Problem z pasiem Tooblar Sweetpack

Dla specjalistów Bezpieczeństwo
#1

OTL logfile created on: 2012-12-03 20:35:38 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,93 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 52,82% Memory free

3,78 Gb Paging File | 3,06 Gb Available in Paging File | 80,95% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 21,59 Gb Free Space | 44,21% Space Free | Partition Type: NTFS

Drive D: | 87,89 Gb Total Space | 39,52 Gb Free Space | 44,96% Space Free | Partition Type: NTFS

Drive E: | 96,16 Gb Total Space | 71,19 Gb Free Space | 74,03% Space Free | Partition Type: NTFS

Computer Name: ADMIN-242AFF976 | User Name: admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012-12-03 20:34:16 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\admin\Moje dokumenty\Pobieranie\OTL.exe

PRC - [2012-10-28 13:38:04 | 000,917,984 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012-09-13 15:31:10 | 000,129,648 | ---- | M] (ArcaBit) – C:\Program Files\mks\ArcaUpdate\update.exe

PRC - [2012-09-12 10:36:43 | 000,161,768 | ---- | M] (Oracle Corporation) – C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2012-08-15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) – C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe

PRC - [2012-07-03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2012-05-28 10:23:24 | 000,498,288 | ---- | M] (ArcaBit) – C:\Program Files\mks\mks_vir\mks_menu.exe

PRC - [2012-04-02 22:41:00 | 000,159,232 | ---- | M] (ArcaBit) – C:\Program Files\mks\ArcaVir\ArcaMainSV.exe

PRC - [2012-03-07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012-03-07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012-01-09 14:38:18 | 000,141,904 | ---- | M] (ArcaBit) – C:\Program Files\mks\Common\ArcaConfSV.exe

PRC - [2010-01-20 13:05:04 | 012,067,432 | ---- | M] (GG Network S.A.) – C:\Program Files\Gadu-Gadu 10\gg.exe

PRC - [2009-07-17 14:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) – C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

PRC - [2008-09-10 11:24:21 | 000,676,520 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrmon.exe

PRC - [2008-09-10 11:24:18 | 000,025,256 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrmsdmon.exe

PRC - [2008-05-16 16:39:15 | 000,594,600 | ---- | M] ( ) – C:\WINDOWS\system32\lxdrcoms.exe

PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012-12-03 08:06:57 | 002,036,224 | ---- | M] () – C:\Program Files\Alwil Software\Avast5\defs\12120300\algo.dll

MOD - [2012-12-02 21:11:32 | 002,036,224 | ---- | M] () – C:\Program Files\Alwil Software\Avast5\defs\12120200\algo.dll

MOD - [2012-10-28 13:38:03 | 002,295,264 | ---- | M] () – C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011-08-15 14:55:20 | 006,277,280 | ---- | M] () – C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2010-11-03 19:24:46 | 001,011,712 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll

MOD - [2010-11-03 09:54:02 | 005,771,264 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll

MOD - [2010-11-03 09:53:55 | 013,193,216 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll

MOD - [2010-11-03 09:52:06 | 001,667,072 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll

MOD - [2010-11-03 09:50:42 | 008,265,728 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll

MOD - [2010-11-03 09:50:32 | 011,722,752 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll

MOD - [2010-11-03 09:48:55 | 000,311,296 | ---- | M] () – C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010-01-20 13:06:24 | 000,217,704 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\gglog.dll

MOD - [2010-01-20 13:06:22 | 000,123,496 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\ggipcradioproxy.dll

MOD - [2010-01-20 13:06:20 | 000,017,512 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\ggipc.dll

MOD - [2010-01-20 13:06:16 | 000,027,752 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\ggcrypto.dll

MOD - [2010-01-20 13:06:14 | 000,356,968 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\ggcommon.dll

MOD - [2010-01-11 14:55:58 | 002,195,456 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\QtCore4.dll

MOD - [2010-01-11 14:55:58 | 000,970,752 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\QtNetwork4.dll

MOD - [2010-01-11 14:55:54 | 011,677,696 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll

MOD - [2010-01-11 14:55:52 | 000,774,144 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\QtScript4.dll

MOD - [2010-01-11 14:55:46 | 008,024,064 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\QtGui4.dll

MOD - [2010-01-11 14:55:34 | 000,393,216 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\QtXml4.dll

MOD - [2010-01-11 14:55:26 | 000,299,008 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\QtSvg4.dll

MOD - [2010-01-11 14:54:16 | 000,303,104 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\imageformats\qtiff4.dll

MOD - [2010-01-11 14:54:16 | 000,274,432 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\imageformats\qmng4.dll

MOD - [2010-01-11 14:54:16 | 000,143,360 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\imageformats\qjpeg4.dll

MOD - [2010-01-11 14:54:16 | 000,023,552 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\imageformats\qgif4.dll

MOD - [2010-01-11 14:54:16 | 000,018,432 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\imageformats\qsvg4.dll

MOD - [2009-09-23 15:04:00 | 000,059,904 | ---- | M] () – C:\Program Files\Gadu-Gadu 10\zlib1.dll

MOD - [2008-09-10 11:24:21 | 000,676,520 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrmon.exe

MOD - [2008-09-10 11:24:18 | 000,025,256 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrmsdmon.exe

MOD - [2008-09-10 10:44:54 | 000,081,920 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrcaps.dll

MOD - [2008-09-10 10:44:46 | 000,380,928 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrscw.dll

MOD - [2008-09-10 10:44:44 | 001,036,288 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrdrs.dll

MOD - [2008-09-10 10:34:29 | 000,069,632 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrcnv4.dll

MOD - [2008-05-27 04:36:57 | 000,036,864 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\app4r.monitor.core.dll

MOD - [2008-05-27 04:36:57 | 000,028,672 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\app4r.monitor.common.dll

MOD - [2008-05-27 04:35:58 | 000,065,536 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\app4r.devmons.mcmdevmon.dll

MOD - [2008-05-16 16:12:02 | 000,121,856 | ---- | M] () – C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdrdrpp.dll

MOD - [2008-05-16 15:54:59 | 000,188,416 | ---- | M] () – C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdrdatr.dll

MOD - [2008-04-14 21:50:38 | 000,014,336 | ---- | M] () – C:\WINDOWS\system32\msdmo.dll

MOD - [2008-03-25 05:53:10 | 000,012,288 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\app4r.devmons.mcmdevmon.autoplayutil.dll

MOD - [2006-01-19 05:33:38 | 000,078,336 | ---- | M] () – C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] – %SystemRoot%\System32\hidserv.dll – (HidServ)

