DSS:
Main:
Deckard's System Scanner v20071014.68
Run by Kay on 2008-04-23 18:48:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-04-23 16:48:26 UTC - RP1 - Punkt kontrolny systemu
Backed up registry hives.
Performed disk cleanup.
[color=red]Percentage of Memory in Use: 79% (more than 75%).[/color]
[color=red]System Drive C: has 0.59 GiB (less than 15%) free.[/color]
-- HijackThis (run as Kay.exe) -------------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-23 18:51:18
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
K:\Spyware Doctor\pctsAuxs.exe
K:\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\alg.exe
K:\Spyware Doctor\Update.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
K:\Spyware Doctor\pctsTray.exe
C:\Program Files\WapSter\AQQ\AQQ.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\netcut\netcut.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kay\Pulpit\PowerMenu.exe
C:\Program Files\Opera 9.5 beta\opera.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kay\Dane aplikacji\Opera\Opera 9.5 beta\profile\cache4\temporary_download\dss66.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "K:\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\drivers\scanner\TBRIDGE\BIN\RegisterDropHandler.exe
O4 - HKLM\..\RunOnce: [My Global Search Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKLM\..\RunOnceEx: [Flags] 128
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [WinRoll] "C:\Program Files\WinRoll\winroll.exe"
O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Skrót do start.lnk = C:\Documents and Settings\Kay\Pulpit\start.bat
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Skrót do RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.credit-suisse.com (HKCU)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{52A2AF84-9CAE-4D47-B8F0-249DB657EAEE}: NameServer = 194.204.152.34,194.204.159.1
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCDEB668-67FD-4C1F-84D7-F8DACBC8F839}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - AppInit_DLLs: cru629.dat
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\ESET\nod32krn.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - K:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - K:\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7286 bytes
-- HijackThis Fixed Entries (D:\pulpit\DAWID_~1\backups\) ----------------------
backup-20080120-202608-185 O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://london.access.credit-suisse.com/CitrixSessionInit/ICAWEB/icaweb.cab
backup-20080120-202608-281 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
backup-20080120-202608-417 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20080120-202608-637 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
backup-20080120-202608-720 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
backup-20080120-202608-918 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
backup-20080120-202609-891 O16 - DPF: {6416C78A-E810-445C-8712-1785809FA433} - https://london.access.credit-suisse.com/CitrixLogonPoint/London/EPAClient/EPAClient.exe
-- File Associations -----------------------------------------------------------
[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]
[COLOR=red].reg - regfile - shell\open\command - "regedit.exe" "%1"[/COLOR]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys
R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\1\ultraiso\drivers\isodrive.sys
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys
R3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys
R3 RadProbe (Radeon Probe Driver) - c:\windows\system32\drivers\radprobe.sys
S2 USB680x (USB Scanner) - c:\windows\system32\drivers\uscanner.sys
S3 PsSdkLB - c:\windows\system32\drivers\pssdklb.drv (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 RadClock - c:\windows\system32\radclock.exe
S3 r_server (Remote Administrator Service) - "c:\windows\system32\r_server.exe" /service
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini"
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Mysz zgodna z PS/2
Device ID: ACPI\PNP0F13\4&15F50029&0
Manufacturer: Microsoft
Name: Mysz zgodna z PS/2
PNP Device ID: ACPI\PNP0F13\4&15F50029&0
Service: i8042prt
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: IBM USB Serial Converter
Device ID: USB\VID_04B3&PID_4482\IB06LUHD
Manufacturer:
Name: IBM USB Serial Converter
