dzodzo utworzono 9 września 2009 utworzono 9 września 2009 Log do sprawdzenia ComboFix 09-09-08.05 - dzidolek 2009-09-09 9:38:55.1.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1033.18.1014.484 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\dzidolek\Desktop\ComboFix.exeAV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} * Utworzono nowy punkt przywracania * Rezydentny antywirus jest aktywnyUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\dzidolek\autorun.infC:\Documents and Settings\dzidolek\dzidolek.exeC:\setup.exeC:\WINDOWS\kb913800.exeC:\WINDOWS\system32\AutoRun.inf.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_NWCWORKSTATION-------\Service_NWCWorkstation((((((((((((((((((((((((( Pliki utworzone od 2009-08-09 do 2009-09-09 ))))))))))))))))))))))))))))))).2009-09-07 19:06:06 . 2009-09-07 19:08:48 0 d-----w- C:\Documents and Settings\dzidolek\Application Data\TrueCrypt2009-09-07 19:02:40 . 2009-09-07 19:02:40 217664 ----a-w- C:\WINDOWS\system32\drivers\truecrypt.sys2009-09-07 19:02:39 . 2009-09-07 19:02:40 0 d-----w- C:\Program Files\TrueCrypt.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-09-07 20:11:28 . 2007-03-10 09:12:34 0 d-----w- C:\Program Files\Mozilla Fire2009-08-26 17:48:37 . 2008-01-02 21:11:49 0 d-----w- C:\Documents and Settings\dzidolek\Application Data\Skype2009-08-26 17:48:32 . 2008-01-02 21:14:26 0 d-----w- C:\Documents and Settings\dzidolek\Application Data\skypePM2009-08-06 17:09:22 . 2007-03-13 09:45:28 0 d-----w- C:\Documents and Settings\dzidolek\Application Data\OpenOffice.org22008-11-25 19:28:27 . 2008-11-25 19:18:16 27845632 ----a-w- C:\Program Files\bt_40036t.exe2008-03-04 11:16:18 . 2008-03-04 11:15:19 195909104 ----a-w- C:\Program Files\CorelDRAWGraphicsSuite12.exe2008-03-01 15:10:23 . 2008-03-01 15:10:13 646144 ----a-w- C:\Program Files\netscan.exe2008-03-04 11:19:58 . 2008-02-25 07:32:41 3766 --sha-w- C:\WINDOWS\system32\KGyGaAvL.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 00:12:28 1695232]"Alwact.exe"="C:\Program Files\Alwact\Bin\Alwact.exe" [2006-06-04 12:16:54 282624]"Nowe Gadu-Gadu"="C:\Program Files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 16:12:42 9339496][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 11:11:38 73728]"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 12:47:12 356352]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 23:02:08 761948]"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-12 08:38:12 136600]"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17:24 159744]"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 09:31:38 118784]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30:30 81920]"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30:30 249856]"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38:30 802816]"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32:44 696320]"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 19:17:04 94208]"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 19:17:50 118784]"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 19:13:40 77824]"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 20:34:40 49152]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47:42 31016]"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:56:34 64512]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 20:16:00 39792]"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 12:23:12 2021400]"TPSMain"="TPSMain.exe" - C:\WINDOWS\system32\TPSMain.exe [2005-08-03 13:26:14 266240]"TFncKy"="TFncKy.exe" [bU]"RTHDCPL"="RTHDCPL.EXE" - C:\WINDOWS\RTHDCPL.exe [2006-05-05 13:59:16 16206848]"NDSTray.exe"="NDSTray.exe" [bU]"CFSServ.exe"="CFSServ.exe" [bU]"AGRSMMSG"="AGRSMMSG.exe" - C:\WINDOWS\agrsmmsg.exe [2005-12-13 14:50:02 88204][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]C:\Documents and Settings\dzidolek\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]Wallperizer.lnk - C:\Program Files\Wallperizer\Wallperizer.exe [2008-10-31 905216]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 12:11:14 233472][HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages REG_MULTI_SZ msv1_0 nwprovau[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRES.EXE"="C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"21092:TCP"= 21092:TCP:BitComet 21092 TCP"21092:UDP"= 21092:UDP:BitComet 21092 UDPR1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [2009-02-06 14:23:18 106208]R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [2009-02-06 14:24:24 93336]R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 14:23:36 727720]R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\drivers\x10hid.sys [2006-09-14 13:10:51 7040]S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\drivers\k510bus.sys [2007-12-27 16:06:34 58288]S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\drivers\k510mdfl.sys [2007-12-30 15:30:46 8336]S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\drivers\k510mdm.sys [2007-12-30 15:30:46 94064]S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\drivers\k510mgmt.sys [2008-01-01 17:09:32 85408]S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\drivers\k510obex.sys [2008-01-01 17:09:32 83344][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP.- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exeHKLM-Run-Onet.pl AutoUpdate - C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www.wyborcza.pl/0,0.html?p=011uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} - hxxp://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocxFF - ProfilePath - C:\Documents and Settings\dzidolek\Application Data\Mozilla\Firefox\Profiles\44cl569x.default\FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.startup.homepage - hxxp://www.wyborcza.pl/0,0.html?p=011.
