19 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2010-06-23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010-04-03 19:23:16 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2010-02-09 17:52:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-01-30 13:53:51 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-03-05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Programy\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008-04-14 22:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 22:51:50 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPDEVMGMT] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-05-15 11:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2007-04-18 20:57:48 | 001,617,920 | ---- | M] () -- E:\Programy\M-KbdDrv.exe PRC - [2007-03-21 08:49:20 | 016,126,464 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-09-22 11:58:12 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe PRC - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-07-06 11:54:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 22:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 22:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 22:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 22:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 22:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 22:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 22:50:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2007-05-15 11:31:52 | 000,036,864 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\system32\Amhooker.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010-04-27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010-02-19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009-11-21 14:13:30 | 000,354,560 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008-04-04 15:51:32 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2006-09-22 11:58:12 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Video3D32.sys -- (Video3D) DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan) DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Krzysiek\USTAWI~1\Temp\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Krzysiek\USTAWI~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130) DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-05-13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2010-04-04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-02-26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010-02-26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009-12-09 19:03:03 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009-12-09 19:03:03 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-07-12 11:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO) DRV - [2007-05-25 05:35:32 | 000,137,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx) DRV - [2007-05-14 23:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007-05-14 23:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter) DRV - [2007-03-26 13:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-03-15 08:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001) DRV - [2005-10-18 16:01:00 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2005-05-17 14:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005-05-16 15:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2005-05-16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004-04-30 10:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus) DRV - [2004-04-30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-436374069-308236825-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3 FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - prefs.js..extensions.enabledItems: openmedspel@e-medtools.com:1.0.8 FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0 FF - prefs.js..extensions.enabledItems: turntoolviewer@turntool.com:2.9.5.9 FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100629 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-05 19:21:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-03-30 14:08:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-27 16:55:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-27 16:55:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-03-30 14:08:30 | 000,000,000 | ---D | M] [2009-11-21 13:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Extensions [2010-07-05 20:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2010-04-13 18:57:48 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010-04-30 21:35:29 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-06-04 16:02:08 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2010-02-19 00:23:19 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-01-22 22:49:20 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010-06-29 12:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\nasanightlaunch@example.com [2010-04-09 20:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\openmedspel@e-medtools.com [2010-07-01 18:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\tineye@ideeinc.com [2010-05-26 20:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\turntoolviewer@turntool.com [2010-02-10 14:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\undoclosedtabsbutton@supernova00.biz [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions [2010-02-10 18:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2009-12-05 22:47:12 | 000,005,609 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\searchplugins\nonsensopedia-pl.xml [2010-02-09 22:42:23 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\searchplugins\winamp-search.xml [2010-01-05 23:31:59 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml [2010-07-05 20:44:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-07-17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2010-02-09 19:50:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-02-09 19:50:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-02-09 19:50:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-02-09 19:50:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-02-09 19:50:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-02-09 19:50:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-07-02 14:01:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - No CLSID value found. O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [MutlimediaKbdDriver] E:\Programy\M-KbdDrv.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-21-436374069-308236825-1801674531-1003..\Run: [SpybotSD TeaTimer] E:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0 O8 - Extra context menu item: Download all by FlashGet3 - E:\Programy\FlashGet universal\FlashGet\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - E:\Programy\FlashGet universal\FlashGet\GetUrl.htm () O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O9 - Extra Button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.96.61 82.139.8.7 88.156.63.9 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-07-02 14:41:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$ [2010-07-02 14:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCTools [2010-07-02 14:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\BITS [2010-07-02 14:13:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-07-02 13:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-06-29 12:14:08 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-06-26 18:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\PMB Files [2010-06-26 18:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2010-06-25 12:47:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010-06-23 17:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Moje skanowanie [2010-06-22 20:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Black & White 2 [2010-06-18 20:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\NFS Most Wanted [2010-06-16 21:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Pobieranie [2010-06-14 14:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-06-12 18:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Moje dzieła SPORE [2010-06-12 18:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SPORE [2010-06-12 18:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2010-06-11 18:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TeamViewer [2010-06-11 18:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2010-06-10 17:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-06-10 13:39:30 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll [2010-06-10 13:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine [2010-06-09 16:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010-06-09 16:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DVDVideoSoftIEHelpers [2010-06-09 16:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\DVDVideoSoft [2010-06-07 20:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Image Extract Software [2010-06-04 22:09:27 | 000,000,000 | ---D | C] -- C:\BDS [2010-06-04 22:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\NVIDIA [2010-06-04 20:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia [2010-06-04 16:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FlashGet [2010-05-29 20:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\JustDo [2010-05-27 22:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010-05-26 20:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\TurnTool [2010-05-26 20:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\TurnTool [2010-05-23 18:51:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SecuROM [2010-05-19 19:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-05-18 14:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA Corporation [2010-05-18 14:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010-05-18 14:44:06 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll [2010-05-18 14:43:57 | 000,000,000 | ---D | C] -- C:\NVIDIA [2010-05-18 14:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\BFBC2 [2009-12-11 18:33:34 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys [2009-12-11 18:33:34 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-07-06 11:41:06 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job [2010-07-06 11:41:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-07-06 11:40:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-07-06 11:40:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-07-05 23:16:14 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Krzysiek\NTUSER.DAT [2010-07-05 21:30:07 | 000,219,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010-07-05 21:13:13 | 000,138,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-07-05 12:59:34 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-07-05 10:28:15 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Krzysiek\default.pls [2010-07-04 23:47:30 | 002,115,778 | -H-- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-07-04 19:05:08 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-07-03 23:21:30 | 000,075,120 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-07-03 19:22:15 | 001,603,052 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka3.2.png [2010-07-03 17:28:35 | 000,841,061 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka2.jpg [2010-07-03 15:20:51 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-07-02 22:44:28 | 000,280,605 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\bez_nazwy_.png [2010-07-02 14:34:43 | 000,000,820 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat [2010-07-02 14:01:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-07-02 14:01:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-07-02 11:26:01 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2010-07-02 11:26:01 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\ZoneAlarm Security.lnk [2010-07-02 11:25:59 | 000,420,889 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010-06-29 12:14:09 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-06-28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-06-28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-06-28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-06-25 13:13:24 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Krzysiek\ntuser.ini [2010-06-25 13:13:04 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010-06-25 13:07:56 | 000,000,793 | ---- | M] () -- C:\WINDOWS\win.ini [2010-06-25 13:07:56 | 000,000,223 | -HS- | M] () -- C:\boot.ini [2010-06-24 22:57:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-06-24 22:57:28 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-06-24 19:52:49 | 001,260,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-06-24 19:52:49 | 000,573,982 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-06-24 19:52:49 | 000,510,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-06-24 19:52:49 | 000,113,268 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-06-24 19:52:49 | 000,091,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-06-24 19:37:51 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Counter-Strike.lnk [2010-06-24 19:37:51 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Half-Life.lnk [2010-06-23 21:14:58 | 000,408,553 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100701-222447.backup [2010-06-23 19:43:18 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Book97.doc [2010-06-23 17:23:05 | 000,031,674 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001_1.htm [2010-06-23 17:22:29 | 000,031,672 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001.htm [2010-06-22 19:29:19 | 000,000,589 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Black & White 2.lnk [2010-06-20 18:51:25 | 000,408,427 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100623-211458.backup [2010-06-18 19:35:47 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Medieval II Total War.lnk [2010-06-18 19:25:05 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Need for Speed™ Most Wanted.lnk [2010-06-17 19:30:36 | 000,099,814 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\fce.jpg [2010-06-14 18:12:06 | 000,404,365 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100620-185125.backup [2010-06-14 14:55:58 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2010-06-12 18:48:23 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\SPORE™.lnk [2010-06-11 19:47:33 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AIMP2.lnk [2010-06-11 18:28:27 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamViewer 5.lnk [2010-06-10 17:47:29 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\EVEREST Home Edition.lnk [2010-06-10 13:39:32 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Cheat Engine.lnk [2010-06-09 20:52:45 | 000,127,587 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\screen.jpg [2010-06-04 22:19:31 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk [2010-06-04 16:01:38 | 000,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI [2010-06-04 16:01:16 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\FlashGet 3.5.lnk [2010-06-03 18:28:10 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\MoorHunt.lnk [2010-05-27 22:26:25 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia Software Updater.lnk [2010-05-23 16:53:57 | 002,940,928 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\CHOROBY sss.ppt [2010-05-18 14:04:27 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Battlefield Bad Company 2.lnk [2010-05-17 15:45:15 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Zeus and Posejdon.lnk [2010-05-12 16:32:14 | 000,395,194 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100614-181206.backup [2010-05-08 23:50:55 | 000,393,062 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100512-163214.backup [2010-05-07 18:33:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-07-03 19:19:53 | 001,603,052 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka3.2.png [2010-07-03 17:27:29 | 000,841,061 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka2.jpg [2010-07-02 22:44:09 | 000,280,605 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\bez_nazwy_.png [2010-07-02 14:34:43 | 000,000,820 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat [2010-07-02 13:56:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-07-02 13:56:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-07-02 11:26:01 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\ZoneAlarm Security.lnk [2010-06-24 19:37:51 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Counter-Strike.lnk [2010-06-24 19:37:51 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Half-Life.lnk [2010-06-23 19:43:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Book97.doc [2010-06-23 17:23:03 | 000,031,674 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001_1.htm [2010-06-23 17:22:26 | 000,031,672 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001.htm [2010-06-22 19:29:19 | 000,000,589 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Black & White 2.lnk [2010-06-18 20:15:05 | 000,030,560 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\pzn-nfst.exe [2010-06-18 19:35:47 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Medieval II Total War.lnk [2010-06-18 19:25:05 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Need for Speed™ Most Wanted.lnk [2010-06-17 19:30:29 | 000,099,814 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\fce.jpg [2010-06-14 14:55:58 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2010-06-12 18:48:23 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\SPORE™.lnk [2010-06-11 18:28:27 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamViewer 5.lnk [2010-06-10 17:47:29 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\EVEREST Home Edition.lnk [2010-06-10 13:39:32 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Cheat Engine.lnk [2010-06-10 13:39:30 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2010-06-09 20:52:31 | 000,127,587 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\screen.jpg [2010-06-04 22:19:31 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk [2010-06-04 16:01:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI [2010-06-04 16:01:16 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\FlashGet 3.5.lnk [2010-05-23 16:52:16 | 002,940,928 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\CHOROBY sss.ppt [2010-05-18 14:44:06 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb [2010-05-18 14:44:04 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010-05-18 14:04:27 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Battlefield Bad Company 2.lnk [2010-05-14 19:12:07 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Zeus and Posejdon.lnk [2010-04-10 16:18:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2010-01-10 16:49:31 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-12-31 15:21:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-12-07 23:18:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2009-11-21 16:29:14 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL [2009-11-21 16:29:14 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini [2009-11-21 16:29:13 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll [2009-11-21 16:29:13 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll [2009-11-21 16:29:13 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll [2009-11-21 16:29:13 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll [2009-11-21 16:29:12 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll [2009-11-21 16:29:12 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll [2009-11-21 16:29:12 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll [2009-11-21 16:29:12 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll [2009-11-21 14:39:56 | 000,138,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-11-21 14:39:32 | 000,000,309 | ---- | C] () -- C:\WINDOWS\game.ini [2009-11-21 13:44:59 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2009-11-21 13:36:02 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-11-21 13:36:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-11-21 13:36:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-11-21 00:08:55 | 000,014,277 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009-11-21 00:08:55 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009-11-21 00:08:48 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007-06-28 18:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2010-06-14 14:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-05-19 19:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-05-27 22:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-11-21 13:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier [2010-03-29 20:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-03-29 19:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaMusic [2009-11-22 14:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-03-29 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OviInstallerCache [2010-03-29 20:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-06-26 22:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2010-07-02 14:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-11-21 14:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2010-03-06 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft [2010-01-30 18:38:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C} [2010-07-05 14:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\AIMP [2010-07-02 14:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\BITS [2009-12-09 17:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Broad Intelligence [2010-03-20 16:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\COWON [2009-12-19 21:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dev-Cpp [2009-11-21 13:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dual Vibration Game pad [2009-11-21 13:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dual Vibration Gamepad [2010-06-09 16:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DVDVideoSoftIEHelpers [2009-12-06 20:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FileZilla [2010-06-04 16:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FlashGet [2009-12-06 22:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Free Mp3 Wma Ogg Converter [2009-11-21 13:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Gadu-Gadu [2009-11-21 14:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Gadu-Gadu 10 [2009-12-19 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Leadertech [2010-04-06 20:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mp3tag [2010-03-29 20:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nokia [2010-06-22 22:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu [2009-11-22 14:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\OpenFM [2010-03-30 14:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\PC Suite [2010-01-07 21:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SoundSpectrum [2010-06-12 19:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SPORE [2010-06-11 18:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TeamViewer [2009-11-24 21:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TigerPlayer [2009-11-21 14:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TuneUp Software [2010-03-06 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Ubisoft [2009-11-21 14:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\URSoft [2010-07-06 11:41:06 | 000,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-06-25 13:07:56 | 000,000,223 | -HS- | M] () -- C:\boot.ini [2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-11-20 23:43:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-11-20 23:43:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-07-06 11:40:42 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 368 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13 @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ECF54A0E < End of report > [/log]Ma ktoś może jakieś pomysły? Edytowane 6 lipca 2010 przez Bezimienny
Tomek01 komentarz 8 lipca 2010 komentarz 8 lipca 2010 Nic specjalnego nie widzę i usunięcie jednego pliku na pewno sytuacji nie poprawi. Wykonaj pełny skan [url=http://www.instalki.pl/programy/download_c/14/155.html][color=#0000CD][b]DrWebCureIt[/b][/color][/url] oraz [url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i wyniki podaj na forum. Oraz pokaż log z Combofix'a o którego wcześniej już prosiłem.