PNP Device ID: USB\VID_04B3&PID_4482\IB06LUHD
Service:
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Cyfrowy kamkorder wideo firmy Samsung
Device ID: ROOT\IMAGE\0001
Manufacturer: Samsung
Name: Cyfrowy kamkorder wideo firmy Samsung
PNP Device ID: ROOT\IMAGE\0001
Service: MSDV
-- Files created between 2008-03-23 and 2008-04-23 -----------------------------
2008-04-23 12:22:19 16896 --a------ C:\WINDOWS\braviax.exe
2008-04-22 20:44:41 0 d-------- C:\!KillBox
2008-04-22 20:38:16 0 d-------- C:\backreg
2008-04-22 20:33:27 0 d-------- C:\Program Files\RogueRemover
2008-04-22 14:03:16 6144 --a------ C:\WINDOWS\system32\cru629.dat
2008-04-22 14:03:16 6144 --a------ C:\WINDOWS\cru629.dat
2008-04-20 13:03:38 0 d--hs---- C:\FOUND.005
2008-04-15 16:55:26 208896 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-04-15 16:40:11 0 d-------- C:\Program Files\Audacity
2008-04-14 14:34:08 0 d--hs---- C:\FOUND.004
2008-04-13 19:19:44 0 d--hs---- C:\FOUND.003
2008-04-12 09:13:41 0 d-------- C:\Program Files\Common Files\DirectX
2008-04-05 20:43:30 0 d-------- C:\WINDOWS\Matura 2008 Język Angielski
2008-04-04 19:01:50 1777664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-04-04 17:23:31 0 d-------- C:\Program Files\RouterControl
2008-04-03 18:38:34 0 d-------- C:\Program Files\MyGlobalSearch
2008-04-03 18:38:30 0 d-------- C:\Program Files\BearShare
2008-04-03 18:10:14 0 d-------- C:\Program Files\Real Alternative
2008-03-31 20:48:59 225280 --a------ C:\WINDOWS\system32\rewire.dll
2008-03-31 20:48:30 0 d-------- C:\Program Files\VstPlugins
2008-03-31 20:48:15 0 d-------- C:\Program Files\Image-Line
2008-03-31 20:48:13 0 d-------- C:\Program Files\Outsim
2008-03-29 18:04:31 0 d-------- C:\Program Files\Satsuki Decoder Pack
2008-03-29 15:57:47 0 d-------- C:\Perl
2008-03-29 12:37:04 61440 --a------ C:\WINDOWS\system32\drivers\wpdmfq.sys
2008-03-29 12:05:30 2234 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-29 12:03:40 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-29 12:03:40 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-29 12:03:40 86528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-29 12:03:40 82432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-29 12:03:40 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-29 12:03:39 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-29 12:03:39 53248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-29 11:40:36 0 d-------- C:\Program Files\usuwanie
2008-03-29 10:50:46 298104 --a------ C:\WINDOWS\system32\imon.dll
2008-03-25 12:06:02 0 d--hs---- C:\FOUND.002
2008-03-23 18:45:27 0 d-------- C:\WINDOWS\Sun
-- Find3M Report ---------------------------------------------------------------
2008-04-22 20:38:18 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Regrun
2008-04-15 16:42:34 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Audacity
2008-04-13 09:56:56 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\MakeUpPilot
2008-04-09 16:36:42 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Consultia
2008-04-08 14:43:04 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\FreeCall
2008-04-03 18:10:16 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Real
2008-03-29 13:30:52 454380 --a------ C:\WINDOWS\system32\perfh015.dat
2008-03-29 13:30:52 77186 --a------ C:\WINDOWS\system32\perfc015.dat
2008-03-29 11:53:50 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\PC Tools
2008-03-22 10:34:08 0 d-------- C:\Program Files\NAPI-PROJEKT
2008-03-16 14:03:54 0 d-------- C:\Program Files\7-Zip
2008-03-15 18:41:46 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Talkback
2008-03-15 12:04:26 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Dev-Cpp
2008-03-01 16:39:34 0 d-------- C:\Program Files\Radmin
2008-03-01 09:58:10 0 d-------- C:\Program Files\SMAC
2008-02-28 21:29:12 0 d-------- C:\Program Files\CDRWIN 6
2008-02-28 21:28:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 21:00:34 0 d-------- C:\Program Files\Alcohol52
2008-02-28 19:38:38 0 d-------- C:\Program Files\ATITool
2008-02-28 17:37:18 0 d-------- C:\Program Files\AIDA32
2008-02-27 18:49:10 0 d-------- C:\Program Files\XP Repair Pro 2007
2008-02-27 18:24:20 0 d-------- C:\Program Files\RME
2008-02-23 09:55:36 0 d-------- C:\Program Files\Notepad++
2008-02-23 09:55:36 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Notepad++
