Psycholandia komentarz 27 września 2009 komentarz 27 września 2009 Masz wyłączyć i włączyć przywracanie systemu, jak to zrobić, tutaj: http://support.microsoft.com/kb/310405/pl
dawidafc komentarz 27 września 2009 Autor komentarz 27 września 2009 Robię to ale do folderu się wejść nie da...To z tego folderu ma być koniecznie usunięte czy nie ?
Psycholandia komentarz 27 września 2009 komentarz 27 września 2009 Nie masz usuwać samego folderu. Wyłączenie i włączenie aktualizacji je samo usunie. Wykonaj to: http://support.microsoft.com/kb/310405/pl A folderu nie ruszaj, powyższe usunie pliki
dawidafc komentarz 27 września 2009 Autor komentarz 27 września 2009 (edytowane) A no to jak tylko to, to już to zrobiłem Myślałem że coś z tego folderu trzeba usuwać. Edytowane 27 września 2009 przez dawidafc
dawidafc komentarz 28 września 2009 Autor komentarz 28 września 2009 Teraz dobrze, znaczy wcześniej też działał dobrze tylko zobaczyłem że mam ten EXPLORER.EXE i wiem że to jest wirus i trzeba coś z tym zrobić. Gdzie to się tak często łapie na komputer ?? :/
Psycholandia komentarz 28 września 2009 komentarz 28 września 2009 Na stronach jakiś w necie pewnie łapiesz.
MarekM25 komentarz 29 września 2009 komentarz 29 września 2009 Tak jak andzia powiedziała na stronach. Zaktualizuj IE do najnowszej wersji i daj ponownie loga z otl, jeżeli nadal jest coś nie tak.
dawidafc komentarz 21 października 2009 Autor komentarz 21 października 2009 witam, daje loga z hijackthis bo wykrylo mi dzisiaj wirusa hidrag i nie wiem jak sie tego pozbyc :/ prosze o pomoc [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:00:28, on 2009-10-21 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\COMMON~1\uusee\UUSeeMediaCenter.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\WINDOWS\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\dawid\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [UUSeeMediaCenter] "C:\PROGRA~1\COMMON~1\uusee\UUSeeMediaCenter.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe /autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe -- End of file - 5447 bytes [/log]
Psycholandia komentarz 21 października 2009 komentarz 21 października 2009 Daj loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338
dawidafc komentarz 21 października 2009 Autor komentarz 21 października 2009 [log]OTL logfile created on: 2009-10-21 18:00:03 - Run 5 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\dawid\Moje dokumenty Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,60% Memory free 3,85 Gb Paging File | 3,42 Gb Available in Paging File | 88,86% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 24,41 Gb Total Space | 12,57 Gb Free Space | 51,49% Space Free | Partition Type: NTFS Drive D: | 3,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 104,23 Gb Total Space | 44,98 Gb Free Space | 43,16% Space Free | Partition Type: NTFS Drive F: | 104,23 Gb Total Space | 22,53 Gb Free Space | 21,62% Space Free | Partition Type: NTFS Drive G: | 7,02 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: FF Current User Name: dawid Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-10-21 17:59:51 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dawid\Moje dokumenty\OTL.exe PRC - [2009-09-25 14:59:32 | 00,906,544 | ---- | M] (UUSEE) -- C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe PRC - [2009-09-14 20:13:19 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-08-31 18:07:34 | 11,391,592 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2009-08-31 16:56:26 | 00,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-08-23 00:22:28 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2008-04-14 19:21:50 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe PRC - [2008-04-14 19:21:16 | 00,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2007-06-17 12:14:36 | 00,096,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe PRC - [2007-05-11 00:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2007-04-12 11:33:10 | 16,132,608 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2006-12-23 18:05:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006-12-23 18:04:42 | 00,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2006-12-23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe PRC - [2006-05-21 09:43:14 | 00,155,648 | ---- | M] (Y'z@Home) -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe PRC - [2006-05-21 09:43:08 | 00,180,224 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe PRC - [2005-04-02 03:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe PRC - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2001-08-24 20:00:00 | 00,036,352 | --S- | M] (Microsoft Corporation) -- C:\WINDOWS\svchost.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-08-19 05:14:00 | 03,401,976 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2007-05-11 00:03:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2007-01-05 13:41:10 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped]) SRV - [2006-12-23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running]) SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2005-04-02 03:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe -- (StarWindService [Auto | Running]) SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running]) SRV - [2001-08-24 20:00:00 | 00,036,352 | --S- | M] (Microsoft Corporation) -- C:\WINDOWS\svchost.exe -- (PowerManager [Auto | Running]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-08-23 00:44:56 | 00,639,224 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2009-08-22 21:11:20 | 00,015,600 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped]) DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007-05-11 00:03:00 | 06,738,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2007-04-23 12:12:28 | 04,402,176 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2007-03-01 10:05:38 | 00,090,496 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running]) DRV - [2007-01-16 13:52:20 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50 [On_Demand | Running]) DRV - [2007-01-10 10:14:34 | 00,450,560 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\DRIVERS\WlanBZXP.sys -- (SG762_XP [On_Demand | Stopped]) DRV - [2006-03-02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)" FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 8 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009-08-23 00:22:35 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-17 15:30:52 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-14 20:13:22 | 00,000,000 | ---D | M] [2009-08-22 22:33:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Extensions [2009-08-22 22:33:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-10-21 15:09:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Firefox\Profiles\ywv0iu65.default\extensions [2009-09-16 20:56:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dawid\Dane aplikacji\mozilla\Firefox\Profiles\ywv0iu65.default\extensions\firefox@tvunetworks.com [2009-08-23 00:54:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-09-14 20:13:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-09-14 20:13:18 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-09-14 20:13:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-09-14 20:13:19 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-08-23 00:22:33 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-08-23 00:30:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009-08-23 00:30:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009-08-23 00:30:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009-08-23 00:30:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009-08-23 00:30:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009-08-23 00:30:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009-08-23 00:30:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009-08-23 00:22:38 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-08-23 00:22:31 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-08-24 16:02:26 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-08-24 16:02:26 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-08-24 16:02:26 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-08-24 16:02:26 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-08-24 16:02:26 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-08-24 16:02:26 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-08-24 16:02:26 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\dawid\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UUSeeMediaCenter] C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe (UUSEE) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.) O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.exe ( ) O4 - Startup: C:\Documents and Settings\dawid\Menu Start\Programy\Autostart\TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (AKSoftware) O4 - Startup: C:\Documents and Settings\dawid\Menu Start\Programy\Autostart\UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe () O4 - Startup: C:\Documents and Settings\dawid\Menu Start\Programy\Autostart\Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe (Y'z@Home) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007-10-26 19:22:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005-02-25 18:24:46 | 00,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009-09-09 06:11:10 | 00,419,088 | R--- | M] (Electronic Arts) - G:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2009-09-09 06:11:10 | 00,419,088 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2009-09-09 06:11:08 | 11,369,984 | R--- | M] () - G:\autorun.dat -- [ UDF ] O32 - AutoRun File - [2009-09-09 05:48:56 | 00,000,136 | R--- | M] () - G:\autorun.inf -- [ UDF ] O33 - MountPoints2\{664820cf-83f6-11dc-899e-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{664820cf-83f6-11dc-899e-806d6172696f}\Shell\AutoRun\command - "" = D:\Install.exe -- [2004-10-21 19:38:02 | 00,126,976 | R--- | M] (Macrovision Corporation) O33 - MountPoints2\{72ac95c7-8f6e-11de-b70f-0060b320af5d}\Shell - "" = AutoRun O33 - MountPoints2\{72ac95c7-8f6e-11de-b70f-0060b320af5d}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2009-09-09 06:11:10 | 00,419,088 | R--- | M] (Electronic Arts) O33 - MountPoints2\{971e20e6-21d3-11de-aab8-0060b320af5d}\Shell\AutoRun\command - "" = C:\WINDOWS\EXPLORER.EXE -- [2008-04-14 19:21:16 | 00,977,408 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{971e20e6-21d3-11de-aab8-0060b320af5d}\Shell\explore\Command - "" = C:\WINDOWS\EXPLORER.EXE -- [2008-04-14 19:21:16 | 00,977,408 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{971e20e6-21d3-11de-aab8-0060b320af5d}\Shell\open\Command - "" = C:\WINDOWS\EXPLORER.EXE -- [2008-04-14 19:21:16 | 00,977,408 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-10-17 15:53:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dawid\Dane aplikacji\StreamTorrent [2009-10-21 16:06:24 | 00,000,000 | ---D | C] -- C:\Program Files\San Andreas Mod Installer [2009-10-21 17:59:49 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dawid\Moje dokumenty\OTL.exe [2009-10-21 16:06:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\San Andreas Mod Installer [2009-10-21 15:13:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dawid\Moje dokumenty\GTA San Andreas User Files [2009-10-17 18:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dawid\Moje dokumenty\DATA [2009-10-06 16:36:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dawid\Moje dokumenty\FIFA 10 [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-10-21 17:59:51 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dawid\Moje dokumenty\OTL.exe [2009-10-21 16:57:40 | 00,355,830 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-10-21 16:57:40 | 00,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-10-21 16:57:40 | 00,049,712 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-10-21 16:57:40 | 00,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-10-21 16:19:38 | 00,827,262 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-10-21 15:28:38 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\dawid\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-21 14:59:41 | 00,000,501 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\GTA San Andreas.lnk [2009-10-21 14:56:43 | 00,000,204 | ---- | M] () -- C:\WINDOWS\struct~.ini [2009-10-21 14:56:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-10-21 14:56:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-10-20 01:00:16 | 04,763,140 | -H-- | M] () -- C:\Documents and Settings\dawid\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-10-19 17:07:26 | 06,463,770 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\andy la toggo - electronic pleasure (original mix).mp3.mp3 [2009-10-19 16:20:18 | 00,010,755 | ---- | M] () -- C:\Documents and Settings\dawid\Moje dokumenty\Soszyński Mariusz 02.docx [2009-10-18 23:43:56 