Nie mogłem dać logów z Combofix i więc dałem z Deckard’s System Scanner
Deckard's System Scanner v20071014.68
Run by Hubert on 2007-12-11 16:42:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2007-12-11 15:43:03 UTC - RP144 - Deckard's System Scanner Restore Point
3: 2007-12-11 15:31:29 UTC - RP143 - ComboFix created restore point
2: 2007-12-09 17:27:23 UTC - RP142 - Removed MegaPing
1: 2007-12-09 16:41:03 UTC - RP141 - Removed eEye Digital Security Retina Wifi Scanner
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Kuczyński Hubert.exe) ------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-11 16:44:40
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\system32\RaConfig.exe
C:\WINDOWS\explorer.exe
C:\Downolands\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MI02DC~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.mks.com.pl (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194365391578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{FEA8DD20-8F82-402C-B101-C486AD7F1DED}: NameServer = 192.168.1.254
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\BinarySense\HDDlife 3\hlAPP.dll" (file missing)
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\system32\avldr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe
--
End of file - 7285 bytes
-- File Associations -----------------------------------------------------------
[color=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/color]
[color=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/color]
[color=red].txt - txtfile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE %1[/color]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 hotcore - c:\windows\system32\drivers\hotcore.sys
R3 RT2400 (RT2400 Wireless Driver) - c:\windows\system32\drivers\rt2400.sys
S3 catchme - c:\docume~1\kuczys~1\ustawi~1\temp\catchme.sys (file missing)
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys
S3 PCANDIS5_RETWIFI (PCANDIS5_RETWIFI Protocol Driver) - c:\progra~1\eeyedi~1\retina~1\pcandis5_retwifi.sys (file missing)
S3 PCANDIS5_WIFISCAN.SYS - c:\program files\eeye digital security\retina wireless scanner\pcandis5_wifiscan.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 FileZilla Server (FileZilla Server FTP server) - c:\program files\xampp\filezillaftp\filezillaserver.exe (file missing)
S2 OODefrag (O&O Defrag) - c:\windows\system32\oodag.exe
S2 winvnc (VNC Server) - "c:\program files\tightvnc\winvnc.exe" -service (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Karta sieciowa 1394
Device ID: V1394\NIC1394\10765A4DC1000
Manufacturer: Microsoft
Name: Karta sieciowa 1394
PNP Device ID: V1394\NIC1394\10765A4DC1000
Service: NIC1394
-- Scheduled Tasks -------------------------------------------------------------
2007-12-11 16:38:12 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-12-05 19:50:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-11-11 and 2007-12-11 -----------------------------
2007-12-09 17:32:33 0 d-------- C:\Program Files\Common Files\Magneto Software
2007-12-09 17:29:53 0 d-------- C:\SoftPerfect Network Scanner
2007-12-09 17:24:03 0 d-------- C:\Program Files\Network Stumbler
2007-12-09 17:18:31 0 d-------- C:\HijackThis
2007-12-09 17:17:47 1243 --a------ C:\WINDOWS\unins000.dat
2007-12-09 12:59:21 0 d-------- C:\Program Files\Common Files\Borland Shared
2007-12-09 12:59:20 0 d-------- C:\Program Files\Słownik
2007-12-09 12:59:13 299520 --a------ C:\WINDOWS\uninst.exe
2007-11-30 21:29:16 0 d-------- C:\Program Files\Common Files\Skype
2007-11-30 14:55:07 0 d-------- C:\Program Files\Testy gimnazjalne
2007-11-28 18:10:43 0 d-------- C:\Program Files\Konnekt
2007-11-26 20:08:43 0 d-------- C:\WINDOWS\Freecorder Toolbar
2007-11-26 20:06:38 0 d-------- C:\Program Files\IrfanView
2007-11-26 20:05:57 0 d-------- C:\WINDOWS\FLV Player
2007-11-25 17:35:24 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-23 23:25:23 0 d-------- C:\Program Files\QuickTime
2007-11-23 23:25:02 0 d-------- C:\Program Files\Apple Software Update
2007-11-16 16:23:24 0 d-------- C:\Program Files\Theo30
2007-11-15 17:12:58 0 d-------- C:\WINDOWS\system32\oodag
2007-11-15 17:11:46 0 d-------- C:\Program Files\OO Software
2007-11-15 17:11:46 0 d-------- C:\Program Files\Common Files\OO Software
2007-11-14 15:21:22 0 d--h----- C:\WINDOWS\$hf_mig$
2007-11-11 14:22:16 18208 --a------ C:\WINDOWS\system32\drivers\hotcore.sys
2007-11-11 14:22:14 3870720 --a------ C:\WINDOWS\system32\qt-mt323.dll
2007-11-11 14:22:08 0 d-------- C:\Program Files\Paragon Software
-- Find3M Report ---------------------------------------------------------------
2007-12-11 16:40:57 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\SiteAdvisor
2007-12-09 18:23:06 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\OpenOffice.org2
2007-12-09 17:41:06 0 d-------- C:\Program Files\Common Files
2007-12-09 17:41:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 16:05:41 500378 --a------ C:\WINDOWS\system32\perfh015.dat