2008-02-23 09:51:02 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\FileZilla
2008-02-23 09:50:20 0 d-------- C:\Program Files\FileZilla
2008-02-10 18:21:42 68 --a------ C:\PACKAGEINFO
2008-02-10 18:21:40 16 --a------ C:\DVCLAL
2008-02-06 11:21:58 77890 --a------ C:\WINDOWS\system32\nvidiaverify8.exe
2008-02-03 15:40:46 39541 --a------ C:\WINDOWS\pclxl.dll
2008-02-03 15:37:12 676864 --a------ C:\pcl5eres.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 00:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
"ISTray"="K:\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 13:18]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-02-24 01:32]
"WinRoll"="C:\Program Files\WinRoll\winroll.exe" [2006-01-01 23:27]
"Yz Shadow"="C:\Program Files\YzShadow\YzShadow.exe" [2006-02-24 03:51]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"My Global Search Uninstall"=rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"=C:\drivers\scanner\TBRIDGE\BIN\RegisterDropHandler.exe
C:\Documents and Settings\Kay\Menu Start\Programy\Autostart\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]
Skr˘t do start.lnk - C:\Documents and Settings\Kay\Pulpit\start.bat [2007-12-28 19:40:48]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Skr˘t do RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2007-12-23 18:37:57]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2005-04-27 03:49 200704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=cru629.dat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]
C:\WINDOWS\system32\ctfmona.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CubeDesktop]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Ram Optimizer]
C:\Program Files\Free Ram Optimizer\fro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GreedyTorrent]
"C:\1\GreedyTorrent\GTor.exe" -tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
C:\drivers\scanner\TBRIDGE\BIN\InstantAccess.exe /h
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSCTFMON]
C:\WINDOWS\SYSTEM32\nvidiaverify8.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ping]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
C:\drivers\scanner\TBRIDGE\BIN\RegisterDropHandler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyRid]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
K:\Program Files\Image\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
7890 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-04-23 18:54:44 ------------
Extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Polish
CPU 0: Procesor Intel Pentium III
Percentage of Memory in Use: 81%
Physical Memory (total/avail): 511.42 MiB / 95.34 MiB
Pagefile Memory (total/avail): 1249.7 MiB / 464.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.46 MiB
A: is Removable (Unformatted)
C: is Fixed (FAT32) - 6.82 GiB total, 0.59 GiB free.
D: is Fixed (NTFS) - 22.65 GiB total, 2.85 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is CDROM (No Media)
K: is Fixed (FAT32) - 18.63 GiB total, 4.52 GiB free.
\\.\PHYSICALDRIVE0 - SAMSUNG SV0412H - 37.3 GiB - 4 partitions
\PARTITION0 (bootable) - Unknown - 6.83 GiB - C:
\PARTITION1 - Unknown - 6.83 GiB
\PARTITION2 - Unknown - 1004.06 MiB
\PARTITION3 - Rozszerzona z rozszerzonym przerwaniem 13 - 22.65 GiB - D:
\\.\PHYSICALDRIVE1 - WDC WD200BB-60CVB0 - 18.64 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 18.64 GiB - K:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Kay\Dane aplikacji
ArmServerInfo=000E07A6
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAVID
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Kay
LOGONSERVER=\\DAVID
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Perl\site\bin;C:\Perl\bin;D:\Perl\bin\;K:\delphi7_personal\TUTAJ\Bin;K:\delphi7_personal\TUTAJ\Projects\Bpl\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Satsuki Decoder Pack\filtres
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=080a
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Kay\USTAWI~1\Temp
TMP=C:\DOCUME~1\Kay\USTAWI~1\Temp
USERDOMAIN=DAVID
USERNAME=Kay
USERPROFILE=C:\Documents and Settings\Kay
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Ala [I](admin)[/I]
Ewa [I](admin)[/I]
Kay [I](admin)[/I]
Administrator [I](new local, admin)[/I]
-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ace Ventura --> C:\WINDOWS\uninst.exe -fc:\1\ace\DeIsL1.isu
ActivePerl 5.10.0 Build 1002 --> MsiExec.exe /I{49C69876-0196-4620-B237-EA334C2E40B5}