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-10-18 10:49:57 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-10-17 18:19:48 | 01,560,423 | ---- | M] () -- C:\Documents and Settings\dawid\Moje dokumenty\N_I_G_H_T_S_H_A_D_E___skin_by_MyNameIsRay.zip [2009-10-17 15:53:38 | 01,415,665 | ---- | M] () -- C:\Documents and Settings\dawid\Moje dokumenty\StreamTorrent10Build0059.zip [2009-10-15 16:27:55 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-10-15 08:07:08 | 00,267,615 | ---- | M] () -- C:\Documents and Settings\dawid\Moje dokumenty\20091015.jpg [2009-10-12 19:42:40 | 00,000,406 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\Skrót do Połączenie lokalne.lnk [2009-10-06 17:03:28 | 00,000,503 | ---- | M] () -- C:\Documents and Settings\dawid\Pulpit\FIFA10.exe.lnk [2009-10-02 20:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-10-01 18:42:19 | 11,907,440 | ---- | M] () -- C:\Documents and Settings\dawid\Moje dokumenty\VeohVideoCompassSetup_eng.exe [2009-09-27 17:20:44 | 00,014,556 | ---- | M] () -- C:\Documents and Settings\dawid\Moje dokumenty\Do Inspekcji Transportu Drogowego w Warszawie.docx [2009-09-27 14:35:03 | 00,070,487 | ---- | M] () -- C:\Documents and Settings\dawid\Moje dokumenty\KillBox.zip [2009-09-25 07:37:34 | 00,669,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll [2009-09-25 07:37:34 | 00,669,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2009-09-25 07:37:33 | 01,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll [2009-09-25 07:37:33 | 01,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll [2009-09-25 07:37:33 | 00,627,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll [2009-09-25 07:37:33 | 00,627,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2009-09-25 07:37:32 | 03,091,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009-09-25 07:37:32 | 03,091,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2009-09-25 07:37:30 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2009-09-25 07:37:30 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll [2009-09-25 07:20:34 | 00,370,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec [color=#E56717]========== Files - No Company Name ==========[/color] [2009-10-21 14:59:41 | 00,000,501 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Pulpit\GTA San Andreas.lnk [2009-10-19 17:02:05 | 06,463,770 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\andy la toggo - electronic pleasure (original mix).mp3.mp3 [2009-10-17 18:19:42 | 01,560,423 | ---- | C] () -- C:\Documents and Settings\dawid\Moje dokumenty\N_I_G_H_T_S_H_A_D_E___skin_by_MyNameIsRay.zip [2009-10-17 15:53:44 | 01,482,366 | ---- | C] () -- C:\Documents and Settings\dawid\Moje dokumenty\StreamTorrent10Build0059.exe [2009-10-17 15:53:04 | 01,415,665 | ---- | C] () -- C:\Documents and Settings\dawid\Moje dokumenty\StreamTorrent10Build0059.zip [2009-10-15 14:50:14 | 00,267,615 | ---- | C] () -- C:\Documents and Settings\dawid\Moje dokumenty\20091015.jpg [2009-10-15 14:49:33 | 00,343,946 | ---- | C] () -- C:\Documents and Settings\dawid\Moje dokumenty\DSC01303.JPG [2009-10-12 19:42:40 | 00,000,406 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\Skrót do Połączenie lokalne.lnk [2009-10-06 17:03:28 | 00,000,503 | ---- | C] () -- C:\Documents and Settings\dawid\Pulpit\FIFA10.exe.lnk [2009-10-02 13:07:19 | 00,010,755 | ---- | C] () -- C:\Documents and Settings\dawid\Moje dokumenty\Soszyński Mariusz 02.docx [2009-10-01 18:39:48 | 11,907,440 | ---- | C] () -- C:\Documents and Settings\dawid\Moje dokumenty\VeohVideoCompassSetup_eng.exe [2009-09-27 17:06:56 | 00,014,556 | ---- | C] () -- C:\Documents and Settings\dawid\Moje dokumenty\Do Inspekcji Transportu Drogowego w Warszawie.docx [2009-09-27 14:35:02 | 00,070,487 | ---- | C] () -- C:\Documents and Settings\dawid\Moje dokumenty\KillBox.zip [2009-09-20 20:02:58 | 00,000,204 | ---- | C] () -- C:\WINDOWS\struct~.ini [2009-08-23 02:35:43 | 04,763,140 | -H-- | C] () -- C:\Documents and Settings\dawid\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-08-23 00:47:00 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-08-23 00:45:17 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2009-08-23 00:45:17 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2009-08-23 00:45:17 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2009-08-23 00:45:17 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll [2009-08-23 00:45:17 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2009-08-23 00:45:17 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll [2009-08-23 00:44:55 | 00,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-08-22 22:37:41 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\desktop.ini [2009-08-22 21:31:14 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll [2009-08-22 21:03:58 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\dawid\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-08-22 20:55:08 | 00,028,648 | ---- | C] () -- C:\Documents and Settings\dawid\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-08-22 20:52:43 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\dawid\Dane aplikacji\desktop.ini [2009-08-22 13:24:54 | 00,018,454 | ---- | C] () -- C:\Program Files\Common Files\yrer.sys [2009-08-21 23:11:08 | 00,019,978 | ---- | C] () -- C:\Program Files\Common Files\etafari.inf [2009-06-19 20:06:22 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009-06-19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009-06-19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009-06-19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009-06-19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009-06-19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009-06-19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009-06-19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009-06-19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009-06-19 20:06:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2009-02-04 11:50:32 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsis_loader.dll [2007-05-11 00:03:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007-05-11 00:03:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007-05-11 00:03:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007-05-11 00:03:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007-05-11 00:03:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-09-13 13:06:10 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll [2006-03-02 14:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini [2006-03-02 14:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini < End of report > [/log]
Psycholandia komentarz 21 października 2009 komentarz 21 października 2009 W okienko OTL wklej poniższy skrypt i klik na Run Fix: [code]:Processes explorer.exe :OTL O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll (Yahoo! Inc.) O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll (Yahoo! Inc.) O32 - AutoRun File - [2005-02-25 18:24:46 | 00,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009-09-09 06:11:10 | 00,419,088 | R--- | M] (Electronic Arts) - G:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2009-09-09 06:11:10 | 00,419,088 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2009-09-09 06:11:08 | 11,369,984 | R--- | M] () - G:\autorun.dat -- [ UDF ] O32 - AutoRun File - [2009-09-09 05:48:56 | 00,000,136 | R--- | M] () - G:\autorun.inf -- [ UDF ] O33 - MountPoints2\{664820cf-83f6-11dc-899e-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{664820cf-83f6-11dc-899e-806d6172696f}\Shell\AutoRun\command - "" = D:\Install.exe -- [2004-10-21 19:38:02 | 00,126,976 | R--- | M] (Macrovision Corporation) O33 - MountPoints2\{72ac95c7-8f6e-11de-b70f-0060b320af5d}\Shell - "" = AutoRun O33 - MountPoints2\{72ac95c7-8f6e-11de-b70f-0060b320af5d}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2009-09-09 06:11:10 | 00,419,088 | R--- | M] (Electronic Arts) O33 - MountPoints2\{971e20e6-21d3-11de-aab8-0060b320af5d}\Shell\AutoRun\command - "" = C:\WINDOWS\EXPLORER.EXE -- [2008-04-14 19:21:16 | 00,977,408 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{971e20e6-21d3-11de-aab8-0060b320af5d}\Shell\explore\Command - "" = C:\WINDOWS\EXPLORER.EXE -- [2008-04-14 19:21:16 | 00,977,408 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{971e20e6-21d3-11de-aab8-0060b320af5d}\Shell\open\Command - "" = C:\WINDOWS\EXPLORER.EXE -- [2008-04-14 19:21:16 | 00,977,408 | ---- | M] (Microsoft Corporation) :Files C:\WINDOWS\svchost.exe :Commands [emptytemp] [start explorer] [Reboot][/code] Otwórz notatnik tekstowy i wklej do niego poniższy tekst: [code]Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [/code] Zapisz jako->Wybierz [b]Wszystkie pliki[/b]->wpisz [b]Fix.reg[/b]->Następnie kliknij na zapisany plik i uruchom komputer ponownie. Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)
dawidafc komentarz 21 października 2009 Autor komentarz 21 października 2009 (edytowane) Nie wiem czy juz jest tak jak powinno byc bo teraz zrobilem loga w hijackthis i dalej znajduje ten wirus svchost.exe :/ On jest w C:\WINDOWS i w folderze OTL [log]Malwarebytes' Anti-Malware 1.40 Wersja bazy definicji: 2551 Windows 5.1.2600 Dodatek Service Pack 3 2009-10-21 19:26:46 mbam-log-2009-10-21 (19-26-46).txt Typ skanowania: Pełne skanowanie (C:\|E:\|F:\|) Przeskanowane obiekty: 280383 Upłynęło: 29 minute(s), 52 second(s) Zainfekowane procesy w pamięci: 1 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 3 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 1 Zainfekowane procesy w pamięci: C:\WINDOWS\svchost.exe (Trojan.Agent) -> Unloaded process successfully. Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\powermanager (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\powermanager (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\powermanager (Trojan.Agent) -> Quarantined and deleted successfully. Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.[/log] Edytowane 21 października 2009 przez dawidafc
Gość komentarz 21 października 2009 komentarz 21 października 2009 Give log z ComboFixa: http://www.forumpc.pl/index.php?showtopic=120614&st=0&p=837303&fromsearch=1&#entry837303 .
dawidafc komentarz 21 października 2009 Autor komentarz 21 października 2009 (edytowane) [quote name='Andziorka' date='21 październik 2009 - 19:34 ' timestamp='1256146440' post='884738'] Wykrywa wirusa nadal? [/quote] Tak wykrywa nadal :/ Zaraz dam log z ComboFixa [log]ComboFix 09-10-20.03 - dawid 2009-10-21 19:43.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1600 [GMT 2:00] Uruchomiony z: c:\documents and settings\dawid\Moje dokumenty\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Arsenal\Cookies\axabuhexe.db c:\documents and settings\Arsenal\Cookies\cugomutic.reg c:\documents and settings\Arsenal\Cookies\gifo.dll c:\documents and settings\Arsenal\Cookies\ikozyzu.dat c:\documents and settings\Arsenal\Cookies\omyhuniru.reg c:\documents and settings\Arsenal\Cookies\ukoxuzohuj.inf c:\documents and settings\Arsenal\Cookies\wyjegeq.vbs c:\documents and settings\Arsenal\Dane aplikacji\bekesity.bat c:\documents and settings\Arsenal\Dane aplikacji\bini.inf c:\documents and settings\Arsenal\Dane aplikacji\BITS c:\documents and settings\Arsenal\Dane aplikacji\BITS\BITS.ini c:\documents and settings\Arsenal\Dane aplikacji\BITS\DHTTable.dat c:\documents and settings\Arsenal\Dane aplikacji\BITS\pl.dat c:\documents and settings\Arsenal\Dane aplikacji\BITS\ProxyList.ini c:\documents and settings\Arsenal\Dane aplikacji\FlashGetBHO c:\documents and settings\Arsenal\Dane aplikacji\FlashGetBHO\FlashGetBHO3.dll c:\documents and settings\Arsenal\Dane aplikacji\FlashGetBHO\GetAllUrl.htm c:\documents and settings\Arsenal\Dane aplikacji\FlashGetBHO\GetUrl.htm c:\documents and settings\Arsenal\Menu Start\Programy\Autostart\ikowin32.exe c:\program files\Common Files\etafari.inf c:\recycler\S-1-5-21-1993962763-1220945662-839522115-1004 c:\recycler\S-1-5-21-583907252-1979792683-839522115-1003 c:\windows\OPTIONS\CABS\_desktop.ini c:\windows\struct~.ini c:\windows\svchost.exe c:\windows\system32\ieuinit.inf . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_POWERMANAGER -------\Service_PowerManager ((((((((((((((((((((((((( Pliki utworzone od 2009-09-21 do 2009-10-21 ))))))))))))))))))))))))))))))) . 2009-10-21 16:46 . 2009-10-21 16:46 -------- d-----w- C:\_OTL 2009-10-21 14:06 . 2009-10-21 14:21 -------- d-----w- c:\program files\San Andreas Mod Installer 2009-10-21 14:06 . 2009-10-21 14:19 -------- d-----w- c:\windows\San Andreas Mod Installer 2009-10-17 13:53 . 2009-10-17 13:53 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\StreamTorrent . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-21 17:49 . 2009-08-22 22:42 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\ipla 2009-10-21 14:57 . 2006-03-02 12:00 49712 ----a-w- c:\windows\system32\perfc015.dat 2009-10-21 14:57 . 2006-03-02 12:00 355830 ----a-w- c:\windows\system32\perfh015.dat 2009-10-21 12:59 . 