ziombel0 utworzono 3 lipca 2009 utworzono 3 lipca 2009 (edytowane) Logfile of Trend Micro HijackThis v2.0.2Scan saved at 01:47:13, on 2009-07-04Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18248)Boot mode: NormalRunning processes:C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Windows\smss.cmdC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exeC:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Nowe Gadu-Gadu\gg.exeC:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exeC:\Windows\system32\taskeng.exeC:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exeC:\Program Files\Samsung\EBM\EasyBatteryMgr3.exeC:\Program Files\Samsung\Easy Display Manager\dmhkcore.exeC:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exeC:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exeC:\Windows\system32\conime.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Windows\Explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dllO1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dllO2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLLO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dllO3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [systool] C:\Windows\smss.cmdO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKUS\S-1-5-21-3648883824-622813833-3420373076-1006\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'test')O4 - HKUS\S-1-5-21-3648883824-622813833-3420373076-1006\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'test')O4 - HKUS\S-1-5-21-3648883824-622813833-3420373076-1006\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'test')O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exeO4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dllO18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dllO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exeO23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exeO23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe--End of file - 8785 bytes
Gość komentarz 4 lipca 2009 komentarz 4 lipca 2009 O4 - HKLM\..\Run: [systool] C:\Windows\smss.cmd Daj logi z OTL. .
ziombel0 komentarz 4 lipca 2009 Autor komentarz 4 lipca 2009 OTL logfile created on: 2009-07-04 10:09:11 - Run 2OTL by OldTimer - Version 3.0.6.4 Folder = C:\Users\Maro\DesktopWindows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstationInternet Explorer (Version = 7.0.6001.18000)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd2,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 88,83% Memory free4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 111,88 Gb Total Space | 13,64 Gb Free Space | 12,19% Space Free | Partition Type: NTFSDrive D: | 111,00 Gb Total Space | 73,79 Gb Free Space | 66,48% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: TATA-PCCurrent User Name: MaroLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2008-06-09 00:23:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exePRC - [2006-10-05 06:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exePRC - [2008-03-19 17:52:44 | 00,166,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exePRC - [2008-05-23 07:11:56 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exePRC - [2008-03-17 11:07:02 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exePRC - [2009-03-12 11:03:07 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exePRC - [2008-03-17 15:29:24 | 00,765,576 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exePRC - [2008-10-29 08:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXEPRC - [2009-03-12 11:03:07 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exePRC - [2007-07-05 00:41:42 | 00,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exePRC - [2008-05-22 10:33:54 | 00,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exePRC - [2009-04-12 12:02:24 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exePRC - [2008-04-17 08:26:46 | 00,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exePRC - [2008-05-23 06:43:52 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exePRC - [2008-04-25 14:31:34 | 00,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exePRC - [2006-12-19 15:23:38 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exePRC - [2008-03-19 17:52:38 | 00,051,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exePRC - [2005-09-30 20:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exePRC - [2009-03-03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exePRC - [2008-04-17 04:50:00 | 06,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exePRC - [2007-10-26 07:39:04 | 01,029,416 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exePRC - [2007-03-14 14:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exePRC - [2008-08-04 01:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exePRC - [2009-03-09 06:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exePRC - [2009-07-02 14:58:28 | 05,771,457 | -HS- | M] ( ) -- C:\Windows\smss.cmdPRC - [2008-01-21 04:23:29 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exePRC - [2008-03-17 10:59:40 | 02,289,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exePRC - [2008-01-21 04:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exePRC - [2008-02-12 06:19:52 | 00,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exePRC - [2008-01-21 04:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exePRC - [2009-04-10 11:12:58 | 09,818,728 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exePRC - [2009-04-10 10:13:16 | 00,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exePRC - [2008-03-19 17:52:40 | 00,709,640 | ---- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exePRC - [2009-06-12 13:05:47 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2008-03-19 17:52:36 | 00,138,840 | ---- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exePRC - [2007-10-26 07:39:14 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exePRC - [2008-01-21 04:24:49 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exePRC - [2009-04-24 18:08:04 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exePRC - [2009-01-21 17:11:43 | 00,239,216 | ---- | M] () -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exePRC - [2009-07-04 10:07:54 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Maro\Desktop\OTL.exe========== Win32 Services (SafeList) ==========SRV - [2006-10-05 06:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])SRV - [2008-03-19 17:52:44 | 00,166,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Auto | Running])SRV - [2005-09-30 20:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])SRV - [2008-01-21 04:24:55 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])SRV - [2008-01-21 04:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])SRV - [2006-11-02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])SRV - [2006-11-02 14:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])SRV - [2008-01-21 04:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])SRV - [2008-05-23 07:11:56 | 00,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])SRV - [2008-01-21 04:25:20 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])SRV - [2009-01-21 18:49:20 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])SRV - [2008-01-21 04:25:20 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])SRV - [2008-03-17 11:07:02 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])SRV - [2008-01-21 04:25:21 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])SRV - [2009-03-12 11:03:07 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])SRV - [2008-06-09 00:23:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])SRV - [2007-08-24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])SRV - [2008-03-17 15:29:24 | 00,765,576 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent [Auto | Running])SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])SRV - [2009-04-12 12:02:24 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])SRV - [2008-05-23 06:43:52 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])SRV - [2006-12-19 15:23:38 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])SRV - [2008-05-13 01:47:20 | 00,077,480 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus [Auto | Stopped])SRV - [2006-04-14 03:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])SRV - [2008-03-19 17:52:38 | 00,051,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service [Auto | Running])SRV - [2009-07-02 13:06:11 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])SRV - [2008-01-21 04:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])SRV - [2008-01-21 04:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])========== Driver Services (SafeList) ==========DRV - [2008-01-21 04:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])DRV - [2008-01-21 04:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])DRV - [2008-01-21 04:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])DRV - [2008-01-21 04:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])DRV - [2006-11-28 09:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])DRV - [2006-11-02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])DRV - [2008-01-21 04:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])DRV - [2008-01-21 04:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])DRV - [2008-01-21 04:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])DRV - [2006-11-02 09:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])DRV - [2009-03-12 11:03:54 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1005000.087\BHDrvx86.sys -- (BHDrvx86 [system | Running])DRV - [2007-06-24 22:56:34 | 00,034,312 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])DRV - [2007-06-24 22:56:40 | 00,027,656 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running])DRV - [2006-11-02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])DRV - [2006-11-02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])DRV - [2006-11-02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])DRV - [2006-11-02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])DRV - [2006-11-02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])DRV - [2006-11-02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])DRV - [2007-03-05 21:59:04 | 00,018,320 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Running])DRV - [2007-06-24 22:56:54 | 00,038,920 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Running])DRV - [2007-03-05 21:55:12 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\Drivers\vbtenum.sys -- (BTHidEnum [boot | Running])DRV - [2007-03-05 21:56:18 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [boot | Running])DRV - [2008-02-14 01:17:10 | 00,080,424 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Stopped])DRV - [2007-07-16 00:20:24 | 00,080,936 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Stopped])DRV - [2007-07-16 00:20:26 | 00,016,168 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\DRIVERS\btwrchid.sys -- (btwrchid [On_Demand | Stopped])DRV - [2009-03-20 17:59:51 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1005000.087\ccHPx86.sys -- (ccHP [system | Running])DRV - [2008-01-21 04:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])DRV - [2008-01-21 04:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])DRV - [2009-02-25 11:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])DRV - [2008-01-21 04:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])DRV - [2009-02-25 11:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])DRV - [2008-01-21 04:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])DRV - [2006-10-19 04:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand | Stopped])DRV - [2008-06-16 14:38:10 | 00,318,488 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [boot | Running])DRV - [2008-01-21 04:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])DRV - [2009-01-29 23:50:17 | 00,292,912 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090625.003\IDSvix86.sys -- (IDSVix86 [system | Running])DRV - [2006-11-02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])DRV - [2008-04-17 09:31:00 | 02,098,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])DRV - [2006-11-02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])DRV - [2006-11-02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])DRV - [2007-05-23 10:13:10 | 00,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) -- C:\Windows\System32\DRIVERS\kmdfmemio.sys -- (KMDFMEMIO [Auto | Running])DRV - [2008-01-21 04:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])DRV - [2008-01-21 04:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])DRV - [2008-01-21 04:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])DRV - [2008-01-21 04:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])DRV - [2008-01-21 04:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])DRV - [2006-11-02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])DRV - [2009-02-28 11:20:26 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.049\NAVENG.SYS -- (NAVENG [On_Demand | Running])DRV - [2009-02-28 11:20:26 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090703.049\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])DRV - [2008-01-21 04:23:20 | 02,225,664 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw3v32.sys -- (NETw3v32 [On_Demand | Stopped])DRV - [2008-05-20 21:36:12 | 03,663,360 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw5v32.sys -- (NETw5v32 [On_Demand | Running])DRV - [2006-11-02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])DRV - [2006-11-02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])DRV - [2008-06-09 00:23:00 | 07,522,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])DRV - [2008-01-21 04:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])DRV - [2008-01-21 04:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])DRV - [2008-01-21 04:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])DRV - [2006-11-02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])DRV - [2008-01-21 04:24:49 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])DRV - [2006-11-02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])DRV - [2008-01-21 04:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])DRV - [2008-12-19 21:50:40 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [boot | Running])DRV - [2009-03-12 11:03:54 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1005000.087\SRTSP.SYS -- (SRTSP [system | Running])DRV - [2009-03-12 11:03:54 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1005000.087\SRTSPX.SYS -- (SRTSPX [system | Running])DRV - [2006-11-02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])DRV - [2009-03-12 11:03:54 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS -- (SymEFA [boot | Running])DRV - [2009-03-26 11:01:30 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])DRV - [2009-03-12 11:03:54 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMFW.SYS -- (SYMFW [On_Demand | Running])DRV - [2009-03-12 11:03:08 | 00,025,136 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\DRIVERS\SymIMv.sys -- (SymIM [system | Running])DRV - [2009-03-12 11:03:54 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Running])DRV - [2009-03-12 11:03:54 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMTDI.SYS -- (SYMTDI [system | Running])DRV - [2006-11-02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])DRV - [2006-11-02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])DRV - [2007-10-26 07:39:08 | 00,193,456 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])DRV - [2008-01-21 04:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])DRV - [2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])DRV - [2008-01-21 04:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])DRV - [2007-03-05 21:52:18 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])DRV - [2007-03-05 21:53:18 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])DRV - [2008-01-21 04:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])DRV - [2008-04-05 07:56:26 | 00,242,560 | ---- | M] (Vimicro Corporation) -- C:\Windows\System32\Drivers\VMC302.sys -- (VMC302 [On_Demand | Running])DRV - [2008-01-21 04:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])DRV - [2007-12-28 03:51:00 | 00,298,496 | ---- | M] (Marvell) -- C:\Windows\System32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Running])========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeIE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeIE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-3648883824-622813833-3420373076-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htmIE - HKU\S-1-5-21-3648883824-622813833-3420373076-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKU\S-1-5-21-3648883824-622813833-3420373076-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKU\S-1-5-21-3648883824-622813833-3420373076-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)IE - HKU\S-1-5-21-3648883824-622813833-3420373076-1005\S-1-5-21-3648883824-622813833-3420373076-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "www.google.pl"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13FF - prefs.js..extensions.enabledItems: {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0FF - prefs.js..extensions.enabledItems: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.5FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.5.1.1FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-06-12 13:05:56 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-06-12 13:06:00 | 00,000,000 | ---D | M][2008-10-29 19:37:31 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\mozilla\Extensions[2008-10-29 19:37:31 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2009-07-03 11:15:46 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\mozilla\Firefox\Profiles\zcnucoi9.default\extensions[2008-11-04 23:17:46 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\mozilla\Firefox\Profiles\zcnucoi9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}[2008-11-04 23:17:54 | 00,001,196 | ---- | M] () -- C:\Users\Maro\AppData\Roaming\Mozilla\FireFox\Profiles\zcnucoi9.default\searchplugins\winamp-search.xml[2008-11-28 19:36:58 | 00,002,127 | ---- | M] () -- C:\Users\Maro\AppData\Roaming\Mozilla\FireFox\Profiles\zcnucoi9.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml[2009-07-04 09:02:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions[2009-06-12 13:05:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2008-10-29 18:30:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}[2008-10-30 14:20:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}[2008-12-03 13:29:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}[2009-03-26 22:11:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}[2009-06-12 13:05:47 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll[2009-06-12 13:05:47 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll[2007-04-10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll[2008-11-11 09:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll[2008-06-24 19:07:26 | 00,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files\mozilla firefox\plugins\NPCARDS.dll[2009-03-09 06:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll[2009-06-12 13:05:48 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll[2006-10-26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL[2007-05-10 23:52:00 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll[2009-03-29 14:53:17 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml[2009-03-29 14:53:17 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml[2009-03-29 14:53:17 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml[2009-03-29 14:53:17 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml[2009-03-29 14:53:17 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml[2009-03-29 14:53:17 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml[2009-03-29 14:53:17 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xmlO1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O3 - HKU\S-1-5-21-3648883824-622813833-3420373076-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)O3 - HKU\S-1-5-21-3648883824-622813833-3420373076-1005\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)O4 - HKLM..\Run: [systool] C:\Windows\smss.cmd ( )O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()O4 - HKU\S-1-5-21-3648883824-622813833-3420373076-1005..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)O4 - HKU\S-1-5-21-3648883824-622813833-3420373076-1005..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-3648883824-622813833-3420373076-1005..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O7 - HKU\S-1-5-21-3648883824-622813833-3420373076-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-3648883824-622813833-3420373076-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149O7 - HKU\S-1-5-21-3648883824-622813833-3420373076-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-3648883824-622813833-3420373076-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not foundO31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006-09-18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck) - File not foundO34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) - File not found========== Files/Folders - Created Within 30 Days ==========[2009-07-04 10:07:49 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Maro\Desktop\OTL.exe[2009-07-04 10:01:34 | 00,000,000 | ---D | C] -- C:\Windows\Minidump[2009-07-04 09:59:53 | 33,059,9384 | ---- | C] () -- C:\Windows\MEMORY.DMP[2009-07-04 01:46:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2009-07-04 01:43:43 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2009-07-04 01:43:43 | 00,000,000 | ---D | C] -- C:\Users\Maro\AppData\Local\temp[2009-07-04 01:37:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe[2009-07-04 01:37:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2009-07-04 01:37:12 | 00,155,136 | ---- | C] () -- C:\Windows\PEV.exe[2009-07-04 01:37:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2009-07-04 01:37:12 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe[2009-07-04 01:37:12 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe[2009-07-04 01:37:12 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe[2009-07-04 01:37:12 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2009-07-04 01:37:05 | 00,000,000 | --SD | C] -- C:\ComboFix[2009-07-04 01:37:05 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT[2009-07-04 