Sulski utworzono 8 lutego 2010 utworzono 8 lutego 2010 (edytowane) Witam , moj problem z internetem objawia sie nie wczytywaniem stron , musze poodswiezac parenascie razy aby wskoczylo ... Dlatego tez zamieszczam logi z programow ktore mialem na dysku, bo sciagniecie czegokolwiek graniczy z cudem. Pozdrawiam i z gory dziekuje za pomoc hijack : [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:54:00, on 2010-02-08 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Opera\opera.exe C:\Program Files\Gadu-Gadu 10\gg.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WindowZ IE O2 - BHO: CommandBar.CtrlMHook - {3f1ab67e-12aa-352e-b4e0-a5f1810b60dd} - mscoree.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\system32\FindeXer.dll O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing) O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing) O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing) O3 - Toolbar: (no name) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - (no file) O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-21-1801674531-1614895754-1417001333-1003\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe" (User 'Milena') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - S-1-5-18 Startup: Transparent fx - lite.lnk = C:\Program Files\Fadebar\Fadebar.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: z.cmd (User 'SYSTEM') O4 - .DEFAULT Startup: Transparent fx - lite.lnk = C:\Program Files\Fadebar\Fadebar.exe (User 'Default user') O4 - .DEFAULT Startup: z.cmd (User 'Default user') O4 - .DEFAULT User Startup: Transparent fx - lite.lnk = C:\Program Files\Fadebar\Fadebar.exe (User 'Default user') O4 - .DEFAULT User Startup: z.cmd (User 'Default user') O4 - Startup: Transparent fx - lite.lnk = C:\Program Files\Fadebar\Fadebar.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O13 - Gopher Prefix: O20 - AppInit_DLLs: prio.dll O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5498 bytes [/log] i combofix : [log]omboFix 10-02-08.01 - Sulski 2010-02-08 19:59:11.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1535.780 [GMT 1:00] Uruchomiony z: d:\muzyka\Muzyka z serialu Vampire Diares\ComboFix.exe FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Install.bat c:\windows\system32\msconfig.exe c:\windows\Uninstall.ini c:\windows\system32\proquota.exe . . . brak pliku!! . ((((((((((((((((((((((((( Pliki utworzone od 2010-01-08 do 2010-02-08 ))))))))))))))))))))))))))))))) . 2010-02-08 18:53 . 2010-02-08 18:53 -------- d-----w- c:\program files\Trend Micro 2010-02-07 18:31 . 2010-02-07 18:31 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\SpeedSim 2010-02-06 20:06 . 2010-02-07 19:52 1 ----a-w- c:\documents and settings\Mama\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-02-06 20:05 . 2010-02-06 20:05 -------- d-----w- c:\documents and settings\Mama\Dane aplikacji\OpenOffice.org 2010-02-06 15:29 . 2010-02-06 15:29 -------- d-----w- c:\program files\JRE 2010-02-06 15:28 . 2010-02-06 15:29 -------- d-----w- c:\program files\OpenOffice.org 3 2010-02-06 14:15 . 2010-02-06 14:15 -------- d-----w- c:\documents and settings\Mama\Dane aplikacji\Xentient 2010-02-06 14:15 . 2010-02-07 13:31 13416 ----a-w- c:\documents and settings\Mama\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-02-04 20:14 . 2010-02-04 20:14 -------- d-s---w- c:\documents and settings\Mama\Ulubione 2010-02-04 17:53 . 2010-02-04 20:15 -------- d-----w- c:\windows\SxsCaPendDel 2010-02-04 17:53 . 2010-02-04 17:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10 2010-02-04 17:53 . 2010-02-04 17:53 -------- d-----w- c:\program files\Gadu-Gadu 10 2010-02-04 17:47 . 2010-02-08 15:37 -------- d-----w- c:\documents and settings\Milena 2010-02-04 17:34 . 2010-02-04 17:34 -------- d-----w- c:\windows\Sun 2010-02-04 17:34 . 2010-02-04 17:34 -------- d-sh--w- c:\documents and settings\Sulski\PrivacIE . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-08 18:57 . 2010-02-08 18:10 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\Winamp 2010-02-08 18:10 . 2010-02-08 18:10 -------- d-----w- c:\program files\Winamp 2010-02-08 18:10 . 2010-02-08 18:10 -------- d-----w- c:\program files\Winamp Detect 2010-02-06 18:26 . 