x-kom hosting

Proszę o sprawdzenie logów

patryk999
utworzono
utworzono

Witam
Od 2ch dni walcze z jakimś syfem. Nod wywalał ostrzeżenie o jakiś wirusach ale nie mogłem ich usunąć. Dopiero combofix pomogł (chyba??) Proszę o sprawdzenie logów.

Z góry dziekuje, pozdrawiam

Rsit:
[code]Logfile of random's system information tool 1.06 (written by random/random)
Run by ppp at 2009-10-20 21:59:20
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 16 GB (52%) free of 31 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59, on 2009-10-20
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\CTHELPER.EXE
C:\PROGRA~1\GADU-G~1\gg.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
D:\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\CTsvcCDA.EXE
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\system32\oodag.exe
C:\windows\System32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe
C:\windows\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Opera\opera.exe
C:\windows\system32\NOTEPAD.EXE
C:\Documents and Settings\ppp\Pulpit\RSIT.exe
C:\Program Files\trend micro\ppp.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UpdReg] C:\windows\Updreg.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRA~1\GADU-G~1\gg.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz z &BitSpirit - D:\BitSpirit\bsurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{55B95FEB-5334-4135-90D4-C93320053504}: NameServer = 83.142.201.12,193.138.243.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{55B95FEB-5334-4135-90D4-C93320053504}: NameServer = 83.142.201.12,193.138.243.12
O17 - HKLM\System\CS3\Services\Tcpip\..\{55B95FEB-5334-4135-90D4-C93320053504}: NameServer = 83.142.201.12,193.138.243.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\windows\system32\oodag.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\windows\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\windows\system32\UTSCSI.EXE

--
End of file - 7919 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-09-08 949376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"NeroFilterCheck"=C:\windows\system32\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"UpdReg"=C:\windows\Updreg.exe [2000-05-11 90112]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]
"NvMediaCenter"=C:\windows\system32\NvMcTray.dll [2009-08-17 86016]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2009-08-17 13877248]
"CTHelper"=C:\windows\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"=C:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"=C:\PROGRA~1\GADU-G~1\gg.exe [2008-03-20 2127296]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
""=
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"D:\IVT Corporation\BlueSoleil\BlueSoleil.exe"="D:\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\CRYSIS\Bin32\Crysis.exe"="D:\CRYSIS\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"D:\CRYSIS\Bin32\CrysisDedicatedServer.exe"="D:\CRYSIS\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"D:\pes 09\pes2009.exe"="D:\pes 09\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Far Cry 2\bin\FarCry2.exe"="D:\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\Far Cry 2\bin\FC2Launcher.exe"="D:\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\Far Cry 2\bin\FC2Editor.exe"="D:\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-10-20 21:58:26 ----D---- C:\rsit
2009-10-20 21:39:50 ----D---- C:\windows\temp
2009-10-20 21:39:47 ----A---- C:\log.txt
2009-10-20 21:39:47 ----A---- C:\ComboFix.txt
2009-10-20 21:27:13 ----A---- C:\windows\PEV.exe
2009-10-19 18:27:29 ----A---- C:\windows\{00000001-00000000-00000008-00001102-00000004-00531102}.BAK
2009-09-24 20:38:52 ----D---- C:\windows\system32\AGEIA
2009-09-24 20:38:51 ----D---- C:\Program Files\AGEIA Technologies
2009-09-23 23:50:19 ----A---- C:\windows\wininit.ini
2009-09-23 22:57:17 ----A---- C:\windows\system32\instwdm.ini
2009-09-23 22:57:17 ----A---- C:\windows\CTDCRES.DLL
2009-09-23 22:28:17 ----RA---- C:\windows\system32\fdco1.dll
2009-09-23 22:28:13 ----A---- C:\windows\system32\nvunrm.exe
2009-09-23 22:28:12 ----RA---- C:\windows\system32\nvconrm.dll
2009-09-23 22:28:12 ----RA---- C:\windows\system32\bdco1.dll
2009-09-23 22:28:09 ----RA---- C:\windows\system32\nvusmb.exe
2009-09-23 22:20:05 ----A---- C:\windows\system32\nvudisp.exe
2009-09-23 22:19:48 ----A---- C:\windows\system32\NVUNINST.EXE
2009-09-23 22:19:26 ----D---- C:\NVIDIA
2009-09-23 22:18:53 ----A---- C:\windows\system32\nv4_disp.dll
2009-09-23 22:11:12 ----D---- C:\Program Files\NVIDIA Corporation
2009-09-23 22:11:07 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA Corporation
2009-09-23 15:14:59 ----A---- C:\windows\INSTRES.DLL
2009-09-23 15:14:57 ----A---- C:\windows\Updreg.exe
2009-09-23 15:14:56 ----N---- C:\windows\system32\sfcvrt32.dll
2009-09-23 15:14:56 ----N---- C:\windows\system32\ctwflt32.dll
2009-09-23 15:14:56 ----N---- C:\windows\system32\ctl3d.dll
2009-09-23 15:14:56 ----N---- C:\windows\ctres.dll
2009-09-23 15:14:56 ----N---- C:\windows\ctccw.dll
2009-09-23 15:14:56 ----N---- C:\windows\ac3api.ini
2009-09-23 15:14:04 ----A---- C:\windows\system32\CTSVCCTL.EXE
2009-09-23 15:14:04 ----A---- C:\windows\system32\CTSVCCDA.EXE
2009-09-23 15:13:30 ----N---- C:\windows\system32\CtMp3Lib.dll
2009-09-23 15:13:30 ----N---- C:\windows\system32\ctmp3io2.dll
2009-09-23 15:13:30 ----N---- C:\windows\system32\CTMERes.DLL
2009-09-23 15:13:30 ----N---- C:\windows\system32\CTMedEng.dll
2009-09-23 15:13:30 ----N---- C:\windows\system32\CTIntRes.dll
2009-09-23 15:13:30 ----N---- C:\windows\system32\CTDrmRes.dll
2009-09-23 15:13:30 ----N---- C:\windows\system32\CtDetres.dll
2009-09-23 15:13:29 ----N---- C:\windows\system32\CTDrmUI.dll
2009-09-23 15:12:53 ----A---- C:\windows\system32\AHQCpURes.dll
2009-09-23 15:10:46 ----D---- C:\Program Files\Creative
2009-09-22 17:49:50 ----A---- C:\windows\system32\d3dx10_41.dll
2009-09-22 17:49:50 ----A---- C:\windows\system32\D3DCompiler_41.dll
2009-09-22 17:49:49 ----A---- C:\windows\system32\XAudio2_4.dll
2009-09-22 17:49:49 ----A---- C:\windows\system32\XAPOFX1_3.dll
2009-09-22 17:49:49 ----A---- C:\windows\system32\D3DX9_41.dll
2009-09-22 17:49:48 ----A---- C:\windows\system32\xactengine3_4.dll
2009-09-22 17:49:47 ----A---- C:\windows\system32\X3DAudio1_6.dll
2009-09-22 17:49:47 ----A---- C:\windows\system32\d3dx10_40.dll
2009-09-22 17:49:47 ----A---- C:\windows\system32\D3DCompiler_40.dll
2009-09-22 17:49:46 ----A---- C:\windows\system32\D3DX9_40.dll
2009-09-22 17:49:45 ----A---- C:\windows\system32\XAudio2_3.dll
2009-09-22 17:49:45 ----A---- C:\windows\system32\XAPOFX1_2.dll
2009-09-22 17:49:44 ----A---- C:\windows\system32\xactengine3_3.dll
2009-09-22 17:49:44 ----A---- C:\windows\system32\X3DAudio1_5.dll
2009-09-22 17:49:43 ----A---- C:\windows\system32\XAudio2_2.dll
2009-09-22 17:49:43 ----A---- C:\windows\system32\XAPOFX1_1.dll
2009-09-22 17:49:42 ----A---- C:\windows\system32\xactengine3_2.dll
2009-09-22 17:49:41 ----A---- C:\windows\system32\d3dx10_39.dll
2009-09-22 17:49:41 ----A---- C:\windows\system32\D3DCompiler_39.dll
2009-09-22 17:49:40 ----A---- C:\windows\system32\D3DX9_39.dll

