
Od wczoraj zauważyłęm coś niepokojącego. Windows xp nie startuje tak jak zawsze. Gdy system się załaduje to mimo to cały czas odok kursora jest klepsydra i wszystko muli niemiłosiernie przez dłuższy okres czasu. Na dodatek autostart nie odpala 80% aplikacji które mam w autostarcie np antuwirusa. No i połączenie z internetem dopiero po dłuższej chwili jest możliwe, bądż w ogóle niemożliwe. Do tego resety. Robiłem scan systemu programem typu ad-aware i wykrył mi chyba z 20 niebezpiecznych plików, trojany itp. Teraz jak uruchomie system xp to widze tylko tapate i kursor, tak to nic nie mogę zrobić. Dlatego pisze z ubuntu.
Oto scany z dzisiejszego południa.
- Kod: Zaznacz wszystko
OTListIt Extras logfile created on: 2009-05-31 12:55:17 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Michał\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
511,48 Mb Total Physical Memory | 110,57 Mb Available Physical Memory | 21,62% Memory free
1,22 Gb Paging File | 0,62 Gb Available in Paging File | 50,56% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 1,06 Gb Free Space | 10,82% Space Free | Partition Type: NTFS
Drive D: | 43,53 Gb Total Space | 23,09 Gb Free Space | 53,03% Space Free | Partition Type: NTFS
Drive E: | 32,37 Gb Total Space | 13,34 Gb Free Space | 41,22% Space Free | Partition Type: NTFS
Drive F: | 32,37 Gb Total Space | 8,29 Gb Free Space | 25,61% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AMD
Current User Name: Michał
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
[color=orange]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=orange]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
[color=orange]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-04-14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009-04-20 16:56:20 | 09,818,728 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta
[2006-10-27 15:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2001-05-06 11:14:22 | 00,020,549 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw
[2009-05-31 12:42:15 | 00,045,568 | ---- | M] () -- C:\WINDOWS\system\svchost.exe:*:Enabled:KL
[color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1485B7CD-4CBD-4039-8EAE-5A22993D7F54}" = hp LaserJet 1150 / 1300
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4 Rush Hour
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C9AD221-994C-45B2-B46D-26F5735158CF}" = Sony Vegas Pro 8.0
"{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}" = hp deskjet 3600
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1045-7B44-A91000000001}" = Adobe Reader 9.1.1 - Polish
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = Dysk wspomnieniowy HP
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D7BCF606-5821-4D1D-889E-76AE9D00E439}" = Solid Edge ST
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic
"{E0828692-FD9D-459F-9312-C645C3CA6650}" = HP Photo and Imaging 2.0 - Deskjet Series
"{F2440AC3-8438-43B8-99A3-EB4BD0A0ED21}" = RSDLite
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"a-squared Free_is1" = a-squared Free 4.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50
"Free Download Manager_is1" = Free Download Manager 3.0
"hp print screen utility" = hp print screen utility
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.5.3
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mustek 1200 UB Plus v2.0" = Mustek 1200 UB Plus v2.0
"NAPIPROJEKT_is1" = NAPIPROJEKT 1.0.6.2
"NetMeter_is1" = NetMeter 1.1.3
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"NVIDIA Drivers" = NVIDIA Drivers
"Odkurzacz 11.3_is1" = Odkurzacz 11.3
"Software Informer_is1" = Software Informer 1.0 BETA
"SubEdit-Player_is1" = SubEdit-Player
"total video converter 3.21_is1" = Total Video Converter 3.21 090220
"Totalcmd" = Total Commander (Remove or Repair)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
[color=orange]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2009-04-01 14:39:45 | Computer Name = AMD | Source = MsiInstaller | ID = 11931
Description = Product: MSXML 6.0 Parser (KB925673) -- Error 1931. The Windows Installer
service cannot update the system file C:\WINDOWS\system32\msxml6r.dll because the
file is protected by Windows. You may need to update your operating system for
this program to work correctly. Package version: 6.0.3883.0, OS Protected version:
6.0.3883.0
Error - 2009-04-01 14:40:27 | Computer Name = AMD | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Operacja została zwrócona, ponieważ przekroczono limit czasu.
