chociaż kosz jest pusty.Oraz żauważyłem dziś że w folderze E:\RECYCLER\NPROTECT znalazło się kilka rzeczy w tym gra która zginęła po defragmentacji.
ComboFix 09-02-05.01 - rafal 2009-02-06 9:10:46.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1022.575 [GMT 1:00] Uruchomiony z: c:\documents and settings\rafal\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img] . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\rafal\Dane aplikacji\FunWebProducts c:\documents and settings\rafal\Dane aplikacji\inst.exe c:\program files\FunWebProducts c:\windows\system32\NCTAVIFile.dll c:\windows\system32\NCTQuickTimeFile.dll c:\windows\system32\NCTRMFile.dll c:\windows\system32\NCTVideoCoreM.dll c:\windows\system32\Plugins c:\windows\system32\Plugins\Hoster\aCallbackMethods.dll c:\windows\system32\Plugins\Hoster\archivto.dll c:\windows\system32\Plugins\Hoster\bluehostto.dll c:\windows\system32\Plugins\Hoster\dataupde.dll c:\windows\system32\Plugins\Hoster\fastloadnet.dll c:\windows\system32\Plugins\Hoster\fastshareorg.dll c:\windows\system32\Plugins\Hoster\fileuploadnet.dll c:\windows\system32\Plugins\Hoster\megauploadcom.dll c:\windows\system32\Plugins\Hoster\meinuploadcom.dll c:\windows\system32\Plugins\Hoster\moosharede.dll c:\windows\system32\Plugins\Hoster\myvideode.dll c:\windows\system32\Plugins\Hoster\netloadin.dll c:\windows\system32\Plugins\Hoster\PluginSettings.ini c:\windows\system32\Plugins\Hoster\qsharecom.dll c:\windows\system32\Plugins\Hoster\RScom.dll c:\windows\system32\Plugins\Hoster\shareonlinebiz.dll c:\windows\system32\Plugins\Hoster\shareplacecom.dll c:\windows\system32\Plugins\Hoster\silofilescom.dll c:\windows\system32\Plugins\Hoster\speedysharecom.dll c:\windows\system32\Plugins\Hoster\uploadedto.dll c:\windows\system32\Plugins\Hoster\yourfilesbiz.dll c:\windows\system32\Plugins\Hoster\youtubecom.dll c:\windows\system32\Plugins\YCPlugins\RS.dll c:\windows\system32\Plugins\YouCrypt\callbackmethods.dll c:\windows\system32\Plugins\YouCrypt\captcha.dll c:\windows\system32\Plugins\YouCrypt\cineto.dll c:\windows\system32\Plugins\YouCrypt\datenbankorg.dll c:\windows\system32\Plugins\YouCrypt\datenschleuder.dll c:\windows\system32\Plugins\YouCrypt\ddlscene.dll c:\windows\system32\Plugins\YouCrypt\ddlwarez.dll c:\windows\system32\Plugins\YouCrypt\dreidl.dll c:\windows\system32\Plugins\YouCrypt\dxpdivxvidorg.dll c:\windows\system32\Plugins\YouCrypt\gameblog.dll c:\windows\system32\Plugins\YouCrypt\gamezam.dll c:\windows\system32\Plugins\YouCrypt\gapping.dll c:\windows\system32\Plugins\YouCrypt\gwarez.dll c:\windows\system32\Plugins\YouCrypt\linksafe.dll c:\windows\system32\Plugins\YouCrypt\LinkSave.dll c:\windows\system32\Plugins\YouCrypt\lix.dll c:\windows\system32\Plugins\YouCrypt\netfolderin.dll c:\windows\system32\Plugins\YouCrypt\onekh.dll c:\windows\system32\Plugins\YouCrypt\rapidlayer.dll c:\windows\system32\Plugins\YouCrypt\rapidsafede.dll c:\windows\system32\Plugins\YouCrypt\rapidsafenet.dll c:\windows\system32\Plugins\YouCrypt\relinkus.dll c:\windows\system32\Plugins\YouCrypt\RScomLinkList.dll c:\windows\system32\Plugins\YouCrypt\rslayer.dll c:\windows\system32\Plugins\YouCrypt\saveraidrush.dll c:\windows\system32\Plugins\YouCrypt\secured.dll c:\windows\system32\Plugins\YouCrypt\securnet.dll c:\windows\system32\Plugins\YouCrypt\serienjunkies.dll c:\windows\system32\Plugins\YouCrypt\shareonall.dll c:\windows\system32\Plugins\YouCrypt\stealth.dll c:\windows\system32\Plugins\YouCrypt\tinyurl.dll c:\windows\system32\Plugins\YouCrypt\UndergroundCMS.dll c:\windows\system32\Plugins\YouCrypt\urlcash.dll c:\windows\system32\Plugins\YouCrypt\usercashcom.dll c:\windows\system32\Plugins\YouCrypt\xlinkin.dll . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-06 do 2009-02-06 ))))))))))))))))))))))))))))))) . 2009-02-05 18:41 . 2009-02-05 18:41 3,859 --a------ C:\block_online.php 2009-02-05 09:35 . 2009-02-05 11:23 <DIR> d-------- c:\program files\Norton Security Scan 2009-02-03 11:15 . 2009-02-03 11:15 1,601 --a------ c:\windows\unins001.dat 2009-02-03 11:00 . 2009-02-03 11:00 <DIR> d-------- c:\program files\Stardock 2009-02-03 11:00 . 2009-02-03 11:00 <DIR> d-------- c:\program files\Common Files\Stardock 2009-02-03 11:00 . 2004-04-26 13:47 163,456 --a------ c:\windows\system32\drivers\vidstub.sys 2009-02-03 10:13 . 2009-02-03 11:05 <DIR> d-------- c:\program files\ChomikBox 2009-02-02 21:17 . 2009-02-02 21:22 <DIR> d-------- c:\program files\SmartFTP Client 2009-02-02 21:05 . 2009-02-02 21:05 <DIR> d-------- c:\program files\FileZilla FTP Client 2009-02-01 21:52 . 2009-02-01 21:52 <DIR> d-------- c:\windows\system32\Pajacyk dir 2009-02-01 21:52 . 2009-02-01 21:52 203,264 --a------ c:\windows\system32\Pajacyk.scr 2009-02-01 21:45 . 2009-02-01 22:28 <DIR> d-------- c:\program files\MySecretFolder XP 2009-01-31 14:12 . 2009-01-31 14:16 <DIR> d-------- c:\windows\NV48004816.TMP 2009-01-31 01:46 . 2009-01-31 01:46 2,214,745 --a------ c:\windows\Green Rivers no_clock.scr 2009-01-30 17:28 . 2009-01-30 17:28 21,512 --a------ c:\windows\system32\drivers\pxscan.sys 2009-01-30 17:28 . 2009-01-30 17:28 64 --a------ c:\windows\wininit.ini 2009-01-30 09:41 . 2009-01-30 09:41 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Xentient 2009-01-30 09:40 . 2009-01-30 09:47 <DIR> d-------- c:\documents and settings\Administrator\Ustawienia lokalne 2009-01-30 09:40 . 2009-01-30 09:47 <DIR> d-------- c:\documents and settings\Administrator\Szablony 2009-01-30 09:40 . 2009-01-30 09:47 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji 2009-01-30 09:40 . 2009-01-30 09:47 <DIR> d---s---- c:\documents and settings\Administrator 2009-01-30 00:39 . 2009-02-01 04:17 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Download Manager 2009-01-28 10:32 . 2009-01-28 10:32 <DIR> d-------- c:\program files\Common Files\Xara 2009-01-26 11:36 . 2009-01-26 11:36 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\CyberLink 2009-01-26 11:35 . 2009-01-26 11:35 <DIR> d-------- c:\program files\Common Files\CyberLink 2009-01-26 11:35 . 2009-01-26 11:38 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\CyberLink 2009-01-26 11:34 . 2009-01-26 11:31 29,480 --a------ c:\windows\system32\msxml3a.dll 2009-01-26 11:11 . 2009-01-26 11:11 <DIR> d-------- c:\program files\Extra Video Converter 2009-01-26 10:53 . 2009-01-26 10:53 <DIR> d-------- c:\program files\XviD 2009-01-26 10:53 . 2009-01-26 10:53 <DIR> d-------- c:\program files\Apex 2009-01-26 10:37 . 2009-01-26 10:37 <DIR> d-------- c:\windows\WinAVI Video Converter 9.0 2009-01-26 10:37 . 2009-01-26 10:50 <DIR> d-------- c:\program files\WinAVI Video Converter 9.0 2009-01-25 13:01 . 2009-01-25 13:31 <DIR> d-------- c:\program files\WinMerge 2009-01-24 21:11 . 2009-01-25 08:30 <DIR> d-------- c:\program files\Odkurzacz 2009-01-22 17:55 . 2009-02-05 10:44 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\GameHouse 2009-01-22 17:55 . 2009-01-22 17:55 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\n7-89-o9-3r-4t-r9 2009-01-22 15:55 . 