dzodzo komentarz 9 września 2009 Autor komentarz 9 września 2009 Log do sprawdzenia OTL logfile created on: 2009-09-09 18:31:47 - Run 1OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\dzidolek\DesktopWindows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd1013,98 Mb Total Physical Memory | 492,29 Mb Available Physical Memory | 48,55% Memory free2,39 Gb Paging File | 2,01 Gb Available in Paging File | 83,97% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 55,88 Gb Total Space | 11,28 Gb Free Space | 20,19% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: AGACurrent User Name: dzidolekLogged in as Administrator.Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2006-08-02 02:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exePRC - [2006-08-02 02:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exePRC - [2005-01-18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exePRC - [2006-10-09 18:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exePRC - [2005-08-05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exePRC - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exePRC - [2006-02-02 13:11:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exePRC - [2006-08-25 14:47:12 | 00,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Applet\thotkey.exePRC - [2008-12-12 10:38:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2006-06-29 09:41:22 | 00,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exePRC - [2005-08-03 15:26:02 | 00,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TPSBattM.exePRC - [2006-03-03 01:02:08 | 00,761,948 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exePRC - [2008-12-12 10:38:12 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exePRC - [2005-10-26 17:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exePRC - [2006-03-03 00:50:52 | 00,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exePRC - [2005-05-12 11:31:38 | 00,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exePRC - [2005-06-08 17:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exePRC - [2006-05-05 15:59:16 | 16,206,848 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXEPRC - [2006-03-16 22:58:50 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exePRC - [2005-08-11 17:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exePRC - [2006-08-02 02:38:30 | 00,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exePRC - [2006-08-02 02:32:44 | 00,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exePRC - [2006-03-23 21:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exePRC - [2006-03-23 21:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exePRC - [2007-03-11 22:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exePRC - [2006-10-27 01:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exePRC - [2005-08-05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exePRC - [2006-05-19 21:13:38 | 00,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exePRC - [2005-12-13 16:50:02 | 00,088,204 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exePRC - [2009-02-06 14:23:12 | 02,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exePRC - [2008-04-14 02:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exePRC - [2006-06-04 14:16:54 | 00,282,624 | ---- | M] (Firaz SAMET) -- C:\Program Files\Alwact\Bin\Alwact.exePRC - [2006-08-02 02:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exePRC - [2006-01-04 20:00:04 | 00,905,216 | ---- | M] () -- C:\Program Files\Wallperizer\Wallperizer.exePRC - [2006-02-07 17:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exePRC - [2001-11-12 14:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exePRC - [2005-08-05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exePRC - [2005-08-05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exePRC - [2008-04-14 02:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exePRC - [2006-08-02 02:27:54 | 00,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exePRC - [2005-08-10 08:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exePRC - [2006-02-24 12:58:14 | 00,868,352 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exePRC - [2008-04-14 02:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2006-03-23 21:13:30 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exePRC - [2009-09-09 18:29:08 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dzidolek\Desktop\OTL.exe========== Win32 Services (SafeList) ==========SRV - [2007-10-24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])SRV - [2006-03-22 08:48:56 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])SRV - [2005-01-18 01:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])SRV - [2007-10-24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])SRV - [2006-10-09 18:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])SRV - [2005-08-05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])SRV - [2009-02-06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])SRV - [2009-02-06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])SRV - [2006-08-02 02:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])SRV - [2006-10-20 23:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])SRV - [2008-04-14 02:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])SRV - [2007-03-11 22:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])SRV - [2007-03-11 23:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])SRV - [2004-10-22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])SRV - [2006-10-30 05:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])SRV - [2008-12-12 10:38:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])SRV - [2005-08-05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])SRV - [2004-08-10 05:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])SRV - [2006-10-27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])SRV - [2006-11-08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])SRV - [2006-10-30 05:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])SRV - [2006-05-01 22:04:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Stopped])SRV - [2006-10-26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])SRV - [2006-10-26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])SRV - [2006-11-08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])SRV - [2006-08-02 02:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])SRV - [2006-08-02 02:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])SRV - [2006-02-07 17:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running])SRV - [2006-10-18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])SRV - [2001-11-12 14:31:48 | 00,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets [Auto | Running])========== Driver Services (SafeList) ==========DRV - [2007-03-10 09:09:30 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])DRV - [2005-12-13 18:08:44 | 01,124,097 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])DRV - [2006-04-02 02:46:28 | 00,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])DRV - [2006-03-22 08:56:24 | 01,522,688 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])DRV - [2005-09-16 18:46:30 | 00,044,224 | R--- | M] (BVRP Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand | Stopped])DRV - [2006-01-13 01:27:48 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])DRV - [2009-02-06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])DRV - [2009-02-06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [system | Running])DRV - [2009-02-06 14:24:24 | 00,093,336 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [system | Running])DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])DRV - [2007-03-08 06:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])DRV - [2007-03-08 06:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])DRV - [2007-03-08 06:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])DRV - [2006-03-23 21:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])DRV - [2006-05-05 16:13:52 | 04,271,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])DRV - [2003-09-11 00:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])DRV - [2006-02-17 22:34:10 | 00,058,288 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510bus.sys -- (k510bus [On_Demand | Stopped])DRV - [2006-02-17 22:34:16 | 00,008,336 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mdfl.sys -- (k510mdfl [On_Demand | Stopped])DRV - [2006-02-17 22:34:18 | 00,094,064 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mdm.sys -- (k510mdm [On_Demand | Stopped])DRV - [2008-01-01 17:09:32 | 00,085,408 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510mgmt.sys -- (k510mgmt [On_Demand | Stopped])DRV - [2008-01-01 17:09:32 | 00,083,344 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k510obex.sys -- (k510obex [On_Demand | Stopped])DRV - [2005-06-03 14:46:52 | 00,055,216 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750bus.sys -- (k750bus [On_Demand | Stopped])DRV - [2005-06-03 14:46:58 | 00,006,576 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750mdfl.sys -- (k750mdfl [On_Demand | Stopped])DRV - [2005-06-03 14:47:00 | 00,089,872 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750mdm.sys -- (k750mdm [On_Demand | Stopped])DRV - [2005-06-03 14:47:04 | 00,081,728 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750mgmt.sys -- (k750mgmt [On_Demand | Stopped])DRV - [2005-06-03 14:47:06 | 00,079,488 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\k750obex.sys -- (k750obex [On_Demand | Stopped])DRV - [2003-01-29 23:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running])DRV - [2006-07-26 19:39:32 | 01,707,776 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\NETw3x32.sys -- (NETw3x32 [On_Demand | Running])DRV - [2006-05-01 22:04:00 | 03,643,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])DRV - [2008-04-13 20:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])DRV - [2004-08-10 14:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])DRV - [2004-08-10 14:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])DRV - [2008-04-13 20:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\nwrdr.sys -- (NWRDR [On_Demand | Stopped])DRV - [2003-09-19 02:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (Pfc [On_Demand | Running])DRV - [2004-09-03 19:19:07 | 00,054,368 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06 [system | Running])DRV - [2004-09-03 19:23:10 | 00,115,680 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02 [boot | Running])DRV - [2004-07-19 16:49:54 | 00,007,040 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1 [boot | Running])DRV - [2004-08-10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])DRV - [2006-08-02 03:27:48 | 00,012,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])DRV - [2006-09-18 16:58:48 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27bus.sys -- (SE27bus [On_Demand | Stopped])DRV - [2006-09-18 16:58:52 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys -- (SE27mdfl [On_Demand | Stopped])DRV - [2006-09-18 16:58:54 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mdm.sys -- (SE27mdm [On_Demand | Stopped])DRV - [2006-09-18 16:58:58 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys -- (SE27mgmt [On_Demand | Stopped])DRV - [2006-09-18 16:59:00 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se27nd5.sys -- (se27nd5 [On_Demand | Stopped])DRV - [2006-09-18 16:59:02 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27obex.sys -- (SE27obex [On_Demand | Stopped])DRV - [2006-09-18 16:59:08 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se27unic.sys -- (se27unic [On_Demand | Stopped])DRV - [2007-11-13 12:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])DRV - [2004-05-14 06:42:00 | 00,076,288 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Running])DRV - [2003-12-01 17:20:52 | 00,004,832 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01 [boot | Running])DRV - [2001-08-17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])DRV - [2006-03-03 00:46:54 | 00,191,968 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])DRV - [2005-11-30 19:12:00 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])DRV - [2005-09-09 15:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Stopped])DRV - [2009-09-07 21:02:40 | 00,217,664 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys -- (truecrypt [system | Running])DRV - [2005-10-20 15:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\DRIVERS\NBSMI.sys -- (TVALD [On_Demand | Running])DRV - [2006-05-30 17:42:52 | 00,045,696 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running])DRV - [2005-11-28 11:45:16 | 00,007,040 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\System32\Drivers\x10hid.sys -- (X10Hid [On_Demand | Running])========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeIE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeIE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-2742303259-594685323-1023456455-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-2742303259-594685323-1023456455-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchIE - HKU\S-1-5-21-2742303259-594685323-1023456455-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = GoogleIE - HKU\S-1-5-21-2742303259-594685323-1023456455-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8IE - HKU\S-1-5-21-2742303259-594685323-1023456455-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wyborcza.pl/0,0.html?p=011IE - HKU\S-1-5-21-2742303259-594685323-1023456455-1005\S-1-5-21-2742303259-594685323-1023456455-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Google"FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="FF - prefs.js..browser.startup.homepage: "http://www.wyborcza.pl/0,0.html?p=011"FF - prefs.js..extensions.enabledItems: filtersetg@updater:0.3.1.3FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008-12-12 10:38:15 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Fire\components [2009-06-18 00:28:18 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Fire\plugins [2009-06-14 20:39:56 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird[2008-12-07 12:06:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\mozilla\Extensions[2008-12-07 12:06:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2009-06-18 00:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\mozilla\Firefox\Profiles\44cl569x.default\extensions[2007-12-12 21:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\mozilla\Firefox\Profiles\44cl569x.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(2)[2008-12-07 12:08:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\mozilla\Firefox\Profiles\44cl569x.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2008-07-22 22:56:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\mozilla\Firefox\Profiles\44cl569x.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}[2009-01-09 22:28:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\mozilla\Firefox\Profiles\44cl569x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}[2008-05-25 09:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\mozilla\Firefox\Profiles\44cl569x.default\extensions\filtersetg@updaterO1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKU\S-1-5-21-2742303259-594685323-1023456455-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.O3 - HKU\S-1-5-21-2742303259-594685323-1023456455-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.O3 - HKU\S-1-5-21-2742303259-594685323-1023456455-1005\..\Toolbar\WebBrowser: (no name) - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - No CLSID value found.O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)O4 - HKLM..\Run: [CFSServ.exe] File not foundO4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)O4 - HKLM..\Run: [NDSTray.exe] File not foundO4 - HKLM..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe File not foundO4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)O4 - HKLM..\Run: [sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)O4 - HKLM..\Run: [TFncKy] File not foundO4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not foundO4 - HKU\S-1-5-21-2742303259-594685323-1023456455-1005..\Run: [Alwact.exe] C:\Program Files\Alwact\Bin\Alwact.exe (Firaz SAMET)O4 - HKU\S-1-5-21-2742303259-594685323-1023456455-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-2742303259-594685323-1023456455-1005..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\dzidolek\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\dzidolek\Start Menu\Programs\Startup\Wallperizer.lnk = C:\Program Files\Wallperizer\Wallperizer.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-2742303259-594685323-1023456455-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-2742303259-594685323-1023456455-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKU\S-1-5-21-2742303259-594685323-1023456455-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKU\S-1-5-21-2742303259-594685323-1023456455-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-2742303259-594685323-1023456455-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} http://slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx (Instalator oprogramowania Onet.pl)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ipp - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O24 - Desktop Components:0 (My Current Home Page) - About:HomeO28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006-09-13 16:00:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{e5b169a4-1629-11dd-90d7-0018de4b5027}\Shell - "" = AutoRunO33 - MountPoints2\{e5b169a4-1629-11dd-90d7-0018de4b5027}\Shell\AutoRun - "" = Auto&PlayO34 - HKLM BootExecute: (autocheck) - File not foundO34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) - File not found========== Files/Folders - Created Within 30 Days ==========[1 C:\WINDOWS\*.tmp files][2009-09-09 18:29:37 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dzidolek\Desktop\OTL.exe[2009-09-09 18:28:13 | 00,000,000 | -HSD | C] -- C:\RECYCLER[2009-09-09 18:26:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dzidolek\Desktop\zzz[2009-09-09 09:45:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp[2009-09-09 09:37:09 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2009-09-09 09:37:06 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe[2009-09-09 09:37:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2009-09-09 09:37:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2009-09-09 09:37:06 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2009-09-09 09:37:06 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2009-09-09 09:37:06 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2009-09-09 09:37:05 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2009-09-09 