2007-12-08 16:05:41 89364 --a------ C:\WINDOWS\system32\perfc015.dat
2007-12-08 15:13:51 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Skype
2007-12-08 15:12:11 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\skypePM
2007-12-08 09:33:08 0 d-------- C:\Program Files\OpenOffice.org 2.3
2007-12-05 21:18:49 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\gtk-2.0
2007-12-03 16:03:21 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\CoSoSys
2007-12-02 11:04:20 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\DeepBurner
2007-11-30 20:49:05 0 d-------- C:\Program Files\totalcmd
2007-11-28 19:22:33 643 --a------ C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Hewlett-PackardHP PSC 1400 series1188297949_UI.log
2007-11-28 19:22:33 2693 --a------ C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Hewlett-PackardHP PSC 1400 series1188297949_PROTOCOL.log
2007-11-28 19:22:33 119 --a----c- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Hewlett-PackardHP PSC 1400 series1188297949_API.log
2007-11-24 08:08:49 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Apple Computer
2007-11-22 20:52:41 0 d-------- C:\Program Files\Gadu-Gadu
2007-11-22 17:48:57 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\XnView
2007-11-21 16:48:56 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\ICQ
2007-11-21 16:25:36 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\.purple
2007-11-15 15:23:54 482 -----n--- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\wklnhst.dat
2007-11-11 14:22:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-08 17:01:27 0 d-------- C:\Program Files\Fotosik Manager
2007-11-06 19:36:53 0 d-------- C:\Program Files\Microsoft Works
2007-11-06 18:13:57 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-06 17:08:11 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Template
2007-11-05 19:06:24 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\PSpad
2007-11-05 19:05:42 0 d-------- C:\Program Files\PSPad
2007-11-04 11:39:07 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Desktop Sidebar
2007-10-30 18:36:38 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\TeamViewer
2007-10-28 12:32:17 23552 --a------ C:\WINDOWS\xobglu32.dll
2007-10-28 12:32:17 63488 --a------ C:\WINDOWS\xobglu16.dll
2007-10-24 21:58:04 0 d-------- C:\Program Files\GIMP-2.0
2007-10-24 21:54:29 0 d-------- C:\Program Files\Common Files\GTK
2007-10-24 19:52:10 0 d-------- C:\Program Files\Alwil Software
2007-10-24 19:47:35 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-24 19:42:15 0 --a------ C:\AUTOEXEC.BAT
2007-10-14 15:17:44 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Winamp
2007-10-14 15:17:41 0 d-------- C:\Program Files\Winamp
2007-10-12 19:11:41 0 d-------- C:\Program Files\ivo
2007-10-11 09:55:10 88576 --a------ C:\WINDOWS\system32\infocardapi.dll
2007-10-09 12:58:20 16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe
2007-09-12 17:02:10 78264 -----n--- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\GDIPFONTCACHEV1.DAT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 13:49 C:\WINDOWS\RTHDCPL.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 11:46]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
RaConfig.lnk - C:\WINDOWS\system32\RaConfig.exe [2007-08-28 10:54:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk
backup=C:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Wyszukiwanie z pulpitu systemu Windows.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Wyszukiwanie z pulpitu systemu Windows.lnk
backup=C:\WINDOWS\pss\Wyszukiwanie z pulpitu systemu Windows.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuczyński Hubert^Menu Start^Programy^Autostart^HDDlife.lnk]
path=C:\Documents and Settings\Kuczyński Hubert\Menu Start\Programy\Autostart\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuczyński Hubert^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.2.0.lnk]
path=C:\Documents and Settings\Kuczyński Hubert\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuczyński Hubert^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
path=C:\Documents and Settings\Kuczyński Hubert\Menu Start\Programy\Autostart\UniSpiker-2.6.lnk
backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuczyński Hubert^Menu Start^Programy^Autostart^WinMySQLadmin.lnk]
path=C:\Documents and Settings\Kuczyński Hubert\Menu Start\Programy\Autostart\WinMySQLadmin.lnk
backup=C:\WINDOWS\pss\WinMySQLadmin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
"C:\Program Files\Konnekt\konnekt.exe" /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
C:\Program Files\Odkurzacz\odk_mcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate]
C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe
-- End of Deckard's System Scanner: finished at 2007-12-11 16:45:40 ------------
i jeszcze to
Deckard's System Scanner v20071014.68