2009-01-29 23:39 8 --a------ c:\windows\system32\nvModes.dat 2009-01-20 20:28 . 2009-01-20 20:28 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\NeroDCTemplates 2009-01-20 15:49 . 2009-01-31 17:23 183,112 --a------ c:\windows\system32\PnkBstrB.exe 2009-01-20 15:49 . 2009-01-31 17:23 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2009-01-20 15:49 . 2009-01-20 16:11 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2009-01-20 11:42 . 2009-01-20 11:42 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Leadertech 2009-01-19 21:08 . 2009-01-19 21:08 18 --a------ c:\windows\avi2divx.INI 2009-01-19 20:48 . 2009-01-21 10:26 <DIR> d-------- C:\ConverterOutput 2009-01-19 20:47 . 2009-01-19 20:47 <DIR> d-------- c:\windows\system32\codec 2009-01-19 20:47 . 2009-01-19 20:47 <DIR> d-------- c:\program files\avi2divx 2009-01-19 13:31 . 2009-01-21 10:26 <DIR> d-------- C:\RmConverterOutput 2009-01-18 11:07 . 2009-01-18 11:07 <DIR> d-------- c:\program files\Common Files\DirectX 2009-01-18 09:52 . 2009-01-18 10:07 <DIR> d-------- c:\program files\Webshots 2009-01-18 09:52 . 2009-01-18 09:52 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Webshots 2009-01-17 20:17 . 2009-01-17 20:17 <DIR> d-------- c:\program files\RMClock 2009-01-17 20:16 . 2009-01-17 20:16 <DIR> d-------- c:\program files\XN Resource Editor 2009-01-17 16:56 . 2009-01-17 17:02 <DIR> d-------- C:\Resource Hacker 2009-01-15 23:57 . 2009-01-15 23:57 45 --a------ c:\windows\system32\initdebug.nfo 2009-01-15 08:19 . 2009-01-15 08:19 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax 2009-01-12 20:18 . 2009-01-12 20:18 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\vsosdk 2009-01-12 19:38 . 2009-01-12 19:38 34,308 --a------ c:\windows\system32\Chip.dll 2009-01-12 19:38 . 2009-01-12 19:38 18,152 --a------ c:\windows\system32\Pvt.tmp 2009-01-12 19:37 . 2009-01-12 19:37 <DIR> d-------- c:\program files\VSO 2009-01-12 19:37 . 2004-05-04 11:53 1,645,320 --a------ c:\windows\gdiplus.dll 2009-01-12 19:37 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll 2009-01-12 19:37 . 2006-05-11 19:21 626,688 --a------ c:\windows\system32\vp7vfw.dll 2009-01-12 19:37 . 2006-09-29 12:24 217,127 --a------ c:\windows\system32\drv43260.dll 2009-01-12 19:37 . 2006-09-29 12:25 208,935 --a------ c:\windows\system32\drv33260.dll 2009-01-12 19:37 . 2006-09-29 12:26 176,165 --a------ c:\windows\system32\drv23260.dll 2009-01-12 19:37 . 2007-03-18 20:37 65,602 --a------ c:\windows\system32\cook3260.dll 2009-01-12 14:55 . 2009-01-12 14:55 26 --a------ C:\webalizer.hist 2009-01-10 21:21 . 2009-01-30 05:12 <DIR> d--hs---- C:\Boot 2009-01-10 15:14 . 2009-01-10 15:14 <DIR> d-------- c:\program files\Lavalys 2009-01-10 10:59 . 2009-01-10 10:59 61 --a------ c:\windows\MouseDrv.INI 2009-01-10 10:58 . 2009-01-10 10:58 <DIR> d-------- c:\program files\Multimedia Mouse Driver 2009-01-09 20:32 . 2009-01-09 20:32 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\LEGO Company 2009-01-09 08:57 . 2009-01-09 09:19 4,107 --a------ c:\windows\system32\oodbs.lor 2009-01-09 08:46 . 2009-01-09 08:46 0 --a------ c:\windows\oodcnt.INI 2009-01-09 08:44 . 2009-01-09 10:02 <DIR> d-------- c:\windows\system32\oodag 2009-01-07 23:05 . 2009-01-07 23:05 <DIR> d-------- c:\documents and settings\rafal\Dane aplikacji\Consultia 2009-01-07 22:46 . 2009-01-07 23:05 <DIR> d-------- c:\program files\CubeDesktop 2009-01-06 20:03 . 2009-01-11 19:38 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\SugarGames 2009-01-06 08:14 . 