2007-10-26 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-19 14:58 . 2009-08-23 15:14 -------- d-----w- c:\program files\uusee 2009-10-19 14:58 . 2009-08-22 12:54 -------- d-----w- c:\program files\Common Files\uusee 2009-09-25 05:37 . 2006-03-02 12:00 669696 ----a-w- c:\windows\system32\wininet.dll 2009-09-25 05:37 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-24 21:14 . 2009-08-22 20:27 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-09-19 18:44 . 2009-08-22 22:18 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\Ahead 2009-09-19 18:41 . 2009-09-19 18:41 -------- d-----w- c:\program files\AGEIA Technologies 2009-09-17 17:33 . 2009-09-17 17:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-09-17 17:29 . 2009-09-17 17:29 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\Leadertech 2009-09-16 18:56 . 2009-09-16 18:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TVU Networks 2009-09-16 18:56 . 2009-09-16 18:56 -------- d-----w- c:\program files\TVUPlayer 2009-09-12 07:56 . 2009-08-22 21:35 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\Winamp 2009-09-11 14:19 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-11 05:15 . 2009-09-11 05:15 2491192 ----a-w- c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\ywv0iu65.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll 2009-09-04 21:05 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-27 11:54 . 2009-08-27 11:53 211 ----a-w- c:\windows\BricoPackFoldersDelete.cmd 2009-08-27 11:54 . 2009-08-22 20:46 72382 ----a-w- c:\windows\BricoPackUninst.cmd 2009-08-27 11:54 . 2006-03-02 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-08-27 11:48 . 2009-08-22 18:55 28648 ----a-w- c:\documents and settings\dawid\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-08-26 08:02 . 2006-03-02 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-24 14:00 . 2008-01-05 16:27 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-23 12:07 . 2009-08-22 21:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help 2009-08-23 11:15 . 2009-08-23 11:15 -------- d-----w- c:\program files\Trend Micro 2009-08-23 10:46 . 2009-08-22 22:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ScanSoft 2009-08-23 00:35 . 2009-08-23 00:35 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\vlc 2009-08-22 22:52 . 2009-08-22 22:52 -------- d-----w- c:\program files\Alcohol Soft 2009-08-22 22:46 . 2009-08-22 22:46 -------- d-----w- c:\program files\PIXresizer 2009-08-22 22:45 . 2009-08-22 22:45 -------- d-----w- c:\program files\Allok 3GP PSP MP4 iPod Video Converter 2009-08-22 22:44 . 2009-08-22 22:44 639224 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-22 22:43 . 2009-08-22 22:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ipla 2009-08-22 22:43 . 2009-08-22 22:42 -------- d-----w- c:\program files\ipla 2009-08-22 22:36 . 2009-08-22 21:37 -------- d-----w- c:\program files\SopCast 2009-08-22 22:30 . 2009-02-07 01:19 -------- d-----w- c:\program files\QuickTime 2009-08-22 22:29 . 2009-08-22 22:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Apple Computer 2009-08-22 22:29 . 2009-08-22 22:29 -------- d-----w- c:\program files\Apple Software Update 2009-08-22 22:29 . 2009-08-22 22:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Apple 2009-08-22 22:22 . 2007-11-25 22:57 -------- d-----w- c:\program files\Common Files\Real 2009-08-22 22:22 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-08-22 22:22 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-08-22 22:22 . 2009-08-22 22:22 -------- d-----w- c:\program files\Real 2009-08-22 22:16 . 2009-08-22 22:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Nero 2009-08-22 22:16 . 2009-08-22 22:16 -------- d-----w- c:\program files\Nero 2009-08-22 22:14 . 2009-08-22 22:07 -------- d-----w- c:\program files\Canon 2009-08-22 22:12 . 2009-08-22 22:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\InstallShield 2009-08-22 22:12 . 2009-08-22 22:12 -------- d-----w- c:\program files\ScanSoft 2009-08-22 22:09 . 2009-08-22 22:09 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\CanonBJ 2009-08-22 22:01 . 2009-08-22 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-22 21:59 . 2009-08-22 21:59 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\Malwarebytes 2009-08-22 21:59 . 2009-08-22 21:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes 2009-08-22 21:49 . 2009-08-22 21:35 -------- d-----w- c:\program files\Winamp 2009-08-22 21:29 . 2009-08-22 21:29 -------- d-----w- c:\program files\Microsoft Works 2009-08-22 20:33 . 2009-08-22 20:33 0 ----a-w- c:\windows\nsreg.dat 2009-08-22 20:30 . 2009-08-22 20:29 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\Nowe Gadu-Gadu 2009-08-22 20:17 . 2009-08-22 20:17 -------- d-----w- c:\program files\SAGEM WiFi manager 2009-08-22 20:16 . 2009-08-22 20:16 -------- d-----w- c:\program files\SAGEM 2009-08-22 19:12 . 2009-08-22 19:12 -------- d-----w- c:\program files\Realtek 2009-08-22 19:12 . 2009-08-22 19:12 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\InstallShield 2009-08-22 19:12 . 2009-08-22 19:12 351744 ----a-w- c:\windows\HideWin.exe 2009-08-22 19:11 . 2009-08-22 19:04 15600 ----a-w- c:\windows\gdrv.sys 2009-08-22 19:09 . 2009-08-22 19:09 -------- d-----w- c:\program files\Intel 2009-08-22 18:57 . 2009-08-22 18:57 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\Hamachi 2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 17:24 . 2009-08-22 18:44 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 17:24 . 2006-03-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 17:23 . 2009-08-22 18:44 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 17:23 . 2009-08-22 18:44 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 17:29 . 2006-03-02 12:00 2146816 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 17:29 . 2004-08-04 00:39 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-08-03 11:36 . 2009-08-22 21:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 11:36 . 2009-08-22 21:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-29 04:37 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-27 15:42 . 2009-07-27 15:42 42088 ----a-w- c:\documents and settings\dawid\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-07-27 15:03 . 2009-07-27 15:03 11264 ----a-w- c:\documents and settings\dawid\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll . ------- Sigcheck ------- [-] 2008-04-14 . F042E3426D45D86D9BB55F6A79AB441A . 977408 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . F042E3426D45D86D9BB55F6A79AB441A . 977408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2006-03-02 . 0ABD7EBEAEF8493CB1C0B1D0FF7851A3 . 1012224 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "IPLA!"="c:\program files\ipla\ipla.exe" [2009-08-13 4726168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-22 198160] "UUSeeMediaCenter"="c:\progra~1\COMMON~1\uusee\UUSeeMediaCenter.exe" [2009-09-25 906544] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608] c:\documents and settings\Arsenal\Menu Start\Programy\Autostart\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] c:\documents and settings\dawid\Menu Start\Programy\Autostart\ TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\ Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2009-8-22 950272] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\uusee\\UUSeePlayer.exe"= "c:\\Program Files\\Common Files\\uusee\\UUSeeMediaCenter.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= S2 PowerManager;Power Manager;c:\windows\svchost.exe --> c:\windows\svchost.exe [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2009-08-22 450560] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] . Zawartość folderu 'Zaplanowane zadania' 2009-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\ywv0iu65.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl) FF - plugin: c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\ywv0iu65.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\dawid\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-21 19:49 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run UUSeeMediaCenter = "c:\progra~1\COMMON~1\uusee\UUSeeMediaCenter.exe"???????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(800) c:\windows\system32\scecli.dll - - - - - - - > 'explorer.exe'(504) c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\msi.dll c:\windows\system32\ntshrui.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\combofix\CF16304.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\nvsvc32.exe c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Czas ukończenia: 2009-10-21 19:51 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-10-21 17:51 Przed: 13 418 905 600 bajtów wolnych Po: 13 321 580 544 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 4355DBF4F3624EC81DC035A9D18EC0D9 [/log] ehh dalej mam ten svchost.exe -.- Może ręcznie to usunąć ?Usunąć ręcznie się nie da :/ Co z tym zrobić ? Edytowane 21 października 2009 przez dawidafc
Psycholandia komentarz 21 października 2009 komentarz 21 października 2009 Pobierz Avengera: http://swandog46.geekstogo.com/avenger.zip wklej w okienko skrypt: [code]Files to delete: c:\windows\svchost.exe[/code] I klik na [b]Execute[/b]. Dajesz loga powstałego po restarcie.
dawidafc komentarz 21 października 2009 Autor komentarz 21 października 2009 (edytowane) Wirus jest nadal -.- [log]Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "c:\windows\svchost.exe" deleted successfully. Completed script processing. ******************* Finished! Terminate. [/log] Edytowane 21 października 2009 przez dawidafc
Psycholandia komentarz 21 października 2009 komentarz 21 października 2009 Otwierasz notatnik, wpisujesz: [code]File:: c:\windows\svchost.exe[/code] Plik >>> zapisz pod nazwą [b]CFScript.txt[/b] a nastepnie przeciągnij go i upuść na ikonę [b]ComboFixa[/b] w taki sposób: http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
dawidafc komentarz 21 października 2009 Autor komentarz 21 października 2009 Ech już nie wiem :/ Niby jest w logu napisane że usunięto ale wirus mam dalej na dysku :/ [log]ComboFix 09-10-20.03 - dawid 2009-10-21 23:02.2.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1452 [GMT 2:00] Uruchomiony z: c:\documents and settings\dawid\Moje dokumenty\ComboFix.exe Użyto następujących komend :: c:\documents and settings\dawid\Moje dokumenty\CFScript.txt FILE :: "c:\windows\svchost.exe" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\struct~.ini c:\windows\svchost.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-09-21 do 2009-10-21 ))))))))))))))))))))))))))))))) . 2009-10-21 16:46 . 2009-10-21 16:46 -------- d-----w- C:\_OTL 2009-10-21 14:06 . 2009-10-21 14:21 -------- d-----w- c:\program files\San Andreas Mod Installer 2009-10-21 14:06 . 2009-10-21 14:19 -------- d-----w- c:\windows\San Andreas Mod Installer 2009-10-17 13:53 . 2009-10-17 13:53 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\StreamTorrent . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-21 19:41 . 2009-08-22 22:42 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\ipla 2009-10-21 14:57 . 2006-03-02 12:00 49712 ----a-w- c:\windows\system32\perfc015.dat 2009-10-21 14:57 . 2006-03-02 12:00 355830 ----a-w- c:\windows\system32\perfh015.dat 2009-10-21 12:59 . 2007-10-26 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-19 14:58 . 2009-08-23 15:14 -------- d-----w- c:\program files\uusee 2009-10-19 14:58 . 2009-08-22 12:54 -------- d-----w- c:\program files\Common Files\uusee 2009-09-25 05:37 . 2006-03-02 12:00 669696 ------w- c:\windows\system32\wininet.dll 2009-09-25 05:37 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-24 21:14 . 2009-08-22 20:27 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-09-19 18:44 . 2009-08-22 22:18 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\Ahead 2009-09-19 18:41 . 2009-09-19 18:41 -------- d-----w- c:\program files\AGEIA Technologies 2009-09-17 17:33 . 2009-09-17 17:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-09-17 17:29 . 2009-09-17 17:29 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\Leadertech 2009-09-16 18:56 . 2009-09-16 18:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TVU Networks 2009-09-16 18:56 . 2009-09-16 18:56 -------- d-----w- c:\program files\TVUPlayer 2009-09-12 07:56 . 2009-08-22 21:35 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\Winamp 2009-09-11 14:19 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-11 05:15 . 2009-09-11 05:15 2491192 ----a-w- c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\ywv0iu65.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll 2009-09-04 21:05 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-27 11:54 . 2009-08-27 11:53 211 ----a-w- c:\windows\BricoPackFoldersDelete.cmd 2009-08-27 11:54 . 2009-08-22 20:46 72382 ----a-w- c:\windows\BricoPackUninst.cmd 2009-08-27 11:54 . 2006-03-02 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-08-27 11:48 . 