2010-02-04 16:02 13416 ----a-w- c:\documents and settings\Sulski\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-02-05 16:52 . 2010-02-05 16:52 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\Media Player Classic 2010-02-04 20:19 . 2010-02-04 20:19 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\Gadu-Gadu 10 2010-02-04 16:17 . 2008-04-15 12:00 77594 ----a-w- c:\windows\system32\perfc015.dat 2010-02-04 16:17 . 2008-04-15 12:00 454962 ----a-w- c:\windows\system32\perfh015.dat 2010-02-04 16:15 . 2010-02-04 16:15 -------- d-----w- c:\program files\Opera 2010-02-04 16:12 . 2010-02-04 16:05 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-04 16:11 . 2010-02-04 16:05 -------- d-----w- c:\program files\Common Files\InstallShield 2010-02-04 16:10 . 2010-02-04 16:04 -------- d-----w- c:\program files\NVIDIA Corporation 2010-02-04 16:07 . 2010-02-04 16:07 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\Xentient 2010-02-04 16:05 . 2010-02-04 16:05 -------- d-----w- c:\program files\Realtek Sound Manager 2010-02-04 16:05 . 2010-02-04 16:05 -------- d-----w- c:\program files\AvRack 2010-02-04 16:05 . 2010-02-04 16:05 -------- d-----w- c:\program files\Realtek AC97 2010-02-04 16:04 . 2010-02-04 16:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation 2010-02-04 16:00 . 2010-02-04 20:14 -------- d-----w- c:\documents and settings\Mama\Dane aplikacji\Finder Bar 2010-02-04 16:00 . 2010-02-04 16:02 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\Finder Bar 2010-02-04 16:00 . 2010-02-04 15:59 -------- d-----w- c:\documents and settings\Default User\Dane aplikacji\Finder Bar 2010-02-04 15:59 . 2010-02-04 15:59 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Xentient 2010-02-04 15:59 . 2010-02-04 15:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Finder Bar 2010-02-04 15:59 . 2010-02-04 15:59 -------- d-----w- c:\program files\FolderSize 2010-02-04 15:59 . 2010-02-04 15:59 138 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2010-02-04 15:59 . 2010-02-04 15:59 -------- d-----w- c:\program files\Command Prompt Explorer Bar 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\program files\VisualTaskTips 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\program files\Foxit 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\program files\StyleFolder 2010-02-04 15:55 . 2010-02-04 15:55 53812 ----a-w- c:\windows\uninst-vj.exe 2010-02-04 15:55 . 2010-02-04 15:55 172032 ----a-w- c:\windows\vjpeg.exe 2010-02-04 15:55 . 2010-02-04 15:55 82898 ----a-w- c:\windows\uninstall.exe 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\program files\Quizo 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\program files\QuickTime Alternative 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\program files\RegCompact.NET 2010-02-04 15:55 . 2010-02-04 15:54 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\System 2010-02-04 15:54 . 2010-02-04 15:54 410984 ----a-w- c:\windows\system32\deploytk.dll 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\Java 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\Drive Space Indicator 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\Driver Magician 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\Defraggler 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\CDBurnerXP 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\CCleaner 2010-02-04 15:49 . 2010-02-04 15:49 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-04 15:49 . 2010-02-04 15:49 -------- d-----w- c:\program files\Windows Media Connect 2 2009-11-21 02:34 . 2010-02-04 16:03 69632 ----a-w- c:\windows\system32\OpenCL.dll 2009-11-21 02:34 . 2010-02-04 16:03 4038656 ----a-w- c:\windows\system32\nvcuda.dll 2009-11-21 02:34 . 2010-02-04 16:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2009-11-21 02:34 . 2010-02-04 16:03 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-11-21 02:34 . 2010-02-04 16:03 182888 ----a-w- c:\windows\system32\nvcodins.dll 2009-11-21 02:34 . 2010-02-04 16:03 182888 ----a-w- c:\windows\system32\nvcod.dll 2009-11-21 02:34 . 2010-02-04 16:03 13602816 ----a-w- c:\windows\system32\nvoglnt.dll 2009-11-21 02:34 . 2010-02-04 16:03 11374592 ----a-w- c:\windows\system32\nvcompiler.dll 2009-11-21 02:34 . 