2009-01-06 08:14 1,409 --a------ c:\windows\system32\tmpCBF6F.FOT 2009-01-06 08:14 . 2009-01-06 08:14 1,409 --a------ c:\windows\system32\tmpB007F.FOT . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-06 08:17 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Skype 2009-02-06 08:16 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-02-06 08:03 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\skypePM 2009-02-05 17:41 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\FileZilla 2009-02-05 08:35 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-02 22:05 8,059 ----a-w c:\windows\gdrv.sys 2009-02-02 22:05 --------- d-----w c:\program files\Dino And Aliens 2009-02-01 14:35 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\gtk-2.0 2009-01-31 18:02 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\uTorrent 2009-01-31 13:14 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-31 13:14 --------- d-----w c:\program files\AGEIA Technologies 2009-01-30 21:52 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\PrevxCSI 2009-01-29 01:00 --------- d-----w c:\program files\uTorrent 2009-01-27 23:03 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-26 10:26 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Vso 2009-01-26 10:22 47,360 ----a-w c:\documents and settings\rafal\Dane aplikacji\pcouffin.sys 2009-01-23 18:04 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles 2009-01-17 20:07 --------- d-----w c:\program files\Windows Media Connect 2 2009-01-17 20:03 --------- d-----w c:\program files\CamStudio 2009-01-15 07:19 6,301,248 ----a-w c:\windows\system32\drivers\nv4_mini.sys 2009-01-12 18:37 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-01-10 08:25 --------- d-----w c:\program files\SAGEM WiFi manager 2009-01-09 07:11 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Winamp 2009-01-05 18:05 --------- d-----w c:\program files\adni18 2009-01-05 17:25 --------- d-----w c:\program files\Sharks of Nemo 2009-01-05 16:21 --------- d-----w c:\program files\PopCap Games 2009-01-05 13:37 --------- d-----w c:\program files\Rockstar Games 2009-01-05 13:37 --------- d-----w c:\program files\ReflexiveArcade 2009-01-05 13:35 --------- d-----w c:\program files\Play 2009-01-05 13:34 --------- d-----w c:\program files\GameTop.com 2009-01-05 13:26 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\EleFun Games 2009-01-04 18:57 --------- d-----r c:\program files\Skype 2009-01-04 17:52 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\XemiComputers 2009-01-04 17:52 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\XemiComputers 2009-01-04 16:58 --------- d-----w c:\program files\Macromedia 2009-01-04 16:56 --------- d-----w c:\program files\Common Files\Macromedia 2009-01-01 22:14 --------- d-----w c:\program files\Nero 2009-01-01 22:14 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Nero 2009-01-01 22:13 --------- d-----w c:\program files\Common Files\Nero 2009-01-01 22:13 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2008-12-31 10:52 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Symantec 2008-12-31 10:44 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Symantec 2008-12-31 10:42 --------- d-----w c:\program files\Norton Ghost 2008-12-30 19:22 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Ahead 2008-12-30 18:34 --------- d-----w c:\program files\<a href="http://www.download.net.pl/354/GIMP/">GIMP</a>-2.0 2008-12-30 16:47 