Run by Hubert on 2007-12-11 16:42:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2007-12-11 15:43:03 UTC - RP144 - Deckard's System Scanner Restore Point
3: 2007-12-11 15:31:29 UTC - RP143 - ComboFix created restore point
2: 2007-12-09 17:27:23 UTC - RP142 - Removed MegaPing
1: 2007-12-09 16:41:03 UTC - RP141 - Removed eEye Digital Security Retina Wifi Scanner
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Kuczyński Hubert.exe) ------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-11 16:44:40
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\system32\RaConfig.exe
C:\WINDOWS\explorer.exe
C:\Downolands\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MI02DC~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.mks.com.pl (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194365391578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{FEA8DD20-8F82-402C-B101-C486AD7F1DED}: NameServer = 192.168.1.254
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\BinarySense\HDDlife 3\hlAPP.dll" (file missing)
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\system32\avldr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe
--
End of file - 7285 bytes
-- File Associations -----------------------------------------------------------
[color=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/color]
[color=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/color]
[color=red].txt - txtfile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE %1[/color]
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 hotcore - c:\windows\system32\drivers\hotcore.sys
R3 RT2400 (RT2400 Wireless Driver) - c:\windows\system32\drivers\rt2400.sys
S3 catchme - c:\docume~1\kuczys~1\ustawi~1\temp\catchme.sys (file missing)
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys
S3 PCANDIS5_RETWIFI (PCANDIS5_RETWIFI Protocol Driver) - c:\progra~1\eeyedi~1\retina~1\pcandis5_retwifi.sys (file missing)
S3 PCANDIS5_WIFISCAN.SYS - c:\program files\eeye digital security\retina wireless scanner\pcandis5_wifiscan.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S2 FileZilla Server (FileZilla Server FTP server) - c:\program files\xampp\filezillaftp\filezillaserver.exe (file missing)
S2 OODefrag (O&O Defrag) - c:\windows\system32\oodag.exe
S2 winvnc (VNC Server) - "c:\program files\tightvnc\winvnc.exe" -service (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Karta sieciowa 1394
Device ID: V1394\NIC1394\10765A4DC1000
Manufacturer: Microsoft
Name: Karta sieciowa 1394
PNP Device ID: V1394\NIC1394\10765A4DC1000
Service: NIC1394
-- Scheduled Tasks -------------------------------------------------------------
2007-12-11 16:38:12 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-12-05 19:50:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2007-11-11 and 2007-12-11 -----------------------------
2007-12-09 17:32:33 0 d-------- C:\Program Files\Common Files\Magneto Software
2007-12-09 17:29:53 0 d-------- C:\SoftPerfect Network Scanner
2007-12-09 17:24:03 0 d-------- C:\Program Files\Network Stumbler
2007-12-09 17:18:31 0 d-------- C:\HijackThis
2007-12-09 17:17:47 1243 --a------ C:\WINDOWS\unins000.dat
2007-12-09 12:59:21 0 d-------- C:\Program Files\Common Files\Borland Shared
2007-12-09 12:59:20 0 d-------- C:\Program Files\Słownik
2007-12-09 12:59:13 299520 --a------ C:\WINDOWS\uninst.exe
2007-11-30 21:29:16 0 d-------- C:\Program Files\Common Files\Skype
2007-11-30 14:55:07 0 d-------- C:\Program Files\Testy gimnazjalne
2007-11-28 18:10:43 0 d-------- C:\Program Files\Konnekt
2007-11-26 20:08:43 0 d-------- C:\WINDOWS\Freecorder Toolbar
2007-11-26 20:06:38 0 d-------- C:\Program Files\IrfanView
2007-11-26 20:05:57 0 d-------- C:\WINDOWS\FLV Player
2007-11-25 17:35:24 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-23 23:25:23 0 d-------- C:\Program Files\QuickTime
2007-11-23 23:25:02 0 d-------- C:\Program Files\Apple Software Update
2007-11-16 16:23:24 0 d-------- C:\Program Files\Theo30
2007-11-15 17:12:58 0 d-------- C:\WINDOWS\system32\oodag
2007-11-15 17:11:46 0 d-------- C:\Program Files\OO Software
2007-11-15 17:11:46 0 d-------- C:\Program Files\Common Files\OO Software
2007-11-14 15:21:22 0 d--h----- C:\WINDOWS\$hf_mig$
2007-11-11 14:22:16 18208 --a------ C:\WINDOWS\system32\drivers\hotcore.sys
2007-11-11 14:22:14 3870720 --a------ C:\WINDOWS\system32\qt-mt323.dll
2007-11-11 14:22:08 0 d-------- C:\Program Files\Paragon Software
-- Find3M Report ---------------------------------------------------------------
2007-12-11 16:40:57 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\SiteAdvisor
2007-12-09 18:23:06 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\OpenOffice.org2
2007-12-09 17:41:06 0 d-------- C:\Program Files\Common Files
2007-12-09 17:41:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 16:05:41 500378 --a------ C:\WINDOWS\system32\perfh015.dat
2007-12-08 16:05:41 89364 --a------ C:\WINDOWS\system32\perfc015.dat
