dodzibj utworzono 10 października 2009 utworzono 10 października 2009 (edytowane) kaspersky znalazł konia trojańskiego Packed.Win32.PePatch.dk log z hijackthis [log] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:01:46, on 2009-10-10 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe C:\WINDOWS\system32\HASPSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL$CDN_OPTIMA\Binn\sqlservr.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Kalendarz XP\Kalendarz.exe C:\DOCUME~1\Drotka\USTAWI~1\Temp\RtkBtMnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: &Wirtualna klawiatura - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: &Sprawdzanie adresów - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://download.gamedesire.com/g_bin/pl/slots70_2_0_0_35.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1DDC9651-E8A9-4689-AF14-5399B744549C}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip\..\{D4368D39-143B-42F0-9195-C1F2A41FB572}: NameServer = 194.204.159.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: ArcaBit Control (ArcaRemoteService) - Unknown owner - C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe (file missing) O23 - Service: ArcaBit Backup Service (AVBackup) - Unknown owner - C:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe (file missing) O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: ArcaBit Tasks Service (AVTasks2) - Unknown owner - C:\PROGRA~1\ArcaBit\Common\ARCATA~1.EXE (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: GtDetectSc - OptionNV - C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HASPSrv - ComArch - C:\WINDOWS\system32\HASPSrv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- End of file - 10141 bytes [/log]
MarekM25 komentarz 10 października 2009 komentarz 10 października 2009 Gdzie jest wykrywany trojan? Daj loga z [url="http://www.forumpc.pl/index.php?showtopic=104338"]OTListIt2[/url].
dodzibj komentarz 10 października 2009 Autor komentarz 10 października 2009 system volume information
MarekM25 komentarz 10 października 2009 komentarz 10 października 2009 Więc wyłącz i włącz przywracanie systemu (Mój komputer->PPM->właściwości->Przywracanie systemu-> Zaznaczasz Wyłącz przywracanie systemu na wszystkich dyskach a później znowu zaznaczasz).
dodzibj komentarz 10 października 2009 Autor komentarz 10 października 2009 (edytowane) [log] OTL logfile created on: 2009-10-10 23:39:45 - Run 1 OTL by OldTimer - Version 3.0.19.0 Folder = C:\Documents and Settings\Drotka\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1014,36 Mb Total Physical Memory | 260,67 Mb Available Physical Memory | 25,70% Memory free 2,38 Gb Paging File | 1,76 Gb Available in Paging File | 74,13% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55,89 Gb Total Space | 40,14 Gb Free Space | 71,82% Space Free | Partition Type: NTFS Drive D: | 55,86 Gb Total Space | 47,84 Gb Free Space | 85,64% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JAG-64B6BEB35D6 Current User Name: Drotka Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2009-10-10 23:37:01 | 00,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Drotka\Pulpit\OTL.exe PRC - [2009-09-02 15:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2009-08-03 20:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe PRC - [2009-07-03 15:45:24 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe PRC - [2009-03-08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009-02-09 13:25:57 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe PRC - [2009-01-11 20:00:26 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-01-11 20:00:25 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008-09-08 11:59:41 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe PRC - [2008-04-14 19:21:49 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiapsrv.exe PRC - [2008-04-14 19:21:48 | 00,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.exe PRC - [2008-04-14 19:21:43 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe PRC - [2008-04-14 19:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe PRC - [2008-04-14 19:21:42 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smss.exe PRC - [2008-04-14 19:21:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2008-04-14 19:21:22 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008-04-14 19:21:10 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe PRC - [2008-04-14 19:21:10 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrss.exe PRC - [2008-04-14 19:21:02 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alg.exe PRC - [2008-02-14 18:53:53 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Temp\RtkBtMnt.exe PRC - [2007-12-18 12:48:40 | 00,196,704 | ---- | M] (OptionNV) -- C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe PRC - [2007-11-22 05:55:26 | 00,671,744 | ---- | M] (ComArch) -- C:\WINDOWS\System32\HASPSrv.exe PRC - [2007-11-14 12:54:24 | 02,131,392 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2007-09-30 09:16:40 | 00,166,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe PRC - [2007-09-30 09:16:38 | 00,051,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe PRC - [2007-05-29 08:32:36 | 