SRV - File not found [Auto | Stopped] – C:\WINDOWS\system32\ojfzhyhj.dll – (futcbiyi)

SRV - [2012-10-28 13:38:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] – C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe – (MozillaMaintenance)

SRV - [2012-09-13 15:31:10 | 000,129,648 | ---- | M] (ArcaBit) [Auto | Running] – C:\Program Files\mks\ArcaUpdate\update.exe – (AVUpdate)

SRV - [2012-09-12 10:36:43 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] – C:\Program Files\Java\jre7\bin\jqs.exe – (JavaQuickStarterService)

SRV - [2012-04-02 22:41:00 | 000,159,232 | ---- | M] (ArcaBit) [Auto | Running] – C:\Program Files\mks\ArcaVir\ArcaMainSV.exe – (ABMainSV)

SRV - [2012-03-07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Antivirus)

SRV - [2012-02-29 07:50:48 | 000,158,856 | R— | M] (Skype Technologies) [Auto | Stopped] – C:\Program Files\Skype\Updater\Updater.exe – (SkypeUpdate)

SRV - [2012-01-09 14:38:18 | 000,141,904 | ---- | M] (ArcaBit) [Auto | Running] – C:\Program Files\mks\Common\ArcaConfSV.exe – (ABConfSV)

SRV - [2010-11-03 10:09:35 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)

SRV - [2009-07-17 14:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) [Auto | Running] – C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe – (NIHardwareService)

SRV - [2008-05-16 16:39:15 | 000,594,600 | ---- | M] ( ) [Auto | Running] – C:\WINDOWS\system32\lxdrcoms.exe – (lxdr_device)

SRV - [2008-05-16 16:39:03 | 000,098,984 | ---- | M] () [Auto | Stopped] – C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdrserv.exe – (lxdrCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] – -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] – -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] – -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] – -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] – -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] – C:\DOCUME~1\admin\USTAWI~1\Temp\catchme.sys – (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\Apfiltr.sys – (ApfiltrService)

DRV - File not found [2010/03/02 23:23:45] [Kernel | Auto | Stopped] – C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl – ({B154377D-700F-42cc-9474-23858FBDF4BD})

DRV - [2012-03-07 00:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] – C:\WINDOWS\System32\drivers\aswSnx.sys – (aswSnx)

DRV - [2012-03-07 00:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswSP.sys – (aswSP)

DRV - [2012-03-07 00:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswRdr.sys – (aswRdr)

DRV - [2012-03-07 00:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswTdi.sys – (aswTdi)

DRV - [2012-03-07 00:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\WINDOWS\System32\drivers\aswmon2.sys – (aswMon2)

DRV - [2012-03-07 00:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\WINDOWS\System32\drivers\aswFsBlk.sys – (aswFsBlk)

DRV - [2012-03-06 23:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aavmker4.sys – (Aavmker4)

DRV - [2011-09-30 11:29:38 | 000,062,544 | ---- | M] (ArcaBit) [File_System | On_Demand | Running] – C:\Program Files\mks\ArcaVir\ABFLT.sys – (ABFLT)

DRV - [2010-11-03 10:09:47 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Rockey4.sys – (ROCKEYNT)

DRV - [2010-10-26 14:04:32 | 000,051,280 | ---- | M] (ArcaBit) [Kernel | System | Running] – C:\Program Files\mks\ArcaVir\ABTDI.sys – (ABTDI)

DRV - [2009-08-04 12:04:28 | 000,102,656 | R— | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ewusbfake.sys – (hwusbfake)

DRV - [2009-08-04 12:04:28 | 000,102,400 | R— | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ewusbmdm.sys – (hwdatacard)

DRV - [2009-08-04 10:04:26 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\pcampr5.sys – (PCAMPR5)

DRV - [2009-08-04 10:04:26 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\pcandis5.sys – (PCANDIS5)

DRV - [2009-01-06 19:20:26 | 000,014,592 | ---- | M] (MicroSoft Electronics Co Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\SR9USB.sys – (SR9USB)

DRV - [2008-07-01 04:27:44 | 000,108,800 | R— | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Rtenicxp.sys – (RTLE8023xp)

DRV - [2008-06-20 09:58:08 | 004,741,120 | R— | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService)

DRV - [2008-01-23 12:10:38 | 001,265,536 | R— | M] (Broadcom Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\BCMWL5.SYS – (BCM43XX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = *.local

========== FireFox ==========

FF - prefs.js…extensions.enabledAddons: wrc@avast.com:7.0.1426

FF - prefs.js…extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.7.0.3

FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js…keyword.URL: “http://search.sweetim.com/search.asp?barid={5E4048C3-1800-44B9-B8F4-4AC2ACA6EBD7}&src=2&crg=3.1010000&q=

FF - prefs.js…sweetim.toolbar.previous.keyword.URL: “http://search.sweetim.com/search.asp?barid={5E4048C3-1800-44B9-B8F4-4AC2ACA6EBD7}&src=2&crg=3.1010000&q=

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012-04-17 14:21:51 | 000,000,000 | —D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\Components: C:\Program Files\Mozilla Firefox\components [2012-10-28 13:38:04 | 000,000,000 | —D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-28 13:37:56 | 000,000,000 | —D | M]

[2009-12-14 14:06:05 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Extensions

[2012-11-18 16:01:24 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\k9ewm0st.default\extensions

[2012-11-18 16:01:24 | 000,189,128 | ---- | M] () (No name found) – C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\k9ewm0st.default\extensions{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

[2012-11-18 10:45:13 | 000,003,915 | ---- | M] () – C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\k9ewm0st.default\searchplugins\sweetim.xml

[2012-10-28 13:37:54 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions

[2012-04-17 14:21:51 | 000,000,000 | —D | M] (avast! WebRep) – C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

[2012-10-28 13:38:04 | 000,261,600 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browsercomps.dll

[2009-10-26 16:45:36 | 000,102,400 | ---- | M] (Zylom) – C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

[2011-10-12 14:29:09 | 000,002,767 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2011-10-12 14:29:09 | 000,001,406 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2011-10-12 14:29:09 | 000,000,917 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2011-10-12 14:29:09 | 000,000,858 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2011-10-12 14:29:09 | 000,001,183 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2011-10-12 14:29:09 | 000,001,683 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Szukaj w Google = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: avast! WebRep = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

CHR - Extension: Gmail = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

CHR - Extension: YouTube = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Szukaj w Google = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: avast! WebRep = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

CHR - Extension: Gmail = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010-02-08 10:55:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\admin\Dane aplikacji\Gadu-Gadu 10_userdata\ggbho.2.dll (GG Network S.A.)

