ppawel232629 utworzono 10 lipca 2009 utworzono 10 lipca 2009 Dziś już czwartą godzinę naprawiam i czyszcze (bardzo zaniedbany) komputer siostry, zrobiłem już wszystko co w mojej mocy, widać rezultaty ale chciałbym się jeszcze upewnić czy w logach jest czysto. Proszę o sprawdzenie: HijackThis: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:52:57, on 2009-07-10Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Eset\nod32krn.exeC:\Program Files\Raxco\PerfectDisk\PDAgent.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Raxco\PerfectDisk\PDEngine.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Eset\nod32kui.exeC:\WINDOWS\SOUNDMAN.EXEC:\PROGRA~1\A4Tech\Mouse\Amoumain.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Kalendarz XP\Kalendarz.exeC:\Program Files\SAGEM WiFi manager\WLANUTL.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLLO2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dllO2 - BHO: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLLO3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dllO3 - Toolbar: ooVoo Toolbar - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\PROGRA~1\OOVOOT~1\OOVOOT~1.DLLO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exeO4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exeO4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exeO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cabO16'>https://www.bph.pl/sezam/components/SignActivX.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18'>http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: fsmgmt - fsmgmt.dll (file missing)O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeO23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Naprawa i optymalizacja\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exeO23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Marcin/USTAWI~1/Temp/msohtmlclip1/01/clip_image002.jpgO24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Marcin/USTAWI~1/Temp/msohtmlclip1/01/clip_image002.gif--End of file - 8548 bytes OTL: OTL logfile created on: 2009-07-10 23:54:28 - Run 1OTL by OldTimer - Version 3.0.3.0 Folder = C:\Documents and Settings\Marcin\Pulpit\Programy do logówWindows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd1023,48 Mb Total Physical Memory | 633,88 Mb Available Physical Memory | 61,93% Memory free2,40 Gb Paging File | 2,06 Gb Available in Paging File | 85,85% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 37,26 Gb Total Space | 22,39 Gb Free Space | 60,08% Space Free | Partition Type: NTFSDrive D: | 37,26 Gb Total Space | 26,66 Gb Free Space | 71,56% Space Free | Partition Type: NTFSDrive E: | 37,26 Gb Total Space | 18,87 Gb Free Space | 50,65% Space Free | Partition Type: NTFSDrive F: | 37,26 Gb Total Space | 9,36 Gb Free Space | 25,12% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: PREDKICurrent User Name: MarcinLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2006-11-30 19:38:12 | 00,117,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exePRC - [2007-02-10 06:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exePRC - [2007-12-23 02:54:02 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exePRC - [2006-10-10 14:35:24 | 00,402,960 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exePRC - [2005-08-08 06:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exePRC - [2007-02-10 06:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exePRC - [2007-02-10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exePRC - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exePRC - [2006-10-10 14:35:36 | 00,603,664 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exePRC - [2008-04-14 22:51:18 | 00,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXEPRC - [2007-12-23 02:54:02 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exePRC - [2004-11-15 12:20:20 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXEPRC - [2004-08-25 18:31:40 | 00,147,456 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exePRC - [2006-03-04 18:40:30 | 00,882,176 | ---- | M] () -- C:\Program Files\Kalendarz XP\Kalendarz.exePRC - [2006-01-19 16:54:34 | 00,925,696 | ---- | M] ( ) -- C:\Program Files\SAGEM WiFi manager\WLANUTL.exePRC - [2004-07-14 08:44:40 | 00,585,728 | R--- | M] (VIA Technologies) -- C:\Program Files\VIA\RAID\raid_tool.exePRC - [2007-03-19 00:05:02 | 00,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exePRC - [2006-05-21 09:43:08 | 00,180,224 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exePRC - [2008-04-14 22:51:52 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exePRC - [2009-06-22 00:30:30 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcin\Pulpit\Programy do logów\OTL.exePRC - [2009-02-26 10:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\Opera.exe========== Win32 Services (SafeList) ==========SRV - [2005-09-23 08:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])SRV - [2006-11-30 19:38:12 | 00,117,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Auto | Running])SRV - [2005-09-23 08:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])SRV - [2009-01-09 12:46:24 | 00,410,976 | ---- | M] (mst software GmbH, Germany) -- C:\Program Files\Naprawa i optymalizacja\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS [On_Demand | Stopped])SRV - [2007-12-23 05:32:55 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])SRV - [2006-10-27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])SRV - [2007-02-10 06:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$INSERTGT [Auto | Running])SRV - [2005-10-14 03:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])SRV - [2007-01-15 18:14:38 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])SRV - [2007-01-15 17:01:56 | 00,266,240 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])SRV - [2007-12-23 02:54:02 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])SRV - [2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])SRV - [2006-10-10 14:35:24 | 00,402,960 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent [Auto | Running])SRV - [2006-10-10 14:35:36 | 00,603,664 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine [On_Demand | Running])SRV - [2004-09-29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])SRV - [2005-08-08 06:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])SRV - [2007-06-15 17:55:00 | 00,300,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])SRV - [2007-02-10 06:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])SRV - [2007-02-10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])SRV - [2007-05-28 18:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])========== Driver Services (SafeList) ==========DRV - [2004-11-17 13:05:38 | 02,297,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])DRV - [2004-08-25 18:09:02 | 00,005,120 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amfilter.sys -- (Amfilter [system | Running])DRV - [2007-12-23 02:54:03 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running])DRV - [2004-08-25 18:09:36 | 00,010,240 | ---- | M] (A4Tech Co.,Ltd.) -- C:\WINDOWS\System32\DRIVERS\Amusbprt.sys -- (Amusbprt [On_Demand | Running])DRV - [2006-11-22 14:39:00 | 00,034,576 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])DRV - [2006-11-22 14:39:14 | 00,027,792 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running])DRV - [2006-11-22 14:41:04 | 00,018,320 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Stopped])DRV - [2006-11-22 14:39:30 | 00,033,936 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])DRV - [2006-11-22 14:40:02 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum [boot | Running])DRV - [2006-11-22 14:40:20 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [boot | Running])DRV - [2007-12-23 02:16:27 | 00,345,728 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\WINDOWS\System32\DRIVERS\Cap7134.sys -- (Cap7134 [On_Demand | Running])DRV - [2006-09-15 12:09:28 | 00,062,992 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS [boot | Running])DRV - [2004-06-21 22:35:12 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])DRV - [2004-06-21 22:35:12 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])DRV - [2004-06-21 22:35:12 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])DRV - [2007-02-22 12:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped])DRV - [2007-02-22 12:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped])DRV - [2007-02-22 12:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped])DRV - [2007-02-22 12:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped])DRV - [2007-12-23 02:54:02 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [system | Running])DRV - [2006-09-13 20:18:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])DRV - [2007-12-23 02:16:28 | 00,046,976 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\WINDOWS\System32\DRIVERS\PhTVTune.sys -- (PhTVTune [On_Demand | Running])DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])DRV - [2008-11-20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])DRV - [2001-08-18 01:57:36 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])DRV - [2004-07-16 08:19:52 | 00,070,400 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Stopped])DRV - [2006-09-13 20:18:54 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])DRV - [2008-07-07 09:40:49 | 00,056,108 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [system | Running])DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])DRV - [2005-12-22 14:45:18 | 00,402,432 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\DRIVERS\WlanBZXP.sys -- (SG762_XP [On_Demand | Running])DRV - [2007-12-23 02:18:20 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])DRV - [2008-04-14 00:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])DRV - [2006-11-22 14:40:34 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])DRV - [2006-11-22 14:40:50 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])DRV - [2003-07-01 22:42:00 | 00,027,904 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1 [boot | Running])DRV - [2004-05-18 10:55:26 | 00,074,112 | R--- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid [boot | Running])DRV - [2006-01-18 14:09:40 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50 [On_Demand | Running])========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-746137067-1788223648-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-746137067-1788223648-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-746137067-1788223648-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-746137067-1788223648-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/IE - HKU\S-1-5-21-746137067-1788223648-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-746137067-1788223648-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - Reg Error: Key error. File not foundIE - HKU\S-1-5-21-746137067-1788223648-725345543-1003\S-1-5-21-746137067-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0O1 HOSTS File: (906 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 serial.alcohol-soft.comO1 - Hosts: 127.0.0.1 www.alcohol-soft.comO1 - Hosts: 127.0.0.1 images.alcohol-soft.comO1 - Hosts: 127.0.0.1 trial.alcohol-soft.comO1 - Hosts: 127.0.0.1 alcohol-soft.comO2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O2 - BHO: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)O2 - BHO: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )O3 - HKLM\..\Toolbar: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A057A204-BACC-4D26-8087-36EE87E26986} - C:\Program Files\oovooToolbar\oovooToolbar.dll (ooVoo )O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)O4 - HKU\S-1-5-21-746137067-1788223648-725345543-1003..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)O4 - HKU\S-1-5-19..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [nlpo_02] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [nlpo_03] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [nlpo_04] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [nlpo_05] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [nlpo_06] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [nlpo_02] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [nlpo_03] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [nlpo_04] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [nlpo_05] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [nlpo_06] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe ()O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.exe ( )O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)O4 - Startup: C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()O4 - Startup: C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe ()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-746137067-1788223648-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]O7 - HKU\S-1-5-21-746137067-1788223648-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O7 - HKU\S-1-5-21-746137067-1788223648-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0O7 - HKU\S-1-5-21-746137067-1788223648-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0O7 - HKU\S-1-5-21-746137067-1788223648-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0O7 - HKU\S-1-5-21-746137067-1788223648-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/sezam/components/SignActivX.cab (SignActivX Control)O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\fsmgmt: DllName - fsmgmt.dll - File not foundO24 - Desktop Components:0 () - file:///C:/DOCUME~1/Marcin/USTAWI~1/Temp/msohtmlclip1/01/clip_image002.jpgO24 - Desktop Components:1 () - file:///C:/DOCUME~1/Marcin/USTAWI~1/Temp/msohtmlclip1/01/clip_image002.gifO24 - Desktop Components:2 (Moja bieżąca strona