16,132,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2006-11-02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe PRC - [2006-03-04 18:40:30 | 00,882,176 | ---- | M] () -- C:\Program Files\Kalendarz XP\Kalendarz.exe PRC - [2005-10-28 17:25:44 | 00,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe PRC - [2005-10-27 12:00:22 | 00,299,008 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CamTray.exe PRC - [2005-02-08 07:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE PRC - [2002-12-17 16:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$CDN_OPTIMA\Binn\sqlservr.exe [color=#E56717]========== Win32 Services (All) ==========[/color] SRV - File not found -- -- (AVTasks2 [Auto | Stopped]) SRV - File not found -- -- (AVBackup [Auto | Stopped]) SRV - File not found -- -- (ArcaRemoteService [Auto | Stopped]) SRV - [2009-07-03 15:56:14 | 00,303,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP [Auto | Running]) SRV - [2009-06-10 08:16:42 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wkssvc.dll -- (lanmanworkstation [Auto | Running]) SRV - [2009-02-09 13:25:57 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe -- (PlugPlay [Auto | Running]) SRV - [2009-02-09 13:25:57 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\services.exe -- (Eventlog [Auto | Running]) SRV - [2009-02-09 12:53:44 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcss.dll -- (RpcSs [Auto | Running]) SRV - [2009-02-09 12:53:44 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcss.dll -- (DcomLaunch [Auto | Running]) SRV - [2009-01-11 20:00:25 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2008-09-08 11:59:41 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2008-07-07 22:29:10 | 00,253,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\es.dll -- (EventSystem [On_Demand | Running]) SRV - [2008-07-06 14:48:40 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2008-06-20 19:48:53 | 00,246,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswsock.dll -- (Nla [On_Demand | Running]) SRV - [2008-04-14 19:21:49 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiapsrv.exe -- (WmiApSrv [On_Demand | Running]) SRV - [2008-04-14 19:21:46 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssvc.exe -- (VSS [On_Demand | Stopped]) SRV - [2008-04-14 19:21:45 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ups.exe -- (UPS [On_Demand | Stopped]) SRV - [2008-04-14 19:21:43 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler [Auto | Running]) SRV - [2008-04-14 19:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe -- (HidServ [Disabled | Stopped]) SRV - [2008-04-14 19:21:43 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe -- (AppMgmt [On_Demand | Stopped]) SRV - [2008-04-14 19:21:42 | 00,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smlogsvc.exe -- (SysmonLog [On_Demand | Stopped]) SRV - [2008-04-14 19:21:39 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe -- (RDSessMgr [On_Demand | Stopped]) SRV - [2008-04-14 19:21:38 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SCardSvr.exe -- (SCardSvr [On_Demand | Stopped]) SRV - [2008-04-14 19:21:31 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netdde.exe -- (NetDDEdsdm [Disabled | Stopped]) SRV - [2008-04-14 19:21:31 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netdde.exe -- (NetDDE [Disabled | Stopped]) SRV - [2008-04-14 19:21:28 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer [On_Demand | Stopped]) SRV - [2008-04-14 19:21:28 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe -- (MSDTC [On_Demand | Stopped]) SRV - [2008-04-14 19:21:24 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe -- (mnmsrvc [On_Demand | Stopped]) SRV - [2008-04-14 19:21:22 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe -- (RpcLocator [On_Demand | Stopped]) SRV - [2008-04-14 19:21:22 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (SamSs [Auto | Running]) SRV - [2008-04-14 19:21:22 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (ProtectedStorage [Auto | Running]) SRV - [2008-04-14 19:21:22 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (PolicyAgent [Auto | Running]) SRV - [2008-04-14 19:21:22 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (NtLmSsp [On_Demand | Stopped]) SRV - [2008-04-14 19:21:22 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lsass.exe -- (Netlogon [On_Demand | Stopped]) SRV - [2008-04-14 19:21:19 | 00,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi.exe -- (ImapiService [On_Demand | Stopped]) SRV - [2008-04-14 19:21:12 | 00,225,280 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin [On_Demand | Stopped]) SRV - [2008-04-14 19:21:12 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv [On_Demand | Stopped]) SRV - [2008-04-14 19:21:12 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhost.exe -- (COMSysApp [On_Demand | Stopped]) SRV - [2008-04-14 19:21:07 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clipsrv.exe -- (ClipSrv [Disabled | Stopped]) SRV - [2008-04-14 19:21:07 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cisvc.exe -- (CiSvc [On_Demand | Stopped]) SRV - [2008-04-14 19:21:02 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alg.exe -- (ALG [On_Demand | Running]) SRV - [2008-04-14 19:21:01 | 