2009-08-22 18:55 28648 ----a-w- c:\documents and settings\dawid\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-08-26 08:02 . 2006-03-02 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-24 14:00 . 2008-01-05 16:27 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-23 12:07 . 2009-08-22 21:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help 2009-08-23 11:15 . 2009-08-23 11:15 -------- d-----w- c:\program files\Trend Micro 2009-08-23 10:46 . 2009-08-22 22:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ScanSoft 2009-08-23 00:35 . 2009-08-23 00:35 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\vlc 2009-08-22 22:52 . 2009-08-22 22:52 -------- d-----w- c:\program files\Alcohol Soft 2009-08-22 22:46 . 2009-08-22 22:46 -------- d-----w- c:\program files\PIXresizer 2009-08-22 22:45 . 2009-08-22 22:45 -------- d-----w- c:\program files\Allok 3GP PSP MP4 iPod Video Converter 2009-08-22 22:44 . 2009-08-22 22:44 639224 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-22 22:43 . 2009-08-22 22:42 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ipla 2009-08-22 22:43 . 2009-08-22 22:42 -------- d-----w- c:\program files\ipla 2009-08-22 22:36 . 2009-08-22 21:37 -------- d-----w- c:\program files\SopCast 2009-08-22 22:30 . 2009-02-07 01:19 -------- d-----w- c:\program files\QuickTime 2009-08-22 22:29 . 2009-08-22 22:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Apple Computer 2009-08-22 22:29 . 2009-08-22 22:29 -------- d-----w- c:\program files\Apple Software Update 2009-08-22 22:29 . 2009-08-22 22:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Apple 2009-08-22 22:22 . 2007-11-25 22:57 -------- d-----w- c:\program files\Common Files\Real 2009-08-22 22:22 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-08-22 22:22 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-08-22 22:22 . 2009-08-22 22:22 -------- d-----w- c:\program files\Real 2009-08-22 22:16 . 2009-08-22 22:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Nero 2009-08-22 22:16 . 2009-08-22 22:16 -------- d-----w- c:\program files\Nero 2009-08-22 22:14 . 2009-08-22 22:07 -------- d-----w- c:\program files\Canon 2009-08-22 22:12 . 2009-08-22 22:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\InstallShield 2009-08-22 22:12 . 2009-08-22 22:12 -------- d-----w- c:\program files\ScanSoft 2009-08-22 22:09 . 2009-08-22 22:09 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\CanonBJ 2009-08-22 22:01 . 2009-08-22 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-22 21:59 . 2009-08-22 21:59 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\Malwarebytes 2009-08-22 21:59 . 2009-08-22 21:59 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Malwarebytes 2009-08-22 21:49 . 2009-08-22 21:35 -------- d-----w- c:\program files\Winamp 2009-08-22 21:29 . 2009-08-22 21:29 -------- d-----w- c:\program files\Microsoft Works 2009-08-22 20:33 . 2009-08-22 20:33 0 ----a-w- c:\windows\nsreg.dat 2009-08-22 19:12 . 2009-08-22 19:12 351744 ----a-w- c:\windows\HideWin.exe 2009-08-22 19:11 . 2009-08-22 19:04 15600 ----a-w- c:\windows\gdrv.sys 2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 17:24 . 2009-08-22 18:44 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-06 17:24 . 2006-03-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 17:23 . 2009-08-22 18:44 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 17:23 . 2009-08-22 18:44 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 17:29 . 2006-03-02 12:00 2146816 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 17:29 . 2004-08-04 00:39 2025472 ------w- c:\windows\system32\ntkrnlpa.exe 2009-08-03 11:36 . 2009-08-22 21:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 11:36 . 2009-08-22 21:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-29 04:37 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-27 15:42 . 2009-07-27 15:42 42088 ----a-w- c:\documents and settings\dawid\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-07-27 15:03 . 2009-07-27 15:03 11264 ----a-w- c:\documents and settings\dawid\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll . ------- Sigcheck ------- [-] 2008-04-14 . F042E3426D45D86D9BB55F6A79AB441A . 977408 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . B1505CE3FBD57E7C8445330A8250AA71 . 1013760 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2006-03-02 . 0ABD7EBEAEF8493CB1C0B1D0FF7851A3 . 1012224 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe . ((((((((((((((((((((((((((((( SnapShot@2009-10-21_17.49.16 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-19 18:06 . 2009-06-19 18:06 324376 c:\windows\system32\PhysXCplUI.exe + 2009-06-19 18:06 . 2009-06-19 18:06 324376 c:\windows\system32\PhysXCompatCplUI.exe + 2009-08-22 19:16 . 2007-05-10 16:39 392704 c:\windows\system32\NVUNINST.EXE + 2009-08-22 19:16 . 2007-05-10 22:03 392704 c:\windows\system32\nvudisp.exe + 2007-05-10 22:03 . 2007-05-10 22:03 781824 c:\windows\system32\nvcplui.exe + 2007-05-10 22:03 . 2007-05-10 22:03 179712 c:\windows\system32\nvcolor.exe + 2007-05-10 22:03 . 2007-05-10 22:03 478720 c:\windows\system32\nvappbar.exe + 2007-05-10 22:03 . 2007-05-10 22:03 462336 c:\windows\system32\keystone.exe + 2008-04-13 18:53 . 2008-04-13 18:53 594432 c:\windows\ServicePackFiles\i386\xpnetdg.exe + 2008-04-14 17:21 . 2008-04-14 17:21 325120 c:\windows\ServicePackFiles\i386\wuauclt1.exe + 2008-04-14 17:21 . 2008-04-14 17:21 192000 c:\windows\ServicePackFiles\i386\wscript.exe + 2008-04-14 17:21 . 2008-04-14 17:21 253440 c:\windows\ServicePackFiles\i386\wordpad.exe + 2008-04-14 17:21 . 2008-04-14 17:21 254464 c:\windows\ServicePackFiles\i386\wmiprvse.exe + 2008-04-14 17:21 . 2008-04-14 17:21 232960 c:\windows\ServicePackFiles\i386\wmiadap.exe + 2008-04-14 17:21 . 2008-04-14 17:21 322048 c:\windows\ServicePackFiles\i386\winhlp32.exe + 2008-04-14 17:21 . 2008-04-14 17:21 924160 c:\windows\ServicePackFiles\i386\wiaacmgr.exe + 2008-04-14 17:21 . 2008-04-14 17:21 154624 c:\windows\ServicePackFiles\i386\wbemtest.exe + 2008-04-14 17:21 . 2008-04-14 17:21 383488 c:\windows\ServicePackFiles\i386\tourstrt.exe + 2008-04-14 17:21 . 2008-04-14 17:21 222208 c:\windows\ServicePackFiles\i386\taskmgr.exe + 2008-04-14 17:21 . 2008-04-14 17:21 219136 c:\windows\ServicePackFiles\i386\sysocmgr.exe + 2008-04-14 17:21 . 2008-04-14 17:21 574976 c:\windows\ServicePackFiles\i386\spider.exe + 2008-04-14 17:21 . 2008-04-14 17:21 217600 c:\windows\ServicePackFiles\i386\sndrec32.exe + 2008-04-14 17:21 . 2008-04-14 17:21 419328 c:\windows\ServicePackFiles\i386\rstrui.exe + 2008-04-14 17:21 . 2008-04-14 17:21 263680 c:\windows\ServicePackFiles\i386\regedit.exe + 2008-04-14 17:21 . 2008-04-14 17:21 145920 c:\windows\ServicePackFiles\i386\progman.exe + 2008-04-14 17:21 . 2008-04-14 17:21 319488 c:\windows\ServicePackFiles\i386\pinball.exe + 2008-04-14 17:21 . 2008-04-14 17:21 252416 c:\windows\ServicePackFiles\i386\osk.exe + 2008-04-14 17:21 . 2008-04-14 17:21 192512 c:\windows\ServicePackFiles\i386\notepad.exe + 2008-04-14 17:26 . 2008-04-14 17:26 368640 c:\windows\ServicePackFiles\i386\netsetup.exe + 2008-04-14 17:21 . 2008-04-14 17:21 212992 c:\windows\ServicePackFiles\i386\napstat.exe + 2008-04-14 17:21 . 2008-04-14 17:21 478720 c:\windows\ServicePackFiles\i386\mspaint.exe + 2008-04-14 17:21 . 2008-04-14 17:21 260608 c:\windows\ServicePackFiles\i386\msimn.exe + 2008-04-14 17:21 . 2008-04-14 17:21 207872 c:\windows\ServicePackFiles\i386\msconfig.exe + 2008-04-14 17:21 . 2008-04-14 17:21 161280 c:\windows\ServicePackFiles\i386\mplay32.exe + 2008-04-14 17:21 . 2008-04-14 17:21 180224 c:\windows\ServicePackFiles\i386\mobsync.exe + 2008-04-14 17:21 . 2008-04-14 17:21 277504 c:\windows\ServicePackFiles\i386\migwiza.exe + 2008-04-14 17:21 . 2008-04-14 17:21 582144 c:\windows\ServicePackFiles\i386\migwiz.exe + 2008-04-14 17:21 . 2008-04-14 17:21 140800 c:\windows\ServicePackFiles\i386\migload.exe + 2008-04-14 17:21 . 2008-04-14 17:21 714240 c:\windows\ServicePackFiles\i386\lhmstsc.exe + 2009-08-23 12:06 . 2006-03-02 12:00 491520 c:\windows\ServicePackFiles\i386\lang\tintsetp.exe + 2009-08-23 12:06 . 2006-03-02 12:00 298552 c:\windows\ServicePackFiles\i386\lang\imjputy.exe + 2009-08-23 12:06 . 2006-03-02 12:00 269879 c:\windows\ServicePackFiles\i386\lang\imjprw.exe + 2009-08-23 12:06 . 2006-03-02 12:00 245304 c:\windows\ServicePackFiles\i386\lang\imjpmig.exe + 2009-08-23 12:06 . 2006-03-02 12:00 233017 c:\windows\ServicePackFiles\i386\lang\imjpinst.exe + 2009-08-23 12:06 . 2006-03-02 12:00 192057 c:\windows\ServicePackFiles\i386\lang\imjpdsvr.exe + 2009-08-23 12:06 . 2006-03-02 12:00 343609 c:\windows\ServicePackFiles\i386\lang\imjpdct.exe + 2009-08-23 12:06 . 2006-03-02 12:00 516608 c:\windows\ServicePackFiles\i386\lang\cintsetp.exe + 2008-04-14 17:21 . 2008-04-14 17:21 188416 c:\windows\ServicePackFiles\i386\irftp.exe + 2008-04-14 17:21 . 2008-04-14 17:21 151040 c:\windows\ServicePackFiles\i386\iexpress.exe + 2008-04-14 17:21 . 2008-04-14 17:21 868864 c:\windows\ServicePackFiles\i386\iexplore.exe + 2008-04-14 17:21 . 2008-04-14 17:21 252928 c:\windows\ServicePackFiles\i386\icwconn1.exe + 2008-04-14 17:21 . 2008-04-14 17:21 801792 c:\windows\ServicePackFiles\i386\helpctr.exe + 2008-04-14 17:21 . 2008-04-14 17:21 269824 c:\windows\ServicePackFiles\i386\fxscover.exe + 2008-04-14 17:21 . 2008-04-14 17:21 179200 c:\windows\ServicePackFiles\i386\fxsclnt.exe + 2008-04-14 17:21 . 2008-04-14 17:21 229376 c:\windows\ServicePackFiles\i386\fsquirt.exe + 2008-04-14 17:21 . 2008-04-14 17:21 146192 c:\windows\ServicePackFiles\i386\fp98swin.exe + 2008-04-14 17:21 . 2008-04-14 17:21 230400 c:\windows\ServicePackFiles\i386\eudcedit.exe + 2008-04-14 17:21 . 2008-04-14 17:21 216576 c:\windows\ServicePackFiles\i386\dwwin.exe + 2008-04-14 17:21 . 2008-04-14 17:21 582144 c:\windows\ServicePackFiles\i386\dialer.exe + 2008-04-14 17:21 . 2008-04-14 17:21 141824 c:\windows\ServicePackFiles\i386\dfrgntfs.exe + 2008-04-14 17:21 . 2008-04-14 17:21 139776 c:\windows\ServicePackFiles\i386\clipbrd.exe + 2008-04-14 17:21 . 2008-04-14 17:21 145408 c:\windows\ServicePackFiles\i386\cleanmgr.exe + 2008-04-14 17:21 . 2008-04-14 17:21 224832 c:\windows\ServicePackFiles\i386\cfgwiz.exe + 2008-04-14 17:21 . 2008-04-14 17:21 292864 c:\windows\ServicePackFiles\i386\agentsvr.exe + 2008-04-14 17:21 . 2008-04-14 17:21 224768 c:\windows\ServicePackFiles\i386\accwiz.exe + 2009-10-21 14:06 . 2009-10-21 14:19 487424 c:\windows\San Andreas Mod Installer\uninstall.exe + 2009-08-22 21:38 . 2006-03-02 12:00 140288 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe + 2008-04-13 18:53 . 2008-04-13 18:53 594432 c:\windows\network diagnostic\xpnetdiag.exe + 2007-05-28 15:06 . 2007-05-28 15:06 191769 c:\windows\BricoPacks\Vista Inspirat 2\Update.exe + 2007-03-18 22:05 . 2007-03-18 22:05 667136 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe + 2006-05-21 07:49 . 2006-05-21 07:49 918016 c:\windows\BricoPacks\Vista Inspirat 2\ResHacker\ResHacker.exe + 2009-08-27 11:54 . 2009-08-27 11:54 190186 c:\windows\BricoPacks\Vista Inspirat 2\Remove.exe + 2007-04-22 10:31 . 2007-04-22 10:31 183808 c:\windows\BricoPacks\Vista Inspirat 2\Panel.exe + 2009-08-27 11:54 . 2008-04-14 17:21 260608 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\80_msimn.exe + 2009-08-27 11:54 . 2008-04-14 17:21 145408 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\8_cleanmgr.exe + 2009-08-27 11:54 . 2008-04-14 17:21 868864 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\79_iexplore.exe + 2009-08-27 11:54 . 2008-04-14 17:21 325120 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\74_wuauclt1.exe + 2009-08-27 11:54 . 2006-03-02 12:00 154624 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\7_calc.exe + 2009-08-27 11:54 . 2008-04-14 17:21 924160 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\67_wiaacmgr.exe + 2009-08-27 11:54 . 2008-04-14 17:21 222208 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\60_taskmgr.exe + 2009-08-27 11:54 . 2008-04-14 17:21 219136 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\58_sysocmgr.exe + 2009-08-27 11:54 . 2006-03-02 12:00 188928 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\55_sndvol32.exe + 2009-08-27 11:54 . 2008-04-14 17:21 217600 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\54_sndrec32.exe + 2009-08-27 11:54 . 2008-04-14 17:21 263680 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\48_regedit.exe + 2009-08-27 11:54 . 2008-04-14 17:21 192512 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\41_notepad.exe + 2009-08-27 11:54 . 2008-04-14 17:21 192512 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\40_notepad.exe + 2009-08-27 11:54 . 2008-04-14 17:21 478720 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\31_mspaint.exe + 2009-08-27 11:54 . 2008-04-14 17:21 582144 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\26_migwiz.exe + 2009-08-27 11:54 . 2008-04-14 17:21 801792 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\17_helpctr.exe + 2006-03-09 14:33 . 