główna) - About:HomeO28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (mcenspc.dll) - File not foundO31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2007-12-23 01:35:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{b9420679-fda7-11dc-b706-001bbf515e8d}\Shell - "" = AutoRunO33 - MountPoints2\{b9420679-fda7-11dc-b706-001bbf515e8d}\Shell\Auto\command - "" = H:\UFO.exe -- File not foundO34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)O34 - HKLM BootExecute: (autocheck) - File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) - File not found========== Files/Folders - Created Within 30 Days ==========[1 C:\WINDOWS\System32\*.tmp files][3 C:\WINDOWS\*.tmp files][2009-07-10 23:51:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2009-07-10 22:48:50 | 00,102,912 | ---- | C] ( ) -- C:\0jpz.exe[2009-07-10 22:42:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Raxco[2009-07-10 22:42:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Raxco[2009-07-10 22:41:41 | 00,000,000 | ---D | C] -- C:\Program Files\RAXCO[2009-07-10 22:01:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution[2009-07-10 21:57:45 | 00,031,744 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\ZDPSp50a64.sys[2009-07-10 21:57:45 | 00,029,184 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\BRGSp50a64.sys[2009-07-10 21:57:45 | 00,020,608 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\BRGSp50.sys[2009-07-10 21:57:45 | 00,017,664 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\ZDPSp50.sys[2009-07-10 21:57:43 | 00,000,000 | ---D | C] -- C:\Program Files\SAGEM WiFi manager[2009-07-10 21:57:38 | 00,001,465 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk[2009-07-10 21:57:36 | 00,000,163 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.url[2009-07-10 21:57:35 | 00,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Konfiguracja.lnk[2009-07-10 21:57:35 | 00,000,000 | ---D | C] -- C:\Program Files\SAGEM[2009-07-10 21:54:54 | 00,493,440 | ---- | C] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\drivers\WlanBZ64.SYS[2009-07-10 21:54:54 | 00,402,432 | ---- | C] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\drivers\WlanBZXP.sys[2009-07-10 21:44:15 | 00,219,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.uxtender[2009-07-10 21:37:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom[2009-07-10 21:37:21 | 00,000,000 | ---D | C] -- C:\Program Files\xerox[2009-07-10 21:37:20 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage[2009-07-10 21:36:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch[2009-07-10 20:42:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DllCache[2009-07-10 20:42:15 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys[2009-07-10 20:42:15 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll[2009-07-10 20:42:15 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll[2009-07-10 20:42:15 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe[2009-07-10 20:42:12 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll[2009-07-10 20:42:12 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll[2009-07-10 20:42:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll[2009-07-10 20:42:11 | 00,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll[2009-07-10 20:42:11 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll[2009-07-10 20:42:11 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll[2009-07-10 20:42:11 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll[2009-07-10 20:42:11 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll[2009-07-10 20:42:11 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll[2009-07-10 20:42:11 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll[2009-07-10 20:42:11 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll[2009-07-10 20:42:11 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll[2009-07-10 20:42:11 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll[2009-07-10 20:42:11 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll[2009-07-10 20:42:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll[2009-07-10 20:42:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll[2009-07-10 20:42:11 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll[2009-07-10 20:42:11 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll[2009-07-10 20:42:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll[2009-07-10 20:42:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll[2009-07-10 20:42:11 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll[2009-07-10 20:42:11 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll[2009-07-10 20:42:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll[2009-07-10 20:42:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll[2009-07-10 20:42:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll[2009-07-10 20:42:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll[2009-07-10 20:42:09 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll[2009-07-10 20:42:09 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll[2009-07-10 20:42:09 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll[2009-07-10 20:42:09 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll[2009-07-10 20:42:09 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll[2009-07-10 20:42:09 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe[2009-07-10 20:42:08 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll[2009-07-10 20:42:08 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe[2009-07-10 20:42:08 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll[2009-07-10 20:42:08 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll[2009-07-10 20:42:08 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll[2009-07-10 20:42:08 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll[2009-07-10 20:42:07 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll[2009-07-10 20:42:07 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll[2009-07-10 20:42:07 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll[2009-07-10 20:42:07 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll[2009-07-10 20:42:07 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll[2009-07-10 20:42:07 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll[2009-07-10 20:42:07 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll[2009-07-10 20:42:07 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe[2009-07-10 20:42:06 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll[2009-07-10 20:42:06 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll[2009-07-10 20:42:06 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll[2009-07-10 20:42:06 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll[2009-07-10 20:42:06 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe[2009-07-10 20:42:06 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll[2009-07-10 20:42:06 