01:36:50 | 00,000,000 | ---D | C] -- C:\Qoobox[2009-07-04 01:20:42 | 00,000,041 | ---- | C] () -- C:\Users\Maro\Desktop\exec.bat[2009-07-02 14:58:28 | 05,771,457 | -HS- | C] ( ) -- C:\Windows\smss.cmd[2009-07-02 13:54:46 | 00,000,440 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job[2009-07-02 13:54:46 | 00,000,000 | ---D | C] -- C:\Users\Maro\AppData\Roaming\DriverCure[2009-07-02 13:54:43 | 00,000,378 | ---- | C] () -- C:\Windows\tasks\DriverCure.job[2009-07-02 13:54:40 | 00,000,414 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version2.job[2009-07-02 13:54:38 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic[2009-07-02 13:54:38 | 00,000,000 | ---D | C] -- C:\ProgramData\DriverCure[2009-07-02 13:54:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic[2009-07-02 13:54:37 | 00,000,000 | ---D | C] -- C:\Program Files\ParetoLogic[2009-07-02 11:38:55 | 00,000,819 | ---- | C] () -- C:\Users\Maro\Desktop\Metin2 PL.lnk[2009-07-01 17:41:48 | 00,000,000 | ---D | C] -- C:\Program Files\Metin2_PL[2009-06-30 10:42:01 | 00,130,745 | ---- | C] () -- C:\Users\Maro\Desktop\opłata.jpg[2009-06-29 11:16:47 | 03,660,517 | ---- | C] () -- C:\Users\Maro\Desktop\pussycat dolls - hush hush.mp31246266990_[mp3.teledyski.info].mp3[2009-06-14 17:31:00 | 00,000,000 | ---- | C] () -- C:\Users\Maro\Desktop\Nowy Dokument programu Microsoft Office Word.docx[2009-06-13 14:45:46 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll[2009-06-13 14:45:45 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll[2009-06-13 14:45:45 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax[2009-06-13 14:45:45 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax[2009-06-13 14:45:44 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax[2009-06-11 20:29:12 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys[2009-06-11 20:29:08 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll[2009-06-11 20:29:02 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll[2009-06-11 20:28:43 | 03,581,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll[2009-06-11 20:28:39 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll[2009-06-11 20:28:38 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll[2009-06-11 20:28:37 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll[2009-06-11 20:28:36 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll[2009-06-11 20:28:36 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll[2009-06-11 20:28:36 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll[2009-06-11 20:28:35 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll[2009-06-11 20:28:35 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll[2009-06-11 20:28:34 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec[2009-06-11 20:28:34 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll[2009-06-11 20:28:34 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe[2009-06-11 20:28:33 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll[2009-06-11 20:28:32 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll[2009-06-11 20:28:31 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb[2009-06-10 16:23:39 | 00,012,494 | ---- | C] () -- C:\Users\Maro\Documents\cv skorup.docx[2009-06-10 15:19:57 | 00,000,000 | ---D | C] -- C:\Users\Maro\Desktop\Nowy folder[2009-06-07 20:38:16 | 00,000,000 | ---D | C] -- C:\Casino[2009-04-12 11:36:27 | 00,138,944 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys[2008-12-19 21:50:40 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys[2008-11-21 14:24:47 | 00,000,036 | ---- | C] () -- C:\Windows\mafosav.INI[2008-11-04 23:16:46 | 00,000,135 | ---- | C] () -- C:\Windows\Mp3CutterJoiner.ini[2008-11-04 23:03:32 | 00,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll[2008-11-03 22:34:09 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll[2008-11-03 22:34:09 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll[2008-11-03 22:34:08 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll[2008-07-16 16:30:07 | 00,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini[2008-07-16 16:09:15 | 00,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini[2008-07-16 16:09:15 | 00,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini[2008-07-16 14:28:20 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll[2007-02-15 09:51:02 | 00,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll[2006-11-29 10:00:28 | 00,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll[2006-11-24 07:14:44 | 00,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll[2006-11-24 07:14:44 | 00,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll[2006-11-02 14:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll[2006-11-02 12:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll[2006-11-02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini[2006-11-02 12:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini[2006-11-02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini[2006-10-09 03:01:28 | 00,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll[2001-11-14 05:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll[1999-01-20 06:01:00 | 00,210,032 | ---- | C] () -- C:\Windows\System32\DBCLIENT.DLL========== Files - Modified Within 30 Days ==========[2009-07-04 10:07:54 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Maro\Desktop\OTL.exe[2009-07-04 10:02:48 | 00,151,904 | ---- | M] () -- C:\ProgramData\nvModes.001[2009-07-04 10:01:34 | 33,059,9384 | ---- | M] () -- C:\Windows\MEMORY.DMP[2009-07-04 10:00:20 | 00,151,904 | ---- | M] () -- C:\ProgramData\nvModes.dat[2009-07-04 10:00:05 | 