00,483,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsvc.dll -- (WZCSVC [Auto | Running]) SRV - [2008-04-14 19:21:01 | 00,129,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprov.dll -- (xmlprov [On_Demand | Stopped]) SRV - [2008-04-14 19:21:01 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll -- (wuauserv [Auto | Running]) SRV - [2008-04-14 19:20:58 | 00,145,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\WMIsvc.dll -- (winmgmt [Auto | Running]) SRV - [2008-04-14 19:20:58 | 00,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc [Auto | Running]) SRV - [2008-04-14 19:20:57 | 00,334,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaservc.dll -- (stisvc [Auto | Running]) SRV - [2008-04-14 19:20:57 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w32time.dll -- (W32Time [Auto | Running]) SRV - [2008-04-14 19:20:57 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webclnt.dll -- (WebClient [Auto | Running]) SRV - [2008-04-14 19:20:57 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ssl.dll -- (HTTPFilter [On_Demand | Stopped]) SRV - [2008-04-14 19:20:56 | 00,296,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll -- (TermService [On_Demand | Running]) SRV - [2008-04-14 19:20:56 | 00,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tapisrv.dll -- (TapiSrv [On_Demand | Running]) SRV - [2008-04-14 19:20:56 | 00,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\upnphost.dll -- (upnphost [On_Demand | Stopped]) SRV - [2008-04-14 19:20:56 | 00,171,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll -- (srservice [Auto | Running]) SRV - [2008-04-14 19:20:56 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\srvsvc.dll -- (lanmanserver [Auto | Running]) SRV - [2008-04-14 19:20:56 | 00,090,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\trkwks.dll -- (TrkWks [Auto | Running]) SRV - [2008-04-14 19:20:56 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssdpsrv.dll -- (SSDPSRV [On_Demand | Running]) SRV - [2008-04-14 19:20:47 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs.dll -- (Themes [Auto | Running]) SRV - [2008-04-14 19:20:47 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs.dll -- (ShellHWDetection [Auto | Running]) SRV - [2008-04-14 19:20:47 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shsvcs.dll -- (FastUserSwitchingCompatibility [On_Demand | Running]) SRV - [2008-04-14 19:20:46 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sens.dll -- (SENS [Auto | Running]) SRV - [2008-04-14 19:20:45 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll -- (Schedule [Auto | Running]) SRV - [2008-04-14 19:20:45 | 00,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasmans.dll -- (RasMan [On_Demand | Running]) SRV - [2008-04-14 19:20:45 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\seclogon.dll -- (seclogon [Auto | Running]) SRV - [2008-04-14 19:20:44 | 00,409,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll -- (BITS [Auto | Running]) SRV - [2008-04-14 19:20:44 | 00,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll -- (napagent [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasauto.dll -- (RasAuto [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2008-04-14 19:20:41 | 00,435,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntmssvc.dll -- (NtmsSvc [On_Demand | Stopped]) SRV - [2008-04-14 19:20:40 | 00,198,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netman.dll -- (Netman [On_Demand | Running]) SRV - [2008-04-14 19:20:38 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msgsvc.dll -- (Messenger [Disabled | Stopped]) SRV - [2008-04-14 19:20:35 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mprdim.dll -- (RemoteAccess [Disabled | Stopped]) SRV - [2008-04-14 19:20:34 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll -- (hkmsvc [On_Demand | Stopped]) SRV - [2008-04-14 19:20:34 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lmhsvc.dll -- (LmHosts [Auto | Running]) SRV - [2008-04-14 19:20:33 | 00,330,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipnathlp.dll -- (SharedAccess [Auto | Running]) SRV - [2008-04-14 19:20:33 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running]) SRV - [2008-04-14 19:20:31 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ersvc.dll -- (ERSvc [Auto | Running]) SRV - [2008-04-14 19:20:30 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll -- (EapHost [On_Demand | Stopped]) SRV - [2008-04-14 19:20:26 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll -- (Dot3svc [On_Demand | Stopped]) SRV - [2008-04-14 19:20:26 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dnsrslvr.dll -- (Dnscache [Auto | Running]) SRV - [2008-04-14 19:20:26 | 00,024,064 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dmserver.dll -- (dmserver [On_Demand | Stopped]) SRV - [2008-04-14 19:20:22 | 00,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpcsvc.dll -- (Dhcp [Auto | Running]) SRV - [2008-04-14 19:20:17 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptsvc.dll -- (CryptSvc [Auto | Running]) SRV - [2008-04-14 19:20:04 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browser.dll -- (Browser [Auto | Stopped]) SRV - [2008-04-14 19:20:03 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\audiosrv.dll -- (AudioSrv [Auto | Running]) SRV - [2008-04-14 19:19:59 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alrsvc.dll -- (Alerter [Disabled | Stopped]) SRV - [2007-12-18 12:48:40 | 00,196,704 | ---- | M] (OptionNV) -- C:\Program Files\ERA\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc [Auto | Running]) SRV - [2007-11-22 05:55:26 | 00,671,744 | ---- | M] (ComArch) -- C:\WINDOWS\System32\HASPSrv.exe -- (HASPSrv [Auto | Running]) SRV - [2007-09-30 09:16:40 | 00,166,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Auto | Running]) SRV - [2007-09-30 09:16:38 | 00,051,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service [Auto | Running]) SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) SRV - [2006-11-02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe -- (ProtexisLicensing [Auto | Running]) SRV - [2006-10-18 22:47:16 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSNSv.dll -- (WmdmPmSN [On_Demand | Stopped]) SRV - [2006-09-28 19:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WUDFSvc.dll -- (WudfSvc [On_Demand | Stopped]) SRV - [2006-03-02 14:00:00 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsvp.exe -- (RSVP [On_Demand | Stopped]) SRV - [2004-10-22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2003-07-28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2002-12-17 16:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$CDN_OPTIMA\Binn\sqlservr.exe -- (MSSQL$CDN_OPTIMA [Auto | Running]) SRV - [2002-12-17 16:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$CDN_OPTIMA\Binn\sqlagent.EXE -- (SQLAgent$CDN_OPTIMA [On_Demand | Stopped]) SRV - [2002-12-17 16:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-10-10 05:45:03 | 00,296,976 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF [System | Running]) DRV - [2009-06-15 14:01:00 | 00,128,016 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running]) DRV - [2009-05-16 20:59:44 | 00,019,472 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klmouflt.sys -- (klmouflt [On_Demand | Running]) DRV - [2009-05-13 17:46:52 | 00,031,760 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running]) DRV - [2008-12-15 20:41:32 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running]) DRV - [2008-04-13 20:54:36 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Running]) DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2008-04-01 08:34:41 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys -- (Haspnt [Auto | Running]) DRV - [2008-02-22 19:53:00 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) DRV - [2008-02-18 16:14:38 | 00,106,624 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\Gt51Ip.sys -- (GT72NDISIPXP [On_Demand | Stopped]) DRV - [2008-02-08 12:00:22 | 00,059,648 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gt72ubus.sys -- (GT72UBUS [On_Demand | Stopped]) DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2007-06-24 21:56:54 | 00,038,920 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped]) DRV - [2007-06-24 21:56:40 | 00,027,656 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio [On_Demand | Running]) DRV - [2007-06-24 21:56:34 | 00,034,312 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running]) DRV - [2007-05-31 12:04:56 | 04,424,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2007-03-30 12:38:14 | 00,008,064 | ---- | M] (Option N.V.) -- C:\WINDOWS\System32\DRIVERS\gtptser.sys -- (GTPTSER [On_Demand | Stopped]) DRV - [2007-03-05 20:59:04 | 00,018,320 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Running]) DRV - [2007-03-05 20:56:18 | 00,035,600 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running]) DRV - [2007-03-05 20:55:12 | 00,020,880 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum [Boot | Running]) DRV - [2007-03-05 20:53:18 | 00,044,304 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running]) DRV - [2007-03-05 20:52:18 | 00,034,448 | ---- | M] (IVT Corporation.) -- C:\WINDOWS\System32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running]) DRV - [2007-02-16 16:46:00 | 00,160,256 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running]) DRV - [2007-01-25 06:44:06 | 00,290,304 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running]) DRV - [2006-12-23 03:56:44 | 00,988,800 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running]) DRV - [2006-12-23 03:56:00 | 00,209,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running]) DRV - [2006-12-23 03:55:56 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running]) DRV - [2006-11-22 10:01:48 | 00,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\hardlock.sys -- (Hardlock [Auto | Running]) DRV - [2006-10-12 16:28:42 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running]) DRV - [2006-06-20 06:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running]) DRV - [2006-04-01 17:16:44 | 00,162,176 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\V0260Vid.sys -- (V0260VID [On_Demand | Stopped]) DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2006-03-02 14:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running]) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1454471165-884357618-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1454471165-884357618-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ IE - HKU\S-1-5-21-1454471165-884357618-682003330-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1454471165-884357618-682003330-1004\S-1-5-21-1454471165-884357618-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1454471165-884357618-682003330-1004\S-1-5-21-1454471165-884357618-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-16 03:02:44 | 00,000,000 | ---D | M] O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-1454471165-884357618-682003330-1004\..