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll[2009-07-10 20:42:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pl[2009-07-10 20:42:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits[2009-07-10 20:42:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas[2009-07-10 20:39:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles[2009-07-10 20:37:21 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys[2009-07-10 20:37:21 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys[2009-07-10 20:37:21 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys[2009-07-10 20:37:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic[2009-07-10 20:37:19 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod[2009-07-10 20:37:18 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys[2009-07-10 20:37:18 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty[2009-07-10 20:37:18 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys[2009-07-10 20:37:18 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys[2009-07-10 20:37:18 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys[2009-07-10 20:37:18 | 00,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys[2009-07-10 20:37:18 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys[2009-07-10 20:37:18 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys[2009-07-10 20:37:17 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys[2009-07-10 20:37:15 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img[2009-07-10 20:37:15 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys[2009-07-10 20:37:15 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys[2009-07-10 20:37:15 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys[2009-07-10 20:37:14 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys[2009-07-10 20:37:13 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys[2009-07-10 20:37:13 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys[2009-07-10 20:37:13 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys[2009-07-10 20:37:13 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys[2009-07-10 20:37:12 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys[2009-07-10 20:37:12 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys[2009-07-10 20:34:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$[2009-07-10 20:27:32 | 00,000,000 | ---D | C] -- C:\Program Files\PowerISO[2009-07-10 20:04:29 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\etcw.sys[2009-07-10 20:03:28 | 00,025,992 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe[2009-07-10 19:55:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Malwarebytes[2009-07-10 19:55:49 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009-07-10 19:55:46 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009-07-10 19:55:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes[2009-07-10 19:55:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009-07-10 19:47:57 | 00,000,023 | -HS- | C] () -- C:\WINDOWS\System32\edacded0.dat[2009-07-10 19:47:57 | 00,000,023 | ---- | C] () -- C:\WINDOWS\System32\bcdadac7.xml[2009-07-10 19:47:25 | 00,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2009[2009-07-10 18:48:32 | 00,039,776 | ---- | C] (mst software GmbH, Germany) -- C:\WINDOWS\System32\DfSdkBt64.exe[2009-07-10 18:48:32 | 00,033,632 | ---- | C] (mst software GmbH, Germany) -- C:\WINDOWS\System32\DfSdkBt.exe[2009-07-10 18:48:23 | 00,000,000 | ---D | C] -- C:\Program Files\Naprawa i optymalizacja[2009-07-10 18:48:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\page[2009-07-10 18:47:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Programy do logów[2009-07-10 18:45:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Czyszczenie, naprawa, optymalizacja[2009-07-07 21:01:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\101OLYMP[2009-07-03 22:13:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\_brak_tematu_[2009-07-03 13:52:13 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Adresy do szkół.laccdb[2009-06-29 12:44:30 | 06,216,997 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\mp3.mp3[2009-06-24 12:08:11 | 00,001,815 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\ESKK LinguaPlus Francais Czasowniki z przyimkami.lnk[2009-06-24 12:08:08 | 00,000,000 | ---D | C] -- C:\Program Files\ESKK[2009-06-24 11:54:20 | 00,001,657 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\ESKK InternetPlus.lnk[2009-06-24 11:54:17 | 00,000,000 | ---D | C] -- C:\Program Files\ESKK InternetPlus[2009-06-24 11:31:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\portrety-moje[2009-06-22 13:39:03 | 00,517,120 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\CURRICULUM VITAE- Ania T..doc[2009-06-19 20:19:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Praca licencjacka2[2009-06-19 19:40:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Marcin[2009-06-14 18:50:07 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\is169084.exe[2009-06-12 15:12:48 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Marcin\Pulpit\~$ytorskie zasady pisania pracy licencjackiej.doc[2008-08-30 15:16:57 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini[2008-07-26 10:46:01 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll[2008-06-25 20:15:27 | 00,210,032 | ---- | C] () -- C:\WINDOWS\System32\DBCLIENT.DLL[2008-03-19 18:57:23 | 00,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll[2008-03-19 18:57:23 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll[2007-12-29 14:38:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI[2007-12-24 13:53:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini[2007-12-23 11:50:27 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2007-12-23 10:57:51 | 00,294,912 | ---- | C] () -- C:\WINDOWS\PIC.dll[2007-12-23 10:57:51 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll[2007-12-23 03:25:09 | 00,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll[2007-12-23 03:22:36 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini[2007-12-23 03:22:29 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll[2007-12-23 03:03:28 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll[2007-12-23 02:55:43 | 00,550,418 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll[2007-12-23 02:54:30 | 00,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys[2007-12-23 02:18:20 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys[2007-03-30 00:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll[2004-12-02 10:55:16 | 00,005,272 | ---- | C] () -- C:\WINDOWS\AVerTV.ini[2001-07-22 02:16:20 | 00,001,027 | ---- | C] () -- C:\WINDOWS\win.ini[2001-07-22 02:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini========== Files - Modified Within 30 Days ==========[1 C:\WINDOWS\System32\*.tmp files][3 C:\WINDOWS\*.tmp files][2009-07-10 23:50:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009-07-10 