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Barbie Fashion Show 2008-12-29 12:02 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Magic Seeds 2008-12-29 11:59 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\PlayFirst 2008-12-29 11:59 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\PlayFirst 2008-12-29 11:53 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Go Go Gourmet 2008-12-29 11:47 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Gamelab 2008-12-29 11:44 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Trymedia 2008-12-29 10:08 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Valusoft 2008-12-29 10:08 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Valusoft 2008-12-29 10:07 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Jane s Hotel Family Hero 2008-12-29 10:02 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Youdagames 2008-12-29 08:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\FreshGames 2008-12-29 08:39 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Go-Go Gourmet Chef of the Year 2008-12-29 08:30 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Alawar 2008-12-29 08:24 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\75-55-88-55-55-55 2008-12-29 08:06 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Acronis 2008-12-29 07:58 --------- d-----w c:\documents and settings\LocalService\Dane aplikacji\Acronis 2008-12-29 07:54 441,760 ----a-w c:\windows\system32\drivers\timntr.sys 2008-12-29 07:54 44,384 ----a-w c:\windows\system32\drivers\tifsfilt.sys 2008-12-29 07:54 368,480 ----a-w c:\windows\system32\drivers\tdrpman.sys 2008-12-29 07:54 129,248 ----a-w c:\windows\system32\drivers\snapman.sys 2008-12-29 07:54 --------- d-----w c:\program files\Common Files\Acronis 2008-12-29 07:54 --------- d-----w c:\program files\Acronis 2008-12-29 07:54 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Acronis 2008-12-29 07:47 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\ViquaSoft 2008-12-29 07:45 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\VirtualFarm 2008-12-29 07:35 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Gogii 2008-12-28 17:41 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Legacy Interactive 2008-12-28 17:39 --------- d-----w c:\program files\Legacy Interactive 2008-12-26 16:46 --------- d-----w c:\program files\LSoft Technologies 2008-12-24 10:23 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\SPORE 2008-12-24 09:21 --------- d-----w c:\program files\Electronic Arts 2008-12-22 22:58 --------- d-----w c:\program files\GameHouse 2008-12-21 21:36 --------- d-----w c:\program files\Zylom Games 2008-12-21 21:36 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\Zylom 2008-12-21 14:27 --------- d-----w c:\program files\Common Files\Raxco 2008-12-21 14:21 --------- d-----w c:\program files\RAXCO 2008-12-21 14:21 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Raxco 2008-12-20 16:12 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\SmartFTP 2008-12-20 10:57 --------- d-----w c:\program files\FDRLab 2008-12-18 18:15 --------- d-----w c:\program files\Paint.NET 2008-12-15 14:09 1,728,894 ----a-w c:\windows\Snow Owl clock.scr 2008-12-15 10:59 --------- d-----w c:\program files\Build in Time 2008-12-15 10:06 51,712 ----a-w c:\windows\wc98pp.dll 2008-12-13 23:03 --------- d-----w c:\program files\Binboy 2008-12-13 17:54 --------- d-----w c:\program files\Secret Maryo Chronicles 2008-12-13 15:12 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ahead 