Error - 2009-04-01 14:40:28 | Computer Name = AMD | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Określony serwer nie może wykonać żądanej operacji.
Error - 2009-04-01 14:40:28 | Computer Name = AMD | Source = crypt32 | ID = 131080
Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej
listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>,
wystąpił błąd: Określony serwer nie może wykonać żądanej operacji.
Error - 2009-04-03 14:30:17 | Computer Name = AMD | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd tvc.exe, wersja 3.1.1.0, moduł powodujący
błąd vcen.dll, wersja 3.1.1.0, adres błędu 0x003f678a.
Error - 2009-04-30 15:48:01 | Computer Name = AMD | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd tvc.exe, wersja 3.1.1.0, moduł powodujący
błąd libavcodec.dll, wersja 0.0.0.0, adres błędu 0x00273feb.
[ System Events ]
Error - 2009-05-31 06:41:52 | Computer Name = AMD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi hpdj z powodu następującego błędu: %%1083
Error - 2009-05-31 06:41:52 | Computer Name = AMD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Aktualizacje automatyczne z powodu następującego
błędu: %%2
Error - 2009-05-31 06:42:15 | Computer Name = AMD | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Teefer
Error - 2009-05-31 06:45:07 | Computer Name = AMD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi hpdj z powodu następującego błędu: %%1083
Error - 2009-05-31 06:45:07 | Computer Name = AMD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Aktualizacje automatyczne z powodu następującego
błędu: %%2
Error - 2009-05-31 06:45:11 | Computer Name = AMD | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Teefer
Error - 2009-05-31 06:50:33 | Computer Name = AMD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi hpdj z powodu następującego błędu: %%1083
Error - 2009-05-31 06:50:33 | Computer Name = AMD | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Aktualizacje automatyczne z powodu następującego
błędu: %%2
Error - 2009-05-31 06:50:35 | Computer Name = AMD | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: Teefer
Error - 2009-05-31 06:52:35 | Computer Name = AMD | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC0000001'
podczas przetwarzania pliku '' w woluminie 'HarddiskVolume3'. W rezultacie zostało
zatrzymane monitorowanie woluminu.
< End of report >
- Kod: Zaznacz wszystko
OTListIt logfile created on: 2009-05-31 12:55:17 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Michał\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
511,48 Mb Total Physical Memory | 110,57 Mb Available Physical Memory | 21,62% Memory free
1,22 Gb Paging File | 0,62 Gb Available in Paging File | 50,56% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 1,06 Gb Free Space | 10,82% Space Free | Partition Type: NTFS
Drive D: | 43,53 Gb Total Space | 23,09 Gb Free Space | 53,03% Space Free | Partition Type: NTFS
Drive E: | 32,37 Gb Total Space | 13,34 Gb Free Space | 41,22% Space Free | Partition Type: NTFS
Drive F: | 32,37 Gb Total Space | 8,29 Gb Free Space | 25,61% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AMD
Current User Name: Michał
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On
[color=orange]========== Processes (SafeList) ==========[/color]
PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008-10-15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2009-02-25 19:18:14 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2008-10-15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2009-05-31 12:42:15 | 00,045,568 | ---- | M] () -- C:\WINDOWS\system\svchost.exe
PRC - [2009-05-30 21:10:29 | 00,240,640 | ---- | M] () -- C:\WINDOWS\dhcp\svchost.exe
PRC - [2009-01-31 16:59:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2004-07-12 17:50:00 | 00,114,755 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2001-10-26 19:27:34 | 00,124,416 | ---- | M] () -- C:\WINDOWS\system32\sopidkc.exe
PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009-03-29 17:39:41 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-04-14 22:51:20 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-05-31 12:54:54 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michał\Pulpit\OTListIt2.exe
[color=orange]========== Win32 Services (SafeList) ==========[/color]
SRV - [2008-04-14 22:50:36 | 00,022,016 | ---- | M] () -- C:\WINDOWS\system32\6to4v32.dll -- (6to4 [Auto | Running])
SRV - [2009-02-25 19:18:14 | 00,425,080 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
SRV - [2008-10-15 14:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008-10-15 14:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009-05-31 12:42:15 | 00,045,568 | ---- | M] () -- C:\WINDOWS\system\svchost.exe -- (darkness [Auto | Running])