======List of files/folders modified in the last 1 months======

2009-10-20 21:59:21 ----D---- C:\Program Files\Trend Micro
2009-10-20 21:46:47 ----D---- C:\windows\system32
2009-10-20 21:46:47 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-10-20 21:42:23 ----D---- C:\Program Files\Kalendarz XP
2009-10-20 21:41:00 ----A---- C:\windows\SchedLgU.Txt
2009-10-20 21:39:50 ----AD---- C:\WINDOWS
2009-10-20 21:38:48 ----D---- C:\windows\ERDNT
2009-10-20 21:38:31 ----A---- C:\windows\system.ini
2009-10-20 21:35:47 ----D---- C:\windows\system32\drivers
2009-10-20 21:35:47 ----D---- C:\windows\AppPatch
2009-10-20 21:35:39 ----D---- C:\Program Files\Common Files
2009-10-20 21:33:17 ----D---- C:\windows\system32\CatRoot2
2009-10-20 21:31:06 ----RSHDC---- C:\windows\system32\dllcache
2009-10-20 21:27:07 ----D---- C:\windows\Prefetch
2009-10-19 15:47:07 ----SHD---- C:\windows\CSC
2009-10-17 14:16:37 ----D---- C:\Documents and Settings\ppp\Dane aplikacji\Adobe
2009-10-16 18:38:50 ----D---- C:\Program Files\Mozilla Firefox
2009-09-24 20:39:09 ----SHD---- C:\windows\Installer
2009-09-24 20:38:51 ----AD---- C:\Program Files
2009-09-24 20:38:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-24 19:48:42 ----D---- C:\windows\system32\DirectX
2009-09-24 19:48:39 ----HD---- C:\windows\inf
2009-09-24 19:48:01 ----RSD---- C:\windows\assembly
2009-09-24 00:20:26 ----A---- C:\windows\DFC.INI
2009-09-23 23:55:56 ----D---- C:\windows\UI
2009-09-23 23:50:45 ----D---- C:\Program Files\LimeWire
2009-09-23 22:58:27 ----D---- C:\windows\system32\Defaults
2009-09-23 22:58:16 ----D---- C:\windows\system32\CatRoot
2009-09-23 22:57:44 ----A---- C:\windows\system32\wrap_oal.dll
2009-09-23 22:57:44 ----A---- C:\windows\system32\OpenAL32.dll
2009-09-23 22:57:40 ----D---- C:\Documents and Settings\ppp\Dane aplikacji\Creative
2009-09-23 22:57:32 ----D---- C:\windows\system
2009-09-23 22:57:27 ----D---- C:\windows\system32\Data
2009-09-23 22:21:12 ----D---- C:\windows\Help
2009-09-23 16:49:38 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-23 16:44:46 ----A---- C:\windows\win.ini
2009-09-23 15:15:26 ----A---- C:\windows\SBWIN.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\windows\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 dk2drv;DK2 WindowsNT Driver; \??\C:\windows\SYSTEM32\Drivers\dk2drv.sys []
R1 nod32drv;nod32drv; C:\windows\system32\drivers\nod32drv.sys [2007-09-08 15424]
R1 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; C:\windows\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 AMON;AMON; C:\windows\system32\drivers\amon.sys [2007-09-08 512096]
R2 FLE5WNNT;FLE-5 WindowsNT Driver; \??\C:\windows\System32\Drivers\fle5wnnt.sys []
R2 FLSIFACE;FLSIface; \??\C:\windows\System32\Drivers\flsiface.sys []
R2 FLSPAR;FLSPar; \??\C:\windows\System32\Drivers\flspar.sys []
R2 FLSSER;FLSSer; \??\C:\windows\System32\Drivers\flsser.sys []
R2 FLSVCOM;FLSVCom; \??\C:\windows\System32\Drivers\flsvcom.sys []
R2 PARLDR2K;ParLdr2k; \??\C:\windows\system32\drivers\parldr2k.sys []
R3 Arp1394;Protokół klienta 1394 ARP; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BlueletAudio;Bluetooth Audio Service; C:\windows\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\windows\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 ctac32k;Creative AC3 Software Decoder; C:\windows\system32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\windows\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\windows\system32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\windows\system32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\windows\System32\drivers\emupia2k.sys [2006-08-11 78336]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\windows\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 HidUsb;Sterownik Microsoft klasy HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\windows\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Sterownik myszy HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 NIC1394;Sterownik sieci 1394; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\windows\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\windows\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 ossrv;Creative OS Services Driver; C:\windows\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2001-08-18 5888]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\windows\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;Sterownik magazynu masowego USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 VComm;Virtual Serial port driver; C:\windows\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\windows\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S1 kbdhid;Sterownik klawiatury HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS []
S3 amsar9yb;amsar9yb; C:\windows\system32\drivers\amsar9yb.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\windows\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\windows\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 Cardex;Cardex; \??\C:\windows\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\ppp\USTAWI~1\Temp\catchme.sys []
S3 CCDECODE;Dekoder napisów; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\windows\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 dtscsi;dtscsi; C:\windows\System32\Drivers\dtscsi.sys []
S3 FreshIO;FreshIO; \??\D:\FreshDevices\FreshIO.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2008-12-17 25280]
S3 hap16v2k;Creative P16V HAL Driver; C:\windows\system32\drivers\hap16v2k.sys [2006-08-11 154112]
S3 hap17v2k;Creative P17V HAL Driver; C:\windows\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 MSICPL;MSICPL; \??\G:\install4\MSICPL.sys []
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys []
S3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\windows\system32\DRIVERS\rtl8185.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\G:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TBPanel;TBPanel; C:\windows\system32\drivers\TBPanel.sys [2002-07-27 5306]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbbus;LGE Mobile Composite USB Device; C:\windows\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\windows\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\windows\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 usbprint;Klasa PRINTER USB Microsoft; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Sterownik skanera USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 VHidMinidrv;Bluetooth HID Device Service; C:\windows\system32\drivers\VHIDMini.sys [2005-04-30 11736]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\windows\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-12-02 611664]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; D:\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\windows\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 hpqddsvc;Usługa HP CUE DeviceDiscovery; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-25 53248]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-09-08 552064]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2009-08-17 168004]
R2 O&O Defrag;O&O Defrag; C:\windows\system32\oodag.exe [2008-11-03 1332480]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\windows\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2008-04-14 14336]
S2 PCLEPCI;PCLEPCI; C:\windows\system32\drivers\pclepci.sys [2005-02-09 14165]
S2 UTSCSI;CLCV0; C:\windows\system32\UTSCSI.EXE []
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-21 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------[/code]

ComboFix
[code]ComboFix 09-10-19.04 - ppp 2009-10-20 21:33.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1023.704 [GMT 2:00]
Uruchomiony z: c:\documents and settings\ppp\Pulpit\ComboFix.exe
AV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezydentny antywirus jest aktywny


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ppp\USTAWI~1\Temp\cvasds0.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\ieuinit.inf

Zainfekowana kopia c:\windows\system32\drivers\atapi.sys została znaleziona. Problem naprawiono
Plik odzyskano z - Kitty ate it :^)
.
((((((((((((((((((((((((( Pliki utworzone od 2009-09-20 do 2009-10-20 )))))))))))))))))))))))))))))))
.

2009-09-24 20:21 . 2009-09-24 20:30 -------- d-----w- C:\games
2009-09-24 18:38 . 2009-09-24 18:38 -------- d-----w- c:\windows\system32\AGEIA
2009-09-24 18:38 . 2009-09-24 18:39 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-23 20:57 . 2006-08-11 12:55 10240 ----a-w- c:\windows\CTDCRES.DLL
2009-09-23 20:28 . 2005-04-05 19:22 33536 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2009-09-23 20:28 . 2005-04-05 19:19 201728 ----a-r- c:\windows\system32\fdco1.dll
2009-09-23 20:28 . 2005-06-03 13:07 176128 ----a-w- c:\windows\system32\nvunrm.exe
2009-09-23 20:28 . 2005-04-05 19:22 208256 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2009-09-23 20:28 . 2005-04-05 19:19 9728 ----a-r- c:\windows\system32\bdco1.dll
2009-09-23 20:28 . 2005-04-04 11:00 32256 ----a-r- c:\windows\system32\nvconrm.dll
2009-09-23 20:28 . 2005-04-05 19:22 12928 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2009-09-23 20:28 . 2005-04-05 19:22 261888 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2009-09-23 20:28 . 2005-08-03 06:51 176128 ----a-r- c:\windows\system32\nvusmb.exe
2009-09-23 20:20 . 2009-08-16 22:57 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-23 20:19 . 2009-08-11 10:35 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-23 20:19 . 2009-09-23 20:19 -------- d-----w- C:\NVIDIA
2009-09-23 20:18 . 2009-08-16 22:57 7729568 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2009-09-23 20:18 . 2009-08-16 22:57 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-23 20:18 . 2009-08-16 22:57 5845760 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2009-09-23 20:18 . 2009-08-16 22:57 5845760 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-23 20:11 . 2009-09-23 20:11 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-23 20:11 . 2009-09-23 20:11 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation
2009-09-23 13:14 . 2001-09-11 13:28 16384 ----a-w- c:\windows\INSTRES.DLL
2009-09-23 13:14 . 2000-05-10 23:00 90112 ----a-w- c:\windows\Updreg.exe
2009-09-23 13:14 . 1998-06-05 00:00 84992 ------w- c:\windows\system32\sfcvrt32.dll
2009-09-23 13:14 . 1998-01-07 23:00 1048576 ------w- c:\windows\system32\sfman.dat
2009-09-23 13:14 . 1996-05-23 00:24 24976 ------w- c:\windows\ctres.dll
2009-09-23 13:14 . 1995-08-30 00:02 82432 ------w- c:\windows\system32\ctwflt32.dll
2009-09-23 13:14 . 1995-07-13 00:01 26768 ------w- c:\windows\system32\ctl3d.dll
2009-09-23 13:14 . 1994-12-05 01:11 53552 ------w- c:\windows\ctccw.dll
2009-09-23 13:14 . 2009-09-23 13:14 -------- d-----w- C:\Media
2009-09-23 13:14 . 1999-12-12 23:01 44032 ----a-w- c:\windows\system32\CTSVCCDA.EXE
2009-09-23 13:14 . 1999-11-17 23:00 25088 ----a-w- c:\windows\system32\CTSVCCTL.EXE
2009-09-23 13:13 . 2001-08-14 23:06 110592 ------w- c:\windows\system32\ctmp3io2.dll
2009-09-23 13:13 . 2001-08-08 09:53 73728 ------w- c:\windows\system32\CTDrmRes.dll
2009-09-23 13:13 . 2001-08-08 09:53 62976 ------w- c:\windows\system32\CtDetres.dll
2009-09-23 13:13 . 2001-08-08 09:53 28672 ------w- c:\windows\system32\CTIntRes.dll
2009-09-23 13:13 . 2001-07-24 01:00 278528 ------w- c:\windows\system32\CTMedEng.dll
2009-09-23 13:13 . 2001-07-17 00:00 352256 ------w- c:\windows\system32\CtMp3Lib.dll
2009-09-23 13:13 . 2000-04-19 23:00 24576 ------w- c:\windows\system32\CTMERes.DLL
2009-09-23 13:13 . 2001-04-10 23:10 143360 ------w- c:\windows\system32\CTDrmUI.dll
2009-09-23 13:12 . 2001-09-20 15:46 12288 ----a-w- c:\windows\system32\AHQCpURes.dll
2009-09-23 13:10 . 2009-09-23 20:58 -------- d-----w- c:\program files\Creative