bezimienny komentarz 12 lipca 2010 Autor komentarz 12 lipca 2010 Anti-malware: [URL=http://img819.imageshack.us/i/antimalware.png/][IMG]http://img819.imageshack.us/img819/1310/antimalware.th.png[/IMG][/URL] Uploaded with [URL=http://imageshack.us]ImageShack.us[/URL] [log]Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Wersja bazy: 4304 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 6.0.2900.5512 2010-07-12 13:51:09 mbam-log-2010-07-12 (13-51-09).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|) Przeskanowano obiektów: 225440 Upłynęło: 28 minut(y), 10 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 0 Zainfekowane informacje rejestru systemowego: 0 Zainfekowanych folderów: 0 Zainfekowanych plików: 1 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: (Nie znaleziono zagrożeń) Zainfekowane informacje rejestru systemowego: (Nie znaleziono zagrożeń) Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: C:\Documents and Settings\Użytkownik\Pulpit\pzn-nfst.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.[/log] a dr.web nic nie znalazł combofix'a boje się odpalać, bo log zniknął a podczas skanowania wyskakiwały jakieś errory
Mateusz J. komentarz 12 lipca 2010 komentarz 12 lipca 2010 Nie widać w logu żadnych problemów z powłoką systemową shell. Ale spróbuj wykonać poniższy fix, możliwe że OTL nie pokazuje wszystkiego. Do notatnika wklej:[code]Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"=- "Shell"=Explorer.exe[/code]Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą [b]FIX.REG[/b] Uruchom utworzony plik [b]FIX.REG[/b] i potwierdź dodanie do Rejestru i zresetuj komputer. Jeśli nie pomoże proponuję podmianę pliku explorer.exe.
Tomek01 komentarz 12 lipca 2010 komentarz 12 lipca 2010 Do [url=http://images.malwareremoval.com/jpshortstuff/SystemLook.exe][b]System Look[/b][/url] wklej: [code]:filefind explorer.exe [/code] Wciśnij look pokaż co wyskoczy.
bezimienny komentarz 12 lipca 2010 Autor komentarz 12 lipca 2010 [log]SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 19:59 on 12/07/2010 by Użytkownik (Administrator - Elevation successful) ========== filefind ========== Searching for "explorer.exe" C:\WINDOWS\ERDNT\cache\explorer.exe --a--- 1035264 bytes [12:02 02/07/2010] [20:51 14/04/2008] C791ED9EAC5E76D9525E157B1D7A599A C:\WINDOWS\explorer.exe --a--- 1035264 bytes [20:51 14/04/2008] [20:51 14/04/2008] C791ED9EAC5E76D9525E157B1D7A599A C:\WINDOWS\system32\dllcache\explorer.exe --a--c 1035264 bytes [20:51 14/04/2008] [20:51 14/04/2008] C791ED9EAC5E76D9525E157B1D7A599A -=End Of File=-[/log]
Tomek01 komentarz 12 lipca 2010 komentarz 12 lipca 2010 Explorer w jak najlepszym porządku. Wrzuć jeszcze log z Silent Runners oraz Gmer.
bezimienny komentarz 15 lipca 2010 Autor komentarz 15 lipca 2010 ściągnąłem silent runners w zip'ie, to był jakiś plik .vbs i od czasu jego odpalenia użycie procesora skacze od 50% do 100% (albo jest ok.50 albo tylko 100), nawet nie moge zrobić skanów GMER'emodpala mi się także kilka svchost.exe, przed chwilą musiałem resetować kompa, bo na 2 rdzeniach miałem 100% użycie. Nawet Menadżer zadań się zawiesił i wgrał stary motyw okna.
bezimienny komentarz 16 lipca 2010 Autor komentarz 16 lipca 2010 OTL [log]OTL logfile created on: 2010-07-16 13:48:35 - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = D:\Download Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 45,31 Gb Total Space | 29,84 Gb Free Space | 65,85% Space Free | Partition Type: NTFS Drive D: | 50,01 Gb Total Space | 9,59 Gb Free Space | 19,18% Space Free | Partition Type: NTFS Drive E: | 202,77 Gb Total Space | 92,15 Gb Free Space | 45,45% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PRYWATNY Current User Name: Krzysiek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-07-10 16:14:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-06-27 16:55:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-06-27 16:55:19 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2010-06-23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010-04-03 19:23:16 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2010-02-09 17:52:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-11-22 14:37:35 | 011,539,048 | ---- | M] (GG Network S.A.) -- E:\Programy\Nowe Gadu-Gadu\gg.exe PRC - [2009-10-28 13:43:06 | 000,077,824 | ---- | M] () -- E:\Programy\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-03-05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Programy\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008-04-14 22:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 22:51:50 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPDEVMGMT] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-05-15 11:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2007-04-18 20:57:48 | 001,617,920 | ---- | M] () -- E:\Programy\M-KbdDrv.exe PRC - [2007-03-21 08:49:20 | 016,126,464 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-09-22 11:58:12 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe PRC - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-07-10 16:14:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 22:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 22:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 22:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 22:50:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2007-05-15 11:31:52 | 000,036,864 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\system32\Amhooker.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010-04-27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010-02-19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009-11-21 14:13:30 | 000,354,560 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008-04-04 15:51:32 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2006-09-22 11:58:12 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Video3D32.sys -- (Video3D) DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan) DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Krzysiek\USTAWI~1\Temp\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Krzysiek\USTAWI~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130) DRV - [2010-07-15 17:43:06 | 000,137,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-05-13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2010-04-04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-02-26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010-02-26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009-12-09 19:03:03 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009-12-09 19:03:03 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-07-12 11:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO) DRV - [2007-05-25 05:35:32 | 000,137,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx) DRV - [2007-05-14 23:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007-05-14 23:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter) DRV - [2007-03-26 13:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-03-15 08:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001) DRV - [2005-10-18 16:01:00 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2005-05-17 14:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005-05-16 15:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2005-05-16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004-04-30 10:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus) DRV - [2004-04-30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-436374069-308236825-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3 FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - prefs.js..extensions.enabledItems: openmedspel@e-medtools.com:1.0.8 FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0 FF - prefs.js..extensions.enabledItems: turntoolviewer@turntool.com:2.9.5.9 FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100705 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3 FF - prefs.js..network.proxy.http: "202.153.41.211" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-05 19:21:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-03-30 14:08:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-27 16:55:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-27 16:55:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-03-30 14:08:30 | 000,000,000 | ---D | M] [2009-11-21 13:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Extensions [2010-07-15 16:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2010-04-13 18:57:48 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010-07-10 22:50:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-06-04 16:02:08 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2010-02-19 00:23:19 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-01-22 22:49:20 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010-07-13 19:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\illimitux@illimitux.net [2010-07-10 22:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\nasanightlaunch@example.com [2010-04-09 20:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\openmedspel@e-medtools.com [2010-07-01 18:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\tineye@ideeinc.com [2010-05-26 20:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\turntoolviewer@turntool.com [2010-02-10 14:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\undoclosedtabsbutton@supernova00.biz [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions [2010-02-10 18:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2009-12-05 22:47:12 | 000,005,609 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\searchplugins\nonsensopedia-pl.xml [2010-02-09 22:42:23 | 000,001,244 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\searchplugins\winamp-search.xml [2010-01-05 23:31:59 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml [2010-07-15 16:04:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-07-17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2010-02-09 19:50:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-02-09 19:50:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-02-09 19:50:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-02-09 19:50:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-02-09 19:50:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-02-09 19:50:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-07-16 13:42:18 | 000,411,385 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14242 more lines... O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - No CLSID value found. O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [MutlimediaKbdDriver] E:\Programy\M-KbdDrv.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-21-436374069-308236825-1801674531-1003..\Run: [SpybotSD TeaTimer] E:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0 O8 - Extra context menu item: Download all by FlashGet3 - E:\Programy\FlashGet universal\FlashGet\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - E:\Programy\FlashGet universal\FlashGet\GetUrl.htm () O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O9 - Extra Button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.96.61 82.139.8.7 88.156.63.9 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-07-16 13:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-07-16 13:44:54 | 000,000,000 | ---D | C] -- C:\rsit [2010-07-12 23:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid [2010-07-12 23:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\FDRLab [2010-07-12 23:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\dwhelper [2010-07-12 13:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\DoctorWeb [2010-07-12 13:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Malwarebytes [2010-07-12 13:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-07-06 23:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Medal of Honor MP Beta [2010-07-02 14:41:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$ [2010-07-02 14:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCTools [2010-07-02 14:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\BITS [2010-07-02 14:13:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-07-02 13:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-06-29 12:14:08 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-06-26 18:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\PMB Files [2010-06-26 18:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2010-06-25 12:47:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010-06-23 17:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Moje skanowanie [2010-06-22 20:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Black & White 2 [2010-06-18 20:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\NFS Most Wanted [2010-06-16 21:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Pobieranie [2010-06-14 14:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-06-12 18:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Moje dzieła SPORE [2010-06-12 18:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SPORE [2010-06-12 18:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2010-06-11 18:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TeamViewer [2010-06-11 18:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2010-06-10 17:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-06-10 13:39:30 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll [2010-06-10 13:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine [2010-06-09 16:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010-06-09 16:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DVDVideoSoftIEHelpers [2010-06-09 16:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\DVDVideoSoft [2010-06-07 20:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Image Extract Software [2010-06-04 22:09:27 | 000,000,000 | ---D | C] -- C:\BDS [2010-06-04 22:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\NVIDIA [2010-06-04 20:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia [2010-06-04 16:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FlashGet [2010-05-29 20:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\JustDo [2010-05-27 22:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010-05-26 20:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\TurnTool [2010-05-26 20:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\TurnTool [2010-05-23 18:51:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SecuROM [2010-05-19 19:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-05-18 14:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA Corporation [2010-05-18 14:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010-05-18 14:44:06 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll [2010-05-18 14:43:57 | 000,000,000 | ---D | C] -- C:\NVIDIA [2010-05-18 14:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\BFBC2 [2009-12-11 18:33:34 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys [2009-12-11 18:33:34 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-07-16 13:46:51 | 000,001,040 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat [2010-07-16 13:46:44 | 000,005,579 | ---- | M] () -- C:\WINDOWS\System32\secushr.dat [2010-07-16 13:42:18 | 000,411,385 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-07-16 13:42:17 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Krzysiek\NTUSER.DAT [2010-07-16 13:00:00 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job [2010-07-16 12:23:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-07-16 12:23:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-07-15 18:33:25 | 000,218,808 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010-07-15 17:43:06 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-07-14 22:40:35 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Krzysiek\ntuser.ini [2010-07-13 18:32:16 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-07-12 23:44:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-07-12 20:01:29 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\FIX.reg [2010-07-12 13:51:04 | 001,350,102 | ---- | M] () -- C:\anti-malware.bmp [2010-07-12 12:10:49 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\KMPlayer.lnk [2010-07-11 23:06:21 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-07-08 20:11:45 | 000,075,120 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-07-08 18:38:35 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-07-06 23:05:36 | 000,001,586 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Medal of Honor™ MP Beta.lnk [2010-07-06 11:40:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-07-05 12:59:34 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-07-05 10:28:15 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Krzysiek\default.pls [2010-07-04 23:47:30 | 002,115,778 | -H-- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-07-03 19:22:15 | 001,603,052 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka3.2.png [2010-07-03 17:28:35 | 000,841,061 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka2.jpg [2010-07-02 22:44:28 | 000,280,605 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\bez_nazwy_.png [2010-07-02 14:01:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-07-02 14:01:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100716-134218.backup [2010-07-02 11:26:01 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2010-07-02 11:26:01 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\ZoneAlarm Security.lnk [2010-07-02 11:25:59 | 000,420,889 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010-06-29 12:14:09 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-06-28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-06-28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-06-28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-06-25 13:13:04 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010-06-25 13:07:56 | 000,000,793 | ---- | M] () -- C:\WINDOWS\win.ini [2010-06-25 13:07:56 | 000,000,223 | -HS- | M] () -- C:\boot.ini [2010-06-24 19:52:49 | 001,260,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-06-24 19:52:49 | 000,573,982 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-06-24 19:52:49 | 000,510,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-06-24 19:52:49 | 000,113,268 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-06-24 19:52:49 | 000,091,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-06-24 19:37:51 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Counter-Strike.lnk [2010-06-24 19:37:51 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Half-Life.lnk [2010-06-23 21:14:58 | 000,408,553 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100701-222447.backup [2010-06-23 19:43:18 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Book97.doc [2010-06-23 17:23:05 | 000,031,674 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001_1.htm [2010-06-23 17:22:29 | 000,031,672 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001.htm [2010-06-22 19:29:19 | 000,000,589 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Black & White 2.lnk [2010-06-20 18:51:25 | 000,408,427 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100623-211458.backup [2010-06-18 19:35:47 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Medieval II Total War.lnk [2010-06-17 19:30:36 | 000,099,814 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\fce.jpg [2010-06-14 18:12:06 | 000,404,365 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100620-185125.backup [2010-06-14 14:55:58 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2010-06-12 18:48:23 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\SPORE™.lnk [2010-06-11 19:47:33 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AIMP2.lnk [2010-06-11 18:28:27 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamViewer 5.lnk [2010-06-10 17:47:29 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\EVEREST Home Edition.lnk [2010-06-10 13:39:32 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Cheat Engine.lnk [2010-06-09 20:52:45 | 000,127,587 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\screen.jpg [2010-06-04 22:19:31 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk [2010-06-04 16:01:38 | 000,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI [2010-06-04 16:01:16 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\FlashGet 3.5.lnk [2010-06-03 18:28:10 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\MoorHunt.lnk [2010-05-27 22:26:25 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia Software Updater.lnk [2010-05-23 16:53:57 | 002,940,928 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\CHOROBY sss.ppt [2010-05-18 14:04:27 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Battlefield Bad Company 2.lnk [2010-05-17 15:45:15 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Zeus and Posejdon.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-07-12 23:11:25 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-07-12 23:11:25 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-07-12 23:11:25 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax [2010-07-12 20:01:21 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\FIX.reg [2010-07-12 13:51:04 | 001,350,102 | ---- | C] () -- C:\anti-malware.bmp [2010-07-08 20:16:40 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat [2010-07-06 23:05:36 | 000,001,586 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Medal of Honor™ MP Beta.lnk [2010-07-06 22:57:31 | 000,005,579 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat [2010-07-03 19:19:53 | 001,603,052 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka3.2.png [2010-07-03 17:27:29 | 000,841,061 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka2.jpg [2010-07-02 22:44:09 | 000,280,605 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\bez_nazwy_.png [2010-07-02 13:56:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-07-02 13:56:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-07-02 11:26:01 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\ZoneAlarm Security.lnk [2010-06-24 19:37:51 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Counter-Strike.lnk [2010-06-24 19:37:51 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Half-Life.lnk [2010-06-23 19:43:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Book97.doc [2010-06-23 17:23:03 | 000,031,674 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001_1.htm [2010-06-23 17:22:26 | 000,031,672 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001.htm [2010-06-22 19:29:19 | 000,000,589 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Black & White 2.lnk [2010-06-18 19:35:47 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Medieval II Total War.lnk [2010-06-17 19:30:29 | 000,099,814 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\fce.jpg [2010-06-14 14:55:58 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2010-06-12 18:48:23 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\SPORE™.lnk [2010-06-11 18:28:27 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamViewer 5.lnk [2010-06-10 17:47:29 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\EVEREST Home Edition.lnk [2010-06-10 13:39:32 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Cheat Engine.lnk [2010-06-10 13:39:30 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2010-06-09 20:52:31 | 000,127,587 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\screen.jpg [2010-06-04 22:19:31 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk [2010-06-04 16:01:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI [2010-06-04 16:01:16 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\FlashGet 3.5.lnk [2010-05-23 16:52:16 | 002,940,928 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\CHOROBY sss.ppt [2010-05-18 14:44:06 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb [2010-05-18 14:44:04 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010-05-18 14:04:27 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Battlefield Bad Company 2.lnk [2010-04-10 16:18:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2010-01-10 16:49:31 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-12-31 15:21:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-12-07 23:18:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2009-11-21 16:29:14 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL [2009-11-21 16:29:14 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini [2009-11-21 16:29:13 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll [2009-11-21 16:29:13 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll [2009-11-21 16:29:13 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll [2009-11-21 16:29:13 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll [2009-11-21 16:29:12 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll [2009-11-21 16:29:12 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll [2009-11-21 16:29:12 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll [2009-11-21 16:29:12 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll [2009-11-21 14:39:56 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-11-21 14:39:32 | 000,000,309 | ---- | C] () -- C:\WINDOWS\game.ini [2009-11-21 13:44:59 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2009-11-21 13:36:02 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-11-21 13:36:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-11-21 13:36:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-11-21 00:08:55 | 000,014,277 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009-11-21 00:08:55 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009-11-21 00:08:48 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007-06-28 18:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2010-06-14 14:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-05-19 19:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-05-27 22:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-11-21 13:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier [2010-03-29 20:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-03-29 19:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaMusic [2009-11-22 14:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-03-29 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OviInstallerCache [2010-03-29 20:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-06-26 22:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2010-07-12 23:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-11-21 14:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2010-03-06 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft [2010-01-30 18:38:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C} [2010-07-15 21:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\AIMP [2010-07-16 13:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\BITS [2009-12-09 17:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Broad Intelligence [2010-03-20 16:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\COWON [2009-12-19 21:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dev-Cpp [2009-11-21 13:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dual Vibration Game pad [2009-11-21 13:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dual Vibration Gamepad [2010-06-09 16:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DVDVideoSoftIEHelpers [2009-12-06 20:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FileZilla [2010-06-04 16:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FlashGet [2009-12-06 22:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Free Mp3 Wma Ogg Converter [2009-11-21 13:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Gadu-Gadu [2009-11-21 14:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Gadu-Gadu 10 [2009-12-19 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Leadertech [2010-04-06 20:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mp3tag [2010-03-29 20:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nokia [2010-06-22 22:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu [2009-11-22 14:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\OpenFM [2010-03-30 14:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\PC Suite [2010-01-07 21:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SoundSpectrum [2010-06-12 19:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SPORE [2010-06-11 18:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TeamViewer [2009-11-24 21:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TigerPlayer [2009-11-21 14:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TuneUp Software [2010-03-06 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Ubisoft [2009-11-21 14:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\URSoft [2010-07-16 13:00:00 | 000,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-07-12 13:51:04 | 001,350,102 | ---- | M] () -- C:\anti-malware.bmp [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-06-25 13:07:56 | 000,000,223 | -HS- | M] () -- C:\boot.ini [2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-11-20 23:43:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-11-20 23:43:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-07-16 12:22:59 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 368 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13 @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ECF54A0E < End of report > [/log] RSIT [log]Logfile of random's system information tool 1.08 (written by random/random) Run by Krzysiek at 2010-07-16 13:44:54 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 31 GB (66%) free of 46 GB Total RAM: 2047 MB (60% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:45:43, on 2010-07-16 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe E:\Programy\M-KbdDrv.exe C:\WINDOWS\RTHDCPL.EXE E:\Programy\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe E:\Programy\Nowe Gadu-Gadu\gg.exe E:\Programy\Nowe Gadu-Gadu\spellchecker_gg.