2007-12-08 15:13:51 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Skype
2007-12-08 15:12:11 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\skypePM
2007-12-08 09:33:08 0 d-------- C:\Program Files\OpenOffice.org 2.3
2007-12-05 21:18:49 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\gtk-2.0
2007-12-03 16:03:21 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\CoSoSys
2007-12-02 11:04:20 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\DeepBurner
2007-11-30 20:49:05 0 d-------- C:\Program Files\totalcmd
2007-11-28 19:22:33 643 --a------ C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Hewlett-PackardHP PSC 1400 series1188297949_UI.log
2007-11-28 19:22:33 2693 --a------ C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Hewlett-PackardHP PSC 1400 series1188297949_PROTOCOL.log
2007-11-28 19:22:33 119 --a----c- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Hewlett-PackardHP PSC 1400 series1188297949_API.log
2007-11-24 08:08:49 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Apple Computer
2007-11-22 20:52:41 0 d-------- C:\Program Files\Gadu-Gadu
2007-11-22 17:48:57 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\XnView
2007-11-21 16:48:56 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\ICQ
2007-11-21 16:25:36 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\.purple
2007-11-15 15:23:54 482 -----n--- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\wklnhst.dat
2007-11-11 14:22:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-08 17:01:27 0 d-------- C:\Program Files\Fotosik Manager
2007-11-06 19:36:53 0 d-------- C:\Program Files\Microsoft Works
2007-11-06 18:13:57 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-06 17:08:11 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Template
2007-11-05 19:06:24 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\PSpad
2007-11-05 19:05:42 0 d-------- C:\Program Files\PSPad
2007-11-04 11:39:07 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Desktop Sidebar
2007-10-30 18:36:38 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\TeamViewer
2007-10-28 12:32:17 23552 --a------ C:\WINDOWS\xobglu32.dll
2007-10-28 12:32:17 63488 --a------ C:\WINDOWS\xobglu16.dll
2007-10-24 21:58:04 0 d-------- C:\Program Files\GIMP-2.0
2007-10-24 21:54:29 0 d-------- C:\Program Files\Common Files\GTK
2007-10-24 19:52:10 0 d-------- C:\Program Files\Alwil Software
2007-10-24 19:47:35 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-24 19:42:15 0 --a------ C:\AUTOEXEC.BAT
2007-10-14 15:17:44 0 d-------- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\Winamp
2007-10-14 15:17:41 0 d-------- C:\Program Files\Winamp
2007-10-12 19:11:41 0 d-------- C:\Program Files\ivo
2007-10-11 09:55:10 88576 --a------ C:\WINDOWS\system32\infocardapi.dll
2007-10-09 12:58:20 16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe
2007-09-12 17:02:10 78264 -----n--- C:\Documents and Settings\Kuczyński Hubert\Dane aplikacji\GDIPFONTCACHEV1.DAT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 13:49 C:\WINDOWS\RTHDCPL.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 11:46]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
RaConfig.lnk - C:\WINDOWS\system32\RaConfig.exe [2007-08-28 10:54:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk
backup=C:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Wyszukiwanie z pulpitu systemu Windows.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Wyszukiwanie z pulpitu systemu Windows.lnk
backup=C:\WINDOWS\pss\Wyszukiwanie z pulpitu systemu Windows.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuczyński Hubert^Menu Start^Programy^Autostart^HDDlife.lnk]
path=C:\Documents and Settings\Kuczyński Hubert\Menu Start\Programy\Autostart\HDDlife.lnk
backup=C:\WINDOWS\pss\HDDlife.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuczyński Hubert^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.2.0.lnk]
path=C:\Documents and Settings\Kuczyński Hubert\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuczyński Hubert^Menu Start^Programy^Autostart^UniSpiker-2.6.lnk]
path=C:\Documents and Settings\Kuczyński Hubert\Menu Start\Programy\Autostart\UniSpiker-2.6.lnk
backup=C:\WINDOWS\pss\UniSpiker-2.6.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kuczyński Hubert^Menu Start^Programy^Autostart^WinMySQLadmin.lnk]
path=C:\Documents and Settings\Kuczyński Hubert\Menu Start\Programy\Autostart\WinMySQLadmin.lnk
backup=C:\WINDOWS\pss\WinMySQLadmin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
"C:\Program Files\Konnekt\konnekt.exe" /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
C:\Program Files\Odkurzacz\odk_mcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate]
C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
"C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe
-- End of Deckard's System Scanner: finished at 2007-12-11 16:45:40 ------------