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 19:36 . 2001-10-26 18:15 88422 ----a-w- c:\windows\system32\perfc015.dat
2009-10-20 19:36 . 2001-10-26 18:15 497076 ----a-w- c:\windows\system32\perfh015.dat
2009-10-20 19:03 . 2009-08-26 19:36 -------- d-----w- c:\program files\Kalendarz XP
2009-09-24 18:38 . 2008-12-01 22:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-23 21:50 . 2006-12-19 13:58 -------- d-----w- c:\program files\LimeWire
2009-09-23 20:57 . 2009-04-03 20:06 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-23 20:57 . 2001-08-23 09:46 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-23 20:57 . 2009-04-03 20:06 -------- d-----w- c:\documents and settings\ppp\Dane aplikacji\Creative
2009-09-23 14:49 . 2006-12-14 13:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-17 01:03 . 2009-08-17 01:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-08-17 01:02 . 2009-08-17 01:02 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-08-16 22:57 . 2009-08-16 22:57 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-16 22:57 . 2009-08-16 22:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-16 22:57 . 2009-08-16 22:57 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-16 22:57 . 2009-08-16 22:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-16 22:57 . 2009-08-16 22:57 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-16 22:57 . 2009-08-16 22:57 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-16 22:57 . 2009-08-16 22:57 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-10-11 08:49 . 2006-12-20 13:29 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-10-11 08:49 . 2006-12-20 13:29 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-10-11 08:49 . 2006-12-20 13:29 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-10-11 08:49 . 2006-12-20 13:29 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-10-11 08:49 . 2006-12-20 13:29 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-12-15 17:48 . 2006-12-15 17:48 8 --sha-r- c:\windows\neoqaz2.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\progra~1\GADU-G~1\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-09-08 949376]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"UpdReg"="c:\windows\Updreg.exe" [2000-05-10 90112]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" - c:\windows\MIDIDEF.EXE [2006-08-11 25600]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2009-8-26 882176]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"d:\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\CRYSIS\\Bin32\\Crysis.exe"=
"d:\\CRYSIS\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\pes 09\\pes2009.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Far Cry 2\\bin\\FC2Editor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22642:TCP"= 22642:TCP:BitComet 22642 TCP
"22642:UDP"= 22642:UDP:BitComet 22642 UDP
"27176:TCP"= 27176:TCP:BitComet 27176 TCP
"27176:UDP"= 27176:UDP:BitComet 27176 UDP
"8185:TCP"= 8185:TCP:BitComet 8185 TCP
"8185:UDP"= 8185:UDP:BitComet 8185 UDP
"7761:TCP"= 7761:TCP:BitComet 7761 TCP
"7761:UDP"= 7761:UDP:BitComet 7761 UDP
"25454:TCP"= 25454:TCP:BitComet 25454 TCP
"25454:UDP"= 25454:UDP:BitComet 25454 UDP

R1 dk2drv;DK2 WindowsNT Driver;c:\windows\system32\drivers\dk2drv.sys [2009-03-21 49720]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-09-08 15424]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [2009-03-20 33404]
R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [2009-03-20 13440]
R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [2009-03-20 16314]
R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [2009-03-20 8344]
R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [2009-03-20 34048]
R2 PARLDR2K;ParLdr2k;c:\windows\system32\drivers\parldr2k.sys [2009-03-20 10454]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\g:\ntglm7x.sys --> g:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Pobierz z &BitSpirit - d:\bitspirit\bsurl.htm
LSP: c:\windows\system32\imon.dll
TCP: {55B95FEB-5334-4135-90D4-C93320053504} = 83.142.201.12,193.138.243.12
FF - ProfilePath - c:\documents and settings\ppp\Dane aplikacji\Mozilla\Firefox\Profiles\b44fed2i.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-20 21:38
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-1085031214-2147197409-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f4,19,f9,fa,55,28,9d,63,94,e1,7b,4b,e6,52,94,ce,fd,81,f6,e2,b9,6e,87,
02,c9,46,7e,a7,53,0b,56,d3,ef,2f,88,07,28,4f,71,e1,a6,30,cf,89,2a,e8,c2,24,\
"??"=hex:00,72,d8,a6,b1,de,59,10,e7,1e,31,03,da,1d,eb,ed

[HKEY_USERS\S-1-5-21-1085031214-2147197409-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:08,82,37,4f,07,b9,8f,93,31,49,ad,f8,79,12,5c,28,1a,d8,1d,c3,6a,
91,fb,78,ec,21,28,d6,1f,69,52,a4,ae,fd,56,b2,c0,eb,68,36,4a,fc,1d,f5,c4,04,\
"rkeysecu"=hex:46,a8,fe,3c,b0,fb,96,00,00,77,1e,ba,1d,79,4b,d9

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3BAE32D63E121FB2010E10268D9EF9C47E32AAA55A1450D20DA6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CFEBC9E127BECC74CEE125050CD8ED302FCC59BB83BC6578442D1B6B52BC182BF10ABFE027F29DF12E98917D4AFC2B17AF67DA231600E992C519CD43E5C758BB4982DCDB2CD0B12AADE77C04DD3D8E5726097F7E25FBC4C8D0AE01EF767D85204515B586566914C4CE1C4B89D2C9DACD7912AF36CFD20A921280A745808DAADCCFC91B08C996D9FDED85D5BCEBE21F5FC35D2610D96481C3EBD85AF7C0B2DA412B02D59B9CB9052AFFE307A8CA3B764954B327BAD180B4525B0C39AA254C578BC56914A27F3B1DEED622F5A2A0978CF3DA8EB76D603817A78373A752D5D5E97972DA470AF204C752F67D4339B3041C46F74ABF6B6EE09C23E5E657123AEF629D245D1ABD1EE2076EA439B33F8EC31818EAA9A199D0642DADF093F36AF6ACE06000507CEB316B07AFD81027B00A9AC79DE1AEAE883861334AC6ACCDE21C06F3B172638A29CDC44C929808EA092E35BD50C67D1680243A4F2D70B917A6CFA210CF335DAE3F79FE5E41072C5AC332DAAEFA18A868F56A0E2EEF449968CA5F2F0EBD617E942D5CFE5FDBC60361A8BA8C8D8914F47C5621C7FB40254EB0C091A3386617E64E1E97056FA19A26C5C6A13ACD231D454EBACC0F0865B322262F5717D379BF64CD98D998D76F7E8FE58BDB60CD63A0FF0515F32ED57C33ACDEF6E912990F15DA8B63AF8A83E8BB683E41DF5638F49C6E6BDC626F650611B8A091AA5555933648378114D86D56EE116D13F46F35D6016046A56684ACD4053F3F1C2ECE2889110EC14D56CC8749B15575F033041D264ED1685A3D56DDF4CB92D67D8B9794D26BCF5EFF13DD704F24F6AC067D213379F1174B1E7E0AACAD8F4DA186DF48188EB1637E86EBC5E223AE3F52113DC7607BF19758402900F099C04282739982BD0C11F49CFFDFA4C2299F8A79C4E95BA7154EF780772FE6A45B236C1AB96B4E7EE6AAC4B67F19B538A1D0AACC4855574D9D4575CB961D9D3609731D83084EBEC5F0F6861E7C4D8EB96B5E53B1EC98A7BD798E0058C1663A26FAF6DA3B42575B5D43A52307E90FC5133B6AD88A150346C37DEF4DC65807275BABFB7DB2ABF1EFEB55C3964C916698104D8D9523DF16AA7F6C750501FB1F02C3EF330BEFA3FC24C99C6442B5E3812C05E39B457CFABD350CAD902CE88DFDD6CAB59CC0EFEB2D8625032EDB7C300FE15CED7DC5B309DAFCE1BFD6E4EE2E4CAA0E6E1D51007CC66CC593902BFF6194DCA921AC4A5288D4DCF8181CCC6633E5DF387E5678D55E587D86A5DA4FEE7532C701C46350273E494C35094A8B4350ED1D7DA9E73D4A0F56A1A"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(936)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Czas ukończenia: 2009-10-20 21:39
ComboFix-quarantined-files.txt 2009-10-20 19:39