09:37:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2009-09-09 09:36:50 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF19702.exe[2009-09-09 09:35:05 | 00,000,000 | ---D | C] -- C:\Qoobox[2009-09-07 21:06:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dzidolek\Application Data\TrueCrypt[2009-09-07 21:02:40 | 00,217,664 | ---- | C] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys[2009-09-07 21:02:39 | 00,000,000 | ---D | C] -- C:\Program Files\TrueCrypt[2009-08-30 13:00:22 | 00,108,476 | -H-- | C] () -- C:\treeinfo.wc[2009-08-26 19:47:40 | 04,544,229 | ---- | C] () -- C:\Documents and Settings\dzidolek\Desktop\DSC_0470.JPG[2009-08-19 15:14:52 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\dzidolek\Desktop\s.doc[2009-08-18 20:17:05 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\dzidolek\Desktop\list.doc[2009-08-16 13:58:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dzidolek\Desktop\tel[2009-08-13 11:19:55 | 00,000,537 | ---- | C] () -- C:\Documents and Settings\dzidolek\Desktop\Shortcut to Stephen King.lnk[2008-10-31 14:35:14 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll[2008-10-31 14:35:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll[2008-02-25 09:32:41 | 00,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys[2008-01-19 14:51:44 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2007-12-27 19:06:37 | 00,003,273 | ---- | C] () -- C:\WINDOWS\wincmd.ini[2007-10-29 01:21:37 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI[2007-07-17 11:35:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ae_mini.INI[2007-07-17 10:12:12 | 00,000,515 | ---- | C] () -- C:\WINDOWS\smrpro.INI[2007-06-14 17:44:19 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll[2007-06-02 11:54:32 | 00,001,813 | ---- | C] () -- C:\WINDOWS\naglos.INI[2007-04-13 10:19:35 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll[2007-04-06 21:29:56 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2007-04-06 21:29:56 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2007-04-06 21:29:55 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2007-04-06 21:29:50 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2007-04-06 21:29:50 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest[2007-03-20 13:09:02 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini[2006-09-14 14:22:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2006-09-14 14:09:00 | 00,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini[2006-09-14 13:15:49 | 00,000,766 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2006-09-14 12:06:12 | 00,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini[2006-09-14 11:58:44 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll[2006-09-14 11:58:44 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll[2006-09-14 11:58:44 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll[2006-09-14 11:58:44 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll[2006-09-14 11:58:44 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll[2006-09-14 11:58:44 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll[2006-09-14 11:54:03 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys[2006-09-14 11:54:03 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys[2006-09-14 10:49:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI[2006-09-14 10:28:39 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini[2006-09-14 10:28:39 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll[2006-09-14 10:28:39 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini[2006-09-14 10:28:39 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini[2006-09-14 10:25:44 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll[2006-09-14 09:51:54 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll[2006-09-14 09:51:54 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll[2006-09-14 01:11:25 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll[2006-09-14 01:11:24 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll[2006-09-14 01:11:24 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll[2006-09-14 01:11:23 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll[2006-09-14 01:11:22 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll[2006-09-13 14:43:07 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll[2006-09-13 14:43:07 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI[2006-09-13 14:42:24 | 00,000,638 | ---- | C] () -- C:\WINDOWS\win.ini[2006-09-13 14:42:21 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini[2006-01-30 23:15:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini[2005-10-14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll[2005-10-14 11:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll[2005-10-14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll[2005-10-14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll[2005-10-14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll[2005-09-02 15:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll[2005-08-05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll[2005-07-22 22:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll[2004-07-20 18:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll[2004-01-15 15:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll[1999-01-22 20:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL[1997-06-25 15:24:16 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll========== Files - Modified Within 30 Days ==========[9 C:\WINDOWS\System32\*.tmp files][1 C:\WINDOWS\*.tmp files][2009-09-09 18:29:08 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dzidolek\Desktop\OTL.exe[2009-09-09 18:24:23 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009-09-09 18:23:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009-09-09 18:23:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009-09-09 18:23:38 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys[2009-09-09 09:49:59 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini[2009-09-09 09:49:02 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2009-09-09 09:36:32 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF19702.exe[2009-09-09 