O3 - HKLM…\Toolbar: (no name) - - No CLSID value found.

O3 - HKCU…\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

O4 - HKLM…\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM…\Run: [ArcaClean] C:\Program Files\mks\ArcaVir\ArcaClean.exe (ArcaBit)

O4 - HKLM…\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM…\Run: [lxdramon] C:\Program Files\Lexmark 4900 Series\lxdramon.exe ()

O4 - HKLM…\Run: [lxdrmon.exe] C:\Program Files\Lexmark 4900 Series\lxdrmon.exe ()

O4 - HKLM…\Run: [mks_menu] C:\Program Files\mks\mks_vir\mks_menu.exe (ArcaBit)

O4 - HKLM…\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

O4 - HKLM…\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O9 - Extra ‘Tools’ menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 85.14.85.14

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{35065616-9486-41E5-9A3D-B0F6FE7FA10D}: DhcpNameServer = 10.0.0.1 85.14.85.14

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-11-03 09:17:07 | 000,000,000 | —D | M] - C:\Autodesk – [NTFS]

O32 - AutoRun File - [2009-11-19 17:04:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O33 - MountPoints2{34e9e348-a024-11e0-8da4-00242b87c803}\Shell - “” = AutoRun

O33 - MountPoints2{34e9e348-a024-11e0-8da4-00242b87c803}\Shell\AutoRun\command - “” = G:\KODAK_Software_Downloader.exe

O33 - MountPoints2{cf414548-d933-11df-8bbc-00242b87c803}\Shell - “” = AutoRun

O33 - MountPoints2{cf414548-d933-11df-8bbc-00242b87c803}\Shell\AutoRun\command - “” = G:\MicroLauncher.exe

O33 - MountPoints2{cfa456e8-9af8-11df-8b31-00242b87c803}\Shell - “” = AutoRun

O33 - MountPoints2{cfa456e8-9af8-11df-8b31-00242b87c803}\Shell\AutoRun\command - “” = G:\AutoRun.exe

O33 - MountPoints2{d910c764-c029-11e0-8df2-00235a561afe}\Shell\AutoRun\command - “” = urDrive.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = ComFile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2012-11-18 21:03:03 | 000,000,000 | —D | C] – C:\Documents and Settings\admin\Moje dokumenty\Native Instruments

[2012-11-18 21:02:38 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{D69A48BF-7653-4AA8-94BC-5847522A4573}

[2012-11-18 21:00:45 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Digidesign

[2012-11-18 21:00:31 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Native Instruments

[2012-11-18 21:00:27 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}

[2012-11-18 20:59:52 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}

[2012-11-18 20:59:06 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}

[2012-11-18 20:57:57 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{EC98E512-708C-4C3B-9F07-B58768C1DD8A}

[2012-11-18 20:57:38 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}

[2012-11-18 20:57:31 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\Native Instruments

[2012-11-18 20:57:30 | 000,000,000 | —D | C] – C:\Program Files\Native Instruments

[2012-11-18 20:57:30 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Native Instruments

[2012-11-18 20:48:29 | 000,000,000 | —D | C] – C:\Documents and Settings\admin\Dane aplikacji\Audacity

[2012-11-18 20:48:02 | 000,000,000 | —D | C] – C:\Program Files\Audacity 1.3 Beta (Unicode)

[2012-11-18 20:43:18 | 000,000,000 | —D | C] – C:\Program Files\ASIO4ALL v2

[2012-11-18 20:43:18 | 000,000,000 | —D | C] – C:\Documents and Settings\admin\Menu Start\Programy\ASIO4ALL v2

[2012-11-18 20:40:44 | 000,000,000 | —D | C] – C:\Documents and Settings\admin\Dane aplikacji\REAPER

[2012-11-18 20:40:35 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\REAPER

[2012-11-18 20:40:25 | 000,000,000 | —D | C] – C:\Program Files\REAPER

[2012-11-18 20:37:38 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\Guitar Pro 5

[2012-11-18 20:36:39 | 000,000,000 | —D | C] – C:\Program Files\Guitar Pro 5

[2012-11-18 20:33:23 | 000,000,000 | —D | C] – C:\paski

[2012-11-18 20:27:40 | 000,000,000 | —D | C] – C:\Program Files\Guitar FX BOX 2.6

[2012-11-18 20:27:40 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\Guitar FX BOX 2.6

[2012-11-18 20:25:13 | 000,000,000 | —D | C] – C:\Documents and Settings\admin\Pulpit\programy do gitary

[2012-11-18 10:44:57 | 000,000,000 | —D | C] – C:\Program Files\SweetIM

[2012-11-18 10:44:57 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\SweetIM

[2012-10-28 19:07:34 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\mks_vir

[2012-10-28 19:07:21 | 000,000,000 | —D | C] – C:\Program Files\mks

[2012-10-28 19:07:21 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit

[2012-10-28 19:02:09 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Wise Installation Wizard

[2012-10-28 13:37:53 | 000,000,000 | —D | C] – C:\Program Files\Mozilla Firefox

[2012-10-08 15:07:32 | 000,000,000 | —D | C] – C:\Documents and Settings\admin\Moje dokumenty\z

[6 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

[4 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\Documents and Settings\All Users*.tmp files -> C:\Documents and Settings\All Users*.tmp ->]

========== Files - Modified Within 60 Days ==========

[2012-12-03 20:16:02 | 000,001,034 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012-12-03 16:24:24 | 000,001,030 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012-12-03 16:24:21 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2012-12-02 20:23:09 | 000,000,724 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk

[2012-12-02 11:00:05 | 000,433,296 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat

[2012-12-02 11:00:05 | 000,384,518 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat

[2012-12-02 11:00:05 | 000,078,288 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat

[2012-12-02 11:00:05 | 000,063,830 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat

[2012-11-29 12:01:46 | 000,000,269 | ---- | M] () – C:\WINDOWS\lexstat.ini

[2012-11-27 21:24:31 | 000,001,943 | ---- | M] () – C:\WINDOWS\imsins.BAK

[2012-11-24 00:37:15 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2012-11-19 16:28:46 | 000,167,504 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2012-11-18 23:47:17 | 001,291,814 | ---- | M] () – C:\Documents and Settings\admin\Moje dokumenty\20100711_SIOSTRA_MARIA_OD_KRZYZA__-_REKOPIS_Z_CZYSCCA.pdf