Przed: 10,648,416,256 bajtów wolnych
Po: 16,870,350,848 bajtów wolnych

- - End Of File - - D8730DA7696E94258B9FAA590FDE7319[/code]

Psycholandia
komentarz
komentarz

Daj loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338 od razu usuniemy wszystko za jednym razem, jeśli zajdzie potrzeba.
Logi wstawiaj w tagi [b][log] [/ log][/b]

patryk999
komentarz
komentarz

OTL.txt
[log]OTL logfile created on: 2009-10-20 22:18:39 - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\ppp\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023.48 Mb Total Physical Memory | 624.72 Mb Available Physical Memory | 61.04% Memory free
2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.53% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 30.01 Gb Total Space | 15.72 Gb Free Space | 52.37% Space Free | Partition Type: NTFS
Drive D: | 60.00 Gb Total Space | 22.30 Gb Free Space | 37.17% Space Free | Partition Type: NTFS
Drive E: | 59.03 Gb Total Space | 13.33 Gb Free Space | 22.58% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-CD13E161F2
Current User Name: ppp
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-10-20 22:17:34 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ppp\Pulpit\OTL.exe
PRC - [2009-08-17 03:03:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe
PRC - [2009-02-26 10:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008-12-02 00:15:19 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008-11-03 12:45:46 | 01,332,480 | ---- | M] (O&O Software GmbH) -- C:\windows\System32\oodag.exe
PRC - [2008-04-14 23:51:52 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wscntfy.exe
PRC - [2008-04-14 23:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\windows\Explorer.EXE
PRC - [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2008-02-22 05:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2008-02-22 05:25:20 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
PRC - [2007-12-06 22:03:40 | 00,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2007-09-08 21:12:43 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32kui.exe
PRC - [2007-09-08 21:12:43 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe
PRC - [2007-03-11 22:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2006-08-11 14:56:02 | 00,017,920 | ---- | M] (Creative Technology Ltd) -- C:\windows\CTHELPER.EXE
PRC - [2006-03-30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006-03-04 17:40:30 | 00,882,176 | ---- | M] () -- C:\Program Files\Kalendarz XP\Kalendarz.exe
PRC - [2006-02-28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005-08-08 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2005-07-25 00:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005-04-06 17:03:28 | 00,110,592 | ---- | M] () -- D:\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsPMSPSv.exe
PRC - [1999-12-13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\CTsvcCDA.EXE

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-08-17 03:03:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2008-12-02 00:15:19 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2008-11-11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2008-11-03 12:45:46 | 01,332,480 | ---- | M] (O&O Software GmbH) -- C:\windows\System32\oodag.exe -- (O&O Defrag [Auto | Running])
SRV - [2008-08-19 18:09:27 | 00,000,000 | ---- | M] () -- C:\windows\System32\UTSCSI.EXE -- (UTSCSI [Auto | Stopped])
SRV - [2008-04-14 23:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008-03-21 15:54:52 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2007-12-06 22:03:40 | 00,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0 [Auto | Running])
SRV - [2007-09-08 21:12:43 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn [Auto | Running])
SRV - [2007-06-04 23:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007-06-04 23:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2006-11-08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006-11-08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2006-10-30 04:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006-10-30 04:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006-10-20 22:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2006-03-30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2006-02-28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005-08-08 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2005-07-25 00:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2005-04-06 17:03:28 | 00,110,592 | ---- | M] () -- D:\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Auto | Running])
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005-02-09 13:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\windows\System32\drivers\pclepci.sys -- (PCLEPCI [Auto | Stopped])
SRV - [2003-07-28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2000-06-26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [1999-12-13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-08-17 00:57:00 | 07,729,568 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2009-03-21 17:21:00 | 00,049,720 | ---- | M] (Data Encryption Systems Limited) -- C:\windows\System32\Drivers\dk2drv.sys -- (dk2drv [System | Running])
DRV - [2009-03-20 23:54:47 | 00,010,454 | ---- | M] (Data Encryption Systems Limited) -- C:\windows\System32\drivers\parldr2k.sys -- (PARLDR2K [Auto | Running])
DRV - [2009-03-20 23:54:41 | 00,034,048 | ---- | M] (Data Encryption Systems Limited) -- C:\windows\System32\Drivers\flsvcom.sys -- (FLSVCOM [Auto | Running])
DRV - [2009-03-20 23:54:41 | 00,016,314 | ---- | M] (Data Encryption Systems Limited) -- C:\windows\System32\Drivers\flspar.sys -- (FLSPAR [Auto | Running])
DRV - [2009-03-20 23:54:41 | 00,013,440 | ---- | M] (Data Encryption Systems Limited) -- C:\windows\System32\Drivers\flsiface.sys -- (FLSIFACE [Auto | Running])
DRV - [2009-03-20 23:54:41 | 00,008,344 | ---- | M] (Data Encryption Systems Limited) -- C:\windows\System32\Drivers\flsser.sys -- (FLSSER [Auto | Running])
DRV - [2009-03-20 23:54:40 | 00,033,404 | ---- | M] (Data Encryption Systems Limited) -- C:\windows\System32\Drivers\fle5wnnt.sys -- (FLE5WNNT [Auto | Running])
DRV - [2008-12-17 20:35:47 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\windows\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2008-09-15 08:56:34 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\System32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
DRV - [2008-09-15 08:56:24 | 00,022,016 | ---- | M] (Nokia) -- C:\windows\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2008-09-15 08:56:24 | 00,017,664 | ---- | M] (Nokia) -- C:\windows\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2008-09-15 08:56:24 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
DRV - [2008-04-14 01:15:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2008-04-14 01:10:32 | 00,096,512 | ---- | M] () -- C:\windows\system32\DRIVERS\atapi.sys -- (atapi [Boot | Running])
DRV - [2008-04-14 00:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008-04-13 23:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\windows\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2007-10-28 12:03:54 | 00,685,816 | ---- | M] () -- C:\windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007-09-08 21:12:43 | 00,512,096 | ---- | M] (Eset ) -- C:\windows\system32\drivers\amon.sys -- (AMON [Auto | Running])
DRV - [2007-09-08 21:12:43 | 00,015,424 | ---- | M] () -- C:\windows\system32\drivers\nod32drv.sys -- (nod32drv [System | Running])
DRV - [2007-07-11 16:51:48 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\windows\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2007-07-11 11:45:00 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\windows\System32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2007-07-11 11:40:18 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\windows\System32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2007-03-07 07:20:50 | 00,021,568 | R--- | M] (HP) -- C:\windows\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2007-03-07 07:20:49 | 00,016,496 | R--- | M] (HP) -- C:\windows\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007-03-07 07:20:48 | 00,049,920 | R--- | M] (HP) -- C:\windows\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007-01-04 11:07:00 | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) -- C:\windows\System32\DRIVERS\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
DRV - [2006-08-11 14:45:40 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2006-08-11 14:45:38 | 00,499,584 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2006-08-11 14:45:28 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\drivers\hap17v2k.sys -- (hap17v2k [On_Demand | Stopped])
DRV - [2006-08-11 14:45:26 | 00,766,976 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2006-08-11 14:45:26 | 00,154,112 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Stopped])
DRV - [2006-08-11 14:45:24 | 00,116,224 | ---- | M] (Creative Technology Ltd.) -- C:\windows\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2006-08-11 14:45:18 | 00,143,872 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2006-08-11 14:45:18 | 00,078,336 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2006-08-11 14:45:14 | 00,502,272 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2005-11-10 17:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd) -- C:\windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2005-05-31 16:40:20 | 00,020,480 | ---- | M] (IVT Corporation) -- C:\windows\System32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
DRV - [2005-05-31 10:42:28 | 00,023,000 | ---- | M] (IVT Corporation) -- C:\windows\System32\Drivers\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
DRV - [2005-04-30 15:50:24 | 00,011,736 | ---- | M] (IVT Corporation) -- C:\windows\System32\drivers\VHIDMini.sys -- (VHidMinidrv [On_Demand | Stopped])
DRV - [2005-04-30 15:50:20 | 00,011,860 | ---- | M] () -- C:\windows\System32\DRIVERS\vbtenum.sys -- (BTHidEnum [On_Demand | Running])
DRV - [2005-04-30 15:50:10 | 00,028,271 | ---- | M] (IVT Corporation) -- C:\windows\System32\Drivers\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
DRV - [2005-04-30 15:48:58 | 00,010,804 | ---- | M] (IVT Corporation) -- C:\windows\System32\DRIVERS\btnetdrv.sys -- (BT [On_Demand | Stopped])
DRV - [2005-04-05 21:22:30 | 00,012,928 | R--- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2005-04-05 21:22:28 | 00,033,536 | R--- | M] (NVIDIA Corporation) -- C:\windows\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2005-03-25 18:18:48 | 00,082,148 | ---- | M] (IVT Corporation) -- C:\windows\System32\Drivers\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
DRV - [2005-03-09 08:53:00 | 00,036,352 | R--- | M] (Advanced Micro Devices) -- C:\windows\System32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2004-10-19 14:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- C:\windows\System32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
DRV - [2004-04-30 09:37:02 | 00,160,640 | ---- | M] ( ) -- C:\windows\system32\DRIVERS\a347bus.sys -- (a347bus [Boot | Running])
DRV - [2004-04-30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\windows\System32\Drivers\a347scsi.sys -- (a347scsi [Boot | Running])
DRV - [2002-07-27 18:01:06 | 00,005,306 | R--- | M] (Windows (R) 2000 DDK provider) -- C:\windows\System32\drivers\TBPanel.sys -- (TBPanel [On_Demand | Stopped])
DRV - [2002-07-27 18:01:06 | 00,005,306 | R--- | M] (Windows (R) 2000 DDK provider) -- C:\windows\System32\drivers\TBPANEL.SYS -- (Cardex [On_Demand | Stopped])
DRV - [2001-08-18 03:57:36 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2001-08-18 03:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\windows\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1085031214-2147197409-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1085031214-2147197409-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1085031214-2147197409-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\S-1-5-21-1085031214-2147197409-839522115-1003\S-1-5-21-1085031214-2147197409-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-2147197409-839522115-1003\S-1-5-21-1085031214-2147197409-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]


FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-03-28 18:53:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-10-11 10:49:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-10-11 10:49:39 | 00,000,000 | ---D | M]

[2006-12-20 15:29:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\mozilla\Firefox\Profiles\b44fed2i.default\extensions
[2009-08-10 23:02:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-10-11 10:49:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008-03-07 20:03:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009-10-11 10:49:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009-10-11 10:49:20 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009-10-11 10:49:21 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009-10-11 10:49:21 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009-10-11 10:49:24 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009-10-11 10:49:24 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007-04-30 16:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009-10-11 10:49:34 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009-10-11 10:49:37 | 00,000,904 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2009-10-11 10:49:37 | 00,001,419 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2009-10-11 10:49:37 | 00,002,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-10-11 10:49:37 | 00,000,926 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2009-10-11 10:49:37 | 00,000,866 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2009-10-11 10:49:37 | 00,001,198 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2009-10-11 10:49:37 | 00,001,693 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\windows\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\windows\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\windows\Updreg.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1085031214-2147197409-839522115-1003..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\windows\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-2147197409-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-2147197409-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-2147197409-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKU\S-1-5-21-1085031214-2147197409-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-2147197409-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1085031214-2147197409-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Pobierz z &BitSpirit - D:\BitSpirit\bsurl.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\windows\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\windows\System32\imon.dll (Eset )
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-03-10 11:57:17 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\windows\System32\OODBS.exe (O&O Software GmbH)
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[1 C:\windows\System32\*.tmp files]
[4 C:\windows\*.tmp files]
[2009-09-23 22:11:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA Corporation
[2009-09-24 20:38:51 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2009-09-23 15:10:46 | 00,000,000 | ---D | C] -- C:\Program Files\Creative
[2009-09-23 22:11:12 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2009-10-20 22:17:34 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ppp\Pulpit\OTL.exe
[2009-10-20 21:58:26 | 00,000,000 | ---D | C] -- C:\rsit
[2009-10-20 21:39:50 | 00,000,000 | ---D | C] -- C:\windows\temp
[2009-10-19 15:29:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ppp\Pulpit\2009.10.09 18 Dominiki Szabela
[2009-10-14 11:59:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ppp\Pulpit\Zbi__r_zada__
[2009-10-11 11:36:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ppp\Pulpit\fizyka
[2009-10-07 21:54:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ppp\Pulpit\Nowy folder (5)
[2009-09-28 17:23:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ppp\Pulpit\hist3
[2009-09-24 20:38:52 | 00,000,000 | ---D | C] -- C:\windows\System32\AGEIA
[2009-09-23 23:52:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ppp\Pulpit\MemTest
[2009-09-23 22:57:17 | 00,010,240 | ---- | C] (Creative Technology Ltd) -- C:\windows\CTDCRES.DLL
[2009-09-23 22:28:17 | 00,201,728 | R--- | C] (NVIDIA Corporation) -- C:\windows\System32\fdco1.dll
[2009-09-23 22:28:17 | 00,033,536 | R--- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\NVENETFD.sys
[2009-09-23 22:28:13 | 00,176,128 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvunrm.exe
[2009-09-23 22:28:12 | 00,208,256 | R--- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvsnpu.sys
[2009-09-23 22:28:12 | 00,032,256 | R--- | C] (NVIDIA Corporation) -- C:\windows\System32\nvconrm.dll
[2009-09-23 22:28:12 | 00,009,728 | R--- | C] (NVIDIA Corporation) -- C:\windows\System32\bdco1.dll
[2009-09-23 22:28:11 | 00,261,888 | R--- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvnrm.sys
[2009-09-23 22:28:11 | 00,012,928 | R--- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nvnetbus.sys
[2009-09-23 22:28:09 | 00,176,128 | R--- | C] (NVIDIA Corporation) -- C:\windows\System32\nvusmb.exe
[2009-09-23 22:20:05 | 00,485,920 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvudisp.exe
[2009-09-23 22:19:48 | 00,485,920 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\NVUNINST.EXE
[2009-09-23 22:19:26 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009-09-23 22:18:54 | 07,729,568 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\drivers\nv4_mini.sys
[2009-09-23 22:18:54 | 07,729,568 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\dllcache\nv4_mini.sys
[2009-09-23 22:18:53 | 05,845,760 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nv4_disp.dll
[2009-09-23 22:18:53 | 05,845,760 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\dllcache\nv4_disp.dll
[2009-09-23 15:14:59 | 00,016,384 | ---- | C] (Creative Technology Limited) -- C:\windows\INSTRES.DLL
[2009-09-23 15:14:57 | 00,090,112 | ---- | C] (Creative Technology Ltd.) -- C:\windows\Updreg.exe
[2009-09-23 15:14:56 | 00,084,992 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\sfcvrt32.dll
[2009-09-23 15:14:56 | 00,082,432 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\ctwflt32.dll
[2009-09-23 15:14:56 | 00,053,552 | ---- | C] (Creative® Technology Ltd.) -- C:\windows\ctccw.dll
[2009-09-23 15:14:56 | 00,026,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ctl3d.dll
[2009-09-23 15:14:56 | 00,024,976 | ---- | C] (Creative Technology Ltd.) -- C:\windows\ctres.dll
[2009-09-23 15:14:04 | 00,044,032 | ---- | C] (Creative Technology Ltd) -- C:\windows\System32\CTSVCCDA.EXE
[2009-09-23 15:14:04 | 00,025,088 | ---- | C] (Creative Technology Ltd) -- C:\windows\System32\CTSVCCTL.EXE
[2009-09-23 15:13:30 | 00,352,256 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\CtMp3Lib.dll
[2009-09-23 15:13:30 | 00,278,528 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\CTMedEng.dll
[2009-09-23 15:13:30 | 00,230,912 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\CTDetect.cpl
[2009-09-23 15:13:30 | 00,139,264 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\Video.skn
[2009-09-23 15:13:30 | 00,110,592 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\ctmp3io2.dll
[2009-09-23 15:13:30 | 00,073,728 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\CTDrmRes.dll
[2009-09-23 15:13:30 | 00,062,976 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\CtDetres.dll
[2009-09-23 15:13:30 | 00,028,672 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\CTIntRes.dll
[2009-09-23 15:13:30 | 00,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\CTMERes.DLL
[2009-09-23 15:13:30 | 00,012,288 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\CTNMSP.crl
[2009-09-23 15:13:30 | 00,006,656 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\CTMP3io2.crl
[2009-09-23 15:13:29 | 00,364,544 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\ctmp3.acm
[2009-09-23 15:13:29 | 00,143,360 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\CTDrmUI.dll
[2009-09-23 15:12:53 | 00,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\AudioHQU.cpl
[2009-09-23 15:12:53 | 00,012,288 | ---- | C] (Creative Technology Ltd.) -- C:\windows\System32\AHQCpURes.dll
[2009-09-22 18:11:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ppp\Moje dokumenty\NFS SHIFT
[2009-09-22 17:49:50 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_41.dll
[2009-09-22 17:49:50 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_41.dll
[2009-09-22 17:49:49 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_41.dll
[2009-09-22 17:49:49 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_4.dll
[2009-09-22 17:49:49 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_3.dll
[2009-09-22 17:49:48 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_4.dll
[2009-09-22 17:49:47 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_40.dll
[2009-09-22 17:49:47 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_40.dll
[2009-09-22 17:49:47 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_6.dll
[2009-09-22 17:49:46 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_40.dll
[2009-09-22 17:49:45 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_3.dll
[2009-09-22 17:49:45 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_2.dll
[2009-09-22 17:49:44 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_3.dll
[2009-09-22 17:49:44 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_5.dll
[2009-09-22 17:49:43 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_2.dll
[2009-09-22 17:49:43 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_1.dll
[2009-09-22 17:49:42 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_2.dll
[2009-09-22 17:49:41 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_39.dll
[2009-09-22 17:49:41 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_39.dll
[2009-09-22 17:49:40 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_39.dll
[2007-03-31 20:30:33 | 00,160,640 | ---- | C] ( ) -- C:\windows\System32\drivers\a347bus.sys
[2007-03-31 20:30:33 | 00,005,248 | ---- | C] ( ) -- C:\windows\System32\drivers\a347scsi.sys
[2006-08-11 14:56:28 | 00,033,792 | ---- | C] ( ) -- C:\windows\System32\a3d.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\windows\System32\*.tmp files]
[4 C:\windows\*.tmp files]
[2009-10-20 22:17:34 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ppp\Pulpit\OTL.exe
[2009-10-20 21:46:47 | 01,110,218 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009-10-20 21:46:47 | 00,497,076 | ---- | M] () -- C:\windows\System32\perfh015.dat
[2009-10-20 21:46:47 | 00,438,824 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009-10-20 21:46:47 | 00,088,422 | ---- | M] () -- C:\windows\System32\perfc015.dat
[2009-10-20 21:46:47 | 00,070,910 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009-10-20 21:42:21 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009-10-20 21:42:17 | 00,249,324 | ---- | M] () -- C:\windows\System32\NvApps.xml
[2009-10-20 21:41:56 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009-10-20 21:41:53 | 01,057,356 | ---- | M] () -- C:\windows\System32\oodbs.lor
[2009-10-20 21:41:05 | 00,032,184 | ---- | M] () -- C:\windows\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
[2009-10-20 21:41:05 | 00,032,184 | ---- | M] () -- C:\windows\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
[2009-10-20 21:41:05 | 00,028,968 | ---- | M] () -- C:\windows\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
[2009-10-20 21:41:05 | 00,028,968 | ---- | M] () -- C:\windows\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
[2009-10-20 21:41:05 | 00,011,564 | ---- | M] () -- C:\windows\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
[2009-10-20 21:41:05 | 00,001,080 | ---- | M] () -- C:\windows\System32\settingsbkup.sfm
[2009-10-20 21:41:05 | 00,001,080 | ---- | M] () -- C:\windows\System32\settings.sfm
[2009-10-20 21:38:31 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2009-10-20 21:25:38 | 03,162,278 | ---- | M] () -- C:\windows\{00000001-00000000-00000008-00001102-00000004-00531102}.CDF
[2009-10-20 21:25:38 | 03,162,278 | ---- | M] () -- C:\windows\{00000001-00000000-00000008-00001102-00000004-00531102}.BAK
[2009-10-19 15:37:59 | 00,010,240 | ---- | M] () -- C:\Documents and Settings\ppp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-19 09:08:19 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\WORK B.doc
[2009-10-17 14:16:37 | 06,315,378 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\Bez nazwy-1.jpg
[2009-10-15 19:54:03 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\Tomasz Judym jest głównym bohaterem powieści Stefana Żeromskiego.doc
[2009-10-15 16:04:51 | 00,096,345 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\Zdjęcie0023.jpg
[2009-10-15 16:04:25 | 00,085,285 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\Zdjęcie0021.jpg
[2009-10-15 16:04:02 | 00,063,929 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\Zdjęcie0020.jpg
[2009-10-15 15:39:52 | 00,087,360 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\Zdjęcie0016.jpg
[2009-10-12 21:13:32 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\hist 12.doc
[2009-10-11 11:39:48 | 00,489,999 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\fiza%20matura%20119zadan.pdf
[2009-10-11 08:10:09 | 00,236,544 | ---- | M] () -- C:\windows\PEV.exe
[2009-10-08 22:32:49 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\1 minutę temu.doc
[2009-10-06 21:59:50 | 00,072,192 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\Młoda Polska.doc
[2009-10-04 22:19:41 | 00,058,201 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\Zdjęcie045.jpg
[2009-09-28 22:45:48 | 00,073,728 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\historia XI.doc
[2009-09-24 23:29:59 | 03,708,612 | -H-- | M] () -- C:\Documents and Settings\ppp\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-09-24 19:56:14 | 00,001,382 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Need for Speed™ SHIFT.lnk
[2009-09-24 00:20:26 | 00,000,559 | ---- | M] () -- C:\windows\DFC.INI
[2009-09-23 23:50:19 | 00,000,055 | ---- | M] () -- C:\windows\wininit.ini
[2009-09-23 22:57:44 | 00,409,600 | ---- | M] (Creative Labs) -- C:\windows\System32\wrap_oal.dll
[2009-09-23 22:57:44 | 00,086,016 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\windows\System32\OpenAL32.dll
[2009-09-23 16:49:53 | 00,001,625 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\Creative Audio Console.lnk
[2009-09-23 16:44:46 | 00,000,661 | ---- | M] () -- C:\windows\win.ini
[2009-09-23 15:15:26 | 00,000,317 | ---- | M] () -- C:\windows\SBWIN.INI
[2009-09-22 19:57:42 | 00,123,658 | ---- | M] () -- C:\Documents and Settings\ppp\Pulpit\Icy Tower ME (176x220).jar