2006-03-09 14:33 441856 c:\windows\BricoPacks\Vista Inspirat 2\iColorFolder\iColorFolder.exe + 2009-08-27 11:54 . 2008-04-14 17:21 551424 c:\windows\BricoPacks\SysFiles\78_logonui.exe + 2009-08-27 11:54 . 2008-04-14 17:21 205312 c:\windows\BricoPacks\SysFiles\74_wuauclt1.exe + 2009-08-27 11:54 . 2006-03-02 12:00 151552 c:\windows\BricoPacks\SysFiles\7_calc.exe + 2009-08-27 11:54 . 2008-04-14 17:21 472064 c:\windows\BricoPacks\SysFiles\67_wiaacmgr.exe + 2009-08-27 11:54 . 2008-04-14 17:21 176128 c:\windows\BricoPacks\SysFiles\60_taskmgr.exe + 2009-08-27 11:54 . 2008-04-14 17:21 143360 c:\windows\BricoPacks\SysFiles\58_sysocmgr.exe + 2009-08-27 11:54 . 2006-03-02 12:00 175616 c:\windows\BricoPacks\SysFiles\55_sndvol32.exe + 2009-08-27 11:54 . 2008-04-14 17:21 168960 c:\windows\BricoPacks\SysFiles\54_sndrec32.exe + 2009-08-27 11:54 . 2008-04-14 17:21 185856 c:\windows\BricoPacks\SysFiles\48_regedit.exe + 2009-08-27 11:54 . 2008-04-14 17:21 381440 c:\windows\BricoPacks\SysFiles\31_mspaint.exe + 2009-08-27 11:54 . 2008-04-14 17:21 284160 c:\windows\BricoPacks\SysFiles\26_migwiz.exe + 2009-08-27 11:54 . 2008-04-14 17:21 805376 c:\windows\BricoPacks\SysFiles\17_helpctr.exe + 2009-08-23 00:37 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB973869_0$\spuninst\spuninst.exe + 2009-08-27 11:40 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB973869$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-05-26 11:43 270712 c:\windows\$NtUninstallKB973815_0$\spuninst\spuninst.exe + 2009-08-27 11:40 . 2009-05-26 11:43 270712 c:\windows\$NtUninstallKB973815$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2007-07-27 06:36 270712 c:\windows\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe + 2009-08-28 18:33 . 2007-07-27 06:36 270712 c:\windows\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-05-26 11:43 270712 c:\windows\$NtUninstallKB973507_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-05-26 11:43 270712 c:\windows\$NtUninstallKB973507$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-05-26 11:43 270712 c:\windows\$NtUninstallKB973354_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-05-26 11:43 270712 c:\windows\$NtUninstallKB973354$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-05-26 11:43 270712 c:\windows\$NtUninstallKB972260_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-05-26 11:43 270712 c:\windows\$NtUninstallKB972260$\spuninst\spuninst.exe + 2009-09-10 13:37 . 2009-05-26 11:43 270712 c:\windows\$NtUninstallKB971961$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB971657_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB971657$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB971633_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB971557_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB971557$\spuninst\spuninst.exe + 2009-08-27 01:10 . 2009-05-26 11:43 270712 c:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB970238_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe + 2009-09-10 13:37 . 2007-07-27 08:41 267640 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2008-07-09 07:57 270712 c:\windows\$NtUninstallKB968537_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2008-07-09 07:57 270712 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe + 2009-08-30 01:30 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB968389$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2008-07-09 07:57 270712 c:\windows\$NtUninstallKB967715_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2008-07-09 07:57 270712 c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2008-07-09 07:57 270712 c:\windows\$NtUninstallKB961501_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2008-07-09 07:57 270712 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-05-26 11:43 270712 c:\windows\$NtUninstallKB961371-v2_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-05-26 11:43 270712 c:\windows\$NtUninstallKB961371-v2$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB960859_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB960859$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB960803_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2007-11-30 11:21 270712 c:\windows\$NtUninstallKB960225_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2007-11-30 11:21 270712 c:\windows\$NtUninstallKB960225$\spuninst\spuninst.exe + 2009-08-23 00:39 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB959426_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB958687_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2007-11-30 11:21 270712 c:\windows\$NtUninstallKB958644_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2007-11-30 11:21 270712 c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2007-03-06 03:28 252640 c:\windows\$NtUninstallKB958470$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB957097_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe + 2009-09-10 13:37 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe + 2009-08-23 00:39 . 2007-11-30 11:21 270712 c:\windows\$NtUninstallKB956803_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2007-11-30 11:21 270712 c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB956802_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe + 2009-08-28 18:33 . 2008-07-08 13:20 270712 c:\windows\$NtUninstallKB956744$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2006-03-02 12:00 254464 c:\windows\$NtUninstallKB956572_0$\wmiprvse.exe + 2009-08-23 00:38 . 2008-07-09 07:57 270712 c:\windows\$NtUninstallKB956572_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2008-04-14 17:21 254464 c:\windows\$NtUninstallKB956572$\wmiprvse.exe + 2009-08-27 11:38 . 2008-07-09 07:57 270712 c:\windows\$NtUninstallKB956572$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2007-11-30 11:21 270712 c:\windows\$NtUninstallKB955069_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2007-11-30 11:21 270712 c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB954600_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe + 2009-08-28 18:33 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe + 2009-08-23 00:39 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2007-11-30 11:21 270712 c:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2007-07-27 05:36 270712 c:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB952004_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe + 2009-08-28 18:33 . 2008-04-14 17:21 192000 c:\windows\$NtUninstallKB951978$\wscript.exe + 2009-08-28 18:33 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe + 2009-08-23 00:39 . 2007-11-30 11:21 270712 c:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe + 2009-08-23 00:39 . 2007-11-30 12:40 270712 c:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2007-03-06 03:28 252640 c:\windows\$NtUninstallKB944338-v2$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2005-06-28 08:23 252640 c:\windows\$NtUninstallKB941569$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2007-11-30 11:21 270712 c:\windows\$NtUninstallKB938464-v2_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2007-11-30 11:21 270712 c:\windows\$NtUninstallKB938464-v2$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2006-12-14 08:54 252640 c:\windows\$NtUninstallKB935448$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2005-06-28 17:23 252640 c:\windows\$NtUninstallKB923689$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2006-03-02 12:00 253440 c:\windows\$NtUninstallKB923561_0$\wordpad.exe + 2009-08-23 00:36 . 2008-07-09 07:57 270712 c:\windows\$NtUninstallKB923561_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2008-04-14 17:21 253440 c:\windows\$NtUninstallKB923561$\wordpad.exe + 2009-08-27 11:38 . 2008-07-09 07:57 270712 c:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe + 2009-08-22 22:06 . 2005-02-25 03:36 249056 c:\windows\$NtUninstallKB898461$\spuninst\spuninst.exe + 2009-08-22 19:11 . 2004-11-18 08:44 245984 c:\windows\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe + 2009-08-27 11:32 . 2006-03-02 12:00 325120 c:\windows\$NtServicePackUninstall$\wuauclt1.exe + 2009-08-27 11:32 . 2006-03-02 12:00 151040 c:\windows\$NtServicePackUninstall$\wscript.exe + 2009-08-27 11:32 . 2008-04-21 21:28 254464 c:\windows\$NtServicePackUninstall$\wordpad.exe + 2009-08-27 11:32 . 2009-02-06 16:39 264192 c:\windows\$NtServicePackUninstall$\wmiprvse.exe + 2009-08-27 11:32 . 2006-03-02 12:00 232960 c:\windows\$NtServicePackUninstall$\wmiadap.exe + 2009-08-27 11:32 . 2006-03-02 12:00 322048 c:\windows\$NtServicePackUninstall$\winhlp32.exe + 2009-08-27 11:32 . 2006-03-02 12:00 924160 c:\windows\$NtServicePackUninstall$\wiaacmgr.exe + 2009-08-27 11:32 . 2006-03-02 12:00 154624 c:\windows\$NtServicePackUninstall$\wbemtest.exe + 2009-08-27 11:32 . 2006-03-02 12:00 245248 c:\windows\$NtServicePackUninstall$\unregmp2.exe + 2009-08-27 11:32 . 2006-03-02 12:00 383488 c:\windows\$NtServicePackUninstall$\tourstrt.exe + 2009-08-27 11:32 . 2006-03-02 12:00 383488 c:\windows\$NtServicePackUninstall$\tourstart.exe + 2009-08-27 11:32 . 2006-03-02 12:00 222208 c:\windows\$NtServicePackUninstall$\taskmgr.exe + 2009-08-27 11:32 . 2006-03-02 12:00 219136 c:\windows\$NtServicePackUninstall$\sysocmgr.exe + 2009-08-27 11:33 . 2007-08-10 18:53 270712 c:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe + 2007-05-10 22:03 . 2007-05-10 22:03 1375744 c:\windows\system32\nvdspsch.exe + 2008-04-14 17:21 . 2008-04-14 17:21 1731584 c:\windows\ServicePackFiles\ServicePackCache\i386\msmsgs.exe + 2008-04-14 17:21 . 2008-04-14 17:21 1731584 c:\windows\ServicePackFiles\i386\msmsgs.exe + 2008-04-14 17:21 . 2006-03-02 12:00 3712512 c:\windows\ServicePackFiles\i386\moviemk.exe + 2008-04-14 17:21 . 2008-04-14 17:21 1451008 c:\windows\ServicePackFiles\i386\mmc.exe + 2008-04-14 17:21 . 2008-04-14 17:21 1072640 c:\windows\ServicePackFiles\i386\conf.exe + 2009-08-27 11:54 . 2006-03-02 12:00 3712512 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\82_moviemk.exe + 2009-08-27 11:54 . 2008-04-14 17:21 1013760 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\14_explorer.exe + 2009-08-27 11:54 . 2006-03-02 12:00 3591680 c:\windows\BricoPacks\SysFiles\82_moviemk.exe + 2009-08-27 11:54 . 2008-04-14 17:21 1071616 c:\windows\BricoPacks\SysFiles\14_explorer.exe . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "IPLA!"="c:\program files\ipla\ipla.exe" [2009-08-13 4762520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 246824] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-22 198160] "UUSeeMediaCenter"="c:\progra~1\COMMON~1\uusee\UUSeeMediaCenter.exe" [2009-09-25 906544] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608] c:\documents and settings\Arsenal\Menu Start\Programy\Autostart\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 667136] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] c:\documents and settings\dawid\Menu Start\Programy\Autostart\ TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\ Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2009-8-22 986624] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\uusee\\UUSeePlayer.exe"= "c:\\Program Files\\Common Files\\uusee\\UUSeeMediaCenter.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2009-08-22 450560] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] . Zawartość folderu 'Zaplanowane zadania' 2009-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\ywv0iu65.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl) FF - plugin: c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\ywv0iu65.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\dawid\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-21 23:05 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run UUSeeMediaCenter = "c:\progra~1\COMMON~1\uusee\UUSeeMediaCenter.exe"???????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(800) c:\windows\system32\scecli.dll . Czas ukończenia: 2009-10-21 23:05 ComboFix-quarantined-files.txt 2009-10-21 21:05 ComboFix2.txt 2009-10-21 17:51 Przed: 13 256 114 176 bajtów wolnych Po: 13 251 461 120 bajtów wolnych - - End Of File - - 96FFC48DFA112C258783CCC4844E68C7 [/log]Co z tym dalej robić ? :/
Psycholandia komentarz 21 października 2009 komentarz 21 października 2009 W trybie awaryjnym użyj tego: http://download.cnet.com/PRT-Perlovga-Removal-Tool/3000-2239_4-10719981.html Jeśli nie pomoże spróbuj usunąć plik: [b]c:\windows\svchost.exe[/b] w trybie awaryjnym , jeśli nie da się ręcznie użyj programu: KillBox
dawidafc komentarz 22 października 2009 Autor komentarz 22 października 2009 Jak się wchodzi do trybu awaryjnego ? Bo zapomniałem :/
Psycholandia komentarz 22 października 2009 komentarz 22 października 2009 F8 wciskasz podczas startu systemu
Gość komentarz 22 października 2009 komentarz 22 października 2009 Epidemia JEFFO! Wykonaj [url=http://www.forumpc.pl/index.php?showtopic=129458&view=findpost&p=881415][b][color=blue][u]post 3[/url][/b][/color][/u]. .