[2012-11-07 20:40:38 | 000,070,656 | ---- | M] () – C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012-10-31 09:12:14 | 001,791,774 | ---- | M] () – C:\Documents and Settings\admin\Pulpit\Nowy Obraz - mapa bitowa (2).bmp

[2012-10-21 19:37:27 | 005,460,534 | ---- | M] () – C:\Documents and Settings\admin\Moje dokumenty\reklama.bmp

[6 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

[4 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\Documents and Settings\All Users*.tmp files -> C:\Documents and Settings\All Users*.tmp ->]

========== Files Created - No Company Name ==========

[2012-12-02 20:23:09 | 000,000,724 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk

[2012-11-18 20:48:23 | 000,000,735 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Audacity 1.3 Beta (Unicode).lnk

[2012-10-31 09:11:26 | 001,791,774 | ---- | C] () – C:\Documents and Settings\admin\Pulpit\Nowy Obraz - mapa bitowa (2).bmp

[2012-10-21 19:37:06 | 005,460,534 | ---- | C] () – C:\Documents and Settings\admin\Moje dokumenty\reklama.bmp

[2011-12-31 18:28:15 | 000,002,653 | ---- | C] () – C:\Documents and Settings\admin\default.pls

[2011-04-17 13:30:30 | 000,040,960 | ---- | C] () – C:\WINDOWS\System32\lxdrvs.dll

[2011-04-17 13:30:28 | 000,360,448 | ---- | C] () – C:\WINDOWS\System32\lxdrcoin.dll

[2011-04-17 13:29:51 | 001,036,288 | ---- | C] () – C:\WINDOWS\System32\lxdrdrs.dll

[2011-04-17 13:29:51 | 000,081,920 | ---- | C] () – C:\WINDOWS\System32\lxdrcaps.dll

[2011-04-17 13:29:51 | 000,069,632 | ---- | C] () – C:\WINDOWS\System32\lxdrcnv4.dll

[2011-04-17 13:27:27 | 000,000,044 | ---- | C] () – C:\WINDOWS\System32\lxdrrwrd.ini

[2011-04-17 13:26:23 | 000,389,120 | ---- | C] () – C:\WINDOWS\System32\LXDRinst.dll

[2011-04-17 13:26:22 | 000,851,968 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrusb1.dll

[2011-04-17 13:26:22 | 000,438,272 | ---- | C] ( ) – C:\WINDOWS\System32\LXDRhcp.dll

[2011-04-17 13:26:22 | 000,364,544 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrinpa.dll

[2011-04-17 13:26:22 | 000,339,968 | ---- | C] ( ) – C:\WINDOWS\System32\lxdriesc.dll

[2011-04-17 13:26:21 | 001,069,056 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrserv.dll

[2011-04-17 13:26:21 | 000,651,264 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrpmui.dll

[2011-04-17 13:26:21 | 000,577,536 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrlmpm.dll

[2011-04-17 13:26:20 | 000,679,936 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrhbn3.dll

[2011-04-17 13:26:20 | 000,328,360 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrih.exe

[2011-04-17 13:26:19 | 000,208,896 | ---- | C] () – C:\WINDOWS\System32\lxdrgrd.dll

[2011-04-17 13:26:18 | 000,765,952 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrcomc.dll

[2011-04-17 13:26:18 | 000,594,600 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrcoms.exe

[2011-04-17 13:26:18 | 000,376,832 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrcomm.dll

[2011-04-17 13:26:18 | 000,369,320 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrcfg.exe

[2011-02-01 01:22:01 | 000,000,010 | ---- | C] () – C:\WINDOWS\popcinfo.dat

[2011-01-27 23:42:42 | 000,000,014 | ---- | C] () – C:\WINDOWS\popcinfot.dat

[2011-01-27 23:42:42 | 000,000,000 | ---- | C] () – C:\WINDOWS\popcreg.dat

[2011-01-11 01:43:04 | 000,000,269 | ---- | C] () – C:\WINDOWS\lexstat.ini

[2011-01-11 01:43:02 | 000,000,092 | ---- | C] () – C:\WINDOWS\dellstat.ini

[2010-11-03 09:47:46 | 000,095,688 | ---- | C] () – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2010-07-30 09:44:23 | 000,000,000 | ---- | C] () – C:\Documents and Settings\admin\Dane aplikacji\AVSMediaPlayer.m3u

[2010-02-03 06:39:44 | 000,453,024 | ---- | C] () – C:\Program Files\setup.exe

[2010-02-03 06:39:14 | 133,314,533 | ---- | C] () – C:\Program Files\openofficeorg1.cab

[2010-02-03 06:38:04 | 010,174,976 | ---- | C] () – C:\Program Files\openofficeorg32.msi

[2010-02-01 23:50:14 | 000,000,290 | ---- | C] () – C:\Program Files\setup.ini

[2009-12-27 18:09:34 | 000,070,656 | ---- | C] () – C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-11-30 22:50:44 | 000,000,130 | ---- | C] () – C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2009-11-24 21:13:36 | 000,000,600 | ---- | C] () – C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\PUTTY.RND

========== ZeroAccess Check ==========

[2009-11-30 22:49:26 | 000,000,227 | RHS- | M] () – C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

“” = %SystemRoot%\system32\shdocvw.dll – [2008-04-14 21:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

“” = C:\WINDOWS\system32\wbem\fastprox.dll – [2008-04-14 21:50:32 | 000,472,064 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

“” = C:\WINDOWS\system32\wbem\wbemess.dll – [2008-04-14 21:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Both

========== LOP Check ==========

[2009-12-13 00:40:16 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Artweaver

[2012-12-01 21:31:19 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Audacity

[2010-11-03 09:19:23 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Autodesk

[2012-03-02 14:33:26 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Dropbox

[2012-06-25 14:53:37 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Gadu-Gadu 10

[2011-01-31 17:47:00 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\GetRightToGo

[2012-01-11 01:43:33 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\GHISLER

[2010-07-29 11:09:07 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\iPlus

[2011-04-17 13:59:42 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Lexmark Productivity Studio

[2010-03-01 12:55:08 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\maxup

[2009-11-19 22:25:05 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Mikrotik

[2010-01-13 22:37:49 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\OpenFM

[2010-05-17 22:14:02 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\OpenOffice.org

[2009-11-19 23:16:05 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Opera

[2012-06-28 22:45:20 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Oracle

[2012-11-18 20:40:52 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\REAPER

[2010-04-05 21:46:29 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Software Informer

[2011-01-22 19:39:54 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\SpeedSim

[2010-11-03 10:12:11 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\ZWSoft