SRV - [2009-05-30 21:10:29 | 00,240,640 | ---- | M] () -- C:\WINDOWS\dhcp\svchost.exe -- (dhcpsrv [Auto | Running])
SRV - [2006-10-20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2003-03-11 09:04:36 | 00,266,240 | ---- | M] (HP) -- C:\Documents and Settings\Michał\Ustawienia lokalne\Temp\hpdj.exe -- (hpdj [Auto | Stopped])
SRV - [2005-11-14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006-10-30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009-01-31 16:59:41 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2001-10-26 19:27:34 | 00,044,544 | ---- | M] (X-Ways Software Technology ) -- C:\WINDOWS\system32\msncache.dll -- (msncache [Auto | Running])
SRV - [2006-10-30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2004-07-12 17:50:00 | 00,114,755 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2002-08-01 10:22:40 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2004-10-15 20:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\smc.exe -- (SmcService [Auto | Stopped])
SRV - [2001-10-26 19:27:34 | 00,124,416 | ---- | M] () -- C:\WINDOWS\system32\sopidkc.exe -- (sopidkc [Auto | Running])
SRV - [2001-08-17 23:47:40 | 00,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cihptcc.dll -- (vzyceffk [Auto | Running])
SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[color=orange]========== Driver Services (SafeList) ==========[/color]
DRV - [FILE handle not seen by OS] -- C:\WINDOWS\System32\59c594301ff6a91389a1219928fec3df.sys -- (59c594301ff6a91389a1219928fec3df [Boot | Running])
DRV - [2009-02-10 11:44:19 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2009-05-27 21:50:18 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2009-05-27 21:50:20 | 00,052,056 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2009-05-27 21:50:28 | 00,075,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2007-01-23 23:36:20 | 00,006,016 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\DRIVERS\motfilt.sys -- (BTCFilterService [On_Demand | Stopped])
DRV - [2008-04-14 02:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2003-02-18 10:08:04 | 00,017,504 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\gt680x.sys -- (GT680x [On_Demand | Stopped])
DRV - [2001-08-17 23:47:40 | 00,023,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\jzzczqlr.sys -- (jzzczqlr [Boot | Running])
DRV - [2008-04-05 01:10:02 | 00,568,320 | ---- | M] (Eugene Gavrilov) -- C:\WINDOWS\system32\drivers\kx.sys -- (kxwdmdrv [On_Demand | Running])
DRV - [2008-08-21 19:49:22 | 00,018,688 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motccgp.sys -- (motccgp [On_Demand | Stopped])
DRV - [2008-08-21 19:49:56 | 00,008,320 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motccgpfl.sys -- (motccgpfl [On_Demand | Stopped])
DRV - [2007-10-10 18:41:50 | 00,042,112 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\DRIVERS\motodrv.sys -- (MotDev [On_Demand | Stopped])
DRV - [2007-06-18 16:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2007-11-02 16:51:28 | 00,006,400 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motswch.sys -- (MotoSwitchService [On_Demand | Stopped])
DRV - [2008-03-03 17:03:10 | 00,023,296 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\Motousbnet.sys -- (Motousbnet [On_Demand | Stopped])
DRV - [2001-08-18 00:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2008-04-14 22:50:36 | 00,002,304 | ---- | M] () -- C:\WINDOWS\system32\ntalme.sys -- (ntalme [On_Demand | Stopped])
DRV - [2004-07-12 17:50:00 | 02,459,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004-06-03 11:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2004-05-25 16:58:02 | 00,048,640 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax [On_Demand | Running])
DRV - [2004-05-25 16:58:04 | 00,396,032 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce [On_Demand | Running])
DRV - [2004-04-02 16:40:00 | 00,021,760 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp [Boot | Running])
DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008-04-14 00:05:40 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009-04-01 20:02:51 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007-03-01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2004-10-15 19:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer [Boot | Stopped])
DRV - [2004-10-15 19:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n [Auto | Running])
DRV - [2004-10-15 19:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n [Auto | Running])
DRV - [2004-10-15 19:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n [Auto | Running])
DRV - [2004-10-15 19:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n [Auto | Running])