ActivePerl Build 623 --> MsiExec.exe /I{2876C84B-F2D9-40E6-A522-E0856519E838}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
AIDA32 v3.93 --> "C:\Program Files\AIDA32\unins000.exe"
Archiwizator WinRAR --> C:\Program Files\WinRAR\uninstall.exe
ASIO4ALL --> k:\flstudio\kodeki\asio4all\uninstall.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.3.4 (Unicode) --> "C:\Program Files\Audacity\unins000.exe"
Blitz3D Demo V1.83 --> k:\blitz3d\unins000.exe
Borland Delphi 7 --> MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDRWIN 6.1 --> MsiExec.exe /I{C8310658-4019-4934-A7AC-AD1E35EDD8F5}
Cheat Engine 5.4 --> "k:\cheatengine\unins000.exe"
CloneCD --> "C:\Program Files\CloneCD\ccd-uninst.exe" /D="C:\Program Files\CloneCD"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Commando --> C:\WINDOWS\uninst.exe -fk:\stare\COMMANDOSS2\DeIsL1.isu
Commandos, Beyond the Call of Duty --> C:\WINDOWS\uninst.exe -fk:\stare\COMANDOS\DeIsL1.isu
CubeDesktop 1.1.3 --> K:\beryl\nowszy\uninst.exe
Dev-C++ 5 beta 9 release (4.9.9.2) --> "D:\cpp\uninstall.exe"
EmEditor Professional (English) --> MsiExec.exe /I{632F04A6-D7EC-4954-8091-8A69CEB1845F}
EPAFactory Endpoint Analysis Client 3.65 --> MsiExec.exe /I{FC40677C-7D54-4836-9EDA-459DDBD42A9D}
FileZilla Client 3.0.7.1 --> C:\Program Files\FileZilla\uninstall.exe
FL Studio v7.0 --> "K:\flstudio\unins000.exe"
FlyakiteOSX --> C:\WINDOWS\FlyakiteOSX\Uninstall.exe
foobar2000 v0.9.4.5 --> "C:\Program Files\foobar2000\uninstall.exe"
Free Ram Optimizer XP 1.0 --> "C:\Program Files\Free Ram Optimizer\unins000.exe"
Gadu-Gadu 7.7 --> C:\Program Files\Gadu-Gadu\Setup.exe
GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\system32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\system32\ShellExt\GMailFS.inf
GreedyTorrent v1.01 beta build 170 --> "C:\1\GreedyTorrent\unins000.exe"
GTAViceCarEditor 1.1.1 --> k:\gry\vc\inne\car\unins000.exe
HijackThis 1.99.1 --> D:\pulpit\DaWiD_to ja ;d\HijackThis.exe /uninstall
HyperCam 2 --> "C:\Program Files\HyperCam2\UnHyCam2.exe"
I-Doser v4 --> K:\david\dser\Uninstal.exe
iColorFolder --> C:\Program Files\iColorFolder\uninstall.exe
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
IMG Tool (remove only) --> "k:\gry\vc\INNE\imgtools\Uninstall.exe"
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Leksykon Architektura --> C:\WINDOWS\IsUn0415.exe -fd:\Uninst.isu -cd:\UninstallProject.dll
MakeUp Pilot 2.00 --> d:\oczysc\unins000.exe
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover\unins000.exe"
Matura 2008 Język Angielski --> "C:\WINDOWS\Matura 2008 Język Angielski\uninstall.exe" "/U:D:\\Uninstall\uninstall.xml"
MotoGP URT 3 --> K:\MotoGP3\unins000.exe
Mozilla Firefox (2.0.0.13) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mu --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}\Setup.exe" -l0x9 UNINSTALL
NAPIPROJEKT 1.0.6.1 --> "C:\Program Files\NAPI-PROJEKT\unins000.exe"
Need for Speed™ Most Wanted --> K:\nfs\omg\EAUninstall.exe
NetCut 2.08 --> "C:\Program Files\netcut\unins000.exe"
No-IP.com DUC (remove only) --> "C:\Program Files\No-IP\DUC20.exe" -uninstall
NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
Opera --> C:\PROGRA~1\OPERA9~1.5BE\uninst\unwise.exe C:\PROGRA~1\OPERA9~1.5BE\uninst\install.log
Opera 9.25 --> MsiExec.exe /X{C619B312-19F3-460A-9F7B-443248379F18}
Phobos --> K:\1\klon\Uninstall.exe
PoiZone --> C:\Program Files\Image-Line\PoiZone\uninstall.exe
Prime95 --> "C:\Program Files\podkrecanie\Prime95\Uninstall.exe" "C:\Program Files\podkrecanie\Prime95\install.log"
Python 2.4 --> MsiExec.exe /I{82D9302E-F209-4805-B548-52087047483A}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RadLinker --> MsiExec.exe /I{238ABEB6-42D2-4DD7-9928-DE8431519C61}
Real Alternative 1.7.5 --> "C:\Program Files\Real Alternative\unins000.exe"
Real Desktop 1.15 --> "k:\real\unins000.exe"
Remere's Map Editor --> C:\Program Files\RME\uninstall.exe
Remote Administrator v2.2 --> C:\Program Files\Radmin\uninstal.exe
Right Click Image Converter --> "d:\ppmc\uninstall.exe"
RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"
RouterControl 1.90 --> C:\WINDOWS\RCoUn.EXE /UnInst:"C:\WINDOWS\RouterControl_Uninstall.in"
Satsuki Decoder Pack --> C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
SHOUTcast DNAS (remove only) --> "C:\Program Files\SHOUTcast\uninst-dnas.exe"