23:50:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009-07-10 23:50:48 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys[2009-07-10 22:48:50 | 00,102,912 | ---- | M] ( ) -- C:\0jpz.exe[2009-07-10 22:10:08 | 00,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe[2009-07-10 22:05:53 | 00,001,027 | ---- | M] () -- C:\WINDOWS\win.ini[2009-07-10 22:05:53 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2009-07-10 22:05:53 | 00,000,211 | -HS- | M] () -- C:\boot.ini[2009-07-10 21:57:38 | 00,001,465 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk[2009-07-10 21:57:36 | 00,000,163 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.url[2009-07-10 21:57:35 | 00,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Konfiguracja.lnk[2009-07-10 21:44:30 | 02,111,538 | -H-- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\IconCache.db[2009-07-10 21:44:23 | 00,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll[2009-07-10 21:38:39 | 01,152,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2009-07-10 21:38:39 | 00,508,078 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2009-07-10 21:38:39 | 00,450,812 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2009-07-10 21:38:39 | 00,098,186 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2009-07-10 21:38:39 | 00,080,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2009-07-10 21:38:12 | 00,074,336 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT[2009-07-10 21:37:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009-07-10 21:36:32 | 00,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2009-07-10 20:36:45 | 00,251,152 | RHS- | M] () -- C:\ntldr[2009-07-10 20:04:29 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etcw.sys[2009-07-10 19:47:57 | 00,000,023 | -HS- | M] () -- C:\WINDOWS\System32\edacded0.dat[2009-07-10 19:47:57 | 00,000,023 | ---- | M] () -- C:\WINDOWS\System32\bcdadac7.xml[2009-07-05 19:44:12 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2009-07-03 13:55:22 | 00,000,128 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Adresy do szkół.laccdb[2009-06-29 12:49:23 | 06,216,997 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\mp3.mp3[2009-06-24 12:08:11 | 00,001,815 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\ESKK LinguaPlus Francais Czasowniki z przyimkami.lnk[2009-06-24 11:54:20 | 00,001,657 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\ESKK InternetPlus.lnk[2009-06-22 13:39:03 | 00,517,120 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\CURRICULUM VITAE- Ania T..doc[2009-06-19 20:25:14 | 00,466,944 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Adresy do szkół.mdb[2009-06-19 20:25:08 | 00,794,624 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Adresy do szkół1.mdb[2009-06-14 18:50:07 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\is169084.exe[2009-06-12 15:12:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Marcin\Pulpit\~$ytorskie zasady pisania pracy licencjackiej.doc< End of report > DDS: DDS (Ver_09-05-14.01) - NTFSx86 Run by Marcin at 23:55:29,95 on 2009-07-10Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.622 [GMT 2:00]AV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Eset\nod32krn.exeC:\Program Files\Raxco\PerfectDisk\PDAgent.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Raxco\PerfectDisk\PDEngine.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Eset\nod32kui.exeC:\WINDOWS\SOUNDMAN.EXEC:\PROGRA~1\A4Tech\Mouse\Amoumain.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Kalendarz XP\Kalendarz.exeC:\Program Files\SAGEM WiFi manager\WLANUTL.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Opera\Opera.exeC:\WINDOWS\notepad.exeC:\Documents and Settings\Marcin\Pulpit\Programy do logów\dds.pif============== Pseudo HJT Report ===============uSearch Page = hxxp://www.google.comuStart Page = hxxp://www.wp.pl/uSearch Bar = hxxp://www.google.com/ieuDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: H - No FilemWinlogon: SfcDisable=-99 (0xffffff9d)BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLLBHO: Expressivo: {85f685c3-20d9-4943-95e4-eb4224056c3f} - c:\program files\ivo\expressivo\integr\ih-iexplorer\IH_iexplorer.dllBHO: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLLTB: Expressivo: {85f685c3-20d9-4943-95e4-eb4224056c3f} - c:\program files\ivo\expressivo\integr\ih-iexplorer\IH_iexplorer.dllTB: ooVoo Toolbar: {a057a204-bacc-4d26-8087-36ee87e26986} - c:\progra~1\oovoot~1\OOVOOT~1.DLLEB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~1\office12\GRA8E1~1.DLLuRun: [Nowe Gadu-Gadu] "c:\program files\nowe gadu-gadu\gg.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICEmRun: [soundMan] SOUNDMAN.EXEmRun: [WheelMouse] c:\progra~1\a4tech\mouse\Amoumain.exedRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEdRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialogStartupFolder: c:\docume~1\marcin\menust~1\programy\autost~1\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exeStartupFolder: c:\docume~1\marcin\menust~1\programy\autost~1\ubericon.lnk - c:\windows\bricopacks\vista inspirat 2\ubericon\UberIcon Manager.exeStartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\kalend~1.lnk - c:\program files\kalendarz xp\Kalendarz.exeStartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\program sieciowy dla sagem wi-fi 11g usb adapter.lnk - c:\program files\sagem wifi manager\WLANUTL.exeStartupFolder: c:\docume~1\alluse~1\menust~1\programy\autost~1\viarai~1.lnk - c:\program files\via\raid\raid_tool.exeuPolicies-explorer: HideClock = 0 (0x0)mPolicies-explorer: NoResolveTrack = 1 (0x1)mPolicies-explorer: NoFileAssociate = 0 (0x0)mPolicies-system: NoDispSettingsPage = 0 (0x0)IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dllIE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLLLSP: c:\windows\system32\imon.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cabDPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dllHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: fsmgmt - fsmgmt.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLLSecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll============= SERVICES / DRIVERS ===============R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-12-23 15424]R2 MSSQL$INSERTGT;SQL Server (INSERTGT);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-12-23 552064]R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [2007-12-23 46976]R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2009-7-10 402432]S3 DfSdkS;Defragmentation-Service;c:\program files\naprawa i optymalizacja\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2009-7-10 410976]S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\zdcndis5.sys --> c:\windows\system32\ZDCndis5.SYS [?]