\Toolbar\WebBrowser: (&Adres) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1454471165-884357618-682003330-1004\..\Toolbar\WebBrowser: (&Łącza) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1454471165-884357618-682003330-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) O3 - HKU\S-1-5-21-1454471165-884357618-682003330-1004\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKU\S-1-5-21-1454471165-884357618-682003330-1004\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-1454471165-884357618-682003330-1004..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1454471165-884357618-682003330-1004..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-1454471165-884357618-682003330-1004..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1454471165-884357618-682003330-1004..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKU\S-1-5-21-1454471165-884357618-682003330-1004..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1454471165-884357618-682003330-1004..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1454471165-884357618-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: &Wirtualna klawiatura - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: &Sprawdzanie adresów - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation) O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/pi/components/SignActivX.cab (SignActivX Control) O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} http://download.gamedesire.com/g_bin/pl/slots70_2_0_0_35.cab (GameDesire Slots 70th) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.159.1 194.204.152.34 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\System32\upnpui.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Moduł wstępnego ładowania interfejsu Browseui - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Demon buforu kategorii składników - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-02-14 18:37:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008-02-14 15:03:46 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{3d96671f-7789-11dd-9a95-0011679baff6}\Shell - "" = AutoRun O33 - MountPoints2\{e28665e1-b428-11de-9de1-001e4c2c34b7}\Shell - "" = AutoRun O33 - MountPoints2\{e28665e1-b428-11de-9de1-001e4c2c34b7}\Shell\AutoRun\command - "" = F:\EasySuite.exe -- File not found O33 - MountPoints2\{e6ca133e-b283-11de-9dd8-001e4c2c34b7}\Shell - "" = AutoRun O33 - MountPoints2\{e6ca133e-b283-11de-9dd8-001e4c2c34b7}\Shell\AutoRun\command - "" = F:\EasySuite.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\EasySuite.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [1 C:\WINDOWS\*.tmp files] [2009-10-06 21:48:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet [2009-10-03 23:15:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater [2009-10-10 05:45:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab [2009-10-06 08:25:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files [2009-10-10 17:35:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-10-10 03:59:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2009-10-10 04:02:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-10-01 11:06:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TrueCrypt [2009-10-10 12:15:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Dane aplikacji\Adobe [2009-09-21 23:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Dane aplikacji\AutoUpdate [2009-09-21 23:14:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Dane aplikacji\Creative [2009-09-30 02:25:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Dane aplikacji\FUJIFILM [2009-10-06 08:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Dane aplikacji\GanymedeNet [2009-10-01 07:51:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Dane aplikacji\Help [2009-10-10 17:35:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Dane aplikacji\Malwarebytes [2009-10-06 08:25:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Dane aplikacji\Opera [2009-10-10 03:59:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Dane aplikacji\Simply Super Software [2009-10-06 08:30:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Dane aplikacji\Skype [2009-10-10 04:05:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\Abelssoft [2009-10-06 08:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\Ares [2009-10-06 08:25:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\Ashampoo Antivirus [2009-10-06 01:56:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\AskToolbar [2009-10-08 05:31:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\Installer1736 [2009-10-08 05:20:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\Installer3072 [2009-10-06 