[2011-01-27 21:08:53 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Zylom

[2011-02-16 16:39:56 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software

[2012-10-28 19:42:37 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit

[2009-12-13 00:40:16 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Artweaver

[2010-11-03 09:19:23 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Autodesk

[2010-07-29 11:33:19 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\BlazeVideo

[2010-07-26 19:02:35 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2011-05-29 22:17:06 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Lexmark 4900 Series

[2012-11-18 21:00:31 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Native Instruments

[2011-01-14 22:59:42 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2011-01-27 23:43:10 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games

[2010-10-16 16:16:24 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Recisio

[2012-11-26 19:01:27 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\SweetIM

[2011-08-28 23:42:34 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Temp

[2011-01-23 01:10:22 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Zylom

[2012-11-18 21:00:29 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}

[2012-11-18 20:59:54 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}

[2011-06-26 19:49:29 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji{A2A58654-12AA-408A-B411-58A76959BE7F}

[2012-11-18 20:59:07 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}

[2012-11-18 21:02:41 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji{D69A48BF-7653-4AA8-94BC-5847522A4573}

[2012-11-18 20:57:39 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}

[2012-11-18 20:57:58 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji{EC98E512-708C-4C3B-9F07-B58768C1DD8A}

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:9482CFB4

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:9E00596C

< End of report >

#2

Użyj AdwCleaner http://general-changelog-team.fr/fr/dow … adwcleaner z funkcji Delete

Pokaż prawidłowo logi z OTL analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html

#3

OTL logfile created on: 2012-12-03 21:11:50 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,93 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 61,30% Memory free

3,78 Gb Paging File | 3,21 Gb Available in Paging File | 84,99% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 21,86 Gb Free Space | 44,77% Space Free | Partition Type: NTFS

Drive D: | 87,89 Gb Total Space | 39,52 Gb Free Space | 44,96% Space Free | Partition Type: NTFS

Drive E: | 96,16 Gb Total Space | 71,19 Gb Free Space | 74,03% Space Free | Partition Type: NTFS

Computer Name: ADMIN-242AFF976 | User Name: admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-12-03 20:34:16 | 000,602,112 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\admin\Moje dokumenty\Pobieranie\OTL.exe

PRC - [2012-10-28 13:38:04 | 000,917,984 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012-09-13 15:31:10 | 000,129,648 | ---- | M] (ArcaBit) – C:\Program Files\mks\ArcaUpdate\update.exe

PRC - [2012-09-12 10:36:43 | 000,161,768 | ---- | M] (Oracle Corporation) – C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2012-05-28 10:23:24 | 000,498,288 | ---- | M] (ArcaBit) – C:\Program Files\mks\mks_vir\mks_menu.exe

PRC - [2012-04-02 22:41:00 | 000,159,232 | ---- | M] (ArcaBit) – C:\Program Files\mks\ArcaVir\ArcaMainSV.exe

PRC - [2012-03-07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2012-03-07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012-01-09 14:38:18 | 000,141,904 | ---- | M] (ArcaBit) – C:\Program Files\mks\Common\ArcaConfSV.exe

PRC - [2009-07-17 14:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) – C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

PRC - [2008-09-10 11:24:21 | 000,676,520 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrmon.exe

PRC - [2008-09-10 11:24:18 | 000,025,256 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrmsdmon.exe

PRC - [2008-05-16 16:39:15 | 000,594,600 | ---- | M] ( ) – C:\WINDOWS\system32\lxdrcoms.exe

PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012-12-03 08:06:57 | 002,036,224 | ---- | M] () – C:\Program Files\Alwil Software\Avast5\defs\12120300\algo.dll

MOD - [2012-10-28 13:38:03 | 002,295,264 | ---- | M] () – C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012-04-10 10:49:18 | 000,195,152 | ---- | M] () – C:\Program Files\mks\ArcaVir\AVShell.dll

MOD - [2010-11-03 19:24:46 | 001,011,712 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll

MOD - [2010-11-03 09:54:02 | 005,771,264 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll

MOD - [2010-11-03 09:53:55 | 013,193,216 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll

MOD - [2010-11-03 09:52:06 | 001,667,072 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll

MOD - [2010-11-03 09:50:42 | 008,265,728 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll

MOD - [2010-11-03 09:50:32 | 011,722,752 | ---- | M] () – C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll

MOD - [2010-11-03 09:48:55 | 000,311,296 | ---- | M] () – C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009-02-27 20:04:20 | 000,311,296 | ---- | M] () – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL

MOD - [2008-09-10 11:24:21 | 000,676,520 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrmon.exe

MOD - [2008-09-10 11:24:18 | 000,025,256 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrmsdmon.exe

MOD - [2008-09-10 10:44:54 | 000,081,920 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrcaps.dll

MOD - [2008-09-10 10:44:46 | 000,380,928 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrscw.dll

MOD - [2008-09-10 10:44:44 | 001,036,288 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrdrs.dll

MOD - [2008-09-10 10:34:29 | 000,069,632 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\lxdrcnv4.dll

MOD - [2008-05-27 04:36:57 | 000,036,864 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\app4r.monitor.core.dll

MOD - [2008-05-27 04:36:57 | 000,028,672 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\app4r.monitor.common.dll

MOD - [2008-05-27 04:35:58 | 000,065,536 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\app4r.devmons.mcmdevmon.dll

MOD - [2008-05-16 16:12:02 | 000,121,856 | ---- | M] () – C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdrdrpp.dll

MOD - [2008-05-16 15:54:59 | 000,188,416 | ---- | M] () – C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdrdatr.dll

MOD - [2008-03-25 05:53:10 | 000,012,288 | ---- | M] () – C:\Program Files\Lexmark 4900 Series\app4r.devmons.mcmdevmon.autoplayutil.dll

MOD - [2006-01-19 05:33:38 | 000,078,336 | ---- | M] () – C:\WINDOWS\system32\spool\prtprocs\w32x86\LXCZPP5C.DLL

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] – %SystemRoot%\System32\hidserv.dll – (HidServ)

SRV - File not found [Auto | Stopped] – C:\WINDOWS\system32\ojfzhyhj.dll – (futcbiyi)

SRV - [2012-10-28 13:38:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] – C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe – (MozillaMaintenance)

SRV - [2012-09-13 15:31:10 | 000,129,648 | ---- | M] (ArcaBit) [Auto | Running] – C:\Program Files\mks\ArcaUpdate\update.exe – (AVUpdate)