=============== Created Last 30 ================2009-07-10 23:51 <DIR> --d----- c:\program files\Trend Micro2009-07-10 22:48 102,912 a------- C:\0jpz.exe2009-07-10 22:42 <DIR> --d----- c:\program files\common files\Raxco2009-07-10 22:41 <DIR> --d----- c:\program files\RAXCO2009-07-10 22:01 <DIR> --d----- c:\windows\system32\SoftwareDistribution2009-07-10 21:57 31,744 a------- c:\windows\system32\drivers\ZDPSp50a64.sys2009-07-10 21:57 29,184 a------- c:\windows\system32\drivers\BRGSp50a64.sys2009-07-10 21:57 20,608 a------- c:\windows\system32\drivers\BRGSp50.sys2009-07-10 21:57 17,664 a------- c:\windows\system32\drivers\ZDPSp50.sys2009-07-10 21:57 <DIR> --d----- c:\program files\SAGEM WiFi manager2009-07-10 21:57 <DIR> --d----- c:\program files\SAGEM2009-07-10 21:54 493,440 a------- c:\windows\system32\drivers\WlanBZ64.SYS2009-07-10 21:54 402,432 a------- c:\windows\system32\drivers\WlanBZXP.sys2009-07-10 21:44 219,648 a------- c:\windows\system32\uxtheme.uxtender2009-07-10 21:37 <DIR> --d----- c:\windows\system32\xircom2009-07-10 21:37 <DIR> --d----- c:\windows\system32\wbem\snmp2009-07-10 20:39 <DIR> --d----- c:\windows\ServicePackFiles2009-07-10 20:27 <DIR> --d----- c:\program files\PowerISO2009-07-10 20:04 61,440 a------- c:\windows\system32\drivers\etcw.sys2009-07-10 20:03 25,992 a------- c:\windows\system32\pgdfgsvc.exe2009-07-10 19:55 <DIR> --d----- c:\docume~1\marcin\daneap~1\Malwarebytes2009-07-10 19:55 15,504 a------- c:\windows\system32\drivers\mbam.sys2009-07-10 19:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys2009-07-10 19:55 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\Malwarebytes2009-07-10 19:55 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware2009-07-10 19:47 23 a--sh--- c:\windows\system32\edacded0.dat2009-07-10 19:47 23 a------- c:\windows\system32\bcdadac7.xml2009-07-10 19:47 <DIR> --d----- c:\program files\jv16 PowerTools 20092009-07-10 18:48 39,776 a------- c:\windows\system32\DfSdkBt64.exe2009-07-10 18:48 33,632 a------- c:\windows\system32\DfSdkBt.exe2009-07-10 18:48 <DIR> --d----- c:\program files\Naprawa i optymalizacja2009-07-10 18:48 <DIR> --d----- c:\docume~1\alluse~1\daneap~1\page2009-06-24 12:08 <DIR> --d----- c:\program files\ESKK2009-06-24 11:54 <DIR> --d----- c:\program files\ESKK InternetPlus2009-06-14 18:50 343,040 a------- c:\windows\is169084.exe==================== Find3M ====================2009-07-10 21:44 219,648 a------- c:\windows\system32\uxtheme.dll2009-07-10 21:38 508,078 a------- c:\windows\system32\perfh015.dat2009-07-10 21:38 98,186 a------- c:\windows\system32\perfc015.dat2009-07-10 20:43 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat2009-05-01 20:30 3,366,912 a------- c:\windows\system32\GPhotos.scr2007-12-23 05:33 32 a------- c:\docume~1\alluse~1\daneap~1\ezsid.dat============= FINISH: 23:55:41,00 =============== Attach: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-05-14.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 2007-12-23 00:35:39System Uptime: 2009-07-10 23:50:23 (0 hours ago)Motherboard: Gigabyte Technology Co., Ltd. | | K8T800-8237Processor: AMD Athlon 64 Processor 3000+ | Socket 754 | 2010/200mhz==== Disk Partitions =========================A: is RemovableC: is FIXED (NTFS) - 37 GiB total, 22,385 GiB free.D: is FIXED (NTFS) - 37 GiB total, 26,664 GiB free.E: is FIXED (NTFS) - 37 GiB total, 18,872 GiB free.F: is FIXED (NTFS) - 37 GiB total, 9,361 GiB free.G: is CDROM ()==== Disabled Device Manager Items =============Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Realtek RTL8139/810x Family Fast Ethernet NICDevice ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C0B0C5&0&98Manufacturer: Realtek Semiconductor Corp.Name: Realtek RTL8139/810x Family Fast Ethernet NICPNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C0B0C5&0&98Service: RTL8023xpClass GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Bluetooth PAN Network AdapterDevice ID: ROOT\NET\0000Manufacturer: IVT CorporationName: Bluetooth PAN Network AdapterPNP Device ID: ROOT\NET\0000Service: BTClass GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}Description: Nokia 6280Device ID: ROOT\WPD\0000Manufacturer: NokiaName: Nokia 6280PNP Device ID: ROOT\WPD\0000Service: WUDFRd==== System Restore Points ===================RP13: 2009-07-10 21:57:42 - Zainstalowane Program sieciowy dla SAGEM Wi-Fi 11g USB adapterRP14: 2009-07-10 22:42:21 - Installed PerfectDisk==== Installed Programs ======================13101310_Help1310Tour1310TrbA4Tech iWheelWorks 7.64Adobe Flash Player ActiveXAdobe Reader 7.0 - PolishAiO_ScanAiOSoftwareAshampoo WinOptimizer 6.24Athlon 64 Processor DriverAutoatlas EuropyAVerTV GO 007 PlusBlueSoleil 3.0 Std ReleaseBufferChmCCleaner (remove only)CopyCP_AtenaShokunin1ConfigCP_CalendarTemplates1CP_Package_Basic1CP_Panorama1ConfigCreativeProjectsCreativeProjectsTemplatesCueTourCustomerResearchQFolderDestinationsDeviceFunctionQFolderDeviceManagementQFolderDocProcDocumentViewerDVD SuiteESKK InternetPlus 2.0ESKK LinguaPlus Francais - Czasowniki z przyimkami 1.0eSupportQFolderExpressivoFaxFoxit ReaderFullDPAppQFolderHijackThis 2.0.2HP Deskjet 5400 seriesHP Extended Capabilities 5.0HP Image Zone 5.0HP Imaging Device Functions 5.0HP PSC & OfficeJet 4.2HP Software UpdateHP Solution Center & Imaging Support Tools 5.0HPDeskjet5400SeriesHPProductAssistantHPSystemDiagnosticsInstantShareInstantShareDevicesInterVideo FilterSDKJava 2 Runtime Environment, SE v1.4.0_03jetAudio Plus VXJourneySoftwarePromojv16 PowerTools 2009Kalendarz XP v29.85livebox tpMacromedia Flash Player 8Malwarebytes' Anti-MalwareMarketResearchMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Polish Language PackMicrosoft .NET Framework 2.0Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office Access MUI (Polish) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (Polish) 2007Microsoft Office Groove MUI (Polish) 2007Microsoft Office InfoPath MUI (Polish) 2007Microsoft Office OneNote MUI (Polish) 2007Microsoft Office Outlook MUI (Polish) 2007Microsoft Office PowerPoint MUI (Polish) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (German) 2007Microsoft Office Proof (Polish) 2007Microsoft Office Proofing (Polish) 2007Microsoft Office Publisher MUI (Polish) 2007Microsoft Office Shared MUI (Polish) 2007Microsoft Office Word MUI (Polish) 2007Microsoft Software Update for Web Folders (Polish) 12Microsoft SQL Server 2005Microsoft SQL Server 2005 Express Edition (INSERTGT)Microsoft SQL Server Native ClientMicrosoft SQL Server Setup Support Files (English)Microsoft SQL Server VSS WriterMicrosoft User-Mode Driver Framework Feature Pack 1.5Microsoft Visual C++ 2005 RedistributableMSXML 4.0 SP2 Parser and SDKMSXML 6.0 ParserNero 7 PremiumNOD32 FiXNokia Connectivity Cable DriverNokia PC SuiteNowe Gadu-GaduooVooooVoo ToolbarOpera 9.64Opus Plexus pluginOverlandPack Vista Inspirat 2 1.0Pakiet języka polskiego do jetAudio 6.2.1Pakiet sterowników systemu Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)Pakiet sterowników systemu Windows - Nokia Modem (02/15/2007 3.1)Pakiet sterowników systemu Windows - Nokia Modem (05/24/2007 6.84.0.1)PC Connectivity SolutionPerfectDiskPhotoGalleryPicasa 3PlatformPowerDVDPowerISOPowerProducerPrintScreenProductContextPS2 Multimedia Keyboard DriverQFolderQuickProjectsQuickTimeRandMapReadmeReal Alternative 1.51Realtek AC'97 AudioREALTEK Gigabit and Fast Ethernet NIC DriverSAGEM F@st 800-840Sagem Wi-Fi 11g USB adapter (driver)Sagem Wi-Fi 11g USB adapter (utility)ScanSecurity Update for Step By Step Interactive Training (KB898458)SkinsHP1Skype™ 3.6SolutionCenterSonic_PrimoSDKSpolszczenie do WinRar 3.7StatusSubEdit-PlayerSystem Antywirusowy NOD32TrayAppTVUnloadVIA Platforma Menedżera urządzeńWebFldrs XPWebRegWindows Internet Explorer 7Windows Media Format 11 runtimeWindows Media Player 11Windows XP Service Pack 3WinRAR archiverx264 Revision 489 x264.nl (remove only)==== End Of File ===========================