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe D:\Download\RSIT.exe C:\Program Files\trend micro\Krzysiek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://adclick.hit.gemius.pl/hitredir/id=cohAhEs7a7LzBVb1y957B6dzrqxU_U8zTiwAeZ1L7O7.r7/stparam=ohdggqdfbg/sarg=00000005801E4EF4/fastid=1297036692683035469/url=http://ad.pl.doubleclick.net/click;h=v2|3B9D|0|0|%2a|u;218826783;0-0;0;41766982;31-1|1;33769888|33787766|1;;%3fhttp://nieplaczatv.dialogmedia.pl/kontakt,krok-start,1,1.html?iK=62 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell= O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programy\SPYBOT~1\SDHelper.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MutlimediaKbdDriver] E:\Programy\M-KbdDrv.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Programy\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Download all by FlashGet3 - E:\Programy\FlashGet universal\FlashGet\GetAllUrl.htm O8 - Extra context menu item: Download by FlashGet3 - E:\Programy\FlashGet universal\FlashGet\GetUrl.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://E:\Programy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://E:\Programy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Pobierz za pomocą BitComet - res://E:\Programy\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programy\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programy\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8320 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Click Maintenance.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - E:\Programy\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}] FlashGetBHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-09 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-09 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-10-28 42088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864] "WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504] "MutlimediaKbdDriver"=E:\Programy\M-KbdDrv.exe [2007-04-18 1617920] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=E:\Programy\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoBandCustomize"=0 "NoMovingBands"=0 "NoCloseDragDropBands"=0 "NoDriveAutoRun"=67108863 "NoDrives"=0 "NoActiveDesktop"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "E:\Programy\BitComet\BitComet.exe"="E:\Programy\BitComet\BitComet.exe:*:Enabled:BitComet.exe" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "E:\Gry\Crysis\Bin32\Crysis.exe"="E:\Gry\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32" "E:\Gry\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Gry\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "E:\Gry\Ubisoft\Far Cry 2\bin\FarCry2.exe"="E:\Gry\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2" "E:\Gry\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="E:\Gry\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater" "E:\Gry\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="E:\Gry\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe" "C:\Program Files\HP\HP Software Update\hpwucli.exe"="C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe" "C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe" "E:\Gry\Steam\Steam.exe"="E:\Gry\Steam\Steam.exe:*:Enabled:Steam" "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher" "E:\Gry\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe"="E:\Gry\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II" "E:\Gry\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe"="E:\Gry\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update" "E:\Gry\Ubisoft\Assassin's Creed II\UPlayBrowser.exe"="E:\Gry\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay" "E:\Gry\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="E:\Gry\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2" "E:\Gry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\Gry\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) " "E:\Programy\FlashGet universal\FlashGet\FlashGet3.exe"="E:\Programy\FlashGet universal\FlashGet\FlashGet3.exe:*:Enabled:Flashget3" "C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application" "C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" "C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "E:\Gry\Medal of Honor Beta Multi Game\MoHMPUpdater.exe"="E:\Gry\Medal of Honor Beta Multi Game\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Beta" "E:\Gry\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe"="E:\Gry\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer" "E:\Gry\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe"="E:\Gry\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe" "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe" "C:\Program Files\HP\HP Software Update\hpwucli.exe"="C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe" "C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe" "C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" ======List of files/folders created in the last 1 months====== 2010-07-16 13:44:55 ----D---- C:\Program Files\trend micro 2010-07-16 13:44:54 ----D---- C:\rsit 2010-07-12 23:11:25 ----D---- C:\Program Files\Xvid 2010-07-12 23:11:25 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2010-07-12 23:11:25 ----A---- C:\WINDOWS\system32\xvidcore.dll 2010-07-12 23:11:24 ----D---- C:\Program Files\FDRLab 2010-07-12 13:19:01 ----D---- C:\Documents and Settings\Krzysiek\Dane aplikacji\Malwarebytes 2010-07-12 13:18:54 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2010-07-02 14:41:00 ----D---- C:\WINDOWS\$regcmp$ 2010-07-02 14:35:13 ----D---- C:\Program Files\SmartPCTools 2010-07-02 14:34:40 ----D---- C:\Documents and Settings\Krzysiek\Dane aplikacji\BITS 2010-07-02 14:13:14 ----SHD---- C:\RECYCLER 2010-07-02 14:10:30 ----A---- C:\WINDOWS\UPGRADE.TXT 2010-07-02 13:56:12 ----A---- C:\WINDOWS\MBR.exe 2010-07-02 13:56:11 ----A---- C:\WINDOWS\PEV.exe 2010-07-02 13:56:03 ----D---- C:\WINDOWS\ERDNT 2010-06-26 18:13:57 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files 2010-06-25 12:47:50 ----D---- C:\WINDOWS\pss 2010-06-18 19:13:18 ----A---- C:\WINDOWS\IsUn0415.exe ======List of files/folders modified in the last 1 months====== 2010-07-16 13:45:35 ----D---- C:\WINDOWS\Internet Logs 2010-07-16 13:44:55 ----RD---- C:\Program Files 2010-07-16 13:42:18 ----D---- C:\WINDOWS\system32\drivers\etc 2010-07-16 12:38:19 ----D---- C:\WINDOWS\Temp 2010-07-16 12:23:11 ----D---- C:\WINDOWS\system32\CatRoot2 2010-07-15 23:19:18 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-07-15 21:55:21 ----D---- C:\Documents and Settings\Krzysiek\Dane aplikacji\AIMP 2010-07-15 18:33:25 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2010-07-14 00:22:02 ----D---- C:\Documents and Settings\Krzysiek\Dane aplikacji\HPAppData 2010-07-12 23:44:43 ----A---- C:\WINDOWS\NeroDigital.ini 2010-07-12 23:19:01 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2010-07-12 23:13:15 ----D---- C:\WINDOWS\system32 2010-07-12 23:13:09 ----D---- C:\WINDOWS\Prefetch 2010-07-12 20:02:56 ----D---- C:\WINDOWS\system32\drivers 2010-07-07 10:35:42 ----D---- C:\WINDOWS 2010-07-06 23:05:37 ----SHD---- C:\WINDOWS\Installer 2010-07-06 23:05:36 ----D---- C:\Config.Msi 2010-07-06 23:04:30 ----D---- C:\WINDOWS\system32\DirectX 2010-07-06 23:04:28 ----HD---- C:\WINDOWS\inf 2010-07-06 23:04:03 ----RSD---- C:\WINDOWS\assembly 2010-07-06 13:47:48 ----SHD---- C:\System Volume Information 2010-07-06 13:47:48 ----D---- C:\WINDOWS\system32\Restore 2010-07-05 13:01:39 ----D---- C:\Documents and Settings\Krzysiek\Dane aplikacji\Skype 2010-07-05 12:59:43 ----D---- C:\Documents and Settings\Krzysiek\Dane aplikacji\skypePM 2010-07-02 14:43:15 ----D---- C:\WINDOWS\system32\config 2010-07-02 14:18:09 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-07-02 14:13:29 ----D---- C:\Program Files\Mozilla Firefox 2010-07-02 14:13:29 ----D---- C:\Program Files\Cheat Engine 2010-07-02 14:11:30 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2010-07-02 14:01:42 ----A---- C:\WINDOWS\system.ini 2010-07-02 13:59:22 ----D---- C:\WINDOWS\AppPatch 2010-07-02 13:59:19 ----D---- C:\Program Files\Common Files 2010-07-02 12:13:40 ----D---- C:\WINDOWS\system32\ZoneLabs 2010-06-28 22:57:12 ----A---- C:\WINDOWS\system32\aswBoot.exe 2010-06-25 18:10:13 ----D---- C:\WINDOWS\Microsoft.NET 2010-06-25 13:13:03 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2010-06-25 13:07:56 ----SH---- C:\boot.ini 2010-06-25 13:07:56 ----A---- C:\WINDOWS\win.ini 2010-06-24 19:52:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-06-24 19:52:38 ----D---- C:\WINDOWS\WinSxS 2010-06-24 19:50:35 ----D---- C:\WINDOWS\system32\en-us 2010-06-24 19:50:23 ----D---- C:\Program Files\Microsoft.NET 2010-06-23 13:51:22 ----A---- C:\WINDOWS\system32\zpeng25.dll 2010-06-23 13:51:20 ----A---- C:\WINDOWS\system32\zlcommdb.dll 2010-06-23 13:51:20 ----A---- C:\WINDOWS\system32\zlcomm.dll 2010-06-23 13:51:20 ----A---- C:\WINDOWS\system32\vsxml.dll 2010-06-23 13:51:20 ----A---- C:\WINDOWS\system32\vswmi.dll 2010-06-23 13:51:18 ----A---- C:\WINDOWS\system32\vsutil.dll 2010-06-23 13:51:18 ----A---- C:\WINDOWS\system32\vsregexp.dll 2010-06-23 13:51:18 ----A---- C:\WINDOWS\system32\vspubapi.dll 2010-06-23 13:51:18 ----A---- C:\WINDOWS\system32\vsmonapi.dll 2010-06-23 13:51:18 ----A---- C:\WINDOWS\system32\vsinit.dll 2010-06-23 13:51:18 ----A---- C:\WINDOWS\system32\vsdata.dll 2010-06-22 22:00:31 ----D---- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu 2010-06-22 19:25:28 ----HD---- C:\Program Files\InstallShield Installation Information 2010-06-18 16:52:04 ----A---- C:\WINDOWS\resetlog.txt ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640] R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248] R0 mv61xx;mv61xx; C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-05-25 137728] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944] R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-05-17 50176] R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656] R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-05-16 19968] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544] R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880] R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216] R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672] R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys [] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176] R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-04 10232128] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S0 srescan;srescan; C:\WINDOWS\system32\ZoneLabs\srescan.sys [] S1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [] S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Krzysiek\USTAWI~1\Temp\cpuz130\cpuz_x32.sys [] S3 EagleNT;EagleNT; \??\C:\DOCUME~1\Krzysiek\USTAWI~1\Temp\EagleNT.sys [] S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-12-09 13224] S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-12-09 25512] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-04-16 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-04-16 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-04-16 21568] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys [] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192] S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-22 241664] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R2 hpqddsvc;Usługa HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-09 153376] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-30 75064] S2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-07-15 218808] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-03 779824] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-04-27 611840] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-11-21 354560] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- [/log]
Tomek01 komentarz 17 lipca 2010 komentarz 17 lipca 2010 Wiele tu nie widać do usunięcia. Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm. Pobierz [b][url=http://www.instalki.pl/programy/download/antyspyware/get.php?file=avenger]Avenger[/url][/b] W polu input script here wklej taki tekst : [code]Files to delete: C:\WINDOWS\System32\secustat.dat C:\WINDOWS\System32\secushr.dat Folders to delete: C:\Program Files\Conduit[/code] Klikasz execute, komputer uruchamia się ponownie. Wrzuć raport, który powstanie i nowy OTL.