dawidafc komentarz 22 października 2009 Autor komentarz 22 października 2009 (edytowane) Dobra to z C usunęło ale w hijackthis znajduje jeszcze jeden plik z tym svchost.exe [log]O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)[/log] Też usunąć to killboxem ? Tylko jaką ścieżkę w niego wkleić? Nie jednak killbox też tego nie usunął i zrobiłem to co w tym poście 3. Log z ComboFix: Teraz już jest chyba dobrze bo jak nie to wymiękam :/ [log]ComboFix 09-10-20.03 - dawid 2009-10-22 18:59.4.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1495 [GMT 2:00] Uruchomiony z: c:\documents and settings\dawid\Moje dokumenty\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\struct~.ini . ((((((((((((((((((((((((( Pliki utworzone od 2009-09-22 do 2009-10-22 ))))))))))))))))))))))))))))))) . 2009-10-21 16:46 . 2009-10-21 16:46 -------- d-----w- C:\_OTL 2009-10-21 14:06 . 2009-10-21 14:21 -------- d-----w- c:\program files\San Andreas Mod Installer 2009-10-21 14:06 . 2009-10-21 14:19 -------- d-----w- c:\windows\San Andreas Mod Installer 2009-10-17 13:53 . 2009-10-17 13:53 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\StreamTorrent . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-22 16:52 . 2006-10-26 11:45 293376 ----a-w- c:\windows\system32\WISPTIS.EXE 2009-10-22 16:52 . 2006-07-14 14:29 966656 ----a-w- c:\windows\UNNeroBackItUp.exe 2009-10-22 16:52 . 2009-06-19 18:06 282624 ----a-w- c:\windows\system32\PhysXCplUI.exe 2009-10-22 16:52 . 2009-08-22 19:16 356352 ----a-w- c:\windows\system32\nvudisp.exe 2009-10-22 16:52 . 2009-08-22 19:16 356352 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-10-22 16:52 . 2009-06-19 18:06 282624 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe 2009-10-22 16:52 . 2007-05-10 22:03 745472 ----a-w- c:\windows\system32\nvcplui.exe 2009-10-22 16:52 . 2007-05-10 22:03 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-10-22 16:52 . 2007-05-10 22:03 1339392 ----a-w- c:\windows\system32\nvdspsch.exe 2009-10-22 16:52 . 2007-05-10 22:03 442368 ----a-w- c:\windows\system32\nvappbar.exe 2009-10-22 16:52 . 2007-05-10 22:03 425984 ----a-w- c:\windows\system32\keystone.exe 2009-10-22 16:51 . 2009-08-22 19:12 1191936 ----a-w- c:\windows\RtlUpd.exe 2009-10-22 16:51 . 2009-08-22 19:12 2157568 ----a-w- c:\windows\MicCal.exe 2009-10-22 16:51 . 2009-08-22 19:12 315392 ----a-w- c:\windows\HideWin.exe 2009-10-22 16:41 . 2009-08-22 22:42 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\ipla 2009-10-21 14:57 . 2006-03-02 12:00 49712 ----a-w- c:\windows\system32\perfc015.dat 2009-10-21 14:57 . 2006-03-02 12:00 355830 ----a-w- c:\windows\system32\perfh015.dat 2009-10-21 12:59 . 2007-10-26 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-19 14:58 . 2009-08-23 15:14 -------- d-----w- c:\program files\uusee 2009-10-19 14:58 . 2009-08-22 12:54 -------- d-----w- c:\program files\Common Files\uusee 2009-09-25 05:37 . 2006-03-02 12:00 669696 ------w- c:\windows\system32\wininet.dll 2009-09-25 05:37 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-09-24 21:14 . 2009-08-22 20:27 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-09-19 18:44 . 2009-08-22 22:18 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\Ahead 2009-09-19 18:41 . 2009-09-19 18:41 -------- d-----w- c:\program files\AGEIA Technologies 2009-09-17 17:33 . 2009-09-17 17:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-09-17 17:29 . 2009-09-17 17:29 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\Leadertech 2009-09-16 18:56 . 2009-09-16 18:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TVU Networks 2009-09-16 18:56 . 2009-09-16 18:56 -------- d-----w- c:\program files\TVUPlayer 2009-09-12 07:56 . 2009-08-22 21:35 -------- d-----w- c:\documents and settings\dawid\Dane aplikacji\Winamp 2009-09-11 14:19 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-11 05:15 . 2009-09-11 05:15 2491192 ----a-w- c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\ywv0iu65.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll 2009-09-04 21:05 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-27 11:54 . 2009-08-27 11:53 211 ----a-w- c:\windows\BricoPackFoldersDelete.cmd 2009-08-27 11:54 . 2009-08-22 20:46 72382 ----a-w- c:\windows\BricoPackUninst.cmd 2009-08-27 11:54 . 2006-03-02 12:00 219648 ----a-w- c:\windows\system32\uxtheme.dll 2009-08-27 11:48 . 2009-08-22 18:55 28648 ----a-w- c:\documents and settings\dawid\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-08-26 08:02 . 2006-03-02 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-24 14:00 . 2008-01-05 16:27 -------- d-----w- c:\program files\Common Files\Adobe 2009-08-22 22:44 . 2009-08-22 22:44 639224 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-08-22 22:22 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-08-22 22:22 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-08-22 20:33 . 2009-08-22 20:33 0 ----a-w- c:\windows\nsreg.dat 2009-08-22 19:11 . 2009-08-22 19:04 15600 ----a-w- c:\windows\gdrv.sys 2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 17:24 . 2009-08-22 18:44 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-06 17:24 . 2006-03-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 17:23 . 2009-08-22 18:44 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 17:23 . 2009-08-22 18:44 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 17:29 . 2006-03-02 12:00 2146816 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 17:29 . 2004-08-04 00:39 2025472 ------w- c:\windows\system32\ntkrnlpa.exe 2009-08-03 11:36 . 2009-08-22 21:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 11:36 . 2009-08-22 21:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-29 04:37 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-27 15:42 . 2009-07-27 15:42 42088 ----a-w- c:\documents and settings\dawid\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll 2009-07-27 15:03 . 2009-07-27 15:03 11264 ----a-w- c:\documents and settings\dawid\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll . ------- Sigcheck ------- [-] 2009-10-22 . CF9E52DC92B6D09FEF7790960000551A . 963072 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2009-10-22 . 01255DC55FCCD8629DC6F2E5E26AF4B6 . 961536 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2008-04-14 . F042E3426D45D86D9BB55F6A79AB441A . 977408 . . [6.00.2900.5512] . . c:\windows\explorer.exe . ((((((((((((((((((((((((((((( SnapShot_2009-10-21_21.05.11 ))))))))))))))))))))))))))))))))))))))))) . + 2006-03-02 12:00 . 2009-10-22 16:52 238592 c:\windows\system32\usmt\migwiz_a.exe - 2006-03-02 12:00 . 2006-03-02 12:00 238592 c:\windows\system32\usmt\migwiz_a.exe + 2009-02-03 02:15 . 2009-10-22 16:52 235008 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2009-08-22 22:09 . 2009-10-22 16:52 808544 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series\DelDrv.exe - 2009-08-22 22:09 . 2007-02-09 08:10 808544 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series\DelDrv.exe + 2008-04-13 18:53 . 2009-10-22 16:52 558080 c:\windows\ServicePackFiles\i386\xpnetdg.exe + 2008-04-14 17:21 . 2009-10-22 16:52 288768 c:\windows\ServicePackFiles\i386\wuauclt1.exe + 2008-04-14 17:21 . 2009-10-22 16:52 155648 c:\windows\ServicePackFiles\i386\wscript.exe + 2008-04-14 17:21 . 2009-10-22 16:52 217088 c:\windows\ServicePackFiles\i386\wordpad.exe + 2008-04-14 17:21 . 2009-10-22 16:52 218112 c:\windows\ServicePackFiles\i386\wmiprvse.exe + 2008-04-14 17:21 . 2009-10-22 16:52 196608 c:\windows\ServicePackFiles\i386\wmiadap.exe + 2008-04-14 17:21 . 2009-10-22 16:52 285696 c:\windows\ServicePackFiles\i386\winhlp32.exe + 2008-04-14 17:21 . 2009-10-22 16:52 887808 c:\windows\ServicePackFiles\i386\wiaacmgr.exe + 2008-04-14 17:21 . 2009-10-22 16:52 118272 c:\windows\ServicePackFiles\i386\wbemtest.exe + 2008-04-14 17:21 . 2009-10-22 16:52 347136 c:\windows\ServicePackFiles\i386\tourstrt.exe + 2008-04-14 17:21 . 2009-10-22 16:52 185856 c:\windows\ServicePackFiles\i386\taskmgr.exe + 2008-04-14 17:21 . 2009-10-22 16:52 182784 c:\windows\ServicePackFiles\i386\sysocmgr.exe + 2008-04-14 17:21 . 2009-10-22 16:52 538624 c:\windows\ServicePackFiles\i386\spider.exe + 2008-04-14 17:21 . 2009-10-22 16:52 181248 c:\windows\ServicePackFiles\i386\sndrec32.exe + 2008-04-14 17:21 . 2009-10-22 16:52 382976 c:\windows\ServicePackFiles\i386\rstrui.exe + 2008-04-14 17:21 . 2009-10-22 16:52 227328 c:\windows\ServicePackFiles\i386\regedit.exe + 2008-04-14 17:21 . 2009-10-22 16:52 109568 c:\windows\ServicePackFiles\i386\progman.exe + 2008-04-14 17:21 . 2009-10-22 16:52 283136 c:\windows\ServicePackFiles\i386\pinball.exe + 2008-04-14 17:21 . 2009-10-22 16:52 216064 c:\windows\ServicePackFiles\i386\osk.exe + 2008-04-14 17:21 . 2009-10-22 16:52 156160 c:\windows\ServicePackFiles\i386\notepad.exe + 2008-04-14 17:26 . 2009-10-22 16:52 332288 c:\windows\ServicePackFiles\i386\netsetup.exe + 2008-04-14 17:21 . 2009-10-22 16:52 176640 c:\windows\ServicePackFiles\i386\napstat.exe + 2008-04-14 17:21 . 2009-10-22 16:52 442368 c:\windows\ServicePackFiles\i386\mspaint.exe + 2008-04-14 17:21 . 2009-10-22 16:52 224256 c:\windows\ServicePackFiles\i386\msimn.exe + 2008-04-14 17:21 . 2009-10-22 16:52 171520 c:\windows\ServicePackFiles\i386\msconfig.exe + 2008-04-14 17:21 . 2009-10-22 16:52 124928 c:\windows\ServicePackFiles\i386\mplay32.exe + 2008-04-14 17:21 . 2009-10-22 16:52 143872 c:\windows\ServicePackFiles\i386\mobsync.exe + 2008-04-14 17:21 . 2009-10-22 16:52 241152 c:\windows\ServicePackFiles\i386\migwiza.exe + 2008-04-14 17:21 . 2009-10-22 16:51 545792 c:\windows\ServicePackFiles\i386\migwiz.exe + 2008-04-14 17:21 . 2009-10-22 16:51 104448 c:\windows\ServicePackFiles\i386\migload.exe + 2008-04-14 17:21 . 2009-10-22 16:51 677888 c:\windows\ServicePackFiles\i386\lhmstsc.exe + 2009-08-23 12:06 . 2009-10-22 16:51 455168 c:\windows\ServicePackFiles\i386\lang\tintsetp.exe + 2009-08-23 12:06 . 2009-10-22 16:51 262200 c:\windows\ServicePackFiles\i386\lang\imjputy.exe + 2009-08-23 12:06 . 2009-10-22 16:51 233527 c:\windows\ServicePackFiles\i386\lang\imjprw.exe + 2009-08-23 12:06 . 2009-10-22 16:51 208952 c:\windows\ServicePackFiles\i386\lang\imjpmig.exe + 2009-08-23 12:06 . 2009-10-22 16:51 155705 c:\windows\ServicePackFiles\i386\lang\imjpdsvr.exe + 2009-08-23 12:06 . 2009-10-22 16:51 307257 c:\windows\ServicePackFiles\i386\lang\imjpdct.exe + 2009-08-23 12:06 . 2009-10-22 16:51 480256 c:\windows\ServicePackFiles\i386\lang\cintsetp.exe + 2008-04-14 17:21 . 2009-10-22 16:51 152064 c:\windows\ServicePackFiles\i386\irftp.exe + 2008-04-14 17:21 . 2009-10-22 16:51 114688 c:\windows\ServicePackFiles\i386\iexpress.exe + 2008-04-14 17:21 . 2009-10-22 16:51 832512 c:\windows\ServicePackFiles\i386\iexplore.exe + 2008-04-14 17:21 . 2009-10-22 16:51 216576 c:\windows\ServicePackFiles\i386\icwconn1.exe + 2008-04-14 17:21 . 2009-10-22 16:51 765440 c:\windows\ServicePackFiles\i386\helpctr.exe + 2008-04-14 17:21 . 2009-10-22 16:51 233472 c:\windows\ServicePackFiles\i386\fxscover.exe + 2008-04-14 17:21 . 2009-10-22 16:51 142848 c:\windows\ServicePackFiles\i386\fxsclnt.exe + 2008-04-14 17:21 . 2009-10-22 16:51 193024 c:\windows\ServicePackFiles\i386\fsquirt.exe + 2008-04-14 17:21 . 2009-10-22 16:51 109840 c:\windows\ServicePackFiles\i386\fp98swin.exe + 2008-04-14 17:21 . 2009-10-22 16:51 194048 c:\windows\ServicePackFiles\i386\eudcedit.exe + 2008-04-14 17:21 . 2009-10-22 16:51 180224 c:\windows\ServicePackFiles\i386\dwwin.exe + 2008-04-14 17:21 . 2009-10-22 16:51 545792 c:\windows\ServicePackFiles\i386\dialer.exe + 2008-04-14 17:21 . 2009-10-22 16:51 105472 c:\windows\ServicePackFiles\i386\dfrgntfs.exe + 2008-04-14 17:21 . 2009-10-22 16:51 103424 c:\windows\ServicePackFiles\i386\clipbrd.exe + 2008-04-14 17:21 . 2009-10-22 16:51 109056 c:\windows\ServicePackFiles\i386\cleanmgr.exe + 2008-04-14 17:21 . 2009-10-22 16:51 188480 c:\windows\ServicePackFiles\i386\cfgwiz.exe + 2008-04-14 17:21 . 2009-10-22 16:51 256512 c:\windows\ServicePackFiles\i386\agentsvr.exe + 2008-04-14 17:21 . 2009-10-22 16:51 188416 c:\windows\ServicePackFiles\i386\accwiz.exe + 2009-10-21 14:06 . 2009-10-22 16:51 451072 c:\windows\San Andreas Mod Installer\uninstall.exe + 2009-08-22 21:38 . 2009-10-22 16:51 103936 c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe + 2008-04-13 18:53 . 2009-10-22 16:51 558080 c:\windows\network diagnostic\xpnetdiag.exe + 2007-05-28 15:06 . 2009-10-22 16:51 155417 c:\windows\BricoPacks\Vista Inspirat 2\Update.exe + 2007-03-18 22:05 . 