2010-02-04 16:03 1056768 ----a-w- c:\windows\system32\nvapi.dll 2009-11-21 02:34 . 2010-02-04 16:03 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-11-21 02:34 . 2010-02-04 16:03 6282752 ----a-w- c:\windows\system32\nv4_disp.dll 2009-11-21 02:34 . 2010-02-04 16:03 2293286 ----a-w- c:\windows\system32\nvdata.bin . ------- Sigcheck ------- [-] 2009-06-25 . DF70435F3D17C40D5CB15E6DC918342E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2009-06-25 . E3AE414813DA8279B2328CFE2D13ED70 . 629760 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2009-06-23 . 150852B3EB5F0C3FB44D38D0375578BB . 8356864 . . [8.00.6001.22873] . . c:\windows\system32\mshtml.dll [-] 2009-06-24 . 1146504E5B0E43C4E5CE70E42F025A26 . 2191744 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe [-] 2009-06-14 . 44E3FE403A9F8A64B1306AAC62B52952 . 678400 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2009-06-14 . AC074B7C8D9966B5019E25EF8C527F54 . 1591808 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2009-06-13 19:06 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2009-06-24 . C71E5B92124E8E8F6B9294E3E5FC8129 . 2068864 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe c:\windows\System32\ctfmon.exe ... - brak elementu !! c:\windows\System32\regsvc.dll ... - brak elementu !! . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Resume copy"="copyfstq.exe" [2003-06-10 57344] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544] "SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-01-17 84480] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-18 39424] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-06-25 128512] c:\windows\system32\config\systemprofile\Menu Start\Programy\Autostart\ Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-2-4 211333] z.cmd [2009-5-8 389] c:\documents and settings\Administrator\Menu Start\Programy\Autostart\ del.exe [2009-1-8 615759] run.lnk - c:\program files\WindowZ\Kreator post-instalacyjny\run.bat [2010-2-4 473] Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-2-4 211333] c:\documents and settings\Default User\Menu Start\Programy\Autostart\ Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-2-4 211333] z.cmd [2009-5-8 389] c:\documents and settings\Mama\Menu Start\Programy\Autostart\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-2-4 211333] c:\documents and settings\Sulski\Menu Start\Programy\Autostart\ Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-2-4 211333] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [2010-02-04 8576] S4 prio_svc;Prio Service;c:\program files\Prio\prio_svc.exe [2009-01-12 5120] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - BROWSER *NewlyCreated* - SRSERVICE *NewlyCreated* - VCDROM . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ LSP: %SYSTEMROOT%\system32\nvappfilter.dll . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-nwiz - nwiz.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-08 20:01 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(904) c:\program files\Prio\prio.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(976) c:\program files\Prio\prio.dll c:\windows\system32\scecli.dll . Czas ukończenia: 2010-02-08 20:02:10 ComboFix-quarantined-files.txt 2010-02-08 19:02 Przed: 36 037 087 232 bajtów wolnych Po: 36 060 639 232 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 68F431020C0708D917FFB3359162E326 [/log] dds : [log]DDS (Ver_09-12-01.01) - NTFSx86 Run by Sulski at 21:32:54,39 on 2010-02-08 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1535.766 [GMT 1:00] FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Gadu-Gadu 10\gg.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\opera.exe C:\Program Files\Winamp\winamp.exe C:\Documents and Settings\Sulski\Ustawienia lokalne\Dane aplikacji\Opera\Opera\temporary_downloads\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ BHO: CommandBar.CtrlMHook: {3f1ab67e-12aa-352e-b4e0-a5f1810b60dd} - mscoree.