SRV - [2012-09-12 10:36:43 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] – C:\Program Files\Java\jre7\bin\jqs.exe – (JavaQuickStarterService)

SRV - [2012-04-02 22:41:00 | 000,159,232 | ---- | M] (ArcaBit) [Auto | Running] – C:\Program Files\mks\ArcaVir\ArcaMainSV.exe – (ABMainSV)

SRV - [2012-03-07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Antivirus)

SRV - [2012-02-29 07:50:48 | 000,158,856 | R— | M] (Skype Technologies) [Auto | Stopped] – C:\Program Files\Skype\Updater\Updater.exe – (SkypeUpdate)

SRV - [2012-01-09 14:38:18 | 000,141,904 | ---- | M] (ArcaBit) [Auto | Running] – C:\Program Files\mks\Common\ArcaConfSV.exe – (ABConfSV)

SRV - [2010-11-03 10:09:35 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)

SRV - [2009-07-17 14:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) [Auto | Running] – C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe – (NIHardwareService)

SRV - [2008-05-16 16:39:15 | 000,594,600 | ---- | M] ( ) [Auto | Running] – C:\WINDOWS\system32\lxdrcoms.exe – (lxdr_device)

SRV - [2008-05-16 16:39:03 | 000,098,984 | ---- | M] () [Auto | Stopped] – C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdrserv.exe – (lxdrCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] – -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] – -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] – -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] – -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] – -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] – -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] – C:\DOCUME~1\admin\USTAWI~1\Temp\catchme.sys – (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\Apfiltr.sys – (ApfiltrService)

DRV - File not found [2010/03/02 23:23:45] [Kernel | Auto | Stopped] – C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl – ({B154377D-700F-42cc-9474-23858FBDF4BD})

DRV - [2012-03-07 00:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] – C:\WINDOWS\System32\drivers\aswSnx.sys – (aswSnx)

DRV - [2012-03-07 00:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswSP.sys – (aswSP)

DRV - [2012-03-07 00:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswRdr.sys – (aswRdr)

DRV - [2012-03-07 00:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aswTdi.sys – (aswTdi)

DRV - [2012-03-07 00:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\WINDOWS\System32\drivers\aswmon2.sys – (aswMon2)

DRV - [2012-03-07 00:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\WINDOWS\System32\drivers\aswFsBlk.sys – (aswFsBlk)

DRV - [2012-03-06 23:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\aavmker4.sys – (Aavmker4)

DRV - [2011-09-30 11:29:38 | 000,062,544 | ---- | M] (ArcaBit) [File_System | On_Demand | Running] – C:\Program Files\mks\ArcaVir\ABFLT.sys – (ABFLT)

DRV - [2010-11-03 10:09:47 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Rockey4.sys – (ROCKEYNT)

DRV - [2010-10-26 14:04:32 | 000,051,280 | ---- | M] (ArcaBit) [Kernel | System | Running] – C:\Program Files\mks\ArcaVir\ABTDI.sys – (ABTDI)

DRV - [2009-08-04 12:04:28 | 000,102,656 | R— | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ewusbfake.sys – (hwusbfake)

DRV - [2009-08-04 12:04:28 | 000,102,400 | R— | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ewusbmdm.sys – (hwdatacard)

DRV - [2009-08-04 10:04:26 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\pcampr5.sys – (PCAMPR5)

DRV - [2009-08-04 10:04:26 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\pcandis5.sys – (PCANDIS5)

DRV - [2009-01-06 19:20:26 | 000,014,592 | ---- | M] (MicroSoft Electronics Co Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\SR9USB.sys – (SR9USB)

DRV - [2008-07-01 04:27:44 | 000,108,800 | R— | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Rtenicxp.sys – (RTLE8023xp)

DRV - [2008-06-20 09:58:08 | 004,741,120 | R— | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService)

DRV - [2008-01-23 12:10:38 | 001,265,536 | R— | M] (Broadcom Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\BCMWL5.SYS – (BCM43XX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM…\SearchScopes,DefaultScope =

IE - HKCU…\SearchScopes,DefaultScope =

IE - HKCU…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = *.local

========== FireFox ==========

FF - prefs.js…extensions.enabledAddons: wrc@avast.com:7.0.1426

FF - prefs.js…extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.7.0.3

FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js…keyword.URL: “http://search.sweetim.com/search.asp?barid={5E4048C3-1800-44B9-B8F4-4AC2ACA6EBD7}&src=2&crg=3.1010000&q=

FF - prefs.js…sweetim.toolbar.previous.keyword.URL: “http://search.sweetim.com/search.asp?barid={5E4048C3-1800-44B9-B8F4-4AC2ACA6EBD7}&src=2&crg=3.1010000&q=

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012-04-17 14:21:51 | 000,000,000 | —D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\Components: C:\Program Files\Mozilla Firefox\components [2012-10-28 13:38:04 | 000,000,000 | —D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-28 13:37:56 | 000,000,000 | —D | M]

[2009-12-14 14:06:05 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Extensions

[2012-11-18 16:01:24 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\k9ewm0st.default\extensions

[2012-11-18 16:01:24 | 000,189,128 | ---- | M] () (No name found) – C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\k9ewm0st.default\extensions{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

[2012-11-18 10:45:13 | 000,003,915 | ---- | M] () – C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\k9ewm0st.default\searchplugins\sweetim.xml

[2012-10-28 13:37:54 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions

[2012-04-17 14:21:51 | 000,000,000 | —D | M] (avast! WebRep) – C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

[2012-10-28 13:38:04 | 000,261,600 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browsercomps.dll

[2009-10-26 16:45:36 | 000,102,400 | ---- | M] (Zylom) – C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

[2011-10-12 14:29:09 | 000,002,767 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2011-10-12 14:29:09 | 000,001,406 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2011-10-12 14:29:09 | 000,000,917 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2011-10-12 14:29:09 | 000,000,858 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2011-10-12 14:29:09 | 000,001,183 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2011-10-12 14:29:09 | 000,001,683 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Szukaj w Google = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: avast! WebRep = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

CHR - Extension: Gmail = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

CHR - Extension: YouTube = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Szukaj w Google = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: avast! WebRep = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

CHR - Extension: Gmail = C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010-02-08 10:55:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\admin\Dane aplikacji\Gadu-Gadu 10_userdata\ggbho.2.dll (GG Network S.A.)

O3 - HKLM…\Toolbar: (no name) - - No CLSID value found.