2009-10-22 16:51 630784 c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe + 2006-05-21 07:49 . 2009-10-22 16:51 881664 c:\windows\BricoPacks\Vista Inspirat 2\ResHacker\ResHacker.exe + 2009-08-27 11:54 . 2009-10-22 16:51 153834 c:\windows\BricoPacks\Vista Inspirat 2\Remove.exe + 2007-04-22 10:31 . 2009-10-22 16:51 147456 c:\windows\BricoPacks\Vista Inspirat 2\Panel.exe + 2009-08-27 11:54 . 2009-10-22 16:51 224256 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\80_msimn.exe + 2009-08-27 11:54 . 2009-10-22 16:51 109056 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\8_cleanmgr.exe + 2009-08-27 11:54 . 2009-10-22 16:51 832512 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\79_iexplore.exe + 2009-08-27 11:54 . 2009-10-22 16:51 288768 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\74_wuauclt1.exe + 2009-08-27 11:54 . 2009-10-22 16:51 118272 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\7_calc.exe + 2009-08-27 11:54 . 2009-10-22 16:51 887808 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\67_wiaacmgr.exe + 2009-08-27 11:54 . 2009-10-22 16:51 185856 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\60_taskmgr.exe + 2009-08-27 11:54 . 2009-10-22 16:51 182784 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\58_sysocmgr.exe + 2009-08-27 11:54 . 2009-10-22 16:51 152576 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\55_sndvol32.exe + 2009-08-27 11:54 . 2009-10-22 16:51 181248 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\54_sndrec32.exe + 2009-08-27 11:54 . 2009-10-22 16:51 227328 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\48_regedit.exe + 2009-08-27 11:54 . 2009-10-22 16:51 156160 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\41_notepad.exe + 2009-08-27 11:54 . 2009-10-22 16:51 156160 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\40_notepad.exe + 2009-08-27 11:54 . 2009-10-22 16:51 442368 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\31_mspaint.exe + 2009-08-27 11:54 . 2009-10-22 16:51 545792 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\26_migwiz.exe + 2009-08-27 11:54 . 2009-10-22 16:51 765440 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\17_helpctr.exe + 2009-08-27 11:54 . 2009-10-22 16:51 963072 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\14_explorer.exe + 2006-03-09 14:33 . 2009-10-22 16:51 405504 c:\windows\BricoPacks\Vista Inspirat 2\iColorFolder\iColorFolder.exe + 2009-08-27 11:54 . 2009-10-22 16:51 515072 c:\windows\BricoPacks\SysFiles\78_logonui.exe + 2009-08-27 11:54 . 2009-10-22 16:51 168960 c:\windows\BricoPacks\SysFiles\74_wuauclt1.exe + 2009-08-27 11:54 . 2009-10-22 16:51 115200 c:\windows\BricoPacks\SysFiles\7_calc.exe + 2009-08-27 11:54 . 2009-10-22 16:51 435712 c:\windows\BricoPacks\SysFiles\67_wiaacmgr.exe + 2009-08-27 11:54 . 2009-10-22 16:51 139776 c:\windows\BricoPacks\SysFiles\60_taskmgr.exe + 2009-08-27 11:54 . 2009-10-22 16:51 107008 c:\windows\BricoPacks\SysFiles\58_sysocmgr.exe + 2009-08-27 11:54 . 2009-10-22 16:51 139264 c:\windows\BricoPacks\SysFiles\55_sndvol32.exe + 2009-08-27 11:54 . 2009-10-22 16:51 132608 c:\windows\BricoPacks\SysFiles\54_sndrec32.exe + 2009-08-27 11:54 . 2009-10-22 16:51 149504 c:\windows\BricoPacks\SysFiles\48_regedit.exe + 2009-08-27 11:54 . 2009-10-22 16:51 345088 c:\windows\BricoPacks\SysFiles\31_mspaint.exe + 2009-08-27 11:54 . 2009-10-22 16:51 247808 c:\windows\BricoPacks\SysFiles\26_migwiz.exe + 2009-08-27 11:54 . 2009-10-22 16:51 769024 c:\windows\BricoPacks\SysFiles\17_helpctr.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB973869_0$\spuninst\spuninst.exe + 2009-08-27 11:40 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB973869$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB973815_0$\spuninst\spuninst.exe + 2009-08-27 11:40 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB973815$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe + 2009-08-28 18:33 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB973507_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB973507$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB973354_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB973354$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB972260_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB972260$\spuninst\spuninst.exe + 2009-09-10 13:37 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB971961$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB971657_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB971657$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB971633_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB971557_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB971557$\spuninst\spuninst.exe + 2009-08-27 01:10 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB970653-v3$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB970238_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe + 2009-09-10 13:37 . 2009-10-22 16:51 231288 c:\windows\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB968537_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe + 2009-08-30 01:30 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB968389$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB967715_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB961501_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB961371-v2_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB961371-v2$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB960859_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB960859$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB960803_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB960225_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB960225$\spuninst\spuninst.exe + 2009-08-23 00:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB959426_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB958687_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB958644_0$\spuninst\spuninst.exe + 2009-08-27 11:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 216288 c:\windows\$NtUninstallKB958470$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB957097_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe + 2009-09-10 13:37 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB956844$\spuninst\spuninst.exe + 2009-08-23 00:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB956803_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB956802_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe + 2009-08-28 18:33 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB956744$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 218112 c:\windows\$NtUninstallKB956572_0$\wmiprvse.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB956572_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2009-10-22 16:51 218112 c:\windows\$NtUninstallKB956572$\wmiprvse.exe + 2009-08-27 11:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB956572$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB955069_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB954600_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe + 2009-08-28 18:33 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe + 2009-08-23 00:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB952004_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe + 2009-08-28 18:33 . 2009-10-22 16:51 155648 c:\windows\$NtUninstallKB951978$\wscript.exe + 2009-08-28 18:33 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe + 2009-08-23 00:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe + 2009-08-23 00:39 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 216288 c:\windows\$NtUninstallKB944338-v2$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 216288 c:\windows\$NtUninstallKB941569$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB938464-v2_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB938464-v2$\spuninst\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 216288 c:\windows\$NtUninstallKB935448$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 216288 c:\windows\$NtUninstallKB923689$\spuninst\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 217088 c:\windows\$NtUninstallKB923561_0$\wordpad.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB923561_0$\spuninst\spuninst.exe + 2009-08-27 11:38 . 2009-10-22 16:51 217088 c:\windows\$NtUninstallKB923561$\wordpad.exe + 2009-08-27 11:38 . 2009-10-22 16:51 234360 c:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe + 2009-08-22 22:06 . 2009-10-22 16:51 212704 c:\windows\$NtUninstallKB898461$\spuninst\spuninst.exe + 2009-08-22 19:11 . 2009-10-22 16:51 209632 c:\windows\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe + 2009-08-27 11:32 . 2009-10-22 16:51 288768 c:\windows\$NtServicePackUninstall$\wuauclt1.exe + 2009-08-27 11:32 . 2009-10-22 16:51 114688 c:\windows\$NtServicePackUninstall$\wscript.exe + 2009-08-27 11:32 . 2009-10-22 16:51 218112 c:\windows\$NtServicePackUninstall$\wordpad.exe + 2009-08-27 11:32 . 2009-10-22 16:51 227840 c:\windows\$NtServicePackUninstall$\wmiprvse.exe + 2009-08-27 11:32 . 2009-10-22 16:51 196608 c:\windows\$NtServicePackUninstall$\wmiadap.exe + 2009-08-27 11:32 . 2009-10-22 16:51 285696 c:\windows\$NtServicePackUninstall$\winhlp32.exe + 2009-08-27 11:32 . 2009-10-22 16:51 887808 c:\windows\$NtServicePackUninstall$\wiaacmgr.exe + 2009-08-27 11:32 . 2009-10-22 16:51 118272 c:\windows\$NtServicePackUninstall$\wbemtest.exe + 2009-08-27 11:32 . 2009-10-22 16:51 208896 c:\windows\$NtServicePackUninstall$\unregmp2.exe + 2009-08-27 11:32 . 2009-10-22 16:51 347136 c:\windows\$NtServicePackUninstall$\tourstrt.exe + 2009-08-27 11:32 . 2009-10-22 16:51 347136 c:\windows\$NtServicePackUninstall$\tourstart.exe + 2009-08-27 11:32 . 2009-10-22 16:51 185856 c:\windows\$NtServicePackUninstall$\taskmgr.exe + 2009-08-27 11:32 . 2009-10-22 16:51 182784 c:\windows\$NtServicePackUninstall$\sysocmgr.exe + 2009-08-27 11:33 . 2009-10-22 16:51 234360 c:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe + 2009-08-27 11:32 . 2009-10-22 16:51 539136 c:\windows\$NtServicePackUninstall$\spider.exe + 2009-08-27 11:32 . 2009-10-22 16:51 181248 c:\windows\$NtServicePackUninstall$\sndrec32.exe + 2009-08-27 11:32 . 2009-10-22 16:51 774144 c:\windows\$NtServicePackUninstall$\setup_wm.exe + 2009-08-27 11:32 . 2009-10-22 16:51 382976 c:\windows\$NtServicePackUninstall$\rstrui.exe + 2009-08-27 11:32 . 2009-10-22 16:51 227328 c:\windows\$NtServicePackUninstall$\regedit.exe + 2009-08-27 11:32 . 2009-10-22 16:51 109568 c:\windows\$NtServicePackUninstall$\progman.exe + 2009-08-27 11:32 . 2009-10-22 16:51 283136 c:\windows\$NtServicePackUninstall$\pinball.exe + 2009-08-27 11:32 . 2009-10-22 16:51 216064 c:\windows\$NtServicePackUninstall$\osk.exe + 2009-08-27 11:32 . 2009-10-22 16:51 156160 c:\windows\$NtServicePackUninstall$\notepad.exe + 2009-08-27 11:32 . 2009-10-22 16:51 332288 c:\windows\$NtServicePackUninstall$\netsetup.exe + 2009-08-27 11:32 . 2009-10-22 16:51 408576 c:\windows\$NtServicePackUninstall$\mstsc.exe + 2009-08-27 11:32 . 2009-10-22 16:51 442368 c:\windows\$NtServicePackUninstall$\mspaint.exe + 2009-08-27 11:32 . 2009-10-22 16:51 224256 c:\windows\$NtServicePackUninstall$\msimn.exe + 2009-08-27 11:32 . 2009-10-22 16:51 159744 c:\windows\$NtServicePackUninstall$\msconfig.exe + 2009-08-27 11:32 . 2009-10-22 16:51 124928 c:\windows\$NtServicePackUninstall$\mplay32.exe + 2009-08-27 11:32 . 2009-10-22 16:51 143872 c:\windows\$NtServicePackUninstall$\mobsync.exe + 2009-08-27 11:32 . 2009-10-22 16:51 815616 c:\windows\$NtServicePackUninstall$\mmc.exe + 2009-08-27 11:32 . 2009-10-22 16:51 540672 c:\windows\$NtServicePackUninstall$\migwiz.exe + 2009-08-27 11:32 . 2009-10-22 16:51 786432 c:\windows\$NtServicePackUninstall$\migrate.exe + 2009-08-27 11:32 . 2009-10-22 16:51 103936 c:\windows\$NtServicePackUninstall$\migload.exe + 2009-08-27 11:32 . 2009-10-22 16:51 114688 c:\windows\$NtServicePackUninstall$\iexpress.exe + 2009-08-27 11:32 . 2009-10-22 16:51 832512 c:\windows\$NtServicePackUninstall$\iexplore.exe + 2009-08-27 11:32 . 2009-10-22 16:51 216576 c:\windows\$NtServicePackUninstall$\icwconn1.exe + 2009-08-27 11:32 . 2009-10-22 16:51 764928 c:\windows\$NtServicePackUninstall$\helpctr.exe + 2009-08-27 11:32 . 2009-10-22 16:51 233472 c:\windows\$NtServicePackUninstall$\fxscover.exe + 2009-08-27 11:32 . 2009-10-22 16:51 143360 c:\windows\$NtServicePackUninstall$\fxsclnt.exe + 2009-08-27 11:32 . 