bezimienny komentarz 18 lipca 2010 Autor komentarz 18 lipca 2010 Avenger [log]Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\System32\secustat.dat" deleted successfully. File "C:\WINDOWS\System32\secushr.dat" deleted successfully. Folder "C:\Program Files\Conduit" deleted successfully. Completed script processing. ******************* Finished! Terminate. [/log] wyskoczył jakiś error po reboocie - "Nie znaleziono dysku" i szybko zniknął OTL [log]OTL logfile created on: 2010-07-18 16:27:31 - Run 2 OTL by OldTimer - Version 3.2.9.0 Folder = D:\Download Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 45,31 Gb Total Space | 30,50 Gb Free Space | 67,32% Space Free | Partition Type: NTFS Drive D: | 50,01 Gb Total Space | 10,29 Gb Free Space | 20,58% Space Free | Partition Type: NTFS Drive E: | 202,77 Gb Total Space | 119,51 Gb Free Space | 58,94% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PRYWATNY Current User Name: Krzysiek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-07-18 15:30:46 | 000,218,808 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe PRC - [2010-07-10 16:14:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-06-27 16:55:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-06-27 16:55:19 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2010-06-23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010-06-05 18:26:10 | 001,262,080 | ---- | M] (AIMP DevTeam) -- E:\Programy\AIMP2\AIMP2.exe PRC - [2010-04-03 19:23:16 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2010-02-09 17:52:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-01-30 13:53:51 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-03-05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Programy\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008-04-14 22:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 22:51:50 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPDEVMGMT] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-05-15 11:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2007-04-18 20:57:48 | 001,617,920 | ---- | M] () -- E:\Programy\M-KbdDrv.exe PRC - [2007-03-21 08:49:20 | 016,126,464 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-09-22 11:58:12 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe PRC - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-07-10 16:14:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 22:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 22:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 22:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 22:50:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2007-05-15 11:31:52 | 000,036,864 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\system32\Amhooker.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010-04-27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010-02-19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009-11-21 14:13:30 | 000,354,560 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008-04-04 15:51:32 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2006-09-22 11:58:12 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Video3D32.sys -- (Video3D) DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan) DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Krzysiek\USTAWI~1\Temp\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Krzysiek\USTAWI~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130) DRV - [2010-07-18 13:21:41 | 000,137,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-05-13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2010-04-04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-02-26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010-02-26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009-12-09 19:03:03 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009-12-09 19:03:03 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-07-12 11:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO) DRV - [2007-05-25 05:35:32 | 000,137,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx) DRV - [2007-05-14 23:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007-05-14 23:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter) DRV - [2007-03-26 13:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-03-15 08:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001) DRV - [2005-10-18 16:01:00 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2005-05-17 14:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005-05-16 15:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2005-05-16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004-04-30 10:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus) DRV - [2004-04-30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-436374069-308236825-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3 FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - prefs.js..extensions.enabledItems: openmedspel@e-medtools.com:1.0.8 FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0 FF - prefs.js..extensions.enabledItems: turntoolviewer@turntool.com:2.9.5.9 FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100705 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3 FF - prefs.js..network.proxy.http: "202.153.41.211" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-05 19:21:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-03-30 14:08:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-27 16:55:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-27 16:55:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-03-30 14:08:30 | 000,000,000 | ---D | M] [2009-11-21 13:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Extensions [2010-07-17 19:41:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2010-04-13 18:57:48 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010-07-10 22:50:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-06-04 16:02:08 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2010-02-19 00:23:19 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-01-22 22:49:20 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010-07-13 19:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\illimitux@illimitux.net [2010-07-10 22:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\nasanightlaunch@example.com [2010-04-09 20:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\openmedspel@e-medtools.com [2010-07-01 18:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\tineye@ideeinc.com [2010-05-26 20:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\turntoolviewer@turntool.com [2010-02-10 14:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\undoclosedtabsbutton@supernova00.biz [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions [2010-02-10 18:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2009-12-05 22:47:12 | 000,005,609 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\searchplugins\nonsensopedia-pl.xml [2010-01-05 23:31:59 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml [2010-07-17 19:41:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-07-17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2010-02-09 19:50:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-02-09 19:50:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-02-09 19:50:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-02-09 19:50:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-02-09 19:50:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-02-09 19:50:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-07-16 13:42:18 | 000,411,385 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14242 more lines... O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - No CLSID value found. O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [MutlimediaKbdDriver] E:\Programy\M-KbdDrv.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-21-436374069-308236825-1801674531-1003..\Run: [SpybotSD TeaTimer] E:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0 O8 - Extra context menu item: Download all by FlashGet3 - E:\Programy\FlashGet universal\FlashGet\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - E:\Programy\FlashGet universal\FlashGet\GetUrl.htm () O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O9 - Extra Button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.96.61 82.139.8.7 88.156.63.9 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-07-18 16:03:09 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-07-18 16:03:10 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-07-18 16:03:10 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-07-18 16:04:58 | 000,000,000 | ---D | C] -- C:\Avenger [2010-07-18 16:03:09 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2010-07-16 13:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-07-16 13:44:54 | 000,000,000 | ---D | C] -- C:\rsit [2010-07-12 23:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\dwhelper [2010-07-12 13:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\DoctorWeb [2010-07-12 13:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Malwarebytes [2010-07-12 13:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-07-06 23:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Medal of Honor MP Beta [2010-07-02 14:41:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$ [2010-07-02 14:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCTools [2010-07-02 14:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\BITS [2010-07-02 14:13:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-07-02 13:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-06-29 12:14:08 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-06-26 18:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\PMB Files [2010-06-26 18:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2010-06-25 12:47:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010-06-23 17:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Moje skanowanie [2010-06-22 20:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Black & White 2 [2010-06-18 20:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\NFS Most Wanted [2010-06-16 21:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Pobieranie [2010-06-14 14:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-06-12 18:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2010-06-11 18:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TeamViewer [2010-06-11 18:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2010-06-10 17:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-06-10 13:39:30 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll [2010-06-10 13:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine [2010-06-09 16:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DVDVideoSoftIEHelpers [2010-06-09 16:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\DVDVideoSoft [2010-06-07 20:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Image Extract Software [2010-06-04 22:09:27 | 000,000,000 | ---D | C] -- C:\BDS [2010-06-04 22:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\NVIDIA [2010-06-04 20:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia [2010-06-04 16:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FlashGet [2010-05-29 20:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\JustDo [2010-05-27 22:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010-05-26 20:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\TurnTool [2010-05-26 20:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\TurnTool [2010-05-23 18:51:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SecuROM [2010-05-19 19:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2009-12-11 18:33:34 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys [2009-12-11 18:33:34 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-07-18 16:24:39 | 000,001,040 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat [2010-07-18 16:05:26 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job [2010-07-18 16:05:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-07-18 16:05:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-07-18 16:04:27 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Krzysiek\NTUSER.DAT [2010-07-18 15:30:46 | 000,218,808 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010-07-18 13:21:41 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-07-16 13:42:18 | 000,411,385 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-07-14 22:40:35 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Krzysiek\ntuser.ini [2010-07-13 18:32:16 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-07-12 23:44:43 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-07-12 20:01:29 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\FIX.reg [2010-07-12 13:51:04 | 001,350,102 | ---- | M] () -- C:\anti-malware.bmp [2010-07-12 12:10:49 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\KMPlayer.lnk [2010-07-11 23:06:21 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-07-08 20:11:45 | 000,075,120 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-07-08 18:38:35 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-07-06 11:40:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-07-05 12:59:34 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-07-05 10:28:15 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Krzysiek\default.pls [2010-07-04 23:47:30 | 002,115,778 | -H-- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-07-03 19:22:15 | 001,603,052 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka3.2.png [2010-07-03 17:28:35 | 000,841,061 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka2.jpg [2010-07-02 22:44:28 | 000,280,605 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\bez_nazwy_.png [2010-07-02 14:01:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-07-02 14:01:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100716-134218.backup [2010-07-02 11:26:01 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2010-07-02 11:26:01 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\ZoneAlarm Security.lnk [2010-07-02 11:25:59 | 000,420,889 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010-06-29 12:14:09 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-06-28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-06-28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-06-28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-06-25 13:13:04 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010-06-25 13:07:56 | 000,000,793 | ---- | M] () -- C:\WINDOWS\win.ini [2010-06-25 13:07:56 | 000,000,223 | -HS- | M] () -- C:\boot.ini [2010-06-24 19:52:49 | 001,260,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-06-24 19:52:49 | 000,573,982 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-06-24 19:52:49 | 000,510,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-06-24 19:52:49 | 000,113,268 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-06-24 19:52:49 | 000,091,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-06-24 19:37:51 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Counter-Strike.lnk [2010-06-24 19:37:51 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Half-Life.lnk [2010-06-23 21:14:58 | 000,408,553 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100701-222447.backup [2010-06-23 19:43:18 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Book97.doc [2010-06-23 17:23:05 | 000,031,674 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001_1.htm [2010-06-23 17:22:29 | 000,031,672 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001.htm [2010-06-22 19:29:19 | 000,000,589 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Black & White 2.lnk [2010-06-20 18:51:25 | 000,408,427 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100623-211458.backup [2010-06-17 19:30:36 | 000,099,814 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\fce.jpg [2010-06-14 18:12:06 | 000,404,365 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100620-185125.backup [2010-06-14 14:55:58 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2010-06-11 19:47:33 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AIMP2.lnk [2010-06-11 18:28:27 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamViewer 5.lnk [2010-06-10 17:47:29 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\EVEREST Home Edition.lnk [2010-06-10 13:39:32 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Cheat Engine.lnk [2010-06-09 20:52:45 | 000,127,587 