O4 - HKLM…\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM…\Run: [ArcaClean] C:\Program Files\mks\ArcaVir\ArcaClean.exe (ArcaBit)

O4 - HKLM…\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM…\Run: [lxdramon] C:\Program Files\Lexmark 4900 Series\lxdramon.exe ()

O4 - HKLM…\Run: [lxdrmon.exe] C:\Program Files\Lexmark 4900 Series\lxdrmon.exe ()

O4 - HKLM…\Run: [mks_menu] C:\Program Files\mks\mks_vir\mks_menu.exe (ArcaBit)

O4 - HKLM…\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O9 - Extra ‘Tools’ menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 85.14.85.14

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces{35065616-9486-41E5-9A3D-B0F6FE7FA10D}: DhcpNameServer = 10.0.0.1 85.14.85.14

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-11-03 09:17:07 | 000,000,000 | —D | M] - C:\Autodesk – [NTFS]

O32 - AutoRun File - [2009-11-19 17:04:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O33 - MountPoints2{34e9e348-a024-11e0-8da4-00242b87c803}\Shell - “” = AutoRun

O33 - MountPoints2{34e9e348-a024-11e0-8da4-00242b87c803}\Shell\AutoRun\command - “” = G:\KODAK_Software_Downloader.exe

O33 - MountPoints2{cf414548-d933-11df-8bbc-00242b87c803}\Shell - “” = AutoRun

O33 - MountPoints2{cf414548-d933-11df-8bbc-00242b87c803}\Shell\AutoRun\command - “” = G:\MicroLauncher.exe

O33 - MountPoints2{cfa456e8-9af8-11df-8b31-00242b87c803}\Shell - “” = AutoRun

O33 - MountPoints2{cfa456e8-9af8-11df-8b31-00242b87c803}\Shell\AutoRun\command - “” = G:\AutoRun.exe

O33 - MountPoints2{d910c764-c029-11e0-8df2-00235a561afe}\Shell\AutoRun\command - “” = urDrive.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = ComFile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-18 21:03:03 | 000,000,000 | —D | C] – C:\Documents and Settings\admin\Moje dokumenty\Native Instruments

[2012-11-18 21:02:38 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{D69A48BF-7653-4AA8-94BC-5847522A4573}

[2012-11-18 21:00:45 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Digidesign

[2012-11-18 21:00:31 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Native Instruments

[2012-11-18 21:00:27 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}

[2012-11-18 20:59:52 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}

[2012-11-18 20:59:06 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}

[2012-11-18 20:57:57 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{EC98E512-708C-4C3B-9F07-B58768C1DD8A}

[2012-11-18 20:57:38 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}

[2012-11-18 20:57:31 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\Native Instruments

[2012-11-18 20:57:30 | 000,000,000 | —D | C] – C:\Program Files\Native Instruments

[2012-11-18 20:57:30 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Native Instruments

[2012-11-18 20:48:29 | 000,000,000 | —D | C] – C:\Documents and Settings\admin\Dane aplikacji\Audacity

[2012-11-18 20:48:02 | 000,000,000 | —D | C] – C:\Program Files\Audacity 1.3 Beta (Unicode)

[2012-11-18 20:43:18 | 000,000,000 | —D | C] – C:\Program Files\ASIO4ALL v2

[2012-11-18 20:43:18 | 000,000,000 | —D | C] – C:\Documents and Settings\admin\Menu Start\Programy\ASIO4ALL v2

[2012-11-18 20:40:44 | 000,000,000 | —D | C] – C:\Documents and Settings\admin\Dane aplikacji\REAPER

[2012-11-18 20:40:35 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\REAPER

[2012-11-18 20:40:25 | 000,000,000 | —D | C] – C:\Program Files\REAPER

[2012-11-18 20:37:38 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\Guitar Pro 5

[2012-11-18 20:36:39 | 000,000,000 | —D | C] – C:\Program Files\Guitar Pro 5

[2012-11-18 20:33:23 | 000,000,000 | —D | C] – C:\paski

[2012-11-18 20:27:40 | 000,000,000 | —D | C] – C:\Program Files\Guitar FX BOX 2.6

[2012-11-18 20:27:40 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Menu Start\Programy\Guitar FX BOX 2.6

[2012-11-18 20:25:13 | 000,000,000 | —D | C] – C:\Documents and Settings\admin\Pulpit\programy do gitary

[6 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

[4 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\Documents and Settings\All Users*.tmp files -> C:\Documents and Settings\All Users*.tmp ->]

========== Files - Modified Within 30 Days ==========

[2012-12-03 21:16:01 | 000,001,034 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012-12-03 21:09:13 | 000,001,030 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012-12-03 21:09:05 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2012-12-02 20:23:09 | 000,000,724 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk

[2012-12-02 11:00:05 | 000,433,296 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat

[2012-12-02 11:00:05 | 000,384,518 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat

[2012-12-02 11:00:05 | 000,078,288 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat

[2012-12-02 11:00:05 | 000,063,830 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat

[2012-11-29 12:01:46 | 000,000,269 | ---- | M] () – C:\WINDOWS\lexstat.ini

[2012-11-27 21:24:31 | 000,001,943 | ---- | M] () – C:\WINDOWS\imsins.BAK

[2012-11-24 00:37:15 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2012-11-19 16:28:46 | 000,167,504 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2012-11-18 23:47:17 | 001,291,814 | ---- | M] () – C:\Documents and Settings\admin\Moje dokumenty\20100711_SIOSTRA_MARIA_OD_KRZYZA__-_REKOPIS_Z_CZYSCCA.pdf

[2012-11-07 20:40:38 | 000,070,656 | ---- | M] () – C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[6 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

[4 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\Documents and Settings\All Users*.tmp files -> C:\Documents and Settings\All Users*.tmp ->]

========== Files Created - No Company Name ==========

[2012-12-02 20:23:09 | 000,000,724 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk

[2012-11-18 20:48:23 | 000,000,735 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Audacity 1.3 Beta (Unicode).lnk

[2011-12-31 18:28:15 | 000,002,653 | ---- | C] () – C:\Documents and Settings\admin\default.pls

[2011-04-17 13:30:30 | 000,040,960 | ---- | C] () – C:\WINDOWS\System32\lxdrvs.dll

[2011-04-17 13:30:28 | 000,360,448 | ---- | C] () – C:\WINDOWS\System32\lxdrcoin.dll

[2011-04-17 13:29:51 | 001,036,288 | ---- | C] () – C:\WINDOWS\System32\lxdrdrs.dll

[2011-04-17 13:29:51 | 000,081,920 | ---- | C] () – C:\WINDOWS\System32\lxdrcaps.dll