Gość komentarz 11 lipca 2009 komentarz 11 lipca 2009 Uruchom OTL i w oknie Custom Scans/Fixes wklej następujący skrypt: :OTLPRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\fsmgmt: DllName - fsmgmt.dll - File not foundO29 - HKLM SecurityProviders - (mcenspc.dll) - File not foundO33 - MountPoints2\{b9420679-fda7-11dc-b706-001bbf515e8d}\Shell - "" = AutoRunO33 - MountPoints2\{b9420679-fda7-11dc-b706-001bbf515e8d}\Shell\Auto\command - "" = H:\UFO.exe -- File not foundO4 - HKU\S-1-5-19..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [nlpo_02] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [nlpo_03] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [nlpo_04] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [nlpo_05] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [nlpo_06] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [nlpo_02] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [nlpo_03] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [nlpo_04] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [nlpo_05] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [nlpo_06] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)O1 - Hosts: 127.0.0.1 serial.alcohol-soft.comO1 - Hosts: 127.0.0.1 www.alcohol-soft.comO1 - Hosts: 127.0.0.1 images.alcohol-soft.comO1 - Hosts: 127.0.0.1 trial.alcohol-soft.comO1 - Hosts: 127.0.0.1 alcohol-soft.com:FilesC:\0jpz.exeD:\0jpz.exeE:\0jpz.exeF:\0jpz.exe:Reg[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"SuperHidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"Hidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"ShowSuperHidden"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]"CheckedValue"=dword:00000001[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]@="":Commands[emptytemp][start explorer][Reboot] Klikasz w Run Fix i zatwierdzasz restart komputera. Po restarcie - log z czyszczenia. .
ppawel232629 komentarz 11 lipca 2009 Autor komentarz 11 lipca 2009 Log z czyszczenia: All processes killed========== OTL ==========Process explorer.exe killed successfully!Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fsmgmt\ deleted successfully.Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mcenspc.dll deleted successfully.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9420679-fda7-11dc-b706-001bbf515e8d}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9420679-fda7-11dc-b706-001bbf515e8d}\ not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9420679-fda7-11dc-b706-001bbf515e8d}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9420679-fda7-11dc-b706-001bbf515e8d}\ not found.File H:\UFO.exe not found.Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nlpo_01 deleted successfully.C:\WINDOWS\System32\cmd.exe moved successfully.Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nlpo_02 deleted successfully.DllUnregisterServer procedure not found in C:\WINDOWS\System32\advpack.DLLC:\WINDOWS\System32\advpack.DLL NOT unregistered.C:\WINDOWS\System32\advpack.DLL moved successfully.Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nlpo_03 deleted successfully.File C:\WINDOWS\System32\cmd.exe not found.Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nlpo_04 deleted successfully.File C:\WINDOWS\System32\cmd.exe not found.Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nlpo_05 deleted successfully.File C:\WINDOWS\System32\advpack.DLL not found.Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nlpo_06 deleted successfully.File C:\WINDOWS\System32\advpack.DLL not found.Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nlpo_01 deleted successfully.File C:\WINDOWS\System32\cmd.exe not found.Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nlpo_02 deleted successfully.File C:\WINDOWS\System32\advpack.DLL not found.Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nlpo_03 deleted successfully.File C:\WINDOWS\System32\cmd.exe not found.Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nlpo_04 deleted successfully.File C:\WINDOWS\System32\cmd.exe not found.Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nlpo_05 deleted successfully.File C:\WINDOWS\System32\advpack.DLL not found.Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nlpo_06 deleted successfully.File C:\WINDOWS\System32\advpack.DLL not found.127.0.0.1 serial.alcohol-soft.com removed from HOSTS file successfully127.0.0.1 www.alcohol-soft.com removed from HOSTS file successfully127.0.0.1 images.alcohol-soft.com removed from HOSTS file successfully127.0.0.1 trial.alcohol-soft.com removed from HOSTS file successfully127.0.0.1 alcohol-soft.com removed from HOSTS file successfully========== FILES ==========C:\0jpz.exe moved successfully.File\Folder D:\0jpz.exe not found.File\Folder E:\0jpz.exe not found.File\Folder F:\0jpz.exe not found.========== REGISTRY ==========Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully!HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully!HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully!HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully!========== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytesUser: All UsersUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytesUser: Gość->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytesUser: LocalService->Temp folder emptied: 0 bytesFile delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.->Temporary Internet Files folder emptied: 33170 bytesUser: Marcin->Temp folder emptied: 166975072 bytes->Temporary Internet Files folder emptied: 1679473 bytes->Opera cache emptied: 942304 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 2114584 bytes%systemroot%\System32 .tmp files removed: 2596 bytesWindows Temp folder emptied: 2393795 bytesRecycleBin emptied: 1820692 bytesTotal Files Cleaned = 167,81 mbError: Unable to interpret <[start explorer]> in the current context!OTL by OldTimer - Version 3.0.3.0 log created on 07112009_112406Files\Folders moved on Reboot...Registry entries deleted on Reboot...