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Loader Class: {f880a4a8-c436-4ac4-afd1-aa0bdc9552dd} - c:\windows\system32\FindeXer.dll TB: QT Breadcrumbs Address Bar: {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll TB: {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - No File EB: {22E710B1-BA2D-4CD5-99C4-9081B8105A20} - No File EB: FindeXer: {377d8121-efaa-4d1c-981b-8bfad9f10de3} - c:\windows\system32\FindeXer.dll EB: Command Prompt /Ctrl+M/: {8689a69c-cc9d-3aec-9d7c-e7f409700c15} - mscoree.dll mRun: [Resume copy] copyfstq.exe /startup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [SoundMan] SOUNDMAN.EXE mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\sulski\menu start\programy\autostart\transparent fx - lite.lnk - c:\program files\fadebar\Fadebar.exe uPolicies-explorer: NoSMHelp = 1 (0x1) uPolicies-explorer: NoSMMyPictures = 1 (0x1) uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) uPolicies-explorer: NoResolveTrack = 1 (0x1) mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-system: DisableStatusMessages = 1 (0x1) dPolicies-explorer: NoSMHelp = 1 (0x1) dPolicies-explorer: NoSMMyPictures = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) dPolicies-explorer: NoResolveTrack = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe LSP: %SYSTEMROOT%\system32\nvappfilter.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll ============= SERVICES / DRIVERS =============== R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\system\cpl bonus\vcdrom.sys [2010-2-4 8576] S4 prio_svc;Prio Service;c:\program files\prio\prio_svc.exe [2009-1-12 5120] =============== Created Last 30 ================ 2010-02-08 18:58:41 0 d-sha-r- C:\cmdcons 2010-02-08 18:57:43 98816 ----a-w- c:\windows\sed.exe 2010-02-08 18:57:43 77312 ----a-w- c:\windows\MBR.exe 2010-02-08 18:57:43 261632 ----a-w- c:\windows\PEV.exe 2010-02-08 18:57:43 161792 ----a-w- c:\windows\SWREG.exe 2010-02-08 18:53:51 0 d-----w- c:\program files\Trend Micro 2010-02-08 18:10:35 0 d-----w- c:\program files\Winamp Detect 2010-02-07 18:31:59 0 d-----w- c:\docume~1\sulski\dane aplikacji\SpeedSim 2010-02-06 15:29:00 0 d-----w- c:\program files\JRE 2010-02-06 15:28:58 0 d-----w- c:\program files\OpenOffice.org 3 2010-02-04 20:19:52 0 d-----w- c:\docume~1\sulski\dane aplikacji\Gadu-Gadu 10 2010-02-04 17:53:32 0 d-----w- c:\windows\SxsCaPendDel 2010-02-04 17:53:25 0 d-----w- c:\docume~1\alluse~1\daneap~1\Gadu-Gadu 10 2010-02-04 17:53:22 0 d-----w- c:\program files\Gadu-Gadu 10 2010-02-04 17:34:06 0 d-sh--w- c:\documents and settings\sulski\PrivacIE 2010-02-04 16:45:57 0 d-----w- c:\program files\common files\ODBC 2010-02-04 16:45:37 0 d--h--w- c:\documents and settings\all users\Szablony 2010-02-04 16:45:37 0 d-----w- c:\documents and settings\all users\Ulubione 2010-02-04 16:45:37 0 d-----r- c:\documents and settings\all users\Menu Start 2010-02-04 16:45:37 0 d-----r- c:\documents and settings\all users\Dokumenty 2010-02-04 16:43:14 0 d--h--r- c:\documents and settings\all users\Dane aplikacji 2010-02-04 16:07:30 0 d-----w- c:\docume~1\sulski\dane aplikacji\Xentient 2010-02-04 16:05:27 0 d-----w- c:\program files\Realtek Sound Manager 2010-02-04 16:05:27 0 d-----w- c:\program files\AvRack 2010-02-04 16:05:20 0 d-----w- c:\program files\Realtek AC97 2010-02-04 16:04:17 0 d-----w- c:\docume~1\alluse~1\daneap~1\NVIDIA Corporation 2010-02-04 16:04:13 0 d-----w- c:\program files\NVIDIA Corporation 2010-02-04 16:02:06 0 d-----w- c:\docume~1\sulski\dane aplikacji\FindeXer 2010-02-04 16:02:06 0 d-----w- c:\docume~1\sulski\dane aplikacji\Finder Bar 2010-02-04 16:02:06 0 d-----w- c:\docume~1\sulski\dane aplikacji\AIMP 2010-02-04 15:59:51 0 d-----w- c:\documents and settings\all users\Pulpit 2010-02-04 15:59:51 0 d-----w- c:\docume~1\alluse~1\daneap~1\Finder Bar 2010-02-04 15:59:50 0 d-----w- c:\program files\FolderSize 2010-02-04 15:59:45 0 d-----w- c:\program files\Command Prompt Explorer Bar 2010-02-04 15:55:59 0 d---a-w- c:\program files\SubEdit-Player 2010-02-04 15:55:59 0 d-----w- c:\program files\Taskix 2010-02-04 15:55:59 0 d-----w- c:\program files\Stack 2010-02-04 15:55:59 0 d-----w- c:\program files\SpiritPyre Extensions 2010-02-04 15:55:58 0 d-----w- c:\program files\shutoffxp 2010-02-04 15:55:58 0 d-----w- c:\program files\Shell Picture 2010-02-04 15:55:58 0 d-----w- c:\program files\QDAcces 2010-02-04 15:55:57 0 d-----w- c:\program files\PNotes 2010-02-04 15:55:57 0 d-----w- c:\program files\Perlovga Removal