08:25:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\Opera [2009-10-07 00:06:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\Temp [2009-10-08 17:41:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files [2009-10-06 08:30:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2009-10-06 08:29:56 | 00,000,000 | ---D | C] -- C:\Program Files\AVG [2009-09-21 23:05:09 | 00,000,000 | ---D | C] -- C:\Program Files\Creative [2009-10-06 08:29:56 | 00,000,000 | ---D | C] -- C:\Program Files\Ganymede [2009-10-10 05:45:33 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2009-10-10 17:35:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-10-06 08:29:57 | 00,000,000 | ---D | C] -- C:\Program Files\MOJOSOFT [2009-10-06 08:30:15 | 00,000,000 | R--D | C] -- C:\Program Files\Skype [2009-10-05 23:18:20 | 00,000,000 | ---D | C] -- C:\Program Files\SoftprojectGP [2009-10-10 21:39:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-10-10 03:59:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2009-10-10 04:04:56 | 00,000,000 | ---D | C] -- C:\Program Files\WashAndGo [2009-10-06 08:29:57 | 00,000,000 | ---D | C] -- C:\Program Files\Zylom Games [2009-10-10 23:37:01 | 00,520,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Drotka\Pulpit\OTL.exe [2009-10-10 17:35:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-10-10 17:35:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-10-10 12:03:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Moje dokumenty\WebCam Center [2009-10-10 05:45:03 | 00,296,976 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2009-10-10 04:01:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Moje dokumenty\Simply Super Software [2009-10-10 03:59:36 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll [2009-10-08 20:56:21 | 00,000,000 | ---D | C] -- C:\Webcam Live! [2009-10-08 17:56:01 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Drotka\Moje dokumenty\Moja muzyka [2009-10-08 13:54:25 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Drotka\Moje dokumenty\PROGRAMY [2009-10-08 13:52:22 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Drotka\Moje dokumenty\INSTALKI [2009-10-08 05:55:04 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Drotka\Moje dokumenty\Moje wideo [2009-10-06 18:57:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2009-10-06 18:16:26 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2009-10-06 08:29:11 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2009-10-05 23:06:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009-10-03 23:02:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8(2) [2009-09-24 10:52:25 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Drotka\Moje dokumenty\Moje obrazy [2009-09-21 23:10:23 | 00,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscomct2.ocx [2009-09-21 23:10:09 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSTEE.sys [2009-09-21 23:10:09 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys [2009-09-21 23:09:55 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NdisIP.sys [2009-09-21 23:09:55 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys [2009-09-21 23:09:50 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax [2009-09-21 23:09:50 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax [2009-09-21 23:09:50 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\StreamIP.sys [2009-09-21 23:09:50 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys [2009-09-21 23:09:45 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\SLIP.sys [2009-09-21 23:09:45 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys [2009-09-21 23:09:40 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WSTCODEC.SYS [2009-09-21 23:09:40 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys [2009-09-21 23:09:35 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NABTSFEC.sys [2009-09-21 23:09:35 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys [2009-09-21 23:09:29 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\CCDECODE.sys [2009-09-21 23:09:29 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys [2009-09-21 23:09:02 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax [2009-09-21 23:09:02 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax [2009-09-21 23:09:02 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax [2009-09-21 23:09:02 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax [2009-09-21 23:09:02 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll [2009-09-21 23:09:02 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll [2009-09-21 23:09:02 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax [2009-09-21 23:09:02 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax [2009-09-21 23:08:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\CtDrvInstall [2009-09-21 17:28:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Drotka\Moje dokumenty\Downloads [2009-09-15 16:55:58 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll [2009-09-15 16:55:52 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx [2009-09-15 16:55:43 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll [2004-11-24 20:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\*.tmp files] [2009-10-10 23:38:00 | 