00,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2009-07-04 10:00:04 | 00,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2009-07-04 10:00:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT[2009-07-04 09:59:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2009-07-04 09:59:45 | 32,155,77088 | -HS- | M] () -- C:\hiberfil.sys[2009-07-04 01:55:31 | 01,750,839 | -H-- | M] () -- C:\Users\Maro\AppData\Local\IconCache.db[2009-07-04 01:42:26 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini[2009-07-04 01:29:01 | 00,000,041 | ---- | M] () -- C:\Users\Maro\Desktop\exec.bat[2009-07-04 00:33:07 | 00,000,414 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job[2009-07-03 18:00:00 | 00,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job[2009-07-03 04:52:59 | 00,000,378 | ---- | M] () -- C:\Windows\tasks\DriverCure.job[2009-07-02 14:58:28 | 05,771,457 | -HS- | M] ( ) -- C:\Windows\smss.cmd[2009-07-02 11:43:44 | 00,000,819 | ---- | M] () -- C:\Users\Maro\Desktop\Metin2 PL.lnk[2009-06-30 10:42:45 | 00,001,418 | ---- | M] () -- C:\Users\Maro\Desktop\TrackMania Nations Forever.lnk[2009-06-30 10:42:01 | 00,130,745 | ---- | M] () -- C:\Users\Maro\Desktop\opłata.jpg[2009-06-29 11:19:43 | 03,660,517 | ---- | M] () -- C:\Users\Maro\Desktop\pussycat dolls - hush hush.mp31246266990_[mp3.teledyski.info].mp3[2009-06-25 23:09:00 | 01,468,980 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI[2009-06-25 23:09:00 | 00,662,056 | ---- | M] () -- C:\Windows\System32\perfh015.dat[2009-06-25 23:09:00 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2009-06-25 23:09:00 | 00,126,908 | ---- | M] () -- C:\Windows\System32\perfc015.dat[2009-06-25 23:09:00 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2009-06-14 17:31:00 | 00,000,000 | ---- | M] () -- C:\Users\Maro\Desktop\Nowy Dokument programu Microsoft Office Word.docx[2009-06-11 23:41:28 | 00,374,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2009-06-10 16:23:40 | 00,012,494 | ---- | M] () -- C:\Users\Maro\Documents\cv skorup.docx[2009-06-08 08:10:10 | 00,155,136 | ---- | M] () -- C:\Windows\PEV.exe========== LOP Check ==========[2009-04-17 20:11:06 | 00,000,000 | ---D | M] -- C:\Users\Asia\AppData\Roaming[2009-03-21 23:55:11 | 00,000,000 | ---D | M] -- C:\Users\Asia\AppData\Roaming\CyberLink[2008-12-19 21:54:35 | 00,000,000 | ---D | M] -- C:\Users\Asia\AppData\Roaming\DAEMON Tools[2008-12-19 21:55:28 | 00,000,000 | ---D | M] -- C:\Users\Asia\AppData\Roaming\DAEMON Tools Lite[2008-12-19 21:54:35 | 00,000,000 | ---D | M] -- C:\Users\Asia\AppData\Roaming\DAEMON Tools Pro[2008-10-29 18:15:11 | 00,000,000 | ---D | M] -- C:\Users\Asia\AppData\Roaming\Gadu-Gadu[2008-11-02 00:20:45 | 00,000,000 | ---D | M] -- C:\Users\Asia\AppData\Roaming\GanymedeNet[2009-07-04 09:05:18 | 00,000,000 | ---D | M] -- C:\Users\Asia\AppData\Roaming\ipla[2008-10-29 18:44:58 | 00,000,000 | ---D | M] -- C:\Users\Asia\AppData\Roaming\IrfanView[2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Asia\AppData\Roaming\Media Center Programs[2009-04-17 20:11:23 | 00,000,000 | ---D | M] -- C:\Users\Asia\AppData\Roaming\mIRC[2009-03-25 17:18:48 | 00,000,000 | ---D | M] -- C:\Users\Asia\AppData\Roaming\Nowe Gadu-Gadu[2009-07-03 10:37:01 | 00,000,000 | ---D | M] -- C:\Users\Asia\AppData\Roaming\uTorrent[2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming[2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Media Center Programs[2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming[2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Media Center Programs[2009-07-02 13:54:46 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming[2008-11-11 23:54:51 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\CyberLink[2009-07-02 13:55:13 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\DriverCure[2008-10-29 19:57:12 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\Gadu-Gadu[2009-01-18 18:50:40 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\ImgBurn[2009-01-23 16:28:32 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\IrfanView[2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\Media Center Programs[2009-04-04 16:04:04 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\mIRC[2009-02-10 23:14:26 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\Nowe Gadu-Gadu[2009-05-21 17:02:32 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\OpenFM[2008-12-11 14:37:38 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\uTorrent[2008-11-10 14:55:15 | 00,000,000 | ---D | M] -- C:\Users\Maro\AppData\Roaming\Ventrilo[2009-03-30 12:07:29 | 00,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming[2008-11-05 23:02:09 | 00,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming\CyberLink[2008-10-29 22:03:21 | 00,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming\Gadu-Gadu[2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming\Media Center Programs[2009-03-30 12:07:53 | 00,000,000 | ---D | M] -- C:\Users\Tata\AppData\Roaming\Nowe Gadu-Gadu[2009-07-04 01:15:40 | 00,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming[2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\test\AppData\Roaming\Media Center Programs[2009-07-03 04:52:59 | 00,000,378 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job[2009-07-03 18:00:00 | 00,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job[2009-07-04 00:33:07 | 00,000,414 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job[2009-07-04 10:00:01 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT[2009-07-04 01:55:45 | 00,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==========< End of report >
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.