Tool 2010-02-04 15:55:57 0 d-----w- c:\program files\MaZZicK 2010-02-04 15:55:57 0 d-----w- c:\program files\Ikony paska narzędzi 2010-02-04 15:55:57 0 d-----w- c:\program files\BESTplayer 2010-02-04 15:55:54 0 d-----w- c:\program files\IconZ 2010-02-04 15:55:54 0 d-----w- c:\program files\EdgeSwap 2010-02-04 15:55:52 0 d-----w- c:\program files\LClock 2010-02-04 15:55:52 0 d-----w- c:\program files\LaunchTab 2010-02-04 15:55:52 0 d-----w- c:\program files\GG Lite 2010-02-04 15:55:52 0 d-----w- c:\program files\DesktopListViewv1.0 2010-02-04 15:55:52 0 d-----w- c:\program files\Cymes Desktop Changer 1.7 2010-02-04 15:55:52 0 d-----w- c:\program files\AeroSnap 2010-02-04 15:55:52 0 d-----w- c:\program files\Aero shake 2010-02-04 15:55:49 0 d-----w- c:\program files\Fadebar 2010-02-04 15:55:49 0 d-----w- c:\program files\Contextaware 2010-02-04 15:55:46 0 d-----w- c:\program files\FreeRapiD-0.82 2010-02-04 15:55:45 0 d-----w- c:\program files\WinFlip 2010-02-04 15:55:45 0 d-----w- c:\program files\TrueTransparency 2010-02-04 15:55:39 0 d-----w- c:\program files\WindowZ 2010-02-04 15:55:39 0 d-----w- c:\program files\ViGlance OneStep 2010-02-04 15:55:39 0 d-----w- c:\program files\Thumbnail Resize 2010-02-04 15:55:38 0 d-----w- c:\program files\VisualTaskTips 2010-02-04 15:55:37 0 d-----w- c:\program files\VPX.PL Uploader 2010-02-04 15:55:33 0 d-----w- c:\program files\Foxit 2010-02-04 15:55:32 0 d-----w- c:\program files\Switch Off 2010-02-04 15:55:31 0 d-----w- c:\program files\StyleFolder 2010-02-04 15:55:21 0 d-----w- c:\program files\Quizo 2010-02-04 15:55:14 0 d-----w- c:\program files\QuickTime Alternative 2010-02-04 15:55:13 0 d-----w- c:\program files\Prio 2010-02-04 15:55:11 0 d-----w- c:\program files\RegCompact.NET 2010-02-04 15:54:58 0 d-----w- c:\program files\K-Lite Codec Pack 2010-02-04 15:54:55 0 d-----w- c:\program files\System 2010-02-04 15:54:31 0 d-----w- c:\program files\IrfanView 2010-02-04 15:54:29 0 d-----w- c:\program files\Drive Space Indicator 2010-02-04 15:54:24 0 d-----w- c:\program files\Driver Magician 2010-02-04 15:54:23 0 d-----w- c:\program files\Defraggler 2010-02-04 15:54:16 0 d-----w- c:\program files\CCleaner 2010-02-04 15:54:14 0 d-----w- c:\program files\AIMP2 2010-02-04 15:54:12 0 d-----w- c:\program files\TrueCrypt 2010-02-04 15:53:59 0 d-----w- c:\program files\AbiSuite2 2010-02-04 15:51:18 0 d-sh--w- c:\documents and settings\all users\DRM 2010-02-04 15:51:01 0 d--h--w- c:\program files\WindowsUpdate 2010-02-04 15:50:38 0 d-----w- c:\program files\common files\MSSoap 2010-02-04 15:49:19 0 d-----w- c:\program files\Windows Media Connect 2 2010-02-04 15:49:08 0 d-----w- c:\program files\Windows NT ==================== Find3M ==================== 2010-02-04 16:17:27 77594 ----a-w- c:\windows\system32\perfc015.dat 2010-02-04 16:17:27 454962 ----a-w- c:\windows\system32\perfh015.dat 2010-02-04 15:55:30 53812 ----a-w- c:\windows\uninst-vj.exe 2010-02-04 15:55:30 172032 ----a-w- c:\windows\vjpeg.exe 2010-02-04 15:55:27 82898 ----a-w- c:\windows\uninstall.exe 2010-02-04 15:54:42 410984 ----a-w- c:\windows\system32\deploytk.dll 2010-02-04 15:49:57 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-21 02:34:54 69632 ----a-w- c:\windows\system32\OpenCL.dll 2009-11-21 02:34:54 6282752 ----a-w- c:\windows\system32\nv4_disp.dll 2009-11-21 02:34:54 4038656 ----a-w- c:\windows\system32\nvcuda.dll 2009-11-21 02:34:54 2293286 ----a-w- c:\windows\system32\nvdata.bin 2009-11-21 02:34:54 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2009-11-21 02:34:54 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-11-21 02:34:54 182888 ----a-w- c:\windows\system32\nvcodins.dll 2009-11-21 02:34:54 182888 ----a-w- c:\windows\system32\nvcod.dll 2009-11-21 02:34:54 13602816 ----a-w- c:\windows\system32\nvoglnt.dll 2009-11-21 02:34:54 11374592 ----a-w- c:\windows\system32\nvcompiler.dll 2009-11-21 02:34:54 1056768 ----a-w- c:\windows\system32\nvapi.dll ============= FINISH: 21:33:00,98 =============== [/log] [log]UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2010-02-04 16:56:37 System Uptime: 2010-02-08 15:56:58 (6 hours ago) Motherboard: Gigabyte Technology Co., Ltd. | | GA-K8NMF-9 Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/200mhz ==== Disk Partitions ========================= A: is Removable E: is CDROM (CDFS) ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1: 2010-02-08 19:57:48 - Punkt kontrolny systemu ==== Installed Programs ====================== AbiWord 2.6.8 AbiWord Tools Plugins Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Shockwave Player 11.5 AIMP2 Aktualizacja zabezpieczeń dla systemu Windows XP (KB923561) Archiwizator WinRAR CCleaner (remove only) CDBurnerXP Command Prompt Explorer Bar Deep Space 3D Screensaver Defraggler (remove only) Detektor Winampa Drive Space Indicator Driver Magician 3.42 Folder Size for Windows Gadu-Gadu 10 HFSLIP Total Slipstream (v1.7.8, build 80614) HijackThis 2.0.2 IrfanView (remove only) Java(TM) 6 Update 13 K-Lite Mega Codec Pack 4.7.5 Kels' CPL Bonus Pack! Koi Fish 3D Screensaver Mechanical Clock 3D Screensaver Microsoft .NET Framework 1.1 SP1 Microsoft .NET Framework 2.0 Microsoft Visual C++ 2005 Redistributable NVIDIA Display Control Panel NVIDIA Drivers NVIDIA ForceWare Network Access Manager NVIDIA nView Desktop Manager OpenOffice.org 3.1 Opera 10.10 Poprawka Security Update dla produktu Microsoft .NET Framework 2.0 (KB917283) Poprawka Security Update dla produktu Microsoft .NET Framework 2.0 (KB922770) Prio v1.9.9.1732 QuickTime Alternative 2.8.0 Realtek AC'97 Audio REALTEK Gigabit and Fast Ethernet NIC Driver RegCompact.NET 2.0 StyleFolder 1.0.3 Switch Off Total Copy 1.1 NetHorror Edition Visual Task Tips 3.4 VJPEG Image Viewer (remove) VPX.PL Uploader 1.0 WebFldrs XP Winamp ==== End Of File =========================== [/log] I jeszcze udalo sie sciagnac OTL : [log]OTL logfile created on: 2010-02-08 21:38:10 - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Sulski\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 33,72 Gb Free Space | 86,32% Space Free | Partition Type: NTFS Drive D: | 193,82 Gb Total Space | 131,19 Gb Free Space | 67,69% Space Free | Partition Type: NTFS Drive E: | 36,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WINDOWZ Current User Name: Sulski Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-02-08 21:35:53 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sulski\Pulpit\OTL.exe PRC - [2010-01-20 13:05:04 | 012,067,432 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe PRC - [2009-12-18 01:31:52 | 001,551,712 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe PRC - [2009-12-18 01:30:48 | 000,039,424 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winampa.exe PRC - [2009-11-20 20:32:14 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2009-11-20 19:01:18 | 000,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009-06-14 14:36:55 | 001,591,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-15 13:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe PRC - [2006-08-02 22:12:00 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe PRC - [2005-04-29 18:22:26 | 000,266,240 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe PRC - [2005-04-29 18:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe PRC - [2005-04-29 18:18:24 | 000,131,136 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe PRC - [2005-04-29 18:18:08 | 000,057,412 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2005-01-17 07:43:46 | 000,084,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-02-08 21:35:53 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sulski\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-02-04 16:54:42 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-11-20 20:32:14 | 000,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2009-01-12 16:18:54 | 000,005,120 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Prio\prio_svc.exe -- (prio_svc) SRV - [2008-10-20 22:18:26 | 000,071,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2007-11-14 21:46:00 | 000,131,072 | ---- | M] (Brio) [Disabled | Stopped] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2005-04-29 18:21:06 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2005-04-29 18:18:24 | 000,131,136 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp) SRV - [2005-04-29 18:18:08 | 000,057,412 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-11-21 03:34:54 | 