2008-12-13 12:52 --------- d-----w c:\documents and settings\rafal\Dane aplikacji\smc 2008-12-12 22:18 --------- d-----w c:\program files\Farm Mania 2008-12-12 18:56 --------- d-----w c:\program files\McFunSoft Video Capture Convert Burn Solution 2008-12-12 18:17 81,920 ----a-w c:\documents and settings\rafal\Dane aplikacji\ezpinst.exe 2008-12-12 18:14 --------- d-----w c:\program files\Total Video Converter 2008-12-12 11:47 --------- d-----w c:\program files\PowerISO 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-06 22:14 --------- d-----w c:\program files\Fox . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-10-10 25795368] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-10-10 6500960] "VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-06-22 65536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640] "RemoteControl8"="e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016] "MSF_Monitor"="c:\progra~1\MYSECR~1\MSFMON.exe" [2007-01-25 99920] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936] "nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2008-10-21 950272] Skr˘t do ashDisp.lnk - c:\program files\Alwil Software\Avast4\ashDisp.exe [2008-10-21 81000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XVID"= xvid.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\[u]0[/u]autocheck autochk * [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\PopCap Games\\Bejeweled Deluxe 1.861\\WinBej.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8461:TCP"= 8461:TCP:GoD High Port "8462:TCP"= 8462:TCP:GoD Low Port R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?] R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-01-30 21512] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-21 111184] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\[u]0[/u]00.fcl [2008-02-01 17:24:04 41456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-21 20560] R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2008-10-25 3744] R2 CSIScanner;CSIScanner;c:\program files\PrevxCSI\prevxcsi.exe [2008-11-30 4107832] R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [2008-02-15 832760] R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2008-10-25 3904] R2 MSF32;MSF32;c:\program files\MySecretFolder XP\MSF32.SYS [2009-02-01 39424] R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-10-21 450560] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - k:\setup\rsrc\Autorun.exe \Shell\dinstall\command - k:\directx\dxsetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcad9646-a2c9-11dd-8c16-806d6172696f}] \Shell\AutoRun\command - F:\setup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Zawartość folderu 'Zaplanowane zadania' 2009-02-05 c:\windows\Tasks\Norton Security Scan for rafal.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] 2009-02-06 c:\windows\Tasks\User_Feed_Synchronization-{43FE2BCB-29B5-4364-8151-E85CD8753969}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.webshots.com/r/internal/start/client/RAND IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dll Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - c:\documents and settings\rafal\Dane aplikacji\Mozilla\Firefox\Profiles\w3yvpvto.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - prefs.js: network.proxy.http - anonymous server FF - prefs.js: network.proxy.http_port - 81 FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\rafal\Dane aplikacji\Mozilla\Firefox\Profiles\w3yvpvto.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMAHJONG.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-06 09:17:56 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\e:\zainstalowane\CyberLink Power DVD8\PowerDVD8\[u]0[/u]00.fcl" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-1454471165-1177238915-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a7,e7,dd,b1,c4,e3,4d,b1,62,0b,c6,b2,21,c2,b7,6c,cc,b7,c8,c1,d0,99,ea, 99,3e,73,64,34,e6,bd,4d,6b,bb,a3,c5,26,45,1c,d5,7e,dc,89,ab,a3,35,68,80,a9,\ "??"=hex:e1,d5,43,cb,aa,d9,59,5b,c1,7d,eb,6e,70,f9,1e,22 [HKEY_USERS\S-1-5-21-1454471165-1177238915-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:c3,29,99,f7,55,51,91,ed,b9,2f,1f,80,1a,ad,f6,7c,cb,ba,24,83,dd, bc,e5,60,7c,de,90,bb,5c,62,ad,92,06,11,1b,8d,9c,93,16,a1,ae,46,3c,55,4e,c9,\ "rkeysecu"=hex:d3,91,4b,31,71,4d,97,0c,de,42,3c,d0,c3,4c,37,ce [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OOSAFEERASE03.00.00.01MSWINDOWS"="05401A41EE7C4B04137F4BE1E8FA7D0BAB1CFB8C4914076D9F2B5BE7E3DA01DFCB2BA902B86E 2FAB9B7ECC013D1F9B531EB2F7BA36D7C68A249BDD08A6E264F674B600F643FBAC4511E87CC6052B 3 60F8405F8B0BDF8EA8E4AA3170842F07FA2BC4CFDA42BED872697EDEBA1183C110E0FA6E2E98D8AD 5 E56BDE590FE02B758E44AC847C30A1C754B9912EF3ED06B6554D8119D3F935B5324239FA394E4EB5 1 70FE87DE93908B90CE32B5D1326CEF31C37D0875379B2F54A6D75D597792BEB50076854C9CDA8ECB D 69E7154981F0D8D028271BBDA5D2493570294AAD77A58C80F765F7EA9B19360BFC4576D467FEBC9E 1 27BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E1 2 7BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D6794BA7FD869164D6794DC6AA7F5 0 A4BD7B581D90F8813192FE83A247D628773C8AA1B100AE1D107DE9E470404155B4FBE77C69542BF0 7 380C401F20CA6874B7C4BDC901467D1E8F234EF145C4883D8BC9ED080650EE8660BF3B9EC055C7AF 8 639139AC454B9473CBB3B38B6E6716187821F579914A18A49C0961EF0F3959669AB42686C2957B10 9 58F5092A1D5ACE4D6534D8809C495F31793599E2B44DD96E138624C7EEF690741D32E9304F3060ED E 278472EADBBA4D7C79C1E8B574C7DA7D7BFCFEE02A16F0021477321174145FCDFDDEDDBBFB2CC02F D F6CE244F555CA95BEE82B975432C337133D01842C38091B679AF057DCAA1F86092E1A9C68E210FF0 B C68478E2B77190E92C3F455CE68C6B30381694785BD882C60A1DD9903CDF45D72407BC48A573EEA2 B 9ED90560A63D9759EB0DAFC890020CF5EAC458A0B67DDD80DC7A48FBA6386FE5CA2EBB573C19187C 8 DB97EDDDD39248F31A8483B054DA079272EF8F8919BF74CC51D1A797A805D8F16F8AEF23F878908F A 966086348FC7939846ED611B0455909C1670EC08A0055E4C1D71171EC846E3625F4E1E16F0EBA841 B 46F78978F4A84F64B46C0DFA79F54883AA8C2BBDED8C79418F2025123173AC42E7A6433610F220C3 5 55E3D14AB202B8286C4CAB2E33FCD59961125B5B49E9D82DC134691FCF04A68E8D2B7F3FB71DDC02 0 9F3551E3C72FA02E296815574FE4BF1AAD30EF4AD69A85610CFDFC31B7E0C28FC58751CCB3A6EB17 5 39E6CB006379FB4E974510BCB785CF356C3E96BD226EBFFB811A1A32892FCDC687FD834628D6937B 3 709248276C6810502B8FAF42A41316E57280AAFBA4FC03DF5903F187D6BC131CD27E77D518637C07 5 433909DB5627EDA75867FB4BF3B5F0593BC9B63B52D3285C42151C187700588FA21C389D12934C23 3 32DBF5DD89F2F6CEE71D9DCB9DDC6C34F6A433F5C2F747B7374B27E6FA88B609CDB19374B3277CDF 0 872D816635AC4D982CCBDE8D5CED" "OODEFRAG11.00.00.01WORKSTATION"="6390CA51089463B4FA6BC03CBC67A42E263A0D1C08A75D1073284A4B49E6B73A3846F15E42EA 5BD77880F74E9222F85980A832368EBD166B66899A1858C5B916CE8DD9BCD5CC5DD58AF9A39BEF2E B 152F4AB61D4A15DB122B8F8B0BF59C10A964F8F32FE2C25CA28DC6E20AD4F366EDFD7ED421FF0122 C DF0451A0A1D2671FF137F31B5A3E22372FF2793EB6C1A700294F97F1DC422CB5B7326DF43DDE0B27 4 455672E2C1D35EDAD21B74109E9386FBAD6DA027AEE3F311F042F2D3BABBD8309509DF4F16A17EB4 B 13CD611C03DDF384BB6A77096425366D8CFA3964FA5CC525214C70FEBC9E127BECC74CFEBC9E127B E CC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980A C 7933A6A0AC4980AC79335D575E7D6A3B9808A9C6AECB7A5D140722682A76A724C31BDFBE2A56B2B5 F 7D5E9FAA398B834CB44C460609C5625B6056ED4179DE65F75FDE741BB1550A2ECA4D1C37DF2ECE22 9 9A93AD379E7E7BD59C1D57895029A063BBA8BDF12E0BACA26D9972FC49E1B28063E6E002DAB4ED4C 3 C965773DC1FF30C7FC3EEBD6E9FC4E4E7BE39B4857899128034BC937627156794674C07C860396E6 5 7FA4D2D52BAE063EDF587BC57AE09F4C911A03CD64E0FCC941443E49E4A31001453D2C193085DD11 B E29E9DA91A7EF903BE5ACEFE29463F577DF53CC0BBA7A562433852015B342F243165FCA4EDECD8E1 2 1F2F9CF8C5762684D548EF14DA38624C8E6109A4FA14E8779EFC4F23CB087A1ADBEC4C6560165A04 E DE0082434DB90146D04238D70B3708BD4A9D4E809F07B79C20EAA47A2A609B885A41CC4C97844F60 3 7673E07C0677D0E28EFDD9855F2E7E90FC13A11F0E1A068FDF67E4F2A752119585B1165BF5E1BF81 9 B209580AE239616699A5F3DB9EA748FA2D9555D850625FEC44B081FEF06F28002C31F903C5D57374 6 86CB3718CCB21FC1174A07331D192E85E0F2ABE72E284437A8DEA0EBD4F76BCA52979C1D8390EAD3 7 65F445648F5A364C5FB39D09BC3C1F5BD9FEC23F65541722CD64EC1CA03B637838F3D9530EA77BB0 4 2755A5FD4B87BD2A90884DA26E567BF581057F4CA2D40BFD3EEC9D6C4953AFD7616164006AB1CEC6 4 5D9D9AB67606A46F5CA56ABAC30B2D8AF24A18C86F52330F6908E3AEF752FA13597B95B08A605E8F 1 FE4B7C83C5D73C0D0653913D313FB31AED28BCCE99AAFB3CD2E36B3C87D6DA1BD2E5482927E483E4 0 A6D722B6A72B963543D899E79CD4B99EAD30F93712F4F79CFB00DC7F98A3D287CAB98B11D6D4F4BF 3 5A989883EB3AEF180867C2E9A1ADFACDBB3AAC75BE2E2C7C4EE157D825B4315411559C3C1BA3C7E1 0 30E2187858FEDFC1B364968B7CD2A001BA0C53CD25E574BF69D2E3AB41B0B27CB0F2BF674C28860E 5 D7B03471C6BFCB5A9BCA80F274E3" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(1348) c:\windows\system32\relog_ap.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Norton Ghost\Agent\VProSvc.exe c:\windows\system32\nvsvc32.exe c:\program files\RAXCO\PerfectDisk\PDAgent.exe c:\windows\system32\PnkBstrA.exe c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe c:\program files\RAXCO\PerfectDisk\PDEngine.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe c:\progra~1\ALWILS~1\Avast4\ashDisp.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2009-02-06 9:19:21 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-02-06 08:19:19 Przed: 18 541 449 216 bajtów wolnych Po: 18,492,669,952 bajtów wolnych Current=3 Default=3 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5 415 --- E O F --- 2009-02-05 08:37:21
oraz
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:37:39, on 2009-02-05 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\Common Files\BinarySense\hldasvc.exe C:\Program Files\Common Files\BinarySense\hldasvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe E:\Zainstalowane\CyberLink Power DVD8\PowerDVD8\PDVD8Serv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\PROGRA~1\MYSECR~1\MSFMON.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\VisualTaskTips\VisualTaskTips.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\RMClock\RMClock.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RemoteControl8] "E:\Zainstalowane\CyberLink Power DVD8\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "E:\Zainstalowane\CyberLink Power DVD8\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O4 - Global Startup: Skrót do ashDisp.lnk = C:\Program Files\Alwil Software\Avast4\ashDisp.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM O9 - Extra button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- End of file - 9036 bytes