Gość komentarz 11 lipca 2009 komentarz 11 lipca 2009 Jest OK. 1. Odpal ponownie OTL i wywołaj go z opcji CleanUp, zgódź się na czyszczenie + restart komputera. 2. Użyj programu Malwarebytes. Wciskamy Skanuj, wybieramy dyski do skanowania i Rozpoczynamy skanowanie, na końcu wciskamy Usuń zaznaczone jak będą i Ok. Wrzuć wygenerowany raport po usuwaniu MBAMem. 3. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum. .
ppawel232629 komentarz 11 lipca 2009 Autor komentarz 11 lipca 2009 Mam problem z malwarebytes. Na końcu instalacji i przy każdej próbie uruchomienia wyskakuje mi taka tabliczka:
MarekM25 komentarz 11 lipca 2009 komentarz 11 lipca 2009 ojć, bo kamil się uwziął na zły plik advpack to dobry plik, ale nie martw się nic się nie stało;) zaraz to odkręcę lub kamil odkręci spróbuj tak: pobierz ten plik z: http://www.dll-files.com/dllindex/dll-files.shtml?advpack i spróbuj podstawić pod lokalizację system32 i jeszcze na przyszłość do kamila: O1 - Hosts: 127.0.0.1 serial.alcohol-soft.comO1 - Hosts: 127.0.0.1 www.alcohol-soft.comO1 - Hosts: 127.0.0.1 images.alcohol-soft.comO1 - Hosts: 127.0.0.1 trial.alcohol-soft.comO1 - Hosts: 127.0.0.1 alcohol-soft.com to nie są złe wpisy już kilka razy mówiłem:P one są po prostu od cracka do alcoholu tylko kamil nie gniewaj się od razu:P
Gość komentarz 12 lipca 2009 komentarz 12 lipca 2009 ojć, bo kamil się uwziął na zły plikadvpack to dobry plik, ale nie martw się nic się nie stało;) zaraz to odkręcę lub kamil odkręci spróbuj tak: pobierz ten plik z: http://www.dll-files.com/dllindex/dll-files.shtml?advpack i spróbuj podstawić pod lokalizację system32 i jeszcze na przyszłość do kamila: O1 - Hosts: 127.0.0.1 serial.alcohol-soft.comO1 - Hosts: 127.0.0.1 www.alcohol-soft.comO1 - Hosts: 127.0.0.1 images.alcohol-soft.comO1 - Hosts: 127.0.0.1 trial.alcohol-soft.comO1 - Hosts: 127.0.0.1 alcohol-soft.com to nie są złe wpisy już kilka razy mówiłem:P one są po prostu od cracka do alcoholu tylko kamil nie gniewaj się od razu:P Przepraszam za te pliki, niestety nie wiedziałem. A co do tych Hostów to po co jak Autor tematu chodzi bo Google czy po innych stronach ma przekierowywać na te? Lepiej je usunąć i żeby nie przekierowywało. .
ppawel232629 komentarz 12 lipca 2009 Autor komentarz 12 lipca 2009 ok, udało się z brakującym plikiem. Oto logi: ze skanowania malwarebytes: Malwarebytes' Anti-Malware 1.38Wersja bazy definicji: 2297Windows 5.1.2600 Dodatek Service Pack 32009-07-11 22:52:48mbam-log-2009-07-11 (22-52-48).txtTyp skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|)Przeskanowane obiekty: 180795Upłynęło: 36 minute(s), 20 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 0Zainfekowane wartości rejestru: 0Zainfekowane pliki rejestru: 0Zainfekowane foldery: 0Zainfekowane pliki: 2Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:(Nie wykryto groźnych plików)Zainfekowane wartości rejestru:(Nie wykryto groźnych plików)Zainfekowane pliki rejestru:(Nie wykryto groźnych plików)Zainfekowane foldery:(Nie wykryto groźnych plików)Zainfekowane pliki:c:\system volume information\_restore{3f83a48b-5602-4e95-8858-592948be7a74}\RP14\A0002521.exe (Trojan.Dropper) -> Quarantined and deleted successfully.c:\WINDOWS\is169084.exe (Trojan.Dropper) -> Quarantined and deleted successfully. ze skanowania kasperskim: --------------------------------------------------------------------------------RAPORT KASPERSKY ONLINE SCANNER 7.0 niedziela, 12 lipiec 2009 System operacyjny: Microsoft Windows XP Professional Dodatek Service Pack 3 (build 2600) Wersja Kaspersky Online Scanner: 7.0.26.12 Data ostatniej aktualizacji bazy danych: Sunday, July 12, 2009 08:10:53 Liczba wpisów: 2462201--------------------------------------------------------------------------------Ustawienia skanowania: Typ bazy danych użytej do skanowania: rozszerzona Skanuj archiwa: tak Skanuj pocztowe bazy danych: takObszar skanowania - Mój komputer: A:\ C:\ D:\ E:\ F:\ G:\Statystyki skanowania: Przeskanowanych plików: 79026 Nazwa zagrożenia: 4 Zainfekowanych obiektów: 5 Podejrzanych obiektów: 0 Czas skanowania: 02:11:48Nazwa pliku / Nazwa zagrożenia / Liczba zagrożeńC:\Program Files\ESET\infected\BOCRHPAA.NQF Zainfekowany: Trojan-GameThief.Win32.WOW.atl 1C:\Program Files\ESET\infected\CAZAVSBA.NQF Zainfekowany: Worm.Win32.AutoRun.ded 1C:\Program Files\ESET\infected\ENWICQAA.NQF Zainfekowany: Worm.Win32.AutoRun.ded 1C:\Program Files\ESET\infected\SHZUD2AA.NQF Zainfekowany: Virus.Win32.Virut.ce 1C:\Program Files\ESET\infected\SZH2YXAA.NQF Zainfekowany: Worm.Win32.AutoRun.as 1Wybrany obszar został przeskanowany.
MarekM25 komentarz 12 lipca 2009 komentarz 12 lipca 2009 (edytowane) C:\Program Files\ESET\infected\SHZUD2AA.NQF Zainfekowany: Virus.Win32.Virut.ce 1 to są wirusy z kwarantanny już chyba jest ok a te hosty to już kilka razy mówię, że one są od cracka od alcohola:PP kamil przyjrzyj się stroną od jakich są wpisane przekierowania
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.