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\screen.jpg [2010-06-04 22:19:31 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk [2010-06-04 16:01:38 | 000,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI [2010-06-04 16:01:16 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\FlashGet 3.5.lnk [2010-06-03 18:28:10 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\MoorHunt.lnk [2010-05-27 22:26:25 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia Software Updater.lnk [2010-05-23 16:53:57 | 002,940,928 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\CHOROBY sss.ppt [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-07-18 16:24:39 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat [2010-07-12 20:01:21 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\FIX.reg [2010-07-12 13:51:04 | 001,350,102 | ---- | C] () -- C:\anti-malware.bmp [2010-07-03 19:19:53 | 001,603,052 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka3.2.png [2010-07-03 17:27:29 | 000,841,061 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka2.jpg [2010-07-02 22:44:09 | 000,280,605 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\bez_nazwy_.png [2010-07-02 13:56:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-07-02 13:56:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-07-02 11:26:01 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\ZoneAlarm Security.lnk [2010-06-24 19:37:51 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Counter-Strike.lnk [2010-06-24 19:37:51 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Half-Life.lnk [2010-06-23 19:43:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Book97.doc [2010-06-23 17:23:03 | 000,031,674 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001_1.htm [2010-06-23 17:22:26 | 000,031,672 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001.htm [2010-06-22 19:29:19 | 000,000,589 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Black & White 2.lnk [2010-06-17 19:30:29 | 000,099,814 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\fce.jpg [2010-06-14 14:55:58 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2010-06-11 18:28:27 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamViewer 5.lnk [2010-06-10 17:47:29 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\EVEREST Home Edition.lnk [2010-06-10 13:39:32 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Cheat Engine.lnk [2010-06-10 13:39:30 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2010-06-09 20:52:31 | 000,127,587 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\screen.jpg [2010-06-04 22:19:31 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk [2010-06-04 16:01:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI [2010-06-04 16:01:16 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\FlashGet 3.5.lnk [2010-05-23 16:52:16 | 002,940,928 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\CHOROBY sss.ppt [2010-04-10 16:18:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2010-01-10 16:49:31 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-12-31 15:21:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-12-07 23:18:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2009-11-21 16:29:14 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL [2009-11-21 16:29:14 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini [2009-11-21 16:29:13 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll [2009-11-21 16:29:13 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll [2009-11-21 16:29:13 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll [2009-11-21 16:29:13 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll [2009-11-21 16:29:12 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll [2009-11-21 16:29:12 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll [2009-11-21 16:29:12 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll [2009-11-21 16:29:12 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll [2009-11-21 14:39:56 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-11-21 14:39:32 | 000,000,309 | ---- | C] () -- C:\WINDOWS\game.ini [2009-11-21 13:44:59 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2009-11-21 13:36:02 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-11-21 13:36:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-11-21 13:36:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-11-21 00:08:55 | 000,014,277 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009-11-21 00:08:55 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009-11-21 00:08:48 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007-06-28 18:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2010-06-14 14:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-05-19 19:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-05-27 22:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-11-21 13:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier [2010-03-29 20:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-03-29 19:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaMusic [2009-11-22 14:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-03-29 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OviInstallerCache [2010-03-29 20:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-06-26 22:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2010-07-17 15:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-11-21 14:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2010-03-06 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft [2010-01-30 18:38:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C} [2010-07-18 16:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\AIMP [2010-07-18 16:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\BITS [2009-12-09 17:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Broad Intelligence [2010-03-20 16:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\COWON [2009-12-19 21:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dev-Cpp [2009-11-21 13:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dual Vibration Game pad [2009-11-21 13:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dual Vibration Gamepad [2010-06-09 16:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DVDVideoSoftIEHelpers [2009-12-06 20:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FileZilla [2010-06-04 16:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FlashGet [2009-12-06 22:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Free Mp3 Wma Ogg Converter [2009-11-21 13:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Gadu-Gadu [2009-11-21 14:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Gadu-Gadu 10 [2009-12-19 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Leadertech [2010-04-06 20:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mp3tag [2010-03-29 20:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nokia [2010-06-22 22:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu [2009-11-22 14:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\OpenFM [2010-03-30 14:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\PC Suite [2010-01-07 21:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SoundSpectrum [2010-06-11 18:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TeamViewer [2009-11-24 21:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TigerPlayer [2009-11-21 14:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TuneUp Software [2010-03-06 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Ubisoft [2009-11-21 14:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\URSoft [2010-07-18 16:05:26 | 000,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-07-12 13:51:04 | 001,350,102 | ---- | M] () -- C:\anti-malware.bmp [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-07-18 16:04:58 | 000,001,250 | ---- | M] () -- C:\avenger.txt [2010-06-25 13:07:56 | 000,000,223 | -HS- | M] () -- C:\boot.ini [2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-11-20 23:43:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-11-20 23:43:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-07-18 16:05:07 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 394 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13 @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ECF54A0E < End of report > [/log]
Tomek01 komentarz 18 lipca 2010 komentarz 18 lipca 2010 Do OTL wklej: [code] :Processes Explorer.exe :OTL @Alternate Data Stream - 394 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13 @Alternate Data Stream - 158 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ECF54A0E :Commands [emptytemp] [start explorer] [/code] Run fix... Poza tym system wydaje się być czysty od infekcji. Chciałbym jednak tego loga z [url="http://www.instalki.pl/programy/download_c/116/2295.html"][color="#0000FF"][b]Silent Runners[/b][/color][/url] zobaczyć.
bezimienny komentarz 22 lipca 2010 Autor komentarz 22 lipca 2010 OTL [log]All processes killed ========== PROCESSES ========== No active process named Explorer.exe was found! ========== OTL ========== ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13 deleted successfully. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:ECF54A0E deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Gość ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 3567862 bytes User: Krzysiek ->Temp folder emptied: 42953404 bytes ->Temporary Internet Files folder emptied: 848838 bytes ->Java cache emptied: 5014699 bytes ->FireFox cache emptied: 62675764 bytes ->Flash cache emptied: 428432 bytes User: LocalService ->Temp folder emptied: 65716 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 977223 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 111,00 mb OTL by OldTimer - Version 3.2.9.0 log created on 07222010_232807 Files\Folders moved on Reboot... C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Temp\~DFE120.tmp moved successfully. File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found! File\Folder C:\WINDOWS\temp\ZLT0625a.TMP not found! Registry entries deleted on Reboot... [/log] Silent Runners [log]"Silent Runners.vbs", revision 61, http://www.silentrunners.org/ Operating System: Windows XP SP3 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "SpybotSD TeaTimer" = "E:\Programy\Spybot - Search & Destroy\TeaTimer.exe" ["Safer-Networking Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "avast5" = "C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui" ["AVAST Software"] "WheelMouse" = "C:\Program Files\A4Tech\Mouse\Amoumain.exe" ["A4Tech Co.,Ltd."] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "MutlimediaKbdDriver" = "E:\Programy\M-KbdDrv.exe" [empty string] "ZoneAlarm Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Check Point Software Technologies LTD"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0347C33E-8762-4905-BF09-768834316C61}\(Default) = "HP Print Enhancer" -> {HKLM...CLSID} = "HP Print Enhancer" \InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll" ["Hewlett-Packard Co."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture" -> {HKLM...CLSID} = "BitComet Helper" \InProcServer32\(Default) = "E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll" ["BitComet"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "E:\Programy\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] {E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl" -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."] {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\(Default) = "IEPluginBHO" -> {HKLM...CLSID} = "IEPluginBHO Class" \InProcServer32\(Default) = "C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll" ["GG Network S.A."] {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\(Default) = "HP Smart BHO Class" -> {HKLM...CLSID} = "HP Smart BHO Class" \InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"] "{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension" -> {HKLM...CLSID} = "TuneUp Theme Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"] "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "E:\Programy\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" = "AIMP2: ShellExt" -> {HKLM...CLSID} = "AIMP2: ShellExt" \InProcServer32\(Default) = "E:\Programy\AIMP2\System\aimp_shell.dll" ["AIMP DevTeam"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\ashShell.dll" ["AVAST Software"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> ms-itss\CLSID = "{0A9007C0-4076-11D3-8789-0000F8105754}" -> {HKLM...CLSID} = "Microsoft Infotech Storage Protocol for IE 4.0" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL" [MS] <<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}" -> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS] <<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}" -> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS] <<!>> skype4com\CLSID = "{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}" -> {HKLM...CLSID} = "IEProtocolHandler Class" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL" ["Skype Technologies"] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" -> {HKLM...CLSID} = "AIMP2: ShellExt" \InProcServer32\(Default) = "E:\Programy\AIMP2\System\aimp_shell.dll" ["AIMP DevTeam"] avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\ashShell.dll" ["AVAST Software"] Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "E:\Programy\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"] {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided) -> {HKLM...CLSID} = "NBShellHook Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"] HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\ NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}" -> {HKLM...CLSID} = "NBShellHook Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ AIMPClassic\(Default) = "{1F77B17B-F531-44DB-ACA4-76ABB5010A28}" -> {HKLM...CLSID} = "AIMP2: ShellExt" \InProcServer32\(Default) = "E:\Programy\AIMP2\System\aimp_shell.dll" ["AIMP DevTeam"] TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "E:\Programy\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ 00nView\(Default) = "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\Program Files\NVIDIA Corporation\nView\nvshell.dll" ["NVIDIA Corporation"] NvCplDesktopContext\(Default) = "{A70C977A-BF00-412C-90B7-034C51DA2439}" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast5\ashShell.dll" ["AVAST Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"] {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided) -> {HKLM...CLSID} = "NBShellHook Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ NBShellHook\(Default) = "{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}" -> {HKLM...CLSID} = "NBShellHook Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll" ["Nero AG"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoBandCustomize" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars| Disable customizing browser toolbars} "NoMovingBands" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoCloseDragDropBands" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoSetTaskbar" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Start Menu and Taskbar| Prevent changes to Taskbar and Start Menu Settings} "NoToolbarsOnTaskbar" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "NoSaveSettings" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Desktop| Don't save settings at exit} "NoActiveDesktop" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Disable Active Desktop} "ClassicShell" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AIMP.EventCDA\ "Provider" = "AIMP2" "InvokeProgID" = "AIMP.EventCDA" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\AIMP.EventCDA\shell\open\command\(Default) = "E:\Programy\AIMP2\AIMP2.exe /CDA %1" ["AIMP DevTeam"] AIMP.EventMusic\ "Provider" = "AIMP2" "InvokeProgID" = "AIMP.EventMusic" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\AIMP.EventMusic\shell\open\command\(Default) = "E:\Programy\AIMP2\AIMP2.exe /DIR %1" ["AIMP DevTeam"] AlcoholAutoPlayV2.BurnDisc\ "Provider" = "Alcohol 120%" "InvokeProgID" = "AlcoholAutoPlayV2" "InvokeVerb" = "BurnDisc" HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"] AlcoholAutoPlayV2.ReadDisc\ "Provider" = "Alcohol 120%" "InvokeProgID" = "AlcoholAutoPlayV2" "InvokeVerb" = "ReadDisc" HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe" %1" ["Alcohol Soft Development