DRV - [2004-10-15 19:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt [System | Running])
[color=orange]========== Standard Registry (SafeList) ==========[/color]
[color=orange]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 20 C9 46 0D 9C 12 F6 4C AF EE 9A 15 F9 69 82 F4 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
[color=orange]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://pl.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:officia | www.wp.pl"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.10
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.3.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090325
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-01-31 16:59:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-03-29 17:39:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-04-24 13:50:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009-02-06 22:18:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS
[2009-01-31 15:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michał\Dane aplikacji\mozilla\Extensions
[2009-01-31 15:29:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michał\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-05-27 22:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michał\Dane aplikacji\mozilla\Firefox\Profiles\shxrjpdn.default\extensions
[2009-05-27 22:12:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michał\Dane aplikacji\mozilla\Firefox\Profiles\shxrjpdn.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009-04-24 18:58:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michał\Dane aplikacji\mozilla\Firefox\Profiles\shxrjpdn.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009-05-27 22:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michał\Dane aplikacji\mozilla\Firefox\Profiles\shxrjpdn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009-04-02 21:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michał\Dane aplikacji\mozilla\Firefox\Profiles\shxrjpdn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009-05-27 22:12:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michał\Dane aplikacji\mozilla\Firefox\Profiles\shxrjpdn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009-04-24 18:58:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Michał\Dane aplikacji\mozilla\Firefox\Profiles\shxrjpdn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-05-27 22:13:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-03-29 17:39:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-01-31 16:59:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-03-29 17:39:41 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-03-29 17:39:41 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0d46c920-129c-4cf6-afee-9a15f96982f4} - C:\WINDOWS\system32\wwwlpoxi.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: () - {7a3809f5-a0f5-41a3-aaf7-74ddc70599e2} - c:\windows\system32\cihptcc.dll (Microsoft Corporation)
O2 - BHO: (ORBta) - {ada8c222-95d2-47b5-950b-aebc0a508839} - C:\WINDOWS\system32\spria.dll (Winfi)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [22195] C:\slahpyt.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe (Common Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm File not found
O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm File not found
O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm File not found
O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\ThunMail\testabd.dll) - c:\Program Files\ThunMail\testabd.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ddaabedae: DllName - C:\WINDOWS\system32\ddaabedae.dll - C:\WINDOWS\system32\ddaabedae.dll ()
O20 - Winlogon\Notify\hgylosmb: DllName - cihptcc.dll - C:\WINDOWS\system32\cihptcc.dll (Microsoft Corporation)
O20 - Winlogon\Notify\jfrhfd: DllName - jfrhfd.dll - C:\WINDOWS\system32\jfrhfd.dll ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-01-31 14:59:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-05-31 12:54:54 | 00,000,000 | ---D | M]
[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]
[1 C:\WINDOWS\System32\*.tmp files]
[2009-05-31 12:54:51 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michał\Pulpit\OTListIt2.exe
[2009-05-31 12:52:48 | 00,012,288 | ---- | C] () -- C:\nhfly.exe
[2009-05-31 12:52:47 | 00,030,208 | ---- | C] () -- C:\gvqn.exe
[2009-05-31 12:46:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009-05-31 12:42:46 | 00,096,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\a0eceb06.sys
[2009-05-31 12:42:14 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System\svchost.exe
[2009-05-31 12:42:04 | 00,061,440 | ---- | C] () -- C:\lsass.exe