00,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8E20A245-12C2-45DB-BF61-CA699C9E33F3}.job [2009-10-10 23:37:01 | 00,520,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Drotka\Pulpit\OTL.exe [2009-10-10 22:00:43 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Drotka\Pulpit\HijackThis.lnk [2009-10-10 20:43:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-10-10 20:43:37 | 00,013,750 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-10-10 20:43:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-10-10 05:53:11 | 00,107,547 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2009-10-10 05:53:11 | 00,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2009-10-10 05:50:16 | 00,604,140 | -HS- | M] () -- C:\WINDOWS\System32\drivers\ISwift3.dat [2009-10-10 05:45:03 | 00,296,976 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2009-10-10 05:40:45 | 00,002,640 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009-10-10 04:43:35 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-10-10 04:28:41 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2009-10-10 04:05:05 | 00,001,598 | ---- | M] () -- C:\Documents and Settings\Drotka\Pulpit\1-Klick-EasyClean starten.lnk [2009-10-10 04:05:05 | 00,000,694 | ---- | M] () -- C:\Documents and Settings\Drotka\Pulpit\WashAndGo.lnk [2009-10-10 03:57:46 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-09 19:00:45 | 00,009,439 | ---- | M] () -- C:\WINDOWS\system.ini [2009-10-09 19:00:45 | 00,000,689 | ---- | M] () -- C:\WINDOWS\win.ini [2009-10-09 19:00:45 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2009-10-08 17:48:10 | 01,156,142 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-10-08 17:48:10 | 00,514,184 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-10-08 17:48:10 | 00,455,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-10-08 17:48:10 | 00,093,910 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-10-08 17:48:10 | 00,077,150 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-10-08 17:28:18 | 04,810,526 | -H-- | M] () -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-10-07 13:52:47 | 01,501,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-10-07 05:17:05 | 00,000,007 | ---- | M] () -- C:\tw0001.dat [2009-10-06 21:48:22 | 00,046,832 | ---- | M] () -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-09-23 03:30:08 | 00,002,828 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009-09-23 03:30:01 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\3C251DAB8D.sys [2009-09-21 17:27:12 | 00,000,048 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat [color=#E56717]========== Files - No Company Name ==========[/color] [2009-10-10 21:39:26 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Drotka\Pulpit\HijackThis.lnk [2009-10-10 05:50:16 | 00,604,140 | -HS- | C] () -- C:\WINDOWS\System32\drivers\ISwift3.dat [2009-10-10 05:46:42 | 00,107,547 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2009-10-10 05:46:42 | 00,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2009-10-10 04:05:05 | 00,001,598 | ---- | C] () -- C:\Documents and Settings\Drotka\Pulpit\1-Klick-EasyClean starten.lnk [2009-10-10 04:05:05 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\Drotka\Pulpit\WashAndGo.lnk [2009-10-10 03:59:36 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2009-10-10 03:59:36 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2009-10-10 03:59:36 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2009-10-10 03:59:36 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2009-10-09 19:00:44 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk [2009-10-07 05:17:05 | 00,000,007 | ---- | C] () -- C:\tw0001.dat [2009-10-06 17:17:57 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2009-10-03 22:44:42 | 00,000,464 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8E20A245-12C2-45DB-BF61-CA699C9E33F3}.job [2009-09-21 23:11:47 | 00,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd [2009-09-21 17:27:12 | 00,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009-03-02 12:17:18 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2009-02-17 14:10:13 | 00,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009-02-17 14:10:13 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\3C251DAB8D.sys [2008-07-19 18:13:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI [2008-04-01 08:35:10 | 00,133,120 | ---- | C] () -- C:\WINDOWS\System32\HASPXPx64.dll [2008-04-01 08:35:10 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\HASPXPx32.dll [2008-04-01 08:34:41 | 00,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2008-03-30 10:45:16 | 00,000,761 | ---- | C] () -- C:\WINDOWS\m3jp2k.ini [2008-03-30 10:45:16 | 00,000,702 | ---- | C] () -- C:\WINDOWS\mmtvmj.ini [2008-03-30 10:45:15 | 00,000,714 | ---- | C] () -- C:\WINDOWS\m3jpeg.ini [2008-03-30 10:45:13 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2008-03-30 10:34:19 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-03-30 10:34:19 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-02-25 19:50:19 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2008-02-25 19:47:18 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CDE DX3800EDFNSCHPGT.ini [2008-02-21 