09:29:38 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2009-09-09 09:29:37 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\dzidolek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-09-07 21:50:38 | 00,003,273 | ---- | M] () -- C:\WINDOWS\wincmd.ini[2009-09-07 21:02:40 | 00,217,664 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys[2009-09-03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe[2009-08-31 17:27:17 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\dzidolek\Desktop\Microsoft Word.lnk[2009-08-30 14:47:59 | 00,108,476 | -H-- | M] () -- C:\treeinfo.wc[2009-08-19 15:14:53 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\dzidolek\Desktop\s.doc[2009-08-19 10:13:11 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\dzidolek\Desktop\list.doc[2009-08-13 11:19:55 | 00,000,537 | ---- | M] () -- C:\Documents and Settings\dzidolek\Desktop\Shortcut to Stephen King.lnk========== LOP Check ==========[2008-04-03 11:04:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data[2006-09-19 11:47:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ATI[2007-03-10 09:09:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intel[2007-03-10 16:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba[2007-03-10 16:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search[2009-02-02 18:56:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data[2008-01-08 12:21:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitstream Font Navigator[2009-01-25 17:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET[2007-03-10 09:09:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel[2007-10-20 05:44:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft[2008-01-01 17:13:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca[2008-04-03 11:04:09 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data[2006-09-19 11:47:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ATI[2007-03-10 09:09:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Intel[2007-03-10 16:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba[2007-03-10 16:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search[2009-09-07 21:06:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\dzidolek\Application Data[2007-08-01 13:26:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\.ABC[2007-12-27 20:53:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Ahead[2006-09-19 11:47:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\ATI[2008-07-14 16:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\AutoMapa[2007-12-23 22:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\AutoUpdate[2008-03-06 19:05:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Corel[2007-11-18 17:46:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\DataLayer[2008-03-24 12:12:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\dvdcss[2007-06-20 02:10:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Earth 2140[2008-11-01 11:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\ESRI[2007-06-04 13:31:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Gadu-Gadu[2007-03-10 09:09:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Intel[2007-04-16 11:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\InterVideo[2007-12-23 22:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Kamerzysta[2008-02-10 14:57:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Leadertech[2008-10-01 13:35:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Listonosz[2007-07-19 18:42:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\MusicIP[2007-11-18 17:50:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Nokia[2009-05-21 20:06:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Nowe Gadu-Gadu[2008-10-01 13:35:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Onet[2009-08-06 19:09:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\OpenOffice.org2[2008-04-02 17:58:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Opera[2007-06-16 20:29:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Oxin's Style![2007-11-18 17:39:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\PC Suite[2007-07-20 23:51:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\SecondLife[2008-01-01 17:13:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Teleca[2008-01-01 12:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Thinstall[2008-10-01 12:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Thunderbird[2007-03-10 16:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\toshiba[2009-09-07 21:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\TrueCrypt[2007-08-28 09:56:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\VoipDiscount[2007-06-02 12:51:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\VoipStunt[2007-03-10 16:19:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dzidolek\Application Data\Windows Desktop Search[2007-03-10 16:24:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data[2007-03-10 09:09:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel[2007-03-10 16:24:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander[2007-03-10 16:24:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data[2007-03-10 09:09:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel[2004-08-10 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini[2009-09-09 18:23:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT========== Purity Check ==========< End of report >
dzodzo komentarz 14 września 2009 Autor komentarz 14 września 2009 (edytowane) skanowałem laptopa kasperskym wykrył mi coś takiego http://img27.imageshack.us/img27/1188/111ly.jpg przeskanowałem też dr web pokazał http://img149.imageshack.us/img149/2458/drweb.jpg proszę o rozwiązanie zagadki
Gość komentarz 15 września 2009 komentarz 15 września 2009 1. Zastosuj (z podłączonymi urządzeniami wymiennymi) Flash Disfector. 2. Z folderu "System Volume Information" usuniesz kopie "wirusów" poprzez chwilowe wyłączenie "Przywracania Systemu": >Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka). To na tyle. . 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.