[color=#E56717]========== Files - No Company Name ==========[/color]
[2009-10-20 21:27:13 | 00,236,544 | ---- | C] () -- C:\windows\PEV.exe
[2009-10-19 18:27:29 | 03,162,278 | ---- | C] () -- C:\windows\{00000001-00000000-00000008-00001102-00000004-00531102}.BAK
[2009-10-17 14:35:44 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\WORK B.doc
[2009-10-17 14:16:31 | 06,315,378 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\Bez nazwy-1.jpg
[2009-10-15 19:54:03 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\Tomasz Judym jest głównym bohaterem powieści Stefana Żeromskiego.doc
[2009-10-15 16:01:24 | 00,096,345 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\Zdjęcie0023.jpg
[2009-10-15 16:01:23 | 00,085,285 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\Zdjęcie0021.jpg
[2009-10-15 16:01:23 | 00,063,929 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\Zdjęcie0020.jpg
[2009-10-15 15:38:35 | 00,087,360 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\Zdjęcie0016.jpg
[2009-10-12 20:03:55 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\hist 12.doc
[2009-10-11 11:39:48 | 00,489,999 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\fiza%20matura%20119zadan.pdf
[2009-10-08 22:32:48 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\1 minutę temu.doc
[2009-10-06 21:59:50 | 00,072,192 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\Młoda Polska.doc
[2009-10-03 17:12:22 | 00,058,201 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\Zdjęcie045.jpg
[2009-09-28 22:30:58 | 00,073,728 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\historia XI.doc
[2009-09-24 19:56:14 | 00,001,382 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Need for Speed™ SHIFT.lnk
[2009-09-23 23:50:19 | 00,000,055 | ---- | C] () -- C:\windows\wininit.ini
[2009-09-23 22:59:16 | 00,032,184 | ---- | C] () -- C:\windows\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
[2009-09-23 22:59:16 | 00,032,184 | ---- | C] () -- C:\windows\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
[2009-09-23 22:59:16 | 00,028,968 | ---- | C] () -- C:\windows\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
[2009-09-23 22:59:16 | 00,028,968 | ---- | C] () -- C:\windows\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
[2009-09-23 22:59:16 | 00,011,564 | ---- | C] () -- C:\windows\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-00531102}.rfx
[2009-09-23 22:59:16 | 00,001,080 | ---- | C] () -- C:\windows\System32\settingsbkup.sfm
[2009-09-23 22:59:16 | 00,001,080 | ---- | C] () -- C:\windows\System32\settings.sfm
[2009-09-23 22:58:19 | 03,162,278 | ---- | C] () -- C:\windows\{00000001-00000000-00000008-00001102-00000004-00531102}.CDF
[2009-09-23 22:57:17 | 00,086,446 | ---- | C] () -- C:\windows\System32\instwdm.ini
[2009-09-23 22:28:13 | 00,003,596 | ---- | C] () -- C:\windows\System32\nvnrm.nvu
[2009-09-23 22:28:09 | 00,001,348 | R--- | C] () -- C:\windows\System32\nvsmb.nvu
[2009-09-23 22:20:05 | 00,019,495 | ---- | C] () -- C:\windows\System32\nvdisp.nvu
[2009-09-23 16:49:53 | 00,001,625 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\Creative Audio Console.lnk
[2009-09-23 15:14:56 | 01,048,576 | ---- | C] () -- C:\windows\System32\sfman.dat
[2009-09-23 15:14:56 | 00,000,231 | ---- | C] () -- C:\windows\ac3api.ini
[2009-09-23 15:13:30 | 00,017,350 | ---- | C] () -- C:\windows\System32\CTDetect.hlp
[2009-09-23 15:13:30 | 00,000,641 | ---- | C] () -- C:\windows\System32\CTDetect.cnt
[2009-09-22 19:57:42 | 00,123,658 | ---- | C] () -- C:\Documents and Settings\ppp\Pulpit\Icy Tower ME (176x220).jar
[2009-08-03 00:21:54 | 00,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2009-08-03 00:21:54 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2009-08-03 00:21:54 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2009-08-03 00:21:54 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2009-08-03 00:21:54 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2009-08-03 00:21:54 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2009-08-03 00:21:54 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2009-08-03 00:21:54 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2009-08-03 00:21:52 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2009-08-03 00:21:52 | 00,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2009-04-03 22:06:45 | 00,003,072 | ---- | C] () -- C:\windows\CTXFIRES.DLL
[2009-04-02 16:38:58 | 00,000,317 | ---- | C] () -- C:\windows\SBWIN.INI
[2009-03-21 00:18:30 | 00,004,263 | ---- | C] () -- C:\windows\System32\FLSINSTU.INI
[2009-03-20 23:54:41 | 00,004,263 | ---- | C] () -- C:\windows\System32\flsinst.ini
[2009-03-20 23:54:41 | 00,000,064 | ---- | C] () -- C:\windows\FLS1.INI
[2009-03-20 23:54:40 | 01,859,584 | ---- | C] () -- C:\windows\System32\FLSINST.DLL
[2009-03-20 23:54:37 | 02,325,304 | ---- | C] () -- C:\windows\System32\DK2INST.DLL
[2009-03-13 20:00:27 | 00,000,000 | ---- | C] () -- C:\windows\oodcnt.INI
[2008-12-23 15:54:38 | 00,004,375 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2008-12-19 22:56:23 | 00,000,262 | ---- | C] () -- C:\windows\game.ini
[2008-10-22 06:29:06 | 00,173,550 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2008-03-15 14:23:49 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\ppp\Dane aplikacji\PnkBstrK.sys
[2008-03-12 10:27:23 | 00,000,000 | ---- | C] () -- C:\windows\Irremote.ini
[2008-03-10 12:02:43 | 00,000,024 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\__FileUploader.log
[2008-03-10 11:58:44 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\ppp\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2008-03-01 12:49:29 | 00,000,635 | ---- | C] () -- C:\windows\Sof.INI
[2007-11-16 19:07:48 | 00,138,184 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2007-09-08 21:15:14 | 00,015,424 | ---- | C] () -- C:\windows\System32\drivers\nod32drv.sys
[2007-05-26 10:26:14 | 00,032,768 | R--- | C] () -- C:\windows\TBPanelExt.dll
[2007-04-19 22:31:00 | 00,001,021 | ---- | C] () -- C:\windows\ARCHPR.INI
[2007-03-29 23:00:40 | 00,203,264 | ---- | C] () -- C:\windows\System32\CddbCdda.dll
[2007-02-21 21:06:19 | 00,000,000 | ---- | C] () -- C:\windows\PROTOCOL.INI
[2007-02-20 15:40:09 | 00,000,169 | ---- | C] () -- C:\windows\RtlRack.ini
[2007-02-11 14:12:42 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2007-02-11 14:12:42 | 00,765,952 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2007-02-11 14:12:42 | 00,558,592 | ---- | C] () -- C:\windows\System32\x264vfw.dll
[2007-02-11 14:12:42 | 00,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2007-02-11 14:12:41 | 00,010,752 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2007-02-11 14:12:41 | 00,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2007-01-19 17:52:41 | 00,000,772 | ---- | C] () -- C:\windows\YDPDICT.INI
[2007-01-18 18:49:43 | 00,013,304 | ---- | C] () -- C:\windows\System32\drivers\BTNetFilter.sys
[2007-01-18 18:49:43 | 00,011,860 | ---- | C] () -- C:\windows\System32\drivers\vbtenum.sys
[2006-12-19 16:09:20 | 00,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2006-12-15 19:48:34 | 00,000,008 | RHS- | C] () -- C:\windows\neoqaz2.dll
[2006-12-14 20:52:11 | 00,010,240 | ---- | C] () -- C:\Documents and Settings\ppp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-12-14 20:26:59 | 00,685,816 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2006-12-14 19:44:01 | 00,000,663 | ---- | C] () -- C:\windows\ODBC.INI
[2006-12-14 19:35:56 | 00,048,936 | ---- | C] () -- C:\Documents and Settings\ppp\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2006-12-14 15:40:49 | 00,034,308 | ---- | C] () -- C:\windows\System32\Chip.dll
[2006-12-14 15:36:49 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2006-12-14 15:16:57 | 00,000,559 | ---- | C] () -- C:\windows\DFC.INI
[2006-12-14 15:13:59 | 00,005,120 | R--- | C] () -- C:\windows\TBManage.dll
[2006-12-14 15:05:43 | 00,000,258 | ---- | C] () -- C:\windows\System32\raidmgmt.ini
[2006-12-14 15:00:39 | 03,708,612 | -H-- | C] () -- C:\Documents and Settings\ppp\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2006-12-14 14:57:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\ppp\Dane aplikacji\desktop.ini
[2006-08-11 15:14:08 | 00,000,191 | ---- | C] () -- C:\windows\System32\ctzapxx.ini
[2006-08-11 14:57:18 | 00,037,888 | ---- | C] () -- C:\windows\System32\CTBURST.DLL
[2006-05-23 12:40:34 | 00,000,269 | ---- | C] () -- C:\windows\System32\KILL.INI
[2005-06-16 18:17:16 | 00,071,680 | ---- | C] () -- C:\windows\System32\CTMMACTL.DLL
[2004-08-03 22:59:44 | 00,096,512 | ---- | C] () -- C:\windows\System32\drivers\atapi.sys
[2003-04-08 12:40:22 | 00,005,679 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2003-02-14 04:20:24 | 00,006,942 | ---- | C] () -- C:\windows\cadx2.ini
[2001-08-29 15:11:40 | 00,398,848 | R--- | C] () -- C:\windows\System32\dk2win32.dll
[2001-07-22 02:16:20 | 00,000,661 | ---- | C] () -- C:\windows\win.ini
[2001-07-22 02:15:52 | 00,000,227 | ---- | C] () -- C:\windows\system.ini
[2001-01-09 20:09:20 | 00,012,285 | ---- | C] () -- C:\windows\Cadx3.ini
[1997-06-13 17:56:08 | 00,056,832 | ---- | C] () -- C:\windows\System32\iyvu9_32.dll
[1996-04-03 21:33:26 | 00,005,248 | ---- | C] () -- C:\windows\System32\giveio.sys