19:18:00 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat [2008-02-20 20:16:02 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-02-20 20:16:02 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008-02-18 20:51:31 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008-02-16 18:51:19 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-02-14 20:25:24 | 00,000,547 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-02-14 20:08:50 | 00,046,832 | ---- | C] () -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2008-02-14 19:25:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2008-02-14 18:48:09 | 04,810,526 | -H-- | C] () -- C:\Documents and Settings\Drotka\Ustawienia lokalne\Dane aplikacji\IconCache.db [2008-02-14 18:42:08 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Drotka\Dane aplikacji\desktop.ini [2006-03-02 14:00:00 | 00,009,439 | ---- | C] () -- C:\WINDOWS\system.ini [2006-03-02 14:00:00 | 00,000,689 | ---- | C] () -- C:\WINDOWS\win.ini [2004-10-12 07:40:58 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2004-10-12 07:39:48 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2004-10-12 07:39:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2004-10-09 07:40:16 | 00,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2004-10-05 09:16:08 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2004-10-03 18:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2003-04-08 12:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2009-10-10 17:35:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2008-07-14 17:09:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth [2009-02-17 14:34:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Corel [2008-09-01 17:38:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2009-10-06 21:48:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet [2008-08-30 13:22:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\F-Secure [2009-10-05 23:24:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\fssg [2009-03-27 21:03:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\G DATA [2009-10-10 03:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2009-10-10 06:01:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-10-01 11:06:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TrueCrypt [2008-02-25 19:54:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\UDL [2008-10-01 14:34:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Zylom [2008-02-14 19:25:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-10-10 17:35:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Drotka\Dane aplikacji [2008-03-29 21:40:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Drotka\Dane aplikacji\Ahead [2009-09-21 23:39:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Drotka\Dane aplikacji\AutoUpdate [2009-03-08 17:25:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Drotka\Dane aplikacji\Corel [2009-08-28 20:47:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Drotka\Dane aplikacji\EPSON [2008-08-30 09:44:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Drotka\Dane aplikacji\F-Secure [2009-10-06 08:31:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Drotka\Dane aplikacji\FUJIFILM [2008-02-14 20:40:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Drotka\Dane aplikacji\Gadu-Gadu [2009-10-06 11:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Drotka\Dane aplikacji\GanymedeNet [2008-04-09 09:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Drotka\Dane aplikacji\mojosoft [2009-10-06 08:25:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Drotka\Dane aplikacji\Opera [2009-10-10 03:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Drotka\Dane aplikacji\Simply Super Software [2009-10-08 12:44:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Drotka\Dane aplikacji\uTorrent [2008-02-14 19:25:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Gość\Dane aplikacji [2009-10-08 05:02:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2009-02-06 10:51:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\ArcaBit [2008-02-14 18:40:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2006-03-02 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-10-10 20:43:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009-10-10 23:38:00 | 00,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8E20A245-12C2-45DB-BF61-CA699C9E33F3}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 < End of report > [/log]
MarekM25 komentarz 10 października 2009 komentarz 10 października 2009 Otwórz notatnik tekstowy i wklej do niego poniższy tekst: (bez frazy [b]kod[/b])[code]Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2][/code] Zapisz jako->Wybierz [b]Wszystkie pliki[/b]->wpisz [b]Fix.reg[/b]->Następnie kliknij na zapisany plik i uruchom komputer ponownie. Poza tym to czysto wykonaj to co w poprzednim poście i uruchom otl i kliknij CleanUp.
dodzibj komentarz 10 października 2009 Autor komentarz 10 października 2009 przepraszam za pytanie ale nie bardzo sie znam fix.reg mam wpisac w nazwe dokumentu?
MarekM25 komentarz 10 października 2009 komentarz 10 października 2009 Tak wybierasz wszystkie pliki i wpisujesz Fix.reg 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.