[2009-05-31 12:42:03 | 00,061,440 | ---- | C] () -- C:\slahpyt.exe
[2009-05-30 21:11:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Dane aplikacji\kpppsgqe
[2009-05-30 21:10:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3361
[2009-05-30 21:10:38 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009-05-30 21:10:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\dhcp
[2009-05-30 21:10:11 | 00,158,720 | ---- | C] () -- C:\WINDOWS\System32\tpsaxyd.exe
[2009-05-30 21:10:11 | 00,036,864 | ---- | C] (far xgebokv ffxbe uawkvplrh navgweyhrna) -- C:\WINDOWS\System32\dpcxool64.sys
[2009-05-30 21:10:11 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\comsa32.sys
[2009-05-30 21:09:59 | 00,000,000 | RHSD | C] -- C:\Program Files\ThunMail
[2009-05-30 21:09:52 | 00,115,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\b1e2637.sys
[2009-05-30 21:09:43 | 00,000,705 | ---- | C] () -- C:\fsev.exe
[2009-05-30 21:09:36 | 00,000,002 | ---- | C] () -- C:\142234910
[2009-05-29 21:27:03 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\jfrhfd.dll
[2009-05-29 21:25:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009-05-29 21:24:05 | 00,030,208 | ---- | C] () -- C:\fgalrvu.exe
[2009-05-27 22:02:32 | 00,092,748 | ---- | C] () -- C:\WINDOWS\System32\drivers\2991c5ea.sys
[2009-05-27 22:02:26 | 00,040,449 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reader_s.exe
[2009-05-27 22:02:24 | 00,000,000 | ---D | C] -- C:\Archivos de programa
[2009-05-27 22:02:16 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Total Video Player.lnk
[2009-05-27 22:02:16 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Total Video Converter.lnk
[2009-05-27 22:01:59 | 12,300,308 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\TVC 3.21.exe
[2009-05-27 21:59:03 | 12,282,699 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Total_Video_Converter_v3.21.090220_Final_-_Multilingual_-_Full.rar
[2009-05-21 11:55:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Moje dokumenty\SimCity 4
[2009-05-21 11:47:40 | 00,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\SimCity 4 Rush Hour.lnk
[2009-05-21 11:36:12 | 00,000,712 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009-05-21 11:35:12 | 00,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002ev.exe
[2009-05-21 09:40:28 | 00,043,008 | ---- | C] (GraphTablet) -- C:\Documents and Settings\Michał\Pulpit\GraphTablet.exe
[2009-05-21 09:14:25 | 00,038,470 | ---- | C] () -- C:\WINDOWS\FontData.fdb
[2009-05-19 11:39:34 | 00,000,000 | ---D | C] -- C:\Program Files\Mathsoft
[2009-05-19 11:35:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2009-05-19 11:02:40 | 00,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-05-16 13:24:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Dane aplikacji\Mikrotik
[2009-05-13 18:44:36 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\config(2).bin
[2009-05-13 18:44:16 | 00,007,512 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\config.bin
[2009-05-05 11:57:35 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Napi-projekt.lnk
[2009-05-05 11:57:34 | 00,000,000 | ---D | C] -- C:\Program Files\NAPI-PROJEKT
[2009-05-02 19:25:13 | 00,190,464 | ---- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\Draft1.dft
[2009-04-09 10:58:11 | 00,000,492 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009-04-09 10:55:05 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2009-04-09 10:55:05 | 00,017,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[2009-04-08 11:16:47 | 00,018,304 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2009-04-01 20:02:51 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-03-15 15:03:30 | 00,000,135 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009-03-15 14:40:38 | 00,003,434 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009-02-10 11:36:44 | 00,010,129 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2009-02-06 22:18:25 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-02-06 22:18:21 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-02-06 22:18:21 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-02-06 22:18:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-02-06 22:18:18 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-02-06 22:18:18 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-04-14 22:50:36 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2008-04-14 22:50:36 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\ntalme.sys
[2005-06-20 07:27:19 | 00,312,847 | ---- | C] () -- C:\WINDOWS\System32\ddaabedae.dll
[2004-10-15 19:31:56 | 00,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2001-10-26 19:27:34 | 00,158,720 | ---- | C] () -- C:\WINDOWS\System32\tpszxyd.sys