2009-10-22 16:51 193024 c:\windows\$NtServicePackUninstall$\fsquirt.exe + 2009-08-27 11:32 . 2009-10-22 16:51 109328 c:\windows\$NtServicePackUninstall$\fp98swin.exe + 2009-08-27 11:32 . 2009-10-22 16:51 961536 c:\windows\$NtServicePackUninstall$\explorer.exe + 2009-08-27 11:32 . 2009-10-22 16:51 194048 c:\windows\$NtServicePackUninstall$\eudcedit.exe + 2009-08-27 11:32 . 2009-10-22 16:51 180224 c:\windows\$NtServicePackUninstall$\dwwin.exe + 2009-08-27 11:32 . 2009-10-22 16:51 545792 c:\windows\$NtServicePackUninstall$\dialer.exe + 2009-08-27 11:32 . 2009-10-22 16:51 104960 c:\windows\$NtServicePackUninstall$\dfrgntfs.exe + 2009-08-27 11:32 . 2009-10-22 16:51 103424 c:\windows\$NtServicePackUninstall$\clipbrd.exe + 2009-08-27 11:32 . 2009-10-22 16:51 109056 c:\windows\$NtServicePackUninstall$\cleanmgr.exe + 2009-08-27 11:32 . 2009-10-22 16:51 188480 c:\windows\$NtServicePackUninstall$\cfgwiz.exe + 2009-08-27 11:32 . 2009-10-22 16:51 256512 c:\windows\$NtServicePackUninstall$\agentsvr.exe + 2009-08-27 11:32 . 2009-10-22 16:51 187904 c:\windows\$NtServicePackUninstall$\accwiz.exe + 2009-08-22 22:06 . 2009-10-22 16:51 212704 c:\windows\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB973869\update\update.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB973869\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB973815\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB973815\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB973507\update\update.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB973507\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB973354\update\update.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB973354\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB973346\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB973346\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB972260\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB972260\spuninst.exe + 2009-09-10 13:37 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB971961\update\update.exe + 2009-09-10 13:37 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB971961\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB971657\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB971657\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB971633\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB971633\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB971557\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB971557\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB970238\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB970238\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB968537\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB968537\spuninst.exe + 2009-08-30 01:30 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB968389\update\update.exe + 2009-08-30 01:30 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB968389\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB967715\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB967715\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB961501\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB961501\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB961371-v2\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB961371-v2\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB960859\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB960859\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB960803\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB960803\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB960225\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB960225\spuninst.exe + 2009-08-23 00:39 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB959426\update\update.exe + 2009-08-23 00:39 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB959426\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB958687\update\update.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB958687\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB958644\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB958644\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 723680 c:\windows\$hf_mig$\KB958470\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 216288 c:\windows\$hf_mig$\KB958470\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB957097\update\update.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB957097\spuninst.exe + 2009-09-10 13:37 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB956844\update\update.exe + 2009-09-10 13:37 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB956844\spuninst.exe + 2009-08-23 00:39 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB956803\update\update.exe + 2009-08-23 00:39 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB956803\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB956802\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB956802\spuninst.exe + 2009-08-28 18:33 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB956744\update\update.exe + 2009-08-28 18:33 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB956744\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB956572\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB956572\spuninst.exe + 2009-08-22 23:01 . 2009-10-22 16:51 227840 c:\windows\$hf_mig$\KB956572\SP3QFE\wmiprvse.exe + 2009-08-22 23:01 . 2009-10-22 16:51 227840 c:\windows\$hf_mig$\KB956572\SP3GDR\wmiprvse.exe + 2009-08-22 23:01 . 2009-10-22 16:51 227840 c:\windows\$hf_mig$\KB956572\SP2QFE\wmiprvse.exe + 2009-08-23 00:38 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB955839\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB955839\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB955069\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB955069\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB954600\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB954600\spuninst.exe + 2009-08-28 18:33 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB954459\update\update.exe + 2009-08-28 18:33 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB954459\spuninst.exe + 2009-08-23 00:39 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB952954\update\update.exe + 2009-08-23 00:39 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB952954\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB952287\update\update.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB952287\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB952004\update\update.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB952004\spuninst.exe + 2009-08-28 18:33 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB951978\update\update.exe + 2009-08-28 18:33 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB951978\spuninst.exe + 2008-05-08 11:24 . 2009-10-22 16:51 155648 c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe + 2009-08-23 00:36 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB951748\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB951748\spuninst.exe + 2009-08-23 00:39 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB951376-v2\update\update.exe + 2009-08-23 00:39 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB951376-v2\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB951066\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB951066\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB950974\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB950974\spuninst.exe + 2009-08-23 00:37 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB950762\update\update.exe + 2009-08-23 00:37 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB950762\spuninst.exe + 2009-08-23 00:39 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB946648\update\update.exe + 2009-08-23 00:39 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB946648\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 723680 c:\windows\$hf_mig$\KB944338-v2\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 216288 c:\windows\$hf_mig$\KB944338-v2\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB938464-v2\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB938464-v2\spuninst.exe + 2009-08-23 00:38 . 2009-10-22 16:51 723680 c:\windows\$hf_mig$\KB935448\update\update.exe + 2009-08-23 00:38 . 2009-10-22 16:51 216288 c:\windows\$hf_mig$\KB935448\spuninst.exe + 2009-08-23 00:36 . 2009-10-22 16:51 763256 c:\windows\$hf_mig$\KB923561\update\update.exe + 2009-08-23 00:36 . 2009-10-22 16:51 234360 c:\windows\$hf_mig$\KB923561\spuninst.exe + 2009-08-22 22:52 . 2009-10-22 16:51 218112 c:\windows\$hf_mig$\KB923561\SP3QFE\wordpad.exe + 2009-08-22 22:52 . 2009-10-22 16:51 218112 c:\windows\$hf_mig$\KB923561\SP3GDR\wordpad.exe + 2009-08-22 22:52 . 2009-10-22 16:51 218112 c:\windows\$hf_mig$\KB923561\SP2QFE\wordpad.exe + 2009-08-22 18:47 . 2009-10-22 16:51 723680 c:\windows\$hf_mig$\KB911164\update\update.exe + 2009-08-22 18:47 . 2009-10-22 16:51 216288 c:\windows\$hf_mig$\KB911164\spuninst.exe + 2009-08-22 22:06 . 2009-10-22 16:51 725728 c:\windows\$hf_mig$\KB898461\update\update.exe + 2009-08-22 22:06 . 2009-10-22 16:51 212704 c:\windows\$hf_mig$\KB898461\spuninst.exe + 2008-04-14 17:21 . 2009-10-22 16:52 1695232 c:\windows\ServicePackFiles\ServicePackCache\i386\msmsgs.exe + 2008-04-14 17:21 . 2009-10-22 16:52 1695232 c:\windows\ServicePackFiles\i386\msmsgs.exe + 2008-04-14 17:21 . 2009-10-22 16:52 3676160 c:\windows\ServicePackFiles\i386\moviemk.exe + 2008-04-14 17:21 . 2009-10-22 16:52 1414656 c:\windows\ServicePackFiles\i386\mmc.exe + 2008-04-14 17:21 . 2009-10-22 16:51 1036288 c:\windows\ServicePackFiles\i386\conf.exe + 2009-08-27 11:54 . 2009-10-22 16:51 3676160 c:\windows\BricoPacks\Vista Inspirat 2\PackFiles\82_moviemk.exe + 2009-08-27 11:54 . 2009-10-22 16:51 3555328 c:\windows\BricoPacks\SysFiles\82_moviemk.exe + 2009-08-27 11:54 . 2009-10-22 16:51 1020928 c:\windows\BricoPacks\SysFiles\14_explorer.exe + 2009-08-27 11:32 . 2009-10-22 16:51 1667584 c:\windows\$NtServicePackUninstall$\msmsgs.exe + 2009-08-27 11:32 . 2009-10-22 16:51 3676160 c:\windows\$NtServicePackUninstall$\moviemk.exe + 2009-08-27 11:32 . 2009-10-22 16:51 1036288 c:\windows\$NtServicePackUninstall$\conf.exe . -- Migawka wyzerowana -- . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "IPLA!"="c:\program files\ipla\ipla.exe" [2009-08-13 4726168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-22 198160] "UUSeeMediaCenter"="c:\progra~1\COMMON~1\uusee\UUSeeMediaCenter.exe" [2009-09-25 906544] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-12 16132608] c:\documents and settings\Arsenal\Menu Start\Programy\Autostart\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784] TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] c:\documents and settings\dawid\Menu Start\Programy\Autostart\ TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224] Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648] c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\ Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2009-8-22 950272] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\uusee\\UUSeePlayer.exe"= "c:\\Program Files\\Common Files\\uusee\\UUSeeMediaCenter.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2009-08-22 450560] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] . Zawartość folderu 'Zaplanowane zadania' 2009-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:57] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\ywv0iu65.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl) FF - plugin: c:\documents and settings\dawid\Dane aplikacji\Mozilla\Firefox\Profiles\ywv0iu65.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\documents and settings\dawid\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-22 19:01 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run UUSeeMediaCenter = "c:\progra~1\COMMON~1\uusee\UUSeeMediaCenter.exe"???????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(796) c:\windows\system32\scecli.dll . Czas ukończenia: 2009-10-22 19:02 ComboFix-quarantined-files.txt 2009-10-22 17:02 ComboFix2.txt 2009-10-21 22:35 ComboFix3.txt 2009-10-21 21:05 ComboFix4.txt 2009-10-21 17:51 Przed: 12 694 491 136 bajtów wolnych Po: 12 937 617 408 bajtów wolnych - - End Of File - - 95D11DA91C536C4254D8D3E51869702B [/log] Edytowane 22 października 2009 przez dawidafc
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.