[color=#E56717]========== LOP Check ==========[/color]

[2009-06-26 17:16:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji
[2008-11-07 19:08:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2007-01-23 16:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
[2006-12-14 15:40:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
[2008-03-21 16:03:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
[2009-03-28 18:53:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2008-10-22 22:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI
[2006-12-14 15:15:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\muvee Technologies
[2009-08-12 23:56:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NFS Underground
[2009-03-20 22:28:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia
[2009-03-20 20:40:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2008-03-10 12:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle
[2008-03-10 12:01:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle Studio
[2008-08-16 20:09:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2007-03-25 19:54:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited
[2007-06-26 22:00:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Trymedia
[2009-08-20 16:12:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser
[2006-12-14 15:36:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji
[2009-01-24 13:31:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Gość\Dane aplikacji
[2009-01-24 13:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gość\Dane aplikacji\Opera
[2009-06-30 12:16:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji
[2006-12-14 14:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji
[2009-03-28 18:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji
[2007-02-25 13:53:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\Ahead
[2007-01-01 15:10:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\BinarySense
[2007-02-09 19:26:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\CyberLink
[2008-07-10 20:12:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\Gadu-Gadu
[2009-02-21 11:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\Hamachi
[2008-12-17 20:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\HamachiBackup
[2007-08-14 13:17:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\INTERIAPL
[2008-11-25 19:22:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\Leadertech
[2009-03-03 23:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\LG Electronics
[2009-03-02 21:02:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\LimeWire
[2009-03-20 20:44:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\Nokia
[2009-03-14 21:31:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\Nowe Gadu-Gadu
[2006-12-14 19:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\OpenOffice.ux.pl2
[2006-12-18 23:24:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\Opera
[2007-09-08 18:24:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\OTi
[2009-03-20 20:40:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\PC Suite
[2008-08-19 17:58:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\PLAux
[2007-03-25 19:23:26 | 00,000,000 | R--D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\SecuROM
[2008-12-10 22:59:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\Soldat
[2006-12-23 18:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\uTorrent
[2009-08-20 16:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ppp\Dane aplikacji\ZoomBrowser EX
[2001-07-22 02:17:50 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini
[2009-10-20 21:42:21 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 482 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
< End of report >
[/log]

Extras.txt
[log] OTL Extras logfile created on: 2009-10-20 22:18:39 - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\ppp\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023.48 Mb Total Physical Memory | 624.72 Mb Available Physical Memory | 61.04% Memory free
2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.53% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 30.01 Gb Total Space | 15.72 Gb Free Space | 52.37% Space Free | Partition Type: NTFS
Drive D: | 60.00 Gb Total Space | 22.30 Gb Free Space | 37.17% Space Free | Partition Type: NTFS
Drive E: | 59.03 Gb Total Space | 13.33 Gb Free Space | 22.58% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-CD13E161F2
Current User Name: ppp
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"22642:TCP" = 22642:TCP:*:Enabled:BitComet 22642 TCP
"22642:UDP" = 22642:UDP:*:Enabled:BitComet 22642 UDP
"27176:TCP" = 27176:TCP:*:Enabled:BitComet 27176 TCP
"27176:UDP" = 27176:UDP:*:Enabled:BitComet 27176 UDP
"8185:TCP" = 8185:TCP:*:Enabled:BitComet 8185 TCP
"8185:UDP" = 8185:UDP:*:Enabled:BitComet 8185 UDP
"7761:TCP" = 7761:TCP:*:Enabled:BitComet 7761 TCP
"7761:UDP" = 7761:UDP:*:Enabled:BitComet 7761 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"25454:TCP" = 25454:TCP:*:Enabled:BitComet 25454 TCP
"25454:UDP" = 25454:UDP:*:Enabled:BitComet 25454 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gadu-Gadu\gg.exe" = C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny -- (Gadu-Gadu S.A.)
"C:\Program Files\Opera\Opera.exe" = C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\IVT Corporation\BlueSoleil\BlueSoleil.exe" = D:\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"D:\CRYSIS\Bin32\Crysis.exe" = D:\CRYSIS\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"D:\CRYSIS\Bin32\CrysisDedicatedServer.exe" = D:\CRYSIS\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free. -- (Skype Technologies S.A.)
"D:\pes 09\pes2009.exe" = D:\pes 09\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- (Konami Digital Entertainment Co., Ltd.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Far Cry 2\bin\FarCry2.exe" = D:\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"D:\Far Cry 2\bin\FC2Launcher.exe" = D:\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"D:\Far Cry 2\bin\FC2Editor.exe" = D:\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{78EFD06D-7583-42F1-9E77-671D8782EB70}" = Adobe Photoshop CS3
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{993960EE-CA4D-443F-8F88-E24260DD5FD2}" = LG PC Suite
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = Need For Speed Underground
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1045-7B44-A70500000002}" = Adobe Reader 7.0.5 - Polish
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B08B44B5-36E1-4104-B4A7-062D96AD7FB5}" = Phoenix Service Software
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF4DADD-974D-49C8-BC83-C6F31554001E}" = Adobe Setup
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F530581E-12FE-43B4-A28D-E5257AAD63E6}" = O&O Defrag Professional
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Pakiet sterowników systemu Windows - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Pakiet sterowników systemu Windows - Nokia Modem (10/27/2008 3.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_678cd98c8365a5647f9a2e539d120a8" = Adobe Photoshop CS3
"AudioConSole" = Creative Audio Console
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner (remove only)
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"CSCLIB" = Canon Camera Support Core Library
"Dzielenie i łączenie plików_is1" = Dzielenie i łączenie plików v1.2.2
"EOS Utility" = Canon Utilities EOS Utility
"ET3" = English Translator 3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.00
"FLSINST" = FLS-4 Driver Installation
"Gadu-Gadu" = Gadu-Gadu 7.7
"Gainward" = EXPERTool
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"IrfanView" = IrfanView (remove only)
"Kalendarz XP" = Kalendarz XP v29.85
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.84 Full
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NOD32" = System Antywirusowy NOD32
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PhotoStitch" = Canon Utilities PhotoStitch
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealAlt_is1" = Real Alternative 1.46
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Skype_is1" = Skype 3.0
"Soldat_is1" = Soldat 1.4.2
"Sound Blaster Audigy" = Sound Blaster Audigy
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SubEdit-Player_is1" = SubEdit-Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wielki słownik polsko-angielski i angielsko-polski PWN-OXFORD" = Wielki słownik polsko-angielski i angielsko-polski PWN-OXFORD
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = Archiwizator WinRAR
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2009-09-23 16:52:57 | Computer Name = USER-CD13E161F2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd shift.exe, wersja 1.0.0.0, moduł powodujący
błąd shift.exe, wersja 1.0.0.0, adres błędu 0x00432103.

Error - 2009-09-24 14:13:50 | Computer Name = USER-CD13E161F2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd shift.exe, wersja 1.0.0.0, moduł powodujący
błąd shift.exe, wersja 1.0.0.0, adres błędu 0x00109a3e.

Error - 2009-09-24 14:17:39 | Computer Name = USER-CD13E161F2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd shift.exe, wersja 1.0.0.0, moduł powodujący
błąd shift.exe, wersja 1.0.0.0, adres błędu 0x00432103.

Error - 2009-09-24 14:42:58 | Computer Name = USER-CD13E161F2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd shift.exe, wersja 1.0.0.0, moduł powodujący
błąd shift.exe, wersja 1.0.0.0, adres błędu 0x00432103.

Error - 2009-09-26 06:43:31 | Computer Name = USER-CD13E161F2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd shift.exe, wersja 1.0.0.0, moduł powodujący
błąd shift.exe, wersja 1.0.0.0, adres błędu 0x00432103.

Error - 2009-09-26 07:08:21 | Computer Name = USER-CD13E161F2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd shift.exe, wersja 1.0.1.0, moduł powodujący
błąd shift.exe, wersja 1.0.1.0, adres błędu 0x004321c0.

Error - 2009-09-26 07:09:00 | Computer Name = USER-CD13E161F2 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd shift.exe, wersja 1.0.1.0, moduł powodujący
błąd shift.exe, wersja 1.0.1.0, adres błędu 0x004321c0.

Error - 2009-10-19 09:44:01 | Computer Name = USER-CD13E161F2 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca subedit.exe, wersja 1.0.0.4056, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-10-19 09:44:03 | Computer Name = USER-CD13E161F2 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca subedit.exe, wersja 1.0.0.4056, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-10-20 15:55:45 | Computer Name = USER-CD13E161F2 | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca Ad-Aware.exe, wersja 7.1.0.12, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ System Events ]
Error - 2009-10-20 15:28:13 | Computer Name = USER-CD13E161F2 | Source = Service Control Manager | ID = 7031
Description = Usługa NOD32 Kernel Service niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2009-10-20 15:28:21 | Computer Name = USER-CD13E161F2 | Source = Service Control Manager | ID = 7031
Description = Usługa NOD32 Kernel Service niespodziewanie zakończyła pracę. Wystąpiło
to razy: 2. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2009-10-20 15:28:29 | Computer Name = USER-CD13E161F2 | Source = Service Control Manager | ID = 7031
Description = Usługa NOD32 Kernel Service niespodziewanie zakończyła pracę. Wystąpiło
to razy: 3. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna:
Uruchom usługę ponownie.

Error - 2009-10-20 15:30:52 | Computer Name = USER-CD13E161F2 | Source = Service Control Manager | ID = 7034
Description = Usługa BlueSoleil Hid Service niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2009-10-20 15:30:53 | Computer Name = USER-CD13E161F2 | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą PEVSystemStart.

Error - 2009-10-20 15:32:39 | Computer Name = USER-CD13E161F2 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi CLCV0 z powodu następującego błędu: %%193

Error - 2009-10-20 15:32:48 | Computer Name = USER-CD13E161F2 | Source = Service Control Manager | ID = 7034
Description = Usługa BlueSoleil Hid Service niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2009-10-20 15:33:24 | Computer Name = USER-CD13E161F2 | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą PEVSystemStart.

Error - 2009-10-20 15:38:25 | Computer Name = USER-CD13E161F2 | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą PEVSystemStart.

Error - 2009-10-20 15:42:37 | Computer Name = USER-CD13E161F2 | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi CLCV0 z powodu następującego błędu: %%193


< End of report >
[/log]

Psycholandia
komentarz
komentarz

W okienko OTL wklej poniższy skrypt i klik na Run Fix:
[code]
:Processes
explorer.exe

:OTL
O8 - Extra context menu item: Pobierz z &BitSpirit - D:\BitSpirit\bsurl.htm File not found

:Files
C:\windows\neoqaz2.dll
C:\windows\PEV.exe

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]
Uruchom OTL i klik na CleanUP.
Wykonaj: http://support.microsoft.com/kb/310405/pl
Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)

patryk999
komentarz
komentarz

To przywracanie systemu włączyć czy wyłączyć?

Malware nic nie znalazł, to jest log:
[log]
Malwarebytes' Anti-Malware 1.41
Wersja bazy definicji: 3001
Windows 5.1.2600 Dodatek Service Pack 3

2009-10-20 23:13:11
mbam-log-2009-10-20 (23-13-11).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)
Przeskanowane obiekty: 192482
Upłynęło: 24 minute(s), 25 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 0
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
(Nie wykryto groźnych plików)
[/log]

Psycholandia
komentarz
komentarz

Przywracanie wyłącz i włącz. I reset komputera. Zobacz czy dalej masz ostrzeżenia od Noda?

patryk999
komentarz
komentarz

Jak narazie nic nie wyskakuje. Wygląda na to że jest dobrze

Te logi co wstawiałem na poczatku są czyste? Bez żadnych wirusów?

Psycholandia
komentarz
komentarz

W pierwszym logu jest to samo co w logu z OTL, który prosiłam wstawić. Twój komputer jest już czysty.

patryk999
komentarz
komentarz

To dzięki bardzo za szybką pomoc;]

pozdro

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.