Team"] MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayCDAudio" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""E:\Programy\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""E:\Programy\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"] MPCPlayMusicFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayMusicFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""E:\Programy\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""E:\Programy\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] NeroAutoPlay7AudioToNeroDigital\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay7CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay7CopyCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"] NeroAutoPlay7DataDisc\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"] NeroAutoPlay7LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NeroAutoPlay7PlayAudioCD\ "Provider" = "Nero ShowTime" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7PlayDVD\ "Provider" = "Nero ShowTime" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7RipCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "RipCD_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay7TranscodeVideo\ "Provider" = "Nero Recode" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"] NeroAutoPlay7VideoCapture\ "Provider" = "Nero Vision" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] NeroAutoPlay7ViewPhotos\ "Provider" = "Nero PhotoSnap Viewer" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"] NokiaMusicBurnCD\ "Provider" = "Nokia Ovi Player" "InvokeProgID" = "NokiaMusic.Autoplay" "InvokeVerb" = "BurnCD" HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\shell\BurnCD\command\(Default) = ""C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:burn %L /device:cd %L" [null data] NokiaMusicPlayCD\ "Provider" = "Nokia Ovi Player" "InvokeProgID" = "NokiaMusic.Autoplay" "InvokeVerb" = "PlayCD" HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\shell\PlayCD\command\(Default) = ""C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:playcd %L /device:cd %L" [null data] NokiaMusicRipCD\ "Provider" = "Nokia Ovi Player" "InvokeProgID" = "NokiaMusic.Autoplay" "InvokeVerb" = "RipCD" HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\shell\RipCD\command\(Default) = ""C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:rip %L /device:cd %L" [null data] NokiaMusicViewCD\ "Provider" = "Nokia Ovi Player" "InvokeProgID" = "NokiaMusic.Autoplay" "InvokeVerb" = "ViewCD" HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\shell\ViewCD\command\(Default) = ""C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /device:cd %L" [null data] NokiaMusicViewDevice\ "Provider" = "Nokia Ovi Player" "ProgID" = "NokiaMusic.Autoplay" HKLM\SOFTWARE\Classes\NokiaMusic.Autoplay\CLSID\(Default) = "{546811A4-510D-4E15-9679-DD6A27C5CCB3}" -> {HKLM...CLSID} = "Nokia Ovi Player" \LocalServer32\(Default) = "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" [null data] NPAutoPlayHandler\ "Provider" = "Nokia Photos" "InvokeProgID" = "NPAutoPlay" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\NPAutoPlay\shell\import\command\(Default) = "C:\Program Files\Nokia\Nokia Photos\NokiaPhotos2.exe -import %1" [null data] tigerplayerDVDMovieOnArrival\ "Provider" = "MPCSTAR" "InvokeProgID" = "tigerplayer.DVD" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\tigerplayer.DVD\shell\open\command\(Default) = ""E:\Programy\MpcStar\mpcstar.exe" %1" [null data] Enabled Scheduled Tasks: ------------------------ "1-Click Maintenance" -> launches: "E:\Programy\TuneUp Utilities 2008\OneClickStarter.exe /schedulestart" [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {555D4D79-4BD2-4094-A395-CFC534424A05}\(Default) = (no title provided) -> {HKLM...CLSID} = "HP Smart Web Printing" \InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll" ["Hewlett-Packard Co."] HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ {555D4D79-4BD2-4094-A395-CFC534424A05}\(Default) = (no title provided) -> {HKLM...CLSID} = "HP Smart Web Printing" \InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll" ["Hewlett-Packard Co."] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A}\ "ButtonText" = "BitComet" "Script" = "res://E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll/206" ["BitComet"] {DDE87865-83C5-48C4-8357-2F5B1AA84522}\ "ButtonText" = "Pokaż lub ukryj HP Smart Web Printing" "CLSIDExtension" = "{DDE87865-83C5-48c4-8357-2F5B1AA84522}" -> {HKLM...CLSID} = "ClipBookBtn Class" \InProcServer32\(Default) = "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll" ["Hewlett-Packard Co."] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "E:\Programy\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ATK Keyboard Service, ATKKeyboardService, "C:\WINDOWS\ATKKBService.exe" ["ASUSTeK COMPUTER INC."] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"" ["AVAST Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"" ["AVAST Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"" ["AVAST Software"] hpqcxs08, hpqcxs08, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]} Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."] Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Net Driver HPZ12, Net Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZinw12.dll" ["Hewlett-Packard"]} NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZipm12.dll" ["Hewlett-Packard"]} PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data] PnkBstrB, PnkBstrB, "C:\WINDOWS\system32\PnkBstrB.exe" [null data] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Check Point Software Technologies LTD"] TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]} Usługa HP CUE DeviceDiscovery, hpqddsvc, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]} Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <<!>> vsmon, "Service" Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] PCL hpz3l5mu\Driver = "hpz3l5mu.dll" ["Hewlett-Packard Company"] ---------- (launch time: 2010-07-22 23:33:50) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 47 seconds, including 15 seconds for message boxes) [/log]
Tomek01 komentarz 23 lipca 2010 komentarz 23 lipca 2010 Logi wyglądają w porządku. W OTL użyj funkcji Clean Up.
bezimienny komentarz 30 lipca 2010 Autor komentarz 30 lipca 2010 Zrobiłem, dalej to samo. Sorry za brak aktywności ale byłem na urlopie.
bezimienny komentarz 31 lipca 2010 Autor komentarz 31 lipca 2010 proszę: OTL [log]OTL logfile created on: 2010-07-31 18:12:21 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = D:\Download Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 45,31 Gb Total Space | 30,90 Gb Free Space | 68,20% Space Free | Partition Type: NTFS Drive D: | 50,01 Gb Total Space | 4,65 Gb Free Space | 9,29% Space Free | Partition Type: NTFS Drive E: | 202,77 Gb Total Space | 116,41 Gb Free Space | 57,41% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PRYWATNY Current User Name: Krzysiek Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-07-31 16:56:43 | 000,218,808 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe PRC - [2010-07-30 16:50:52 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-07-30 16:50:51 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-07-18 06:45:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe PRC - [2010-06-28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2010-06-23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010-04-03 19:23:16 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2010-02-09 17:52:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-01-30 13:53:51 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-11-22 14:37:35 | 011,539,048 | ---- | M] (GG Network S.A.) -- E:\Programy\Nowe Gadu-Gadu\gg.exe PRC - [2009-10-28 13:43:06 | 000,077,824 | ---- | M] () -- E:\Programy\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-03-05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- E:\Programy\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008-04-14 22:51:52 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 22:51:50 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPDEVMGMT] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-05-15 11:33:30 | 000,204,800 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2007-04-18 20:57:48 | 001,617,920 | ---- | M] () -- E:\Programy\M-KbdDrv.exe PRC - [2007-03-21 08:49:20 | 016,126,464 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-09-22 11:58:12 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe PRC - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-07-18 06:45:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 22:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 22:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 22:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 22:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 22:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 22:50:16 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 22:50:12 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-04-14 22:46:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008-04-14 22:29:10 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2007-05-15 11:31:52 | 000,036,864 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\system32\Amhooker.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010-06-28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-06-23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010-04-27 13:43:48 | 000,611,840 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-03-18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state) SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-03-18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010-02-19 20:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2009-11-21 14:13:30 | 000,354,560 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008-04-04 15:51:32 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2006-09-22 11:58:12 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Video3D32.sys -- (Video3D) DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan) DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Krzysiek\USTAWI~1\Temp\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Krzysiek\USTAWI~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130) DRV - [2010-07-31 14:36:39 | 000,137,256 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-05-13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2010-04-04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-02-26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010-02-26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009-12-09 19:03:03 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009-12-09 19:03:03 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-07-12 11:03:38 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO) DRV - [2007-05-25 05:35:32 | 000,137,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx) DRV - [2007-05-14 23:41:46 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007-05-14 23:38:22 | 000,009,216 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter) DRV - [2007-03-26 13:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-03-15 08:12:02 | 000,038,656 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001) DRV - [2005-10-18 16:01:00 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2005-05-17 14:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005-05-16 15:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2005-05-16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004-08-13 12:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004-04-30 10:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus) DRV - [2004-04-30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-436374069-308236825-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - prefs.js..extensions.enabledItems: openmedspel@e-medtools.com:1.0.8 FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0 FF - prefs.js..extensions.enabledItems: turntoolviewer@turntool.com:2.9.5.9 FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100719 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3 FF - prefs.js..network.proxy.http: "202.153.41.211" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-05 19:21:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-03-30 14:08:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-07-30 16:50:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-30 16:50:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-03-30 14:08:30 | 000,000,000 | ---D | M] [2009-11-21 13:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Extensions [2010-07-31 17:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2010-07-18 23:07:57 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010-07-10 22:50:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-06-04 16:02:08 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2010-02-19 00:23:19 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-01-22 22:49:20 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010-07-13 19:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\illimitux@illimitux.net [2010-07-22 23:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\nasanightlaunch@example.com [2010-04-09 20:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\openmedspel@e-medtools.com [2010-07-01 18:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\tineye@ideeinc.com [2010-05-26 20:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\turntoolviewer@turntool.com [2010-02-10 14:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\undoclosedtabsbutton@supernova00.biz [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions [2010-02-10 18:55:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions [2010-02-10 18:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2009-12-05 22:47:12 | 000,005,609 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\searchplugins\nonsensopedia-pl.xml [2010-01-05 23:31:59 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml [2010-07-31 17:09:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-07-17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll [2010-02-09 19:50:44 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-02-09 19:50:44 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-02-09 19:50:44 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-02-09 19:50:44 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-02-09 19:50:44 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-02-09 19:50:44 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2010-07-24 17:47:48 | 000,413,985 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14321 more lines... O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - No CLSID value found. O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [MutlimediaKbdDriver] E:\Programy\M-KbdDrv.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-21-436374069-308236825-1801674531-1003..