[2011-04-17 13:29:51 | 000,069,632 | ---- | C] () – C:\WINDOWS\System32\lxdrcnv4.dll

[2011-04-17 13:27:27 | 000,000,044 | ---- | C] () – C:\WINDOWS\System32\lxdrrwrd.ini

[2011-04-17 13:26:23 | 000,389,120 | ---- | C] () – C:\WINDOWS\System32\LXDRinst.dll

[2011-04-17 13:26:22 | 000,851,968 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrusb1.dll

[2011-04-17 13:26:22 | 000,438,272 | ---- | C] ( ) – C:\WINDOWS\System32\LXDRhcp.dll

[2011-04-17 13:26:22 | 000,364,544 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrinpa.dll

[2011-04-17 13:26:22 | 000,339,968 | ---- | C] ( ) – C:\WINDOWS\System32\lxdriesc.dll

[2011-04-17 13:26:21 | 001,069,056 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrserv.dll

[2011-04-17 13:26:21 | 000,651,264 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrpmui.dll

[2011-04-17 13:26:21 | 000,577,536 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrlmpm.dll

[2011-04-17 13:26:20 | 000,679,936 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrhbn3.dll

[2011-04-17 13:26:20 | 000,328,360 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrih.exe

[2011-04-17 13:26:19 | 000,208,896 | ---- | C] () – C:\WINDOWS\System32\lxdrgrd.dll

[2011-04-17 13:26:18 | 000,765,952 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrcomc.dll

[2011-04-17 13:26:18 | 000,594,600 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrcoms.exe

[2011-04-17 13:26:18 | 000,376,832 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrcomm.dll

[2011-04-17 13:26:18 | 000,369,320 | ---- | C] ( ) – C:\WINDOWS\System32\lxdrcfg.exe

[2011-02-01 01:22:01 | 000,000,010 | ---- | C] () – C:\WINDOWS\popcinfo.dat

[2011-01-27 23:42:42 | 000,000,014 | ---- | C] () – C:\WINDOWS\popcinfot.dat

[2011-01-27 23:42:42 | 000,000,000 | ---- | C] () – C:\WINDOWS\popcreg.dat

[2011-01-11 01:43:04 | 000,000,269 | ---- | C] () – C:\WINDOWS\lexstat.ini

[2011-01-11 01:43:02 | 000,000,092 | ---- | C] () – C:\WINDOWS\dellstat.ini

[2010-11-03 09:47:46 | 000,095,688 | ---- | C] () – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2010-07-30 09:44:23 | 000,000,000 | ---- | C] () – C:\Documents and Settings\admin\Dane aplikacji\AVSMediaPlayer.m3u

[2010-02-03 06:39:44 | 000,453,024 | ---- | C] () – C:\Program Files\setup.exe

[2010-02-03 06:39:14 | 133,314,533 | ---- | C] () – C:\Program Files\openofficeorg1.cab

[2010-02-03 06:38:04 | 010,174,976 | ---- | C] () – C:\Program Files\openofficeorg32.msi

[2010-02-01 23:50:14 | 000,000,290 | ---- | C] () – C:\Program Files\setup.ini

[2009-12-27 18:09:34 | 000,070,656 | ---- | C] () – C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-11-30 22:50:44 | 000,000,130 | ---- | C] () – C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2009-11-24 21:13:36 | 000,000,600 | ---- | C] () – C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\PUTTY.RND

========== ZeroAccess Check ==========

[2009-11-30 22:49:26 | 000,000,227 | RHS- | M] () – C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

“” = %SystemRoot%\system32\shdocvw.dll – [2008-04-14 21:50:48 | 001,499,136 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

“” = C:\WINDOWS\system32\wbem\fastprox.dll – [2008-04-14 21:50:32 | 000,472,064 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

“” = C:\WINDOWS\system32\wbem\wbemess.dll – [2008-04-14 21:50:58 | 000,273,920 | ---- | M] (Microsoft Corporation)

“ThreadingModel” = Both

========== LOP Check ==========

[2009-12-13 00:40:16 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Artweaver

[2012-12-01 21:31:19 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Audacity

[2010-11-03 09:19:23 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Autodesk

[2012-03-02 14:33:26 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Dropbox

[2012-06-25 14:53:37 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Gadu-Gadu 10

[2011-01-31 17:47:00 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\GetRightToGo

[2012-01-11 01:43:33 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\GHISLER

[2010-07-29 11:09:07 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\iPlus

[2011-04-17 13:59:42 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Lexmark Productivity Studio

[2010-03-01 12:55:08 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\maxup

[2009-11-19 22:25:05 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Mikrotik

[2010-01-13 22:37:49 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\OpenFM

[2010-05-17 22:14:02 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\OpenOffice.org

[2009-11-19 23:16:05 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Opera

[2012-06-28 22:45:20 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Oracle

[2012-11-18 20:40:52 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\REAPER

[2010-04-05 21:46:29 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Software Informer

[2011-01-22 19:39:54 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\SpeedSim

[2010-11-03 10:12:11 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\ZWSoft

[2011-01-27 21:08:53 | 000,000,000 | —D | M] – C:\Documents and Settings\admin\Dane aplikacji\Zylom

[2011-02-16 16:39:56 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software

[2012-10-28 19:42:37 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit

[2009-12-13 00:40:16 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Artweaver

[2010-11-03 09:19:23 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Autodesk

[2010-07-29 11:33:19 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\BlazeVideo

[2010-07-26 19:02:35 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2011-05-29 22:17:06 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Lexmark 4900 Series

[2012-11-18 21:00:31 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Native Instruments

[2011-01-14 22:59:42 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2011-01-27 23:43:10 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games

[2010-10-16 16:16:24 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Recisio

[2011-08-28 23:42:34 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Temp

[2011-01-23 01:10:22 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Zylom

[2012-11-18 21:00:29 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}

[2012-11-18 20:59:54 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}

[2011-06-26 19:49:29 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji{A2A58654-12AA-408A-B411-58A76959BE7F}

[2012-11-18 20:59:07 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}

[2012-11-18 21:02:41 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji{D69A48BF-7653-4AA8-94BC-5847522A4573}

[2012-11-18 20:57:39 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}

[2012-11-18 20:57:58 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji{EC98E512-708C-4C3B-9F07-B58768C1DD8A}

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:9482CFB4

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:9E00596C

< End of report >

Dodane 03.12.2012 (Pn) 21:34

Bardzo dziękuję za jakąkolwiek pomoc :slight_smile: Pewnie się nigdy nie odwdzięczę, ale Bardzo dziękuję :slight_smile: