x-kom hosting

Reklamiarz

Wozzie
utworzono
utworzono (edytowane)

Już od dłuższego czasu mam problem z reklamami, otóż podczas "surfowania" w mozilli wyskakują mi nowe okna z reklamami portali towarzyskich lub gier w przeglądarce, czasami tez mam przekierowanie do stron "http://www.domainnotlocated.com/"
Log z OTL:
[log]OTL logfile created on: 2010-01-29 23:59:20 - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\User\My Documents\Pobieranie
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 18,50 Gb Free Space | 24,81% Space Free | Partition Type: NTFS
Drive D: | 35,70 Gb Total Space | 19,72 Gb Free Space | 55,24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-05EC46E272
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-01-29 19:11:20 | 04,679,824 | ---- | M] (Devnet) -- C:\Program Files\GetX\GetX.exe
PRC - [2010-01-29 18:44:26 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Pobieranie\OTL.exe
PRC - [2010-01-07 20:22:37 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-01 09:53:49 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009-12-12 09:26:46 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009-12-12 09:26:46 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009-12-07 21:39:30 | 01,260,544 | ---- | M] (AIMP DevTeam) -- C:\Program Files\AIMP2\AIMP2.exe
PRC - [2009-11-22 12:35:48 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-11-22 11:43:25 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009-11-22 11:43:25 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009-11-22 11:43:23 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009-11-22 11:43:21 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009-11-17 15:18:22 | 06,807,552 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe
PRC - [2009-10-30 12:57:08 | 00,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-03-19 17:11:24 | 01,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2009-02-06 12:11:05 | 00,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-10-25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008-04-14 01:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008-04-14 01:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 01:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 01:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 01:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 01:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe
PRC - [2008-04-14 01:12:16 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 01:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 01:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-06-26 12:22:42 | 00,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe
PRC - [2007-04-16 15:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2007-03-12 14:51:26 | 00,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2007-03-06 19:20:00 | 00,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007-03-02 16:48:00 | 00,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007-01-29 21:12:14 | 00,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006-06-16 15:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe
PRC - [2005-10-11 08:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2005-08-06 01:07:44 | 00,069,632 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Mace.exe
PRC - [2005-08-06 01:07:30 | 00,061,440 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005-08-05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005-08-05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005-08-05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
PRC - [2005-08-05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005-08-04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005-08-03 18:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2005-04-26 04:22:32 | 00,589,824 | R--- | M] (VIA Technologies) -- C:\Program Files\VIA\RAID\raid_tool.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-01-29 18:44:26 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Pobieranie\OTL.exe
MOD - [2009-06-25 09:25:26 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 15:51:25 | 00,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 15:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-27 05:56:38 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
MOD - [2009-02-09 13:10:48 | 00,714,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-02-09 13:10:48 | 00,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-10-23 13:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-06-17 20:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 05:42:06 | 00,985,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 01:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008-04-14 01:12:45 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 01:12:08 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 01:12:08 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 01:12:08 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 01:12:07 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 01:12:05 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 01:12:03 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 01:12:02 | 01,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 01:12:02 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 01:12:02 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 01:12:01 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 01:11:58 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2008-04-14 01:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 01:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 01:11:51 | 00,276,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009-12-11 07:08:39 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009-11-22 12:35:48 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-11-22 11:43:23 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009-11-22 11:43:21 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009-10-27 09:26:36 | 00,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009-10-11 22:27:07 | 03,369,044 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008-11-04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-10-25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-06-16 15:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) [Auto | Running] -- C:\Program Files\ewido anti-spyware 4.0\guard.exe -- (ewido anti-spyware 4.0 guard)
SRV - [2005-08-05 21:05:00 | 00,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005-08-04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-11-23 12:32:26 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009-11-22 12:40:15 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-11-22 11:43:35 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009-11-22 11:43:35 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009-10-21 02:19:44 | 00,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009-10-06 08:11:40 | 00,041,984 | ---- | M] (UltraDefrag Development Team) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ultradfg.sys -- (ultradfg)
DRV - [2009-09-23 09:41:58 | 00,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-09-24 10:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008-09-04 06:28:22 | 00,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008-09-04 06:27:54 | 00,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008-09-04 06:27:28 | 00,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008-08-26 09:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-04-13 17:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006-06-16 15:38:54 | 00,003,968 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\ewido anti-spyware 4.0\guard.sys -- (ewido anti-spyware 4.0 driver)
DRV - [2005-08-04 04:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005-05-12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005-04-26 04:22:40 | 00,060,928 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid)
DRV - [2005-03-16 07:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005-01-02 22:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004-10-15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004-08-10 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004-08-03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
IE - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\S-1-5-21-1343024091-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.magic-wow.com/|http://www.google.pl/firefox?client=firefox-a&rlz=1R0GGGL_pl"
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5050
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:3.1.0.1540
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.1
FF - prefs.js..extensions.enabledItems: firedownload@mozilla.org:1.1.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.09
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.3.1.1
FF - prefs.js..extensions.enabledItems: {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}:5.2.3.7
FF - prefs.js..extensions.enabledItems: {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.5.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {F2DDDB92-1605-4260-9B25-45A4DAE87B50}:1.0
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:3.1.0.1800

FF - HKLM\software\mozilla\Firefox\extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\3.1.0.1800\FF [2009-11-27 07:50:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF [2009-11-27 07:50:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF [2009-11-27 07:51:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-15 14:09:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-16 14:24:14 | 00,000,000 | ---D | M]

[2009-11-22 11:51:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions
[2010-01-29 22:28:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\j45dgc83.default\extensions
[2010-01-15 10:14:21 | 00,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\j45dgc83.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009-12-11 23:44:33 | 00,000,000 | ---D | M] (Integrated Gmail) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}
[2009-11-22 13:08:37 | 00,000,000 | ---D | M] (ImageShack® Toolbar) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
[2010-01-15 10:14:20 | 00,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009-12-04 08:11:51 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\j45dgc83.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)
[2010-01-23 19:19:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2010-01-05 22:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\j45dgc83.default\extensions\firedownload@mozilla.org
[2010-01-15 10:14:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\j45dgc83.default\extensions\personas@christopher.beard
[2010-01-29 22:28:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-11-28 08:44:23 | 00,000,000 | ---D | M] (QuestService) -- C:\Program Files\Mozilla Firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50}
[2009-11-03 02:54:10 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-11-03 02:54:10 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-11-03 02:54:10 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-11-03 02:54:10 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-11-28 08:44:23 | 00,002,405 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\questservice127.xml
[2009-11-03 02:54:10 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-11-03 02:54:10 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-01-23 21:09:24 | 00,000,831 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 89.149.200.219 l2authd.lineage2.com
O1 - Hosts: 89.149.200.219 l2testauthd.lineage2.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\User\Application Data\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ATIMACE] C:\Program Files\ATI Technologies\ATI.ACE\Mace.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1343024091-1214440339-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1343024091-1214440339-725345543-1003..\Run: [Twoje TVN24] File not found
O4 - HKU\S-1-5-21-1343024091-1214440339-725345543-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Sid Registration.lnk = G:\ATR1.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.228.6.43 89.228.6.83
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-11-22 10:55:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-11-22 11:28:45 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-01-29 19:58:09 | 00,000,000 | ---D | C] -- C:\Program Files\ewido anti-spyware 4.0
[2010-01-29 19:32:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-01-29 19:26:08 | 00,000,000 | ---D | C] -- C:\_OTL
[2010-01-29 18:54:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\DoctorWeb
[2010-01-28 22:45:59 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010-01-20 22:26:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Leadertech
[2010-01-20 22:21:21 | 00,000,000 | ---D | C] -- C:\Program Files\Firaxis Games
[2010-01-19 20:33:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\My PaperPort Documents
[2010-01-19 20:32:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ScanSoft
[2010-01-18 22:47:12 | 00,000,000 | ---D | C] -- C:\Program Files\GetX
[2010-01-18 19:34:47 | 00,000,000 | ---D | C] -- C:\e1ab26f0a777f17b5380
[2010-01-18 01:19:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-PL
[2010-01-18 01:14:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010-01-18 01:14:13 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010-01-18 01:13:31 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010-01-16 22:57:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010-01-16 22:45:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys
[2010-01-16 22:45:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2010-01-16 22:44:40 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010-01-16 22:43:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Nokia
[2010-01-16 22:43:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\PC Suite
[2010-01-16 22:43:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010-01-16 22:42:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010-01-16 22:42:42 | 00,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010-01-16 22:42:35 | 00,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010-01-16 22:42:11 | 00,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010-01-16 22:42:11 | 00,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010-01-16 22:38:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010-01-16 21:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Słownik SuperMemo
[2010-01-16 14:07:20 | 00,000,000 | R--D | C] -- C:\Documents and Settings\User\Application Data\Brother
[2010-01-15 20:30:07 | 00,000,000 | ---D | C] -- C:\Program Files\DuelMasters
[2010-01-14 20:50:43 | 00,000,000 | ---D | C] -- C:\Program Files\Tibia Auto
[2010-01-14 14:08:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Tibia
[2010-01-14 13:48:03 | 00,000,000 | ---D | C] -- C:\Program Files\Tibia
[2010-01-13 12:15:22 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010-01-10 20:30:10 | 00,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010-01-10 20:30:10 | 00,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010-01-10 20:30:09 | 00,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010-01-10 20:30:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Apowersoft
[2010-01-10 20:30:01 | 00,000,000 | ---D | C] -- C:\Program Files\Apowersoft
[2010-01-06 07:08:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2010-01-05 22:49:56 | 00,000,000 | ---D | C] -- C:\Program Files\PowerDataRecovery
[2010-01-05 22:31:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-01-05 17:30:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\World of Warcraft Installer
[2010-01-05 14:05:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2010-01-04 19:58:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010-01-04 12:44:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2010-01-01 12:08:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009-12-31 16:30:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\MahJong Suite
[2009-12-07 13:56:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009-11-22 11:42:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009-11-22 10:59:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009-11-22 10:55:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-01-29 23:53:56 | 04,718,592 | ---- | M] () -- C:\Documents and Settings\User\ntuser.dat
[2010-01-29 19:58:14 | 00,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ewido anti-spyware.lnk
[2010-01-29 19:43:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-29 19:43:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-29 19:42:21 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010-01-29 19:32:43 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010-01-29 17:32:00 | 54,817,768 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010-01-28 23:18:32 | 03,172,904 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010-01-28 00:00:33 | 02,523,480 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Obraz 005.jpg
[2010-01-26 16:35:50 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-23 21:08:19 | 00,000,076 | ---- | M] () -- C:\fraglist.luar
[2010-01-21 09:56:46 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-20 22:27:04 | 00,000,431 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Sid Registration.lnk
[2010-01-20 09:28:34 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010-01-19 14:43:05 | 00,505,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-01-19 14:43:05 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-01-19 14:43:05 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-01-19 14:40:14 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-01-19 01:17:18 | 05,672,795 | ---- | M] () -- C:\Documents and Settings\User\My Documents\iz.psd
[2010-01-18 21:30:20 | 00,072,824 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-01-18 21:29:51 | 00,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-01-16 23:49:29 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-01-16 22:56:30 | 00,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2010-01-16 22:44:54 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-01-16 22:44:53 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-01-16 22:29:56 | 00,000,712 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Skrót do Advanced_cz1.lnk
[2010-01-16 14:24:15 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010-01-15 21:06:48 | 00,234,554 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Bez nazwy 1.psd
[2010-01-15 21:05:47 | 00,018,304 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Bez-nazwy-1.gif
[2010-01-15 12:10:08 | 00,240,792 | ---- | M] () -- C:\Documents and Settings\User\My Documents\1.psd
[2010-01-14 21:25:13 | 00,009,378 | ---- | M] () -- C:\Documents and Settings\User\My Documents\tibiaAuto.cfg.Hunrak.xml
[2010-01-14 20:52:10 | 00,001,573 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Tibia Auto.lnk
[2010-01-14 13:48:05 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tibia.lnk
[2010-01-14 11:06:31 | 00,026,108 | ---- | M] () -- C:\Documents and Settings\User\Desktop\2b910239000065fc.jpg
[2010-01-13 07:56:40 | 00,000,155 | ---- | M] () -- C:\Documents and Settings\User\default.pls
[2010-01-13 07:56:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-10 20:30:10 | 00,000,997 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Streaming Video Recorder.lnk
[2010-01-06 11:23:37 | 00,000,485 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Skrót do Wow.lnk
[2010-01-05 22:49:57 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Power Data Recovery.lnk
[2010-01-05 22:33:06 | 00,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-01-05 22:33:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-01-05 22:33:06 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2010-01-05 14:05:28 | 00,000,882 | ---- | M] () -- C:\Documents and Settings\User\Desktop\World of Warcraft Installer.lnk
[2010-01-03 19:34:37 | 12,432,7846 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Bez nazwy 1.psd
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-01-29 19:58:14 | 00,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ewido anti-spyware.lnk
[2010-01-29 19:32:42 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010-01-20 22:27:04 | 00,000,431 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Sid Registration.lnk
[2010-01-19 01:16:44 | 05,672,795 | ---- | C] () -- C:\Documents and Settings\User\My Documents\iz.psd
[2010-01-16 22:56:30 | 00,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2010-01-16 22:44:54 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-01-16 22:44:53 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-01-16 22:29:56 | 00,000,712 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Skrót do Advanced_cz1.lnk
[2010-01-16 14:24:14 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010-01-15 21:05:47 | 00,018,304 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Bez-nazwy-1.gif
[2010-01-15 12:16:39 | 00,234,554 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Bez nazwy 1.psd
[2010-01-15 11:30:38 | 00,240,792 | ---- | C] () -- C:\Documents and Settings\User\My Documents\1.psd
[2010-01-14 21:25:13 | 00,009,378 | ---- | C] () -- C:\Documents and Settings\User\My Documents\tibiaAuto.cfg.Hunrak.xml
[2010-01-14 20:52:10 | 00,001,573 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Tibia Auto.lnk
[2010-01-14 20:51:30 | 01,867,776 | ---- | C] () -- C:\WINDOWS\System\python24.dll
[2010-01-14 13:48:05 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tibia.lnk
[2010-01-14 11:06:42 | 00,026,108 | ---- | C] () -- C:\Documents and Settings\User\Desktop\2b910239000065fc.jpg
[2010-01-10 20:30:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010-01-10 20:30:10 | 00,000,997 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Streaming Video Recorder.lnk
[2010-01-06 11:23:37 | 00,000,485 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Skrót do Wow.lnk
[2010-01-05 22:49:57 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Power Data Recovery.lnk
[2010-01-05 14:05:28 | 00,000,882 | ---- | C] () -- C:\Documents and Settings\User\Desktop\World of Warcraft Installer.lnk
[2010-01-03 19:33:56 | 12,432,7846 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Bez nazwy 1.psd
[2009-12-14 19:48:07 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009-12-01 16:15:07 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-11-30 18:31:36 | 00,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009-11-25 15:25:20 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-25 13:33:19 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009-11-24 19:11:22 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-11-22 13:20:31 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009-11-22 12:53:39 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-11-22 12:40:15 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-11-22 12:30:32 | 00,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009-11-22 12:30:32 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009-11-22 12:27:32 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009-11-22 12:02:07 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-10-06 08:11:50 | 00,091,648 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005-08-05 14:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-12-11 16:06:00 | 00,001,270 | ---- | M] () -- C:\1.bmp
[2009-12-11 16:06:19 | 00,001,366 | ---- | M] () -- C:\2.bmp
[2009-11-22 10:55:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-01-05 22:33:06 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009-11-22 10:55:26 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-01-23 21:08:19 | 00,000,076 | ---- | M] () -- C:\fraglist.luar
[2009-11-22 10:55:26 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-11-22 10:55:26 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-10 13:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-12-07 12:15:52 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2010-01-29 19:43:33 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys
< End of report >
[/log]

Pozdrawiam i liczę na pomoc :)

Mateusz J.
komentarz
komentarz

Uruchom OTL i w oknie Custom Scans/Fixes wklej

[code]:OTL
FF - HKLM\software\mozilla\Firefox\extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\3.1.0.1800\FF [2009-11-27 07:50:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5050\FF [2009-11-27 07:50:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\3.1.0.1540\FF [2009-11-27 07:51:09 | 00,000,000 | ---D | M]
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

:Files
C:\Program Files\Web Search Operator
C:\Program Files\Automated Content Enhancer
C:\Program Files\Customized Platform Advancer

:Commands
[emptytemp]
[Reboot]
[/code]
Kliknij Run Fix. Zatwierdź restart komputera.
Po ponownym uruchomieniu komputera tworzysz nowy log i pokazujesz do kontroli.

  • Dobra wypowiedź 1
Wozzie
komentarz
komentarz

Zrobiłem tak jak mówisz OTL zaczął restart ale zatrzymał się na :
[code]FF - HKLM\software\mozilla\Firefox\extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}:[/code]
Poczekałem godzinę i nic się nie zmieniło ciągle processing był na tym samym. Mam czekać dłużej czy coś nie tak jest ?

Mateusz J.
komentarz
komentarz

Pokaż nowy log z OTL.

Wozzie
komentarz
komentarz (edytowane)

[log]OTL logfile created on: 2010-01-30 15:42:27 - Run 4
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\User\My Documents\Pobieranie
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 18,22 Gb Free Space | 24,44% Space Free | Partition Type: NTFS
Drive D: | 35,70 Gb Total Space | 19,72 Gb Free Space | 55,24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-05EC46E272
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-01-29 18:44:26 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Pobieranie\OTL.exe
PRC - [2010-01-07 20:22:37 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-01 09:53:49 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009-12-12 09:26:46 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009-12-12 09:26:46 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009-12-07 21:39:30 | 01,260,544 | ---- | M] (AIMP DevTeam) -- C:\Program Files\AIMP2\AIMP2.exe
PRC - [2009-11-22 12:35:48 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-11-22 11:43:25 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009-11-22 11:43:25 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009-11-22 11:43:23 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009-11-22 11:43:21 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009-11-17 15:18:22 | 06,807,552 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe
PRC - [2009-10-30 12:57:08 | 00,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-03-19 17:11:24 | 01,138,688 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2009-02-06 12:11:05 | 00,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-10-25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008-04-14 01:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008-04-14 01:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 01:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 01:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 01:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 01:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe
PRC - [2008-04-14 01:12:16 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 01:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 01:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2007-04-16 15:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2007-03-12 14:51:26 | 00,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2007-03-06 19:20:00 | 00,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007-03-02 16:48:00 | 00,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007-01-29 21:12:14 | 00,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006-06-16 15:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe
PRC - [2005-10-11 08:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2005-08-06 01:07:30 | 00,061,440 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005-08-05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005-08-05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005-08-05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
PRC - [2005-08-05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005-08-04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005-08-03 18:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2005-04-26 04:22:32 | 00,589,824 | R--- | M] (VIA Technologies) -- C:\Program Files\VIA\RAID\raid_tool.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-01-29 18:44:26 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Pobieranie\OTL.exe
MOD - [2009-12-21 20:14:05 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll
MOD - [2009-12-21 20:14:05 | 00,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
MOD - [2009-12-21 20:14:03 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll
MOD - [2009-12-21 20:14:02 | 11,070,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieframe.dll
MOD - [2009-09-04 22:03:36 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msasn1.dll
MOD - [2009-07-31 05:35:42 | 01,172,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msxml3.dll
MOD - [2009-07-17 20:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll
MOD - [2009-07-12 01:12:06 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009-07-11 19:41:02 | 00,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009-06-25 09:25:26 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 15:51:25 | 00,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 15:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-03-06 04:33:26 | 00,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009-02-27 05:56:38 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
MOD - [2009-02-12 15:19:38 | 00,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009-02-12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2009-02-09 13:10:48 | 00,714,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-02-09 13:10:48 | 00,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-01-07 18:20:36 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll
MOD - [2008-10-25 11:44:34 | 00,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2008-10-23 13:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-10-15 17:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll
MOD - [2008-06-20 18:46:57 | 00,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll
MOD - [2008-06-17 20:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 05:42:06 | 00,985,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 01:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008-04-14 01:12:45 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 01:12:10 | 00,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll
MOD - [2008-04-14 01:12:10 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll
MOD - [2008-04-14 01:12:09 | 00,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 01:12:08 | 00,727,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008-04-14 01:12:08 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 01:12:08 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 01:12:08 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 01:12:07 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 01:12:05 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 01:12:04 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 01:12:03 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 01:12:02 | 01,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 01:12:02 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 01:12:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll
MOD - [2008-04-14 01:12:02 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 01:12:02 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 01:12:02 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll
MOD - [2008-04-14 01:12:01 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 01:12:00 | 00,274,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstask.dll
MOD - [2008-04-14 01:11:59 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msimg32.dll
MOD - [2008-04-14 01:11:58 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2008-04-14 01:11:57 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll
MOD - [2008-04-14 01:11:56 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2008-04-14 01:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 01:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 01:11:51 | 00,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008-04-14 01:11:51 | 00,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crypt32.dll
MOD - [2008-04-14 01:11:51 | 00,276,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 01:11:50 | 00,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-14 01:11:49 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll
MOD - [2008-04-13 18:37:57 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006-06-16 15:38:50 | 00,073,728 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll


[color=#E56717]========== LOP Check ==========[/color]

[2010-01-01 12:08:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009-11-26 16:12:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009-11-29 23:44:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009-11-22 12:39:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-01-16 22:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009-11-28 12:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010-01-16 22:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009-12-10 18:49:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2010-01-16 22:43:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009-12-05 11:27:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuestService
[2009-11-22 12:27:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010-01-30 15:40:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AIMP
[2010-01-10 20:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Apowersoft
[2009-11-25 13:22:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Lite
[2009-12-24 18:51:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Gadu-Gadu 10
[2009-11-30 18:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GlarySoft
[2010-01-20 22:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2009-11-24 13:17:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LG Electronics
[2009-11-27 21:46:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010-01-04 19:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MahJong Suite
[2010-01-16 22:59:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia
[2009-11-22 15:12:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenFM
[2010-01-16 22:45:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
[2010-01-19 20:32:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ScanSoft
[2009-12-11 15:17:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thinstall
[2010-01-14 14:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Tibia
[2010-01-30 14:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-12-11 16:06:00 | 00,001,270 | ---- | M] () -- C:\1.bmp
[2009-12-11 16:06:19 | 00,001,366 | ---- | M] () -- C:\2.bmp
[2009-11-22 10:55:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-01-05 22:33:06 | 00,000,209 | ---- | M] () -- C:\Boot.bak
[2010-01-30 14:04:23 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2004-08-03 23:00:14 | 00,262,400 | ---- | M] () -- C:\cmldr
[2010-01-30 14:21:45 | 00,030,410 | ---- | M] () -- C:\ComboFix.txt
[2009-11-22 10:55:26 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-01-23 21:08:19 | 00,000,076 | ---- | M] () -- C:\fraglist.luar
[2009-11-22 10:55:26 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-11-22 10:55:26 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-10 13:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-12-07 12:15:52 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2010-01-30 14:12:39 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys

[color=#A23BEC]< >[/color]
< End of report >
[/log]

jakoś trzeba odświeżyć temat. Bo dalej problem jest.

Gość
komentarz
komentarz

Wklej log w całości, lub daj log z ComboFixa.

Wozzie
komentarz
komentarz

[log]ComboFix 10-01-29.09 - User 2010-01-30 14:06:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1033.18.1534.1032 [GMT 1:00]
Uruchomiony z: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk
c:\documents and settings\User\Application Data\EurekaLog
c:\documents and settings\User\Local Settings\Temporary Internet Files\mvb06759.tmp
c:\windows\kb913800.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Pliki utworzone od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-30 10:11 . 2010-01-30 10:11 -------- d-----w- c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Web Search Operator
2010-01-30 10:11 . 2010-01-30 10:11 -------- d-----w- c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Customized Platform Advancer
2010-01-30 10:11 . 2010-01-30 10:11 -------- d-----w- c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Automated Content Enhancer
2010-01-30 10:11 . 2010-01-30 10:11 -------- d-----w- c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla
2010-01-30 10:11 . 2010-01-30 10:11 -------- d-sh--w- c:\documents and settings\Administrator.USER-05EC46E272\IETldCache
2010-01-29 18:58 . 2010-01-29 18:58 -------- d-----w- c:\program files\ewido anti-spyware 4.0
2010-01-29 18:32 . 2010-01-29 18:32 -------- d-----w- c:\program files\Trend Micro
2010-01-29 18:26 . 2010-01-29 18:26 -------- d-----w- C:\_OTL
2010-01-29 17:54 . 2010-01-29 17:54 -------- d-----w- c:\documents and settings\User\DoctorWeb
2010-01-20 21:26 . 2010-01-20 21:26 -------- d-----w- c:\documents and settings\User\Application Data\Leadertech
2010-01-20 21:21 . 2010-01-20 22:23 -------- d-----w- c:\program files\Firaxis Games
2010-01-19 19:32 . 2010-01-19 19:32 -------- d-----w- c:\documents and settings\User\Application Data\ScanSoft
2010-01-18 21:47 . 2010-01-29 22:00 -------- d-----w- c:\program files\GetX
2010-01-18 18:34 . 2010-01-18 18:35 -------- d-----w- C:\e1ab26f0a777f17b5380
2010-01-18 00:19 . 2010-01-18 00:19 -------- d-----w- c:\windows\system32\pl-PL
2010-01-18 00:14 . 2010-01-18 18:35 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-18 00:14 . 2010-01-18 00:14 -------- d-----w- c:\program files\Reference Assemblies
2010-01-18 00:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-18 00:13 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-16 21:57 . 2010-01-16 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-01-16 21:45 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-16 21:45 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-16 21:44 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-01-16 21:43 . 2010-01-16 21:59 -------- d-----w- c:\documents and settings\User\Application Data\Nokia
2010-01-16 21:43 . 2010-01-16 21:45 -------- d-----w- c:\documents and settings\User\Application Data\PC Suite
2010-01-16 21:43 . 2010-01-16 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-01-16 21:42 . 2010-01-28 21:46 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-16 21:42 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-16 21:42 . 2010-01-16 21:42 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-16 21:42 . 2010-01-28 21:44 -------- d-----w- c:\program files\Nokia
2010-01-16 21:42 . 2009-10-06 10:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-01-16 21:38 . 2010-01-16 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-01-16 13:07 . 2010-01-16 13:07 -------- d-----r- c:\documents and settings\User\Application Data\Brother
2010-01-15 19:30 . 2010-01-15 20:07 -------- d-----w- c:\program files\DuelMasters
2010-01-14 19:51 . 2006-06-26 01:49 1867776 ----a-w- c:\windows\system\python24.dll
2010-01-14 19:50 . 2010-01-21 21:04 -------- d-----w- c:\program files\Tibia Auto
2010-01-14 13:08 . 2010-01-14 13:08 -------- d-----w- c:\documents and settings\User\Application Data\Tibia
2010-01-14 12:48 . 2010-01-14 19:52 -------- d-----w- c:\program files\Tibia
2010-01-13 11:15 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 19:30 . 2010-01-10 19:30 -------- d-----w- c:\documents and settings\User\Application Data\Apowersoft
2010-01-10 19:30 . 2010-01-10 19:30 -------- d-----w- c:\program files\Apowersoft
2010-01-06 06:08 . 2010-01-06 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2010-01-05 21:49 . 2010-01-05 21:51 -------- d-----w- c:\program files\PowerDataRecovery
2010-01-05 13:05 . 2010-01-05 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-01-04 11:44 . 2010-01-05 12:47 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-01 11:08 . 2010-01-01 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-12-31 15:30 . 2010-01-04 18:59 -------- d-----w- c:\documents and settings\User\Application Data\MahJong Suite

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 13:14 . 2009-12-13 17:55 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-01-30 11:24 . 2009-11-26 18:30 -------- d-----w- c:\program files\sXe Injected
2010-01-30 10:55 . 2009-11-26 16:34 -------- d-----w- c:\program files\Counter-Strike
2010-01-29 23:16 . 2009-11-24 11:06 -------- d-----w- c:\documents and settings\User\Application Data\AIMP
2010-01-29 20:40 . 2009-11-22 11:36 -------- d-----w- c:\program files\JDownloader
2010-01-19 19:40 . 2009-11-22 11:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-19 07:33 . 2010-01-27 08:33 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-19 07:33 . 2010-01-27 08:33 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-18 23:05 . 2009-11-27 09:01 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-01-18 23:05 . 2009-11-27 08:59 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-01-18 20:30 . 2009-11-22 10:13 72824 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-18 00:19 . 2009-11-30 13:42 -------- d-----w- c:\program files\MSBuild
2010-01-16 21:55 . 2010-01-16 21:55 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-01-16 21:55 . 2010-01-16 21:55 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-01-16 21:55 . 2010-01-16 21:55 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-01-16 21:52 . 2010-01-16 21:56 24566576 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_pl.exe
2010-01-16 21:44 . 2010-01-16 21:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-16 21:44 . 2010-01-16 21:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-16 21:42 . 2009-11-22 11:07 -------- d-----w- c:\program files\DIFX
2010-01-16 21:40 . 2010-01-16 21:40 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-16 21:40 . 2010-01-16 21:40 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-16 21:40 . 2010-01-16 21:40 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-16 21:40 . 2010-01-16 21:40 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-16 21:38 . 2010-01-16 21:41 34801240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_pol_web.exe
2010-01-16 13:24 . 2009-11-24 16:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-13 13:14 . 2009-11-30 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-05 22:18 . 2009-11-27 06:52 -------- d-----w- c:\program files\QuestService
2010-01-04 19:18 . 2009-12-26 09:28 -------- d-----w- c:\program files\Nobilis
2010-01-01 08:53 . 2009-12-12 08:26 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-30 22:03 . 2009-12-30 22:03 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-12-26 13:42 . 2010-01-15 09:14 110592 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2009-12-26 09:33 . 2009-12-26 09:33 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-26 09:33 . 2009-12-26 09:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-24 17:51 . 2009-11-22 11:49 -------- d-----w- c:\documents and settings\User\Application Data\Gadu-Gadu 10
2009-12-21 19:14 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 16:01 . 2009-11-24 11:05 -------- d-----w- c:\program files\AIMP2
2009-12-16 14:08 . 2009-12-16 14:05 -------- d-----w- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-12-16 06:09 . 2009-12-16 06:02 -------- d-----w- c:\program files\AMX Mod X
2009-12-13 17:56 . 2009-12-13 17:56 -------- d-----w- c:\program files\uTorrent
2009-12-11 15:39 . 2009-12-02 14:42 -------- d-----w- c:\documents and settings\User\Application Data\teamspeak2
2009-12-11 14:17 . 2009-11-22 17:09 -------- d-----w- c:\documents and settings\User\Application Data\Thinstall
2009-12-11 09:07 . 2009-11-27 21:48 -------- d-----w- c:\program files\Pasek TVN24
2009-12-11 09:06 . 2009-11-27 06:50 -------- d-----w- c:\program files\Gameztar Toolbar
2009-12-11 06:08 . 2009-12-11 06:08 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-12-10 17:49 . 2009-11-22 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\OpenFM
2009-12-10 17:30 . 2009-12-08 19:45 -------- d-----w- c:\program files\CAPCOM
2009-12-08 19:57 . 2009-12-08 19:57 -------- d-----w- c:\program files\Common Files\DirectX
2009-12-07 11:27 . 2009-11-22 09:54 166939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-05 15:45 . 2009-12-05 15:45 -------- d-----w- c:\documents and settings\User\Application Data\Media Player Classic
2009-12-05 15:44 . 2009-12-05 15:44 -------- d-----w- c:\program files\Real Alternative
2009-12-05 15:44 . 2009-11-25 14:32 -------- d-----w- c:\program files\Common Files\Real
2009-12-05 15:41 . 2009-12-05 15:41 -------- d-----w- c:\documents and settings\User\Application Data\GRETECH
2009-12-05 15:40 . 2009-12-05 15:40 -------- d-----w- c:\program files\GRETECH
2009-12-05 15:38 . 2009-12-01 15:14 -------- d-----w- c:\program files\ALLPlayer
2009-12-05 15:30 . 2009-12-01 15:08 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-12-05 10:27 . 2009-11-27 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\QuestService
2009-12-04 17:53 . 2009-12-05 10:27 58744 ----a-w- c:\documents and settings\All Users\Application Data\QuestService\questservice129.exe
2009-12-04 09:39 . 2009-11-30 13:42 -------- d-----w- c:\program files\Microsoft Works
2009-12-04 07:11 . 2009-12-03 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-02 14:42 . 2009-12-02 14:42 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-12-01 20:13 . 2009-12-01 20:12 -------- d-----w- c:\program files\Windows Live
2009-12-01 20:13 . 2009-12-01 20:13 -------- d-----w- c:\program files\Microsoft
2009-12-01 20:12 . 2009-12-01 20:12 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-01 20:05 . 2009-12-01 20:05 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-28 11:11 . 2009-11-28 11:11 92 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-11-28 11:11 . 2009-11-28 11:11 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe
2009-11-27 14:21 . 2010-01-30 10:10 38208 ----a-w- c:\documents and settings\Administrator.USER-05EC46E272\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-27 14:21 . 2009-11-27 14:16 38208 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-27 14:21 . 2009-11-27 13:52 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-27 09:01 . 2009-11-27 09:01 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-25 14:33 . 2006-07-11 17:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-25 12:34 . 2009-11-25 12:33 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-11-23 11:32 . 2009-11-22 10:43 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-22 13:04 . 2009-11-22 13:04 177024 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\FlashGot.exe
2009-11-22 12:20 . 2009-11-22 12:20 127 ----a-w- c:\documents and settings\User\Local Settings\Application Data\fusioncache.dat
2009-11-22 11:40 . 2009-11-22 11:40 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-22 11:35 . 2009-11-22 11:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-22 11:35 . 2009-11-22 11:35 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-11-22 11:29 . 2009-11-22 11:29 50 ----a-w- c:\windows\system32\bridf07a.dat
2009-11-22 11:08 . 2009-11-22 11:08 9158 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-11-22 10:51 . 2009-11-22 10:51 0 ----a-w- c:\windows\nsreg.dat
2009-11-22 10:43 . 2009-11-22 10:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-22 10:43 . 2009-11-22 10:43 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-22 10:43 . 2009-11-22 10:43 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-22 09:50 . 2009-11-22 09:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-21 15:51 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 10:48 . 2009-11-27 09:20 872960 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 10:48 . 2009-11-27 09:20 43008 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 10:48 . 2009-11-27 09:20 340480 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 10:48 . 2009-11-27 09:20 346624 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-18 14:52 . 2009-11-18 14:52 37376 ----a-w- c:\documents and settings\User\Application Data\Gadu-Gadu 10\_userdata\ggbho.2.dll
2009-11-18 14:52 . 2009-11-18 14:52 11776 ----a-w- c:\documents and settings\User\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-13 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"ATIMACE"="c:\program files\ATI Technologies\ATI.ACE\MACE.exe" [2005-08-06 69632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST - pasek zadaä.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-6 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-22 10:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2009-06-04 21:56 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
2009-11-17 14:18 6807552 ----a-w- c:\progra~1\WapSter\WAPSTE~1\AQQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-13 17:56 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Counter-Strike\\hl.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
"6953:TCP"= 6953:TCP:League of Legends Launcher
"6953:UDP"= 6953:UDP:League of Legends Launcher
"6972:TCP"= 6972:TCP:League of Legends Launcher
"6972:UDP"= 6972:UDP:League of Legends Launcher

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-22 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-22 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-22 360584]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-11-22 13696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2009-11-22 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-11-22 285392]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-10-06 41984]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.magic-wow.com/|http://www.google.pl/firefox?client=firefox-a&rlz=1R0GGGL_pl
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\firedownload@mozilla.org\components\firedownload.dll
FF - component: c:\program files\Automated Content Enhancer\4.1.0.5050\FF\components\ACEFFAddOn.dll
FF - component: c:\program files\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.dll
FF - component: c:\program files\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.dll
FF - plugin: c:\documents and settings\User\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\User\Application Data\Gadu-Gadu 10\_userdata\nppl3260.dll
FF - plugin: c:\documents and settings\User\Application Data\Gadu-Gadu 10\_userdata\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Twoje TVN24 - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 14:14
Windows 5.1.2600 Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spdc.sys >>UNKNOWN [0x8A28E938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28
\Driver\ACPI -> ACPI.sys @ 0xba674cb8
\Driver\atapi -> atapi.sys @ 0xba609b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba513bd4
PacketIndicateHandler -> NDIS.sys @ 0xba51fa21
SendHandler -> NDIS.sys @ 0xba513d44
user & kernel MBR OK
copy of MBR has been found in sector 32 !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1984)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\ewido anti-spyware 4.0\guard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2010-01-30 14:21:44 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-01-30 13:21

Przed: 19 531 653 120 bytes free
Po: 19 547 004 928 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 298AEA7817BD689454BA949C84181150
[/log]

To jest combofix

Gość
komentarz
komentarz

Wklej do Notatnika:
[quote]
Driver::
npggsvc

Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"=-

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

Folder::
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default
c:\documents and settings\All Users\Application Data\QuestService
c:\program files\Gameztar Toolbar
c:\program files\QuestService
c:\documents and settings\All Users\Application Data\Blizzard
c:\program files\Common Files\Blizzard Entertainment
c:\documents and settings\All Users\Application Data\2DBoy
c:\documents and settings\All Users\Application Data\Blizzard Entertainment
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Web Search Operator
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Customized Platform Advancer
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Automated Content Enhancer
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla
c:\documents and settings\Administrator.USER-05EC46E272\IETldCache
[/quote]
[b]>>Plik>>Zapisz jako... >>> [color="red"]CFScript[/color][/b]
Przeciągnij i upuść plik [color="red"][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b]
[b][color="blue"]-------->[/color][/b] [img]http://img167.imageshack.us/img167/7180/cfscript10gm1.gif[/img]
Ma się rozpocząć kopiowanie. (i powstanie log).

Wozzie
komentarz
komentarz

[log]ComboFix 10-01-29.09 - User 2010-02-04 19:21:20.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1033.18.1534.1009 [GMT 1:00]
Uruchomiony z: c:\documents and settings\User\Desktop\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\User\Desktop\CFScript .txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator.USER-05EC46E272\IETldCache
c:\documents and settings\Administrator.USER-05EC46E272\IETldCache\index.dat
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Automated Content Enhancer
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5050\config.md
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5050\NP_20100130-111149.671.log
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5050\NP_20100130-112020.953.log
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Automated Content Enhancer\4.1.0.5050\NP_20100130-112022.984.log
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Customized Platform Advancer
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1540\config.md
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1540\HJHP_20100130-111149.859.log
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1540\HJHP_20100130-112021.031.log
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Customized Platform Advancer\3.1.0.1540\HJHP_20100130-112023.000.log
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\_CACHE_001_
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\_CACHE_002_
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\_CACHE_003_
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\_CACHE_MAP_
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\10821FBCd01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\11D7D0C9d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\13D47B82d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\211BF472d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\2DD44B3Ad01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\3829EEB7d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\39C78D5Bd01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\39CD5C51d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\652BCCDFd01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\869768F6d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\95F763ACd01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\A7CBCAB8d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\D51300D4d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\E0EBA0C6d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\E2159908d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\E566E071d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\EAA36B92d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\ED17EE3Bd01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\F11D19E5d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\F3655B7Cd01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\Cache\F7058525d01
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\urlclassifier3.sqlite
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\XPC.mfl
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ldzntm6.default\XUL.mfl
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Web Search Operator
c:\documents and settings\Administrator.USER-05EC46E272\Local Settings\Application Data\Web Search Operator\3.1.0.1800\config.md
c:\documents and settings\All Users\Application Data\2DBoy
c:\documents and settings\All Users\Application Data\2DBoy\WorldOfGoo\pers2.dat
c:\documents and settings\All Users\Application Data\Blizzard Entertainment
c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Logs\World of Warcraft Update\Logs\Blizzard Updater Log.html
c:\documents and settings\All Users\Application Data\Blizzard
c:\documents and settings\All Users\Application Data\Blizzard\InstallerReplacements\InstallerReplacement.log
c:\documents and settings\All Users\Application Data\QuestService
c:\documents and settings\All Users\Application Data\QuestService\questservice129.exe
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\blocklist.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\bookmarkbackups\bookmarks-2010-01-30.json
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\bookmarkbackups\bookmarks-2010-02-01.json
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\bookmarkbackups\bookmarks-2010-02-02.json
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\bookmarkbackups\bookmarks-2010-02-03.json
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\bookmarkbackups\bookmarks-2010-02-04.json
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\bookmarks.html
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\cert_override.txt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\cert8.db
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\chrome\userChrome-example.css
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\chrome\userContent-example.css
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\compatibility.ini
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\compreg.dat
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\content-prefs.sqlite
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\cookies.sqlite-journal
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\cookies.sqlite
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\downloads.sqlite
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions.cache
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions.ini
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions.log
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\chrome.manifest
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\chrome\flashgot.jar
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\components\flashgotService.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\defaults\preferences\flashgot.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\FlashGot_License.txt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\GPL.txt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\install.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\install.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\META-INF\manifest.mf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\META-INF\zigbert.rsa
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}\META-INF\zigbert.sf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome.manifest
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome\chrome_user.jar
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences\defaults.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\install.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\chrome.manifest
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\options\downarrow.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\options\options.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\options\options_contentLoader.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\options\options_importexporter.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\options\options_interface.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\options\options_preferences.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\options\options_toolbarAccess.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\options\tools_menu.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\options\uparrow.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\prefman.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\script-compiler-overlay.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\script-compiler.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\scripts\CalendarCollapsibleScript\collapsiblecalendar.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\scripts\DragAndResizeYahooScripts\ReorderLayout.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\scripts\DragAndResizeYahooScripts\ReorderSideBars.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\scripts\integratedgmail.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\scripts\iramemodifier.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\scripts\PeterWooleyScripts\GMail.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\scripts\PeterWooleyScripts\GReader.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\scripts\PeterWooleyScripts\GVoice.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\scripts\PeterWooleyScripts\GWave.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\scripts\ScheduleOnceScripts\sogcal.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\scripts\ScheduleOnceScripts\sogmail.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\content\xmlhttprequester.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\defaults\preferences\defaults.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\install.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\locale\en-US\options.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\locale\en-US\options.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}\skin\classic\icon.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome.manifest
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\content\browser-overlay.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\content\minibar-context-menu.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\content\minibar.html
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\content\write-icon.html
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\google-toolbar.jar
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ar\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ar\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\bg\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\bg\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ca\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ca\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\cs-CZ\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\cs-CZ\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\da-DK\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\da-DK\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\de-DE\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\de-DE\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\el\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\el\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\en-GB\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\en-GB\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\en-US\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\en-US\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\es-ES\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\es-ES\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\fi-FI\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\fi-FI\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\fr-FR\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\fr-FR\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\he-IL\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\he-IL\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\hu-HU\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\hu-HU\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\it-IT\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\it-IT\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ja-JP\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ja-JP\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ko-KR\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ko-KR\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\lt\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\lt\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\nb-NO\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\nb-NO\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\nl-NL\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\nl-NL\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\pl-PL\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\pl-PL\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\pt-BR\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\pt-BR\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\pt-PT\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\pt-PT\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ro\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ro\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ru-RU\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\ru-RU\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\sk-SK\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\sk-SK\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\sl\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\sl\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\sv-SE\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\sv-SE\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\tr-TR\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\tr-TR\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\uk\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\uk\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\zh-CN\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\zh-CN\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\zh-TW\google-sidewiki.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\locale\zh-TW\google-sidewiki.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\browser-overlay.css
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\minibar.css
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-arrow-down-default.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-arrow-down-disabled.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-arrow-up-default.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-arrow-up-disabled.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-chevron-close.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-chevron-disabled.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-chevron-open.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-gripper.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-icon-small.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-nub-active-multi.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-nub-active-single.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-nub-default-multi.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-nub-default-single.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-nub-disabled-multi.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-nub-disabled-single.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-toolbar-bubble-active.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-toolbar-bubble-disabled.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-toolbar-bubble-hollow.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-toolbar-bubble-notify-new.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki-write-icon.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki_icon_write.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki_icon_yellowbubble.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome\skin\sidewiki_logo.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\bootstrap.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.xpt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics-module.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\unitsdata.bz2
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components\html-sanitizer-minified.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components\json_comp.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components\suggest_window.html
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling\doc.ico
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\books.google.com.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\calendar.google.com.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\docs.google.com.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\google.com_blog_search.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\google.com_finance.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\google.com_patents.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\google.com_scholar.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\photos.google.com.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\toolbar.google.com_CTK0Y7F4MTG6NKYH03WT.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\toolbar.google.com_J66T77NJDBMW4FEUU7FA.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons\video.google.com.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences\options.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\install.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib\metrics.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib\toolbar.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\LICENSE.txt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF\manifest.mf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF\zigbert.rsa
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF\zigbert.sf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\chrome.manifest
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\chrome\imageshack.jar
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\chrome\uploadlibrary.jar
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\FFMpegBridge.framework\FFMpegBridge
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\FFMpegBridge.framework\Resources
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\FFMpegBridge.framework\Versions\A\FFMpegBridge
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\FFMpegBridge.framework\Versions\A\Resources\English.lproj\InfoPlist.strings
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\FFMpegBridge.framework\Versions\A\Resources\ffmpeg
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\FFMpegBridge.framework\Versions\A\Resources\Info.plist
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\FFMpegBridge.framework\Versions\Current
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\ImageShackComponent.dylib
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\ImageShackToolbar.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\ImageShackToolbar.xpt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\InputStreamProgress.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\InputStreamProgress.xpt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.xpt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\UploadLibrary.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\UploadLibrary.xpt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\defaults\preferences\defaults.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\install.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\chrome.manifest
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\chrome\imacros.jar
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\IOpusConnector.xpt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\nsiMacros.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\defaults\preferences\defaults.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\install.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\License-Freeware.txt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Datasources\Address.csv
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-ArchivePage.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-Download.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-Extract.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-ExtractAndFill.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-ExtractRelative.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-ExtractURL.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-FillForm-XPath.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-FillForm.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-Filter.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-Frame.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-Javascript-Dialogs.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-Loop-Csv-2-Web.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-Open6Tabs.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-SaveAs.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-SavePDF.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-SaveTargetAs.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-SlideShow.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-Stopwatch.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-Tabs.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-TagPosition.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-TakeScreenshot-FX.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Demo-Upload.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Self-Test.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\SI-Get-Exchange-Rate.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\SI-Run-Test.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\SI-Send-Macro-Code.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\SI-Test-Macro1.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\SI-Test-Macro2.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\samples\Macros\Wsh-Extract-Rate.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)\install.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)\install.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)\META-INF\manifest.mf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)\META-INF\zigbert.rsa
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}(2)\META-INF\zigbert.sf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome.manifest
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\images\arrow.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\images\arrow_big.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\images\arrow_small.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\images\arrowBackground.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\images\arrowBackgroundFinish.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\images\arrowBackgroundFinishOver.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\images\arrowBackgroundOver.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\images\barBackground.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\images\canceldIcon.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\images\completedIcon.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\images\downloadItemBackground.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\images\downloadItemBackgroundCanceled.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\images\downloadItemBackgroundFinish.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\main.html
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\mainOverlay.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\script.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\settings.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\settings.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\content\Tween.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\locale\en-US\fastYoutubeDownloader.dtd
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\chrome\skin\icons\icon_32_32.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\defaults\preferences\prefs.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\fastYoutubeDownloader@yevgenyandrov.net\install.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\firedownload@mozilla.org\chrome.manifest
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\firedownload@mozilla.org\chrome\firedownload.jar
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\firedownload@mozilla.org\components\firedownload.dll
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\firedownload@mozilla.org\components\firedownload.xpt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\firedownload@mozilla.org\defaults\preferences\firedownload-prefs.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\firedownload@mozilla.org\Download.dll
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\firedownload@mozilla.org\install.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\personas@christopher.beard\chrome.jar
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\personas@christopher.beard\chrome.manifest
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\personas@christopher.beard\defaults\preferences\prefs.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\personas@christopher.beard\install.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\personas@christopher.beard\modules\JSON.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\personas@christopher.beard\modules\Observers.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\personas@christopher.beard\modules\Preferences.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\personas@christopher.beard\modules\service.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\personas@christopher.beard\modules\StringBundle.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\extensions\personas@christopher.beard\modules\URI.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\firedownload.ini
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\FlashGot.exe
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\flashgot.log
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\flashgot.log.bak
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\formhistory.sqlite
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\GoogleToolbarData\components\html-sanitizer-minified.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\GoogleToolbarData\components\json_comp.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\GoogleToolbarData\components\suggest_window.html
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\GoogleToolbarData\dict.dat
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\GoogleToolbarData\features.properties
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\GoogleToolbarData\feeds\gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA\226D9E147C2E4A62A2F24D1AC5D9C305
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\GoogleToolbarData\feeds\gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA\B5C15C28DD4DD08D620FC5723DDA5C01
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\GoogleToolbarData\feeds\gtbstoolbar-google-com_O8Y91YHB24Z6SR0SGYSK-xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\GoogleToolbarData\kf.txt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\GoogleToolbarData\logo_pl_sidewiki_logo.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\GoogleToolbarData\logo_pl_toolbar_logo_sm.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\GoogleToolbarData\searchhistory.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\gtb-metrics.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Datasources\Address.csv
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-ArchivePage.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-Download.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-Extract.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-ExtractAndFill.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-ExtractRelative.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-ExtractURL.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-FillForm-XPath.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-FillForm.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-Filter.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-Frame.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-Javascript-Dialogs.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-Loop-Csv-2-Web.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-Open6Tabs.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-SaveAs.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-SavePDF.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-SaveTargetAs.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-SlideShow.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-Stopwatch.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-Tabs.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-TagPosition.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-TakeScreenshot-FX.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Demo-Upload.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Self-Test.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\SI-Get-Exchange-Rate.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\SI-Run-Test.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\SI-Send-Macro-Code.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\SI-Test-Macro1.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\SI-Test-Macro2.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\iMacros\Macros\Wsh-Extract-Rate.iim
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\ImageShackHistory.xml
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\key3.db
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\localstore.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\mimeTypes.rdf
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\permissions.sqlite
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\persdict.dat
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\personas\cache\1545\footer.jpg
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\personas\cache\1545\header.jpg
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\personas\cache\personas.json
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\places.sqlite-journal
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\places.sqlite
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\pluginreg.dat
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\pluginreg.dat.bak
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\prefs.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\prefs.js.BAK
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\search.json
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\search.sqlite
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\secmod.db
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\sessionstore.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\signons.sqlite
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\urlclassifierkey3.txt
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\webappsstore.sqlite
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j45dgc83.default\xpti.dat
c:\program files\Common Files\Blizzard Entertainment
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft Installer\installer tome 2.mpq.part
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft Installer\installer tome 3.mpq.part
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft Installer\installer tome 4.mpq.part
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft Installer\installer tome 5.mpq.part
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft Installer\installer tome.mpq.part
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft Installer\Installer.exe
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft Installer\Installer.mfil
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft Installer\movies.mpq.part
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft Installer\ProductDefs.xml
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft\msvcr71.dll
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft\unicows.dll
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.xml
c:\program files\Common Files\Blizzard Entertainment\World of Warcraft\UninstallLocalization.xml
c:\program files\Gameztar Toolbar
c:\program files\QuestService
c:\program files\QuestService\questservice.exe
c:\program files\QuestService\uninstall.exe

.
((((((((((((((((((((((((( Pliki utworzone od 2010-01-04 do 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-03 13:26 . 2010-02-04 06:21 -------- d-----w- c:\documents and settings\User\Application Data\mIRC
2010-01-29 18:58 . 2010-01-29 18:58 -------- d-----w- c:\program files\ewido anti-spyware 4.0
2010-01-29 18:32 . 2010-01-29 18:32 -------- d-----w- c:\program files\Trend Micro
2010-01-29 18:26 . 2010-01-29 18:26 -------- d-----w- C:\_OTL
2010-01-29 17:54 . 2010-01-29 17:54 -------- d-----w- c:\documents and settings\User\DoctorWeb
2010-01-27 08:33 . 2010-01-19 07:33 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-27 08:33 . 2010-01-19 07:33 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-20 21:26 . 2010-01-20 21:26 -------- d-----w- c:\documents and settings\User\Application Data\Leadertech
2010-01-20 21:21 . 2010-01-20 22:23 -------- d-----w- c:\program files\Firaxis Games
2010-01-19 19:32 . 2010-01-19 19:32 -------- d-----w- c:\documents and settings\User\Application Data\ScanSoft
2010-01-18 21:47 . 2010-01-29 22:00 -------- d-----w- c:\program files\GetX
2010-01-18 18:34 . 2010-01-18 18:35 -------- d-----w- C:\e1ab26f0a777f17b5380
2010-01-18 00:19 . 2010-01-18 00:19 -------- d-----w- c:\windows\system32\pl-PL
2010-01-18 00:14 . 2010-01-18 18:35 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-18 00:14 . 2010-01-18 00:14 -------- d-----w- c:\program files\Reference Assemblies
2010-01-18 00:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-18 00:13 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-01-16 21:57 . 2010-01-16 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-01-16 21:56 . 2010-01-16 21:52 24566576 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_pl.exe
2010-01-16 21:55 . 2010-01-16 21:55 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2010-01-16 21:55 . 2010-01-16 21:55 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2010-01-16 21:55 . 2010-01-16 21:55 3203453 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2010-01-16 21:45 . 2008-04-13 18:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-16 21:45 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-16 21:44 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-01-16 21:43 . 2010-01-16 21:59 -------- d-----w- c:\documents and settings\User\Application Data\Nokia
2010-01-16 21:43 . 2010-01-16 21:45 -------- d-----w- c:\documents and settings\User\Application Data\PC Suite
2010-01-16 21:43 . 2010-01-16 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-01-16 21:42 . 2010-01-28 21:46 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-16 21:42 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-16 21:42 . 2010-01-16 21:42 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-16 21:42 . 2010-01-28 21:44 -------- d-----w- c:\program files\Nokia
2010-01-16 21:42 . 2009-10-06 10:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-01-16 21:41 . 2010-01-16 21:38 34801240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_pol_web.exe
2010-01-16 21:40 . 2010-01-16 21:40 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-01-16 21:40 . 2010-01-16 21:40 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-16 21:40 . 2010-01-16 21:40 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-16 21:40 . 2010-01-16 21:40 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-16 21:38 . 2010-01-16 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-01-16 13:07 . 2010-01-16 13:07 -------- d-----r- c:\documents and settings\User\Application Data\Brother
2010-01-15 19:30 . 2010-01-15 20:07 -------- d-----w- c:\program files\DuelMasters
2010-01-14 19:51 . 2006-06-26 01:49 1867776 ----a-w- c:\windows\system\python24.dll
2010-01-14 19:50 . 2010-01-21 21:04 -------- d-----w- c:\program files\Tibia Auto
2010-01-14 13:08 . 2010-01-14 13:08 -------- d-----w- c:\documents and settings\User\Application Data\Tibia
2010-01-14 12:48 . 2010-01-14 19:52 -------- d-----w- c:\program files\Tibia
2010-01-13 11:15 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-10 19:30 . 2010-01-10 19:30 -------- d-----w- c:\documents and settings\User\Application Data\Apowersoft
2010-01-10 19:30 . 2010-01-10 19:30 -------- d-----w- c:\program files\Apowersoft
2010-01-05 21:49 . 2010-01-05 21:51 -------- d-----w- c:\program files\PowerDataRecovery

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 18:17 . 2009-12-13 17:55 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-02-04 18:13 . 2009-11-24 11:06 -------- d-----w- c:\documents and settings\User\Application Data\AIMP
2010-02-03 13:42 . 2009-11-26 18:30 -------- d-----w- c:\program files\sXe Injected
2010-02-01 13:09 . 2009-11-22 11:36 -------- d-----w- c:\program files\JDownloader
2010-02-01 12:29 . 2009-11-26 16:34 -------- d-----w- c:\program files\Counter-Strike
2010-01-19 19:40 . 2009-11-22 11:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-18 23:05 . 2009-11-27 09:01 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-01-18 23:05 . 2009-11-27 08:59 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-01-18 20:30 . 2009-11-22 10:13 72824 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-18 00:19 . 2009-11-30 13:42 -------- d-----w- c:\program files\MSBuild
2010-01-16 21:44 . 2010-01-16 21:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-16 21:44 . 2010-01-16 21:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-16 21:42 . 2009-11-22 11:07 -------- d-----w- c:\program files\DIFX
2010-01-16 13:24 . 2009-11-24 16:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-13 13:14 . 2009-11-30 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-04 19:18 . 2009-12-26 09:28 -------- d-----w- c:\program files\Nobilis
2010-01-04 18:59 . 2009-12-31 15:30 -------- d-----w- c:\documents and settings\User\Application Data\MahJong Suite
2009-12-30 22:03 . 2009-12-30 22:03 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-12-26 09:33 . 2009-12-26 09:33 -------- d-----w- c:\program files\AGEIA Technologies
2009-12-26 09:33 . 2009-12-26 09:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-24 17:51 . 2009-11-22 11:49 -------- d-----w- c:\documents and settings\User\Application Data\Gadu-Gadu 10
2009-12-21 19:14 . 2004-08-10 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 16:01 . 2009-11-24 11:05 -------- d-----w- c:\program files\AIMP2
2009-12-16 14:08 . 2009-12-16 14:05 -------- d-----w- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-12-16 06:09 . 2009-12-16 06:02 -------- d-----w- c:\program files\AMX Mod X
2009-12-13 17:56 . 2009-12-13 17:56 -------- d-----w- c:\program files\uTorrent
2009-12-11 15:39 . 2009-12-02 14:42 -------- d-----w- c:\documents and settings\User\Application Data\teamspeak2
2009-12-11 14:17 . 2009-11-22 17:09 -------- d-----w- c:\documents and settings\User\Application Data\Thinstall
2009-12-11 09:07 . 2009-11-27 21:48 -------- d-----w- c:\program files\Pasek TVN24
2009-12-11 06:08 . 2009-12-11 06:08 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-12-10 17:49 . 2009-11-22 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\OpenFM
2009-12-10 17:30 . 2009-12-08 19:45 -------- d-----w- c:\program files\CAPCOM
2009-12-08 19:57 . 2009-12-08 19:57 -------- d-----w- c:\program files\Common Files\DirectX
2009-12-07 11:27 . 2009-11-22 09:54 166939 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-28 11:11 . 2009-11-28 11:11 92 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-11-28 11:11 . 2009-11-28 11:11 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe
2009-11-27 14:21 . 2010-01-30 10:10 38208 ----a-w- c:\documents and settings\Administrator.USER-05EC46E272\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-27 14:21 . 2009-11-27 14:16 38208 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-27 14:21 . 2009-11-27 13:52 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-27 09:01 . 2009-11-27 09:01 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-25 14:33 . 2006-07-11 17:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-25 12:34 . 2009-11-25 12:33 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-11-23 11:32 . 2009-11-22 10:43 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-22 12:20 . 2009-11-22 12:20 127 ----a-w- c:\documents and settings\User\Local Settings\Application Data\fusioncache.dat
2009-11-22 11:40 . 2009-11-22 11:40 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-22 11:35 . 2009-11-22 11:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-22 11:35 . 2009-11-22 11:35 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-11-22 11:29 . 2009-11-22 11:29 50 ----a-w- c:\windows\system32\bridf07a.dat
2009-11-22 11:08 . 2009-11-22 11:08 9158 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-11-22 10:51 . 2009-11-22 10:51 0 ----a-w- c:\windows\nsreg.dat
2009-11-22 10:43 . 2009-11-22 10:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-22 10:43 . 2009-11-22 10:43 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-22 10:43 . 2009-11-22 10:43 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-22 09:50 . 2009-11-22 09:50 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-21 15:51 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 14:52 . 2009-11-18 14:52 37376 ----a-w- c:\documents and settings\User\Application Data\Gadu-Gadu 10\_userdata\ggbho.2.dll
2009-11-18 14:52 . 2009-11-18 14:52 11776 ----a-w- c:\documents and settings\User\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-13 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]
"ATIMACE"="c:\program files\ATI Technologies\ATI.ACE\MACE.exe" [2005-08-06 69632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST - pasek zadaä.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-6 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-22 10:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2009-06-04 21:56 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
2009-11-17 14:18 6807552 ----a-w- c:\progra~1\WapSter\WAPSTE~1\AQQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-13 17:56 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Counter-Strike\\hl.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
"6953:TCP"= 6953:TCP:League of Legends Launcher
"6953:UDP"= 6953:UDP:League of Legends Launcher
"6972:TCP"= 6972:TCP:League of Legends Launcher
"6972:UDP"= 6972:UDP:League of Legends Launcher

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-22 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-22 360584]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-11-22 13696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2009-11-22 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-11-22 285392]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-11-22 691696]
S3 ddsxeiservice;ddsxeiservice2;c:\program files\sXe Injected\ddsxei.sys [2010-02-02 93056]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-10-06 41984]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - USUNIĘTO PUSTE WPISY - - - -

AddRemove-QuestService - c:\program files\QuestService\uninstall.exe
AddRemove-World of Warcraft - c:\program files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 19:29
Windows 5.1.2600 Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2010-02-04 19:32:00
ComboFix-quarantined-files.txt 2010-02-04 18:31
ComboFix2.txt 2010-01-30 13:21

Przed: 14 763 405 312 bytes free
Po: 14 728 904 704 bajtów wolnych

- - End Of File - - 51202DEE7AB7A57C7E652E6624B340AA
[/log]
Wyszlo mi cos takieg.

po tym firefox przestal dzialac. przy uruchamianiu pokazuje sie komunikat ze program jest juz uruchomiony, nawet po restarcie

Mateusz J.
komentarz
komentarz

Log ok.
W OTL odpal opcję CleanUP.
Przeinstaluj firefox i powinno być ok.

Wozzie
komentarz
komentarz

No i namotałem ...
Bo jak nie działał mi ten firefox to zrobiłem przywracanie systemowe. Firefox niby wrócił ale bez zakładek które dla mnie są ważne :P
Sprawdzałem w "Temp" i folderze backup z firefoxa i nie ma nic... jest sposób żeby to odzyskać? widziałem ze combofix robił punkt przywracania jakiś przed zmianami ale nie wiem gdzie go odpalić.

Psycholandia
komentarz
komentarz

Na dysku C powinieneś mieć folder Combofix'a

  • Dobra wypowiedź 1
Wozzie
komentarz
komentarz

oooo Andziorka ! Wielkie dzięki ^^ zamieszczę jeszcze tego OTL'a zaraz :)

[log]OTL logfile created on: 2010-02-05 16:36:14 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\User\My Documents\Pobieranie
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 13,24 Gb Free Space | 17,76% Space Free | Partition Type: NTFS
Drive D: | 35,70 Gb Total Space | 19,72 Gb Free Space | 55,23% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 1,86 Gb Total Space | 1,86 Gb Free Space | 100,00% Space Free | Partition Type: FAT32

Computer Name: USER-05EC46E272
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-01-29 18:44:26 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Pobieranie\OTL.exe
PRC - [2010-01-16 04:18:19 | 00,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-12-12 09:26:46 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009-12-12 09:26:46 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009-11-22 12:35:48 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-11-22 11:43:25 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009-11-22 11:43:25 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009-11-22 11:43:23 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009-11-22 11:43:21 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009-11-17 15:18:22 | 06,807,552 | ---- | M] (Creative Team S.A.) -- C:\Program Files\WapSter\WapSter AQQ\AQQ.exe
PRC - [2009-02-06 12:11:05 | 00,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 01:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008-04-14 01:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 01:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 01:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-14 01:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 01:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 01:12:17 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe
PRC - [2008-04-14 01:12:16 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-14 01:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 01:12:12 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2006-06-16 15:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) -- C:\Program Files\ewido anti-spyware 4.0\guard.exe
PRC - [2005-10-11 08:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2005-08-05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005-08-05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2005-08-04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005-08-03 18:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-01-29 18:44:26 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Pobieranie\OTL.exe
MOD - [2009-06-25 09:25:26 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-04-15 15:51:25 | 00,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-03-21 15:06:58 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-27 05:56:38 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
MOD - [2009-02-09 13:10:48 | 00,714,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-02-09 13:10:48 | 00,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-10-23 13:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-06-17 20:02:19 | 08,461,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 05:42:06 | 00,985,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 01:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008-04-14 01:12:45 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 01:12:09 | 00,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-14 01:12:08 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 01:12:08 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 01:12:08 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 01:12:07 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 01:12:05 | 00,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 01:12:04 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-14 01:12:03 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 01:12:02 | 01,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 01:12:02 | 00,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 01:12:02 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-14 01:12:02 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 01:12:01 | 00,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 01:11:58 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll
MOD - [2008-04-14 01:11:54 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-14 01:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 01:11:51 | 00,276,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009-12-11 07:08:39 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009-11-22 12:35:48 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-11-22 11:43:23 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009-11-22 11:43:21 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009-10-27 09:26:36 | 00,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-11-04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-10-25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-06-16 15:38:44 | 00,172,032 | ---- | M] (Anti-Malware Development a.s.) [Auto | Running] -- C:\Program Files\ewido anti-spyware 4.0\guard.exe -- (ewido anti-spyware 4.0 guard)
SRV - [2005-08-05 21:05:00 | 00,516,096 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005-08-04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Disabled | Running] -- -- (catchme)
DRV - [2010-02-02 00:48:14 | 00,093,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\sXe Injected\ddsxei.sys -- (ddsxeiservice)
DRV - [2009-11-23 12:32:26 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009-11-22 12:40:15 | 00,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-11-22 11:43:35 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009-11-22 11:43:35 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009-10-06 08:11:40 | 00,041,984 | ---- | M] (UltraDefrag Development Team) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ultradfg.sys -- (ultradfg)
DRV - [2009-09-23 09:41:58 | 00,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-09-24 10:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008-09-04 06:28:22 | 00,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008-09-04 06:27:54 | 00,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008-09-04 06:27:28 | 00,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008-08-26 09:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-04-13 17:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006-06-16 15:38:54 | 00,003,968 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\ewido anti-spyware 4.0\guard.sys -- (ewido anti-spyware 4.0 driver)
DRV - [2005-08-04 04:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005-05-12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005-04-26 04:22:40 | 00,060,928 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid)
DRV - [2005-03-16 07:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005-01-02 22:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004-10-15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004-08-10 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004-08-03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
IE - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\S-1-5-21-1343024091-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-05 16:26:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-05 16:26:48 | 00,000,000 | ---D | M]

[2010-02-05 16:27:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Extensions
[2010-02-05 13:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\j45dgc83(3).default\extensions(2)
[2010-02-05 13:54:53 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\j45dgc83(3).default\extensions(2)\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010-02-05 16:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\w4gqo2t6.default\extensions
[2010-02-05 16:29:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\mozilla\Firefox\Profiles\w4gqo2t6.default\extensions\personas@christopher.beard
[2010-02-05 16:26:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-16 02:08:36 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-16 02:08:36 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-16 02:08:36 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-16 02:08:36 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-16 02:08:36 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 02:08:36 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-01-30 18:58:12 | 00,000,103 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 89.149.200.219 l2authd.lineage2.com
O1 - Hosts: 89.149.200.219 l2testauthd.lineage2.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\User\Application Data\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ATIMACE] C:\Program Files\ATI Technologies\ATI.ACE\Mace.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1343024091-1214440339-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1343024091-1214440339-725345543-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Sid Registration.lnk = G:\ATR1.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1343024091-1214440339-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1343024091-1214440339-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.228.6.43 89.228.6.83
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-11-22 10:55:26 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-11-22 11:28:45 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-02-05 16:26:48 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010-02-05 16:15:05 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010-02-05 12:55:49 | 00,000,000 | ---D | C] -- C:\RECYCLER(3)
[2010-02-04 20:51:19 | 00,000,000 | ---D | C] -- C:\RECYCLER(2)
[2010-02-03 14:26:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\mIRC
[2010-01-30 14:04:14 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010-01-30 14:01:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-01-30 11:18:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010-01-29 19:58:09 | 00,000,000 | ---D | C] -- C:\Program Files\ewido anti-spyware 4.0
[2010-01-29 19:32:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-01-29 18:54:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\DoctorWeb
[2010-01-28 22:45:59 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2010-01-20 22:26:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Leadertech
[2010-01-20 22:21:21 | 00,000,000 | ---D | C] -- C:\Program Files\Firaxis Games
[2010-01-19 20:33:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\My PaperPort Documents
[2010-01-19 20:32:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ScanSoft
[2010-01-18 22:47:12 | 00,000,000 | ---D | C] -- C:\Program Files\GetX
[2010-01-18 19:34:47 | 00,000,000 | ---D | C] -- C:\e1ab26f0a777f17b5380
[2010-01-18 01:19:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-PL
[2010-01-18 01:14:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010-01-18 01:14:13 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010-01-18 01:13:31 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010-01-16 22:57:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010-01-16 22:45:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys
[2010-01-16 22:45:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2010-01-16 22:44:40 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010-01-16 22:43:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Nokia
[2010-01-16 22:43:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\PC Suite
[2010-01-16 22:43:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010-01-16 22:42:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010-01-16 22:42:42 | 00,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010-01-16 22:42:35 | 00,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010-01-16 22:42:11 | 00,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010-01-16 22:42:11 | 00,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010-01-16 22:38:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010-01-16 21:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Słownik SuperMemo
[2010-01-16 14:07:20 | 00,000,000 | R--D | C] -- C:\Documents and Settings\User\Application Data\Brother
[2010-01-15 20:30:07 | 00,000,000 | ---D | C] -- C:\Program Files\DuelMasters
[2010-01-14 20:50:43 | 00,000,000 | ---D | C] -- C:\Program Files\Tibia Auto
[2010-01-14 14:08:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Tibia
[2010-01-14 13:48:03 | 00,000,000 | ---D | C] -- C:\Program Files\Tibia
[2010-01-13 12:15:22 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010-01-10 20:30:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Apowersoft
[2010-01-10 20:30:01 | 00,000,000 | ---D | C] -- C:\Program Files\Apowersoft
[2009-12-07 13:56:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009-11-22 11:42:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009-11-22 10:59:12 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009-11-22 10:55:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-02-05 16:26:51 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010-02-05 16:19:50 | 04,718,592 | ---- | M] () -- C:\Documents and Settings\User\ntuser.dat
[2010-02-05 16:12:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-05 16:10:33 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-05 16:02:38 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-05 16:02:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-05 16:01:05 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010-02-05 14:05:24 | 55,141,959 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010-02-05 07:06:17 | 13,038,713 | ---- | M] () -- C:\Documents and Settings\User\Desktop\untitled.st3
[2010-02-04 19:14:11 | 00,000,205 | ---- | M] () -- C:\Documents and Settings\User\default.pls
[2010-02-04 19:14:08 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-02-04 19:13:03 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-03 14:42:14 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\User\Desktop\sXe Injected.lnk
[2010-01-30 21:28:24 | 00,000,683 | ---- | M] () -- C:\Documents and Settings\User\GetX_log
[2010-01-30 21:15:06 | 00,046,866 | ---- | M] () -- C:\Documents and Settings\User\Desktop\bookmarks-2010-01-30.json
[2010-01-30 18:58:12 | 00,000,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-01-30 18:56:55 | 00,000,076 | ---- | M] () -- C:\fraglist.luar
[2010-01-30 14:04:23 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2010-01-29 19:58:14 | 00,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ewido anti-spyware.lnk
[2010-01-29 19:32:43 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010-01-28 23:18:32 | 03,172,904 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010-01-28 00:00:33 | 02,523,480 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Obraz 005.jpg
[2010-01-20 22:27:04 | 00,000,431 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Sid Registration.lnk
[2010-01-20 09:28:34 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010-01-19 14:43:05 | 00,505,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-01-19 14:43:05 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-01-19 14:43:05 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-01-19 14:40:14 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-01-19 01:17:18 | 05,672,795 | ---- | M] () -- C:\Documents and Settings\User\My Documents\iz.psd
[2010-01-18 21:30:20 | 00,072,824 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-01-18 21:29:51 | 00,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-01-16 23:49:29 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010-01-16 22:56:30 | 00,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2010-01-16 22:44:54 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-01-16 22:44:53 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-01-16 14:24:15 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010-01-15 21:06:48 | 00,234,554 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Bez nazwy 1.psd
[2010-01-15 21:05:47 | 00,018,304 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Bez-nazwy-1.gif
[2010-01-15 12:10:08 | 00,240,792 | ---- | M] () -- C:\Documents and Settings\User\My Documents\1.psd
[2010-01-14 21:25:13 | 00,009,378 | ---- | M] () -- C:\Documents and Settings\User\My Documents\tibiaAuto.cfg.Hunrak.xml
[2010-01-14 20:52:10 | 00,001,573 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Tibia Auto.lnk
[2010-01-14 13:48:05 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tibia.lnk
[2010-01-14 11:06:31 | 00,026,108 | ---- | M] () -- C:\Documents and Settings\User\Desktop\2b910239000065fc.jpg
[2010-01-10 20:30:10 | 00,000,997 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Streaming Video Recorder.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-02-05 16:26:51 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010-02-05 07:05:43 | 13,038,713 | ---- | C] () -- C:\Documents and Settings\User\Desktop\untitled.st3
[2010-02-04 20:18:10 | 04,718,592 | ---- | C] () -- C:\Documents and Settings\User\ntuser.dat
[2010-01-30 21:28:22 | 00,000,683 | ---- | C] () -- C:\Documents and Settings\User\GetX_log
[2010-01-30 21:15:05 | 00,046,866 | ---- | C] () -- C:\Documents and Settings\User\Desktop\bookmarks-2010-01-30.json
[2010-01-30 14:04:23 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2010-01-30 14:04:19 | 00,262,400 | ---- | C] () -- C:\cmldr
[2010-01-30 14:02:01 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-01-30 14:02:01 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-01-29 19:58:14 | 00,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ewido anti-spyware.lnk
[2010-01-29 19:32:42 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010-01-20 22:27:04 | 00,000,431 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\Sid Registration.lnk
[2010-01-19 01:16:44 | 05,672,795 | ---- | C] () -- C:\Documents and Settings\User\My Documents\iz.psd
[2010-01-16 22:56:30 | 00,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Software Updater.lnk
[2010-01-16 22:44:54 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-01-16 22:44:53 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-01-16 14:24:14 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010-01-15 21:05:47 | 00,018,304 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Bez-nazwy-1.gif
[2010-01-15 12:16:39 | 00,234,554 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Bez nazwy 1.psd
[2010-01-15 11:30:38 | 00,240,792 | ---- | C] () -- C:\Documents and Settings\User\My Documents\1.psd
[2010-01-14 21:25:13 | 00,009,378 | ---- | C] () -- C:\Documents and Settings\User\My Documents\tibiaAuto.cfg.Hunrak.xml
[2010-01-14 20:52:10 | 00,001,573 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Tibia Auto.lnk
[2010-01-14 20:51:30 | 01,867,776 | ---- | C] () -- C:\WINDOWS\System\python24.dll
[2010-01-14 13:48:05 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tibia.lnk
[2010-01-14 11:06:42 | 00,026,108 | ---- | C] () -- C:\Documents and Settings\User\Desktop\2b910239000065fc.jpg
[2010-01-10 20:30:10 | 00,000,997 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Streaming Video Recorder.lnk
[2009-12-14 19:48:07 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009-12-01 16:15:07 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-11-30 18:31:36 | 00,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009-11-25 15:25:20 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-25 13:33:19 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009-11-24 19:11:22 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-11-22 13:20:31 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009-11-22 12:53:39 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-11-22 12:30:32 | 00,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009-11-22 12:30:32 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009-11-22 12:27:32 | 00,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009-11-22 12:02:07 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-10-06 08:11:50 | 00,091,648 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005-08-05 14:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[color=#E56717]========== LOP Check ==========[/color]

[2009-11-26 16:12:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009-11-29 23:44:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009-11-22 12:39:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-01-16 22:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009-11-28 12:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010-01-16 22:57:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009-12-10 18:49:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OpenFM
[2010-01-16 22:43:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009-11-22 12:27:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010-02-04 22:38:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AIMP
[2010-01-10 20:30:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Apowersoft
[2009-11-25 13:22:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Lite
[2009-12-24 18:51:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Gadu-Gadu 10
[2009-11-30 18:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GlarySoft
[2010-01-20 22:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2009-11-24 13:17:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LG Electronics
[2009-11-27 21:46:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010-01-04 19:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MahJong Suite
[2010-01-16 22:59:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia
[2009-11-22 15:12:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenFM
[2010-01-16 22:45:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
[2010-01-19 20:32:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ScanSoft
[2009-12-11 15:17:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thinstall
[2010-01-14 14:08:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Tibia
[2010-02-05 15:44:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-12-11 16:06:00 | 00,001,270 | ---- | M] () -- C:\1.bmp
[2009-12-11 16:06:19 | 00,001,366 | ---- | M] () -- C:\2.bmp
[2009-11-22 10:55:26 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-01-05 22:33:06 | 00,000,209 | ---- | M] () -- C:\Boot.bak
[2010-01-30 14:04:23 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2004-08-03 23:00:14 | 00,262,400 | ---- | M] () -- C:\cmldr
[2009-11-22 10:55:26 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-01-30 18:56:55 | 00,000,076 | ---- | M] () -- C:\fraglist.luar
[2009-11-22 10:55:26 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-11-22 10:55:26 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-10 13:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-12-07 12:15:52 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2010-02-05 16:02:27 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys

[color=#A23BEC]< >[/color]

[color=#A23BEC]< Dołączona grafika >[/color]
< End of report >
[/log]

Dodałem log z OTL tak żeby mieć już pewność, ze wszystko w prządko.

Mateusz J.
komentarz
komentarz

Log czysty.

Wozzie
komentarz
komentarz

W takim razie dziękuje za pomoc.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.