\Run: [SpybotSD TeaTimer] E:\Programy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0 O7 - HKU\S-1-5-21-436374069-308236825-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0 O8 - Extra context menu item: Download all by FlashGet3 - E:\Programy\FlashGet universal\FlashGet\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - E:\Programy\FlashGet universal\FlashGet\GetUrl.htm () O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - E:\Programy\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - E:\Programy\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O9 - Extra Button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.156.96.61 82.139.8.7 88.156.63.9 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-07-18 16:03:09 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-07-18 16:03:10 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-07-18 16:03:10 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-07-24 18:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\AP Tuner [2010-07-18 16:03:09 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2010-07-16 13:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010-07-12 23:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\dwhelper [2010-07-12 13:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\DoctorWeb [2010-07-12 13:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Malwarebytes [2010-07-12 13:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-07-06 23:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Medal of Honor MP Beta [2010-07-02 14:41:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$ [2010-07-02 14:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCTools [2010-07-02 14:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\BITS [2010-07-02 14:13:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-07-02 13:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-06-29 12:14:08 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-06-26 18:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\PMB Files [2010-06-26 18:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2010-06-25 12:47:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010-06-23 17:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Moje skanowanie [2010-06-22 20:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Black & White 2 [2010-06-18 20:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\NFS Most Wanted [2010-06-16 21:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Pobieranie [2010-06-14 14:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-06-12 18:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts [2010-06-11 18:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TeamViewer [2010-06-11 18:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2010-06-10 17:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-06-10 13:39:30 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll [2010-06-10 13:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine [2010-06-09 16:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DVDVideoSoftIEHelpers [2010-06-09 16:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Moje dokumenty\DVDVideoSoft [2010-06-07 20:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Image Extract Software [2010-06-04 22:09:27 | 000,000,000 | ---D | C] -- C:\BDS [2010-06-04 22:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\NVIDIA [2010-06-04 20:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia [2010-06-04 16:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FlashGet [2009-12-11 18:33:34 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys [2009-12-11 18:33:34 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-07-31 18:11:48 | 000,000,908 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat [2010-07-31 18:11:40 | 000,004,700 | ---- | M] () -- C:\WINDOWS\System32\secushr.dat [2010-07-31 18:00:00 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job [2010-07-31 16:56:43 | 000,218,808 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010-07-31 14:36:39 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-07-31 13:12:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-07-31 13:12:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-07-31 00:19:46 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Krzysiek\NTUSER.DAT [2010-07-30 20:34:30 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-07-30 18:33:47 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-07-30 16:49:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-07-24 18:51:32 | 000,075,120 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-07-24 17:47:48 | 000,413,985 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010-07-24 16:02:28 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-07-21 11:46:50 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-07-20 00:43:21 | 003,176,046 | -H-- | M] () -- C:\Documents and Settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-07-19 23:31:56 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Heroes of Might and Magic V.lnk [2010-07-19 17:37:29 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\MoorHunt.lnk [2010-07-16 13:42:18 | 000,411,385 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100724-174748.backup [2010-07-14 22:40:35 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Krzysiek\ntuser.ini [2010-07-12 20:01:29 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\FIX.reg [2010-07-12 13:51:04 | 001,350,102 | ---- | M] () -- C:\anti-malware.bmp [2010-07-12 12:10:49 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\KMPlayer.lnk [2010-07-05 12:59:34 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-07-05 10:28:15 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Krzysiek\default.pls [2010-07-03 19:22:15 | 001,603,052 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka3.2.png [2010-07-03 17:28:35 | 000,841,061 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka2.jpg [2010-07-02 22:44:28 | 000,280,605 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\bez_nazwy_.png [2010-07-02 14:01:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-07-02 14:01:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100716-134218.backup [2010-07-02 11:26:01 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2010-07-02 11:26:01 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\ZoneAlarm Security.lnk [2010-07-02 11:25:59 | 000,420,889 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010-06-29 12:14:09 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-06-28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr [2010-06-28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010-06-28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010-06-28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010-06-28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010-06-28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010-06-28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010-06-28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010-06-28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010-06-25 13:13:04 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010-06-25 13:13:03 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010-06-25 13:07:56 | 000,000,793 | ---- | M] () -- C:\WINDOWS\win.ini [2010-06-25 13:07:56 | 000,000,223 | -HS- | M] () -- C:\boot.ini [2010-06-24 19:52:49 | 001,260,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-06-24 19:52:49 | 000,573,982 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-06-24 19:52:49 | 000,510,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-06-24 19:52:49 | 000,113,268 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-06-24 19:52:49 | 000,091,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-06-24 19:37:51 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Counter-Strike.lnk [2010-06-24 19:37:51 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Half-Life.lnk [2010-06-23 21:14:58 | 000,408,553 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100701-222447.backup [2010-06-23 19:43:18 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Book97.doc [2010-06-23 17:23:05 | 000,031,674 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001_1.htm [2010-06-23 17:22:29 | 000,031,672 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001.htm [2010-06-22 19:29:19 | 000,000,589 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Black & White 2.lnk [2010-06-20 18:51:25 | 000,408,427 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100623-211458.backup [2010-06-17 19:30:36 | 000,099,814 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\fce.jpg [2010-06-14 18:12:06 | 000,404,365 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100620-185125.backup [2010-06-14 14:55:58 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2010-06-11 19:47:33 | 000,000,519 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AIMP2.lnk [2010-06-11 18:28:27 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamViewer 5.lnk [2010-06-10 17:47:29 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\EVEREST Home Edition.lnk [2010-06-10 13:39:32 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\Cheat Engine.lnk [2010-06-09 20:52:45 | 000,127,587 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\screen.jpg [2010-06-04 22:19:31 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk [2010-06-04 16:01:38 | 000,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI [2010-06-04 16:01:16 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Krzysiek\Pulpit\FlashGet 3.5.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-07-24 18:51:44 | 000,004,700 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat [2010-07-19 23:31:56 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Heroes of Might and Magic V.lnk [2010-07-18 16:24:39 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat [2010-07-12 20:01:21 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\FIX.reg [2010-07-12 13:51:04 | 001,350,102 | ---- | C] () -- C:\anti-malware.bmp [2010-07-03 19:19:53 | 001,603,052 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka3.2.png [2010-07-03 17:27:29 | 000,841,061 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\tapetka2.jpg [2010-07-02 22:44:09 | 000,280,605 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\bez_nazwy_.png [2010-07-02 13:56:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-07-02 13:56:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-07-02 11:26:01 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\ZoneAlarm Security.lnk [2010-06-24 19:37:51 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Counter-Strike.lnk [2010-06-24 19:37:51 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Half-Life.lnk [2010-06-23 19:43:15 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\Book97.doc [2010-06-23 17:23:03 | 000,031,674 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001_1.htm [2010-06-23 17:22:26 | 000,031,672 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\skanowanie0001.htm [2010-06-22 19:29:19 | 000,000,589 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Black & White 2.lnk [2010-06-17 19:30:29 | 000,099,814 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\fce.jpg [2010-06-14 14:55:58 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Free Antivirus.lnk [2010-06-11 18:28:27 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamViewer 5.lnk [2010-06-10 17:47:29 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\EVEREST Home Edition.lnk [2010-06-10 13:39:32 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\Cheat Engine.lnk [2010-06-10 13:39:30 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2010-06-09 20:52:31 | 000,127,587 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Moje dokumenty\screen.jpg [2010-06-04 22:19:31 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Borderlands.lnk [2010-06-04 16:01:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI [2010-06-04 16:01:16 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Krzysiek\Pulpit\FlashGet 3.5.lnk [2010-04-10 16:18:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2010-01-10 16:49:31 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-12-31 15:21:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-12-07 23:18:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI [2009-11-21 16:29:14 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL [2009-11-21 16:29:14 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini [2009-11-21 16:29:13 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll [2009-11-21 16:29:13 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll [2009-11-21 16:29:13 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll [2009-11-21 16:29:13 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll [2009-11-21 16:29:12 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll [2009-11-21 16:29:12 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll [2009-11-21 16:29:12 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll [2009-11-21 16:29:12 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll [2009-11-21 14:39:56 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-11-21 14:39:32 | 000,000,309 | ---- | C] () -- C:\WINDOWS\game.ini [2009-11-21 13:44:59 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2009-11-21 13:36:02 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-11-21 13:36:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-11-21 13:36:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-11-21 00:08:55 | 000,014,277 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009-11-21 00:08:55 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009-11-21 00:08:48 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2007-06-28 18:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2010-06-14 14:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2010-05-19 19:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts [2010-05-27 22:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2009-11-21 13:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier [2010-03-29 20:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-03-29 19:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaMusic [2009-11-22 14:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-03-29 20:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OviInstallerCache [2010-03-29 20:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-06-26 22:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files [2010-07-24 18:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-11-21 14:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software [2010-03-06 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft [2010-01-30 18:38:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C} [2010-07-23 21:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\AIMP [2010-07-31 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\BITS [2009-12-09 17:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Broad Intelligence [2010-03-20 16:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\COWON [2009-12-19 21:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dev-Cpp [2009-11-21 13:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dual Vibration Game pad [2009-11-21 13:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Dual Vibration Gamepad [2010-06-09 16:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\DVDVideoSoftIEHelpers [2009-12-06 20:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FileZilla [2010-06-04 16:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\FlashGet [2009-12-06 22:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Free Mp3 Wma Ogg Converter [2009-11-21 13:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Gadu-Gadu [2009-11-21 14:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Gadu-Gadu 10 [2009-12-19 15:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Leadertech [2010-04-06 20:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Mp3tag [2010-03-29 20:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nokia [2010-06-22 22:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu [2009-11-22 14:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\OpenFM [2010-03-30 14:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\PC Suite [2010-01-07 21:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\SoundSpectrum [2010-06-11 18:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TeamViewer [2009-11-24 21:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TigerPlayer [2009-11-21 14:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\TuneUp Software [2010-03-06 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\Ubisoft [2009-11-21 14:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Krzysiek\Dane aplikacji\URSoft [2010-07-31 18:00:00 | 000,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-07-12 13:51:04 | 001,350,102 | ---- | M] () -- C:\anti-malware.bmp [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-06-25 13:07:56 | 000,000,223 | -HS- | M] () -- C:\boot.ini [2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-11-20 23:43:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-11-20 23:43:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-11-20 23:43:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-07-31 13:12:05 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008-04-14 22:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 394 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:B3D74A13 < End of report > [/log]
MarekM25 komentarz 1 sierpnia 2010 komentarz 1 sierpnia 2010 Użyj Combofixa. On powinien tu coś zdziałać.
Tomek01 komentarz 2 sierpnia 2010 komentarz 2 sierpnia 2010 Marek, nie wydaje mi się by Combofix tu pomógł. Infekcji tu śladu nie widać. Może nakładka systemu rozwiąże problem
MarekM25 komentarz 2 sierpnia 2010 komentarz 2 sierpnia 2010 Ja bym jednak sprawdził tego combofixa Spróbować nie zaszkodzi. Ale jak chcesz, Ty tu rządzisz xP
Tomek01 komentarz 3 sierpnia 2010 komentarz 3 sierpnia 2010 Ok, zobaczymy. Na razie czekamy aż kolega się odezwie.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.