[2001-10-26 19:27:34 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys
[2001-08-17 23:47:40 | 00,143,872 | ---- | C] () -- C:\WINDOWS\System32\wwwlpoxi.dll
[2001-07-31 09:17:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001-07-22 00:16:20 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 00:15:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2001-06-18 11:23:40 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\bpenhan.dll
[1998-06-11 20:08:06 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[color=orange]========== Files - Modified Within 30 Days ==========[/color]
[1 C:\WINDOWS\System32\*.tmp files]
[2009-05-31 12:57:10 | 00,115,660 | ---- | M] () -- C:\WINDOWS\System32\drivers\b1e2637.sys
[2009-05-31 12:57:10 | 00,092,748 | ---- | M] () -- C:\WINDOWS\System32\drivers\2991c5ea.sys
[2009-05-31 12:54:54 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michał\Pulpit\OTListIt2.exe
[2009-05-31 12:52:48 | 00,012,288 | ---- | M] () -- C:\nhfly.exe
[2009-05-31 12:52:47 | 00,030,208 | ---- | M] () -- C:\gvqn.exe
[2009-05-31 12:52:39 | 00,061,440 | ---- | M] () -- C:\slahpyt.exe
[2009-05-31 12:52:37 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Total Video Player.lnk
[2009-05-31 12:52:37 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Total Video Converter.lnk
[2009-05-31 12:49:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-05-31 12:49:56 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Michał\Ustawienia lokalne\desktop.ini
[2009-05-31 12:49:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-05-31 12:49:52 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2009-05-31 12:43:23 | 00,096,204 | ---- | M] () -- C:\WINDOWS\System32\drivers\a0eceb06.sys
[2009-05-31 12:42:15 | 00,045,568 | ---- | M] () -- C:\WINDOWS\System\svchost.exe
[2009-05-31 12:42:14 | 00,000,002 | ---- | M] () -- C:\142234910
[2009-05-31 12:42:04 | 00,061,440 | ---- | M] () -- C:\lsass.exe
[2009-05-31 12:42:02 | 00,030,208 | ---- | M] () -- C:\fgalrvu.exe
[2009-05-31 12:41:36 | 00,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-05-30 21:17:32 | 00,000,705 | ---- | M] () -- C:\fsev.exe
[2009-05-30 21:10:38 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009-05-30 18:12:20 | 00,158,720 | ---- | M] () -- C:\WINDOWS\System32\tpsaxyd.exe
[2009-05-29 21:27:03 | 00,016,896 | ---- | M] () -- C:\WINDOWS\System32\jfrhfd.dll
[2009-05-29 21:20:06 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009-05-29 21:20:06 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009-05-29 16:36:54 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-05-27 22:42:49 | 00,003,434 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2009-05-27 22:36:27 | 00,000,135 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2009-05-27 22:02:26 | 00,040,449 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reader_s.exe
[2009-05-27 22:01:51 | 12,282,699 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Total_Video_Converter_v3.21.090220_Final_-_Multilingual_-_Full.rar
[2009-05-27 21:50:28 | 00,075,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009-05-27 07:14:59 | 00,036,864 | ---- | M] (far xgebokv ffxbe uawkvplrh navgweyhrna) -- C:\WINDOWS\System32\dpcxool64.sys
[2009-05-25 15:21:37 | 12,300,308 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\TVC 3.21.exe
[2009-05-21 11:47:40 | 00,000,750 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\SimCity 4 Rush Hour.lnk
[2009-05-21 11:43:51 | 00,000,712 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2009-05-21 11:34:41 | 00,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002ev.exe
[2009-05-21 09:14:32 | 00,038,470 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[2009-05-19 11:36:13 | 01,075,668 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-05-19 11:36:13 | 00,493,860 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-05-19 11:36:13 | 00,435,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-05-19 11:36:13 | 00,087,166 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-05-19 11:36:13 | 00,070,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-05-19 11:02:40 | 00,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-05-13 18:44:36 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\config(2).bin
[2009-05-13 18:44:16 | 00,007,512 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\config.bin
[2009-05-07 09:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-05-05 11:57:35 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Napi-projekt.lnk
[2009-05-05 11:44:13 | 00,000,132 | -HS- | M] () -- C:\Documents and Settings\All Users\Dokumenty\desktop.ini
[2009-05-02 19:25:14 | 00,190,464 | ---- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\Draft1.dft
< End of report >