SHOUTcast Source DSP 1.8.2 (remove only) --> C:\Program Files\Winamp\uninst-dsp.exe
SilentNight Radio --> MsiExec.exe /X{F94E1DD2-B859-47E0-9A30-0532482DC4EA}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SMAC 1.2 Evaluation Edition --> C:\PROGRA~1\SMAC\UNWISE.EXE C:\PROGRA~1\SMAC\INSTALL.LOG
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> K:\Spyware Doctor\unins000.exe /LOG
System Antywirusowy NOD32 --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
Tasker version 3.13 --> "C:\Program Files\Tasker\unins000.exe"
Tibia --> "K:\1\prawdziwek\unins000.exe"
Tibia MULTI-ip changer --> k:\tibia\UNinstaller.exe
TibiaTek Bot --> MsiExec.exe /I{D5A6831B-C39B-47BE-B4E4-DB323922E61F}
Tiger System Preferences v2 --> C:\Program Files\Tiger System Preferences v2\Uninstal.exe
Top 2500 English Words --> "D:\Top 2500 English Words\unins000.exe"
ToxicIII --> C:\Program Files\VstPlugins\ToxicIII\uninstall.exe
Ulead VideoStudio 8.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x9
UltraISO Premium V8.65 --> "C:\1\UltraISO\unins000.exe"
USB Scanner --> C:\drivers\scanner\UNINSTAL\SETUP.EXE
Virtual DJ - Atomix Productions --> K:\VIRTUA~1\UNWISE.EXE K:\VIRTUA~1\INSTALL.LOG
VNC 4.0 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
WapSter AQQ --> C:\Program Files\WapSter\AQQ\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe
XP Repair Pro 2007 --> MsiExec.exe /X{7D5EDF94-4A58-4C53-A07A-1E4B535307D5}
-- Application Event Log -------------------------------------------------------
Event Record #/Type1947 / Error
Event Submitted/Written: 04/22/2008 09:22:09 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplikacja zawieszająca SpybotSD2.exe, wersja 1.5.2.20, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Event Record #/Type1915 / Error
Event Submitted/Written: 04/20/2008 06:13:30 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Acronis True Image Home -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2755. The arguments are: 112, C:\DOCUME~1\Kay\USTAWI~1\Temp\C71D1A2C-F2B9-4116-B1C9-262E1F05C07E\AcronisTrueImage.msi,
Event Record #/Type1912 / Error
Event Submitted/Written: 04/20/2008 01:20:36 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplikacja zawieszająca explorer.exe, wersja 6.0.2900.2180, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Event Record #/Type1911 / Error
Event Submitted/Written: 04/20/2008 01:17:58 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Aplikacja zawieszająca wmplayer.exe, wersja 9.0.0.3250, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Event Record #/Type1897 / Error
Event Submitted/Written: 04/19/2008 11:37:52 PM
Event ID/Source: 1000 / Application Error
Event Description:
Aplikacja powodująca błąd nvidiaverify8.exe, wersja 0.0.0.0, moduł powodujący błąd nvidiaverify8.exe, wersja 0.0.0.0, adres błędu 0x000047d0.
Przetwarzanie zdarzenia określonego nośnika dla [nvidiaverify8.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type9874 / Warning
Event Submitted/Written: 04/23/2008 03:14:18 PM
Event ID/Source: 4226 / Tcpip
Event Description:
Protokół TCP/IP osiągnął limit zabezpieczeń ustalony dla liczby równoczesnych prób połączeń TCP.
Event Record #/Type9872 / Error
Event Submitted/Written: 04/23/2008 00:51:22 PM
Event ID/Source: 8032 / BROWSER
Event Description:
Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{52A2AF84-9CAE-4D47-B8F0-249DB657EAEE}.
Przeglądarka zapasowa jest zatrzymywana.
Event Record #/Type9871 / Warning
Event Submitted/Written: 04/23/2008 00:49:52 PM
Event ID/Source: 8021 / BROWSER
Event Description:
Przeglądarka nie mogła pobrać listy serwerów z przeglądarki głównej \\PIOTR w sieci \Device\NetBT_Tcpip_{52A2AF84-9CAE-4D47-B8F0-249DB657EAEE}.
Przedstawione dane to kod błędu.
Event Record #/Type9870 / Warning
Event Submitted/Written: 04/23/2008 00:49:22 PM
Event ID/Source: 8022 / BROWSER
Event Description:
Przeglądarka nie mogła pobrać listy domen z przeglądarki głównej \\PIOTR w sieci \Device\NetBT_Tcpip_{52A2AF84-9CAE-4D47-B8F0-249DB657EAEE}.
Przedstawione dane to kod błędu.
Event Record #/Type9852 / Error
Event Submitted/Written: 04/23/2008 00:23:23 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Nie można załadować następujących sterowników startu rozruchowego lub systemowego:
IKFileSec
-- End of Deckard's System Scanner: finished at 2008-04-23 18:54:44 ------------
Dodam, że też niechciał odpalić (jedynie przy zmianie nazwy odpalił)
Kay