010,235,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009-06-25 14:02:54 | 000,069,168 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112) DRV - [2009-06-25 14:02:07 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts) DRV - [2009-06-25 14:02:06 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvrd32.sys -- (nvrd32) DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008-04-15 13:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-04-15 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2006-08-18 06:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005-05-17 10:45:12 | 000,076,288 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvraid.sys -- (nvraid) NVIDIA nForce(tm) DRV - [2005-05-17 10:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2005-04-05 20:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2005-04-05 20:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2001-12-19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Program Files\System\CPL Bonus\vcdrom.sys -- (vcdrom) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2008-04-15 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (Loader Class) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\system32\FindeXer.dll (A Part of the LessCliX Suite by Alianyn) O3 - HKLM\..\Toolbar: (no name) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {63AB4C54-3310-44c9-85D8-AA92C2263D58} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found. O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [Resume copy] C:\WINDOWS\copyfstq.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft) O4 - Startup: C:\Documents and Settings\Sulski\Menu Start\Programy\Autostart\Transparent fx - lite.lnk = C:\Program Files\Fadebar\Fadebar.exe (Nookian Apps) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Sulski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sulski\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-02-04 16:52:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-11-11 00:05:02 | 003,119,616 | R--- | M] () - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009-06-22 09:10:04 | 000,004,286 | R--- | M] () - E:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [2009-09-30 10:09:24 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-08 21:35:43 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sulski\Pulpit\OTL.exe [2010-02-08 20:02:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010-02-08 19:58:41 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010-02-08 19:57:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010-02-08 19:57:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010-02-08 19:57:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010-02-08 19:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010-02-08 19:57:21 | 000,000,000 | ---D | C] -- C:\Qoobox [2010-02-08 19:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010-02-08 19:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2010-02-08 19:10:31 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll [2010-02-08 19:10:31 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll [2010-02-08 19:10:31 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll [2010-02-08 19:10:31 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll [2010-02-08 19:10:31 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll [2010-02-08 19:10:31 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll [2010-02-08 19:10:31 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll [2010-02-08 19:10:31 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe [2010-02-08 19:10:31 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe [2010-02-08 19:10:31 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe [2010-02-08 19:10:31 | 000,044,944 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\PxHelp20.sys [2010-02-08 19:10:31 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys [2010-02-08 19:10:31 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys [2010-02-08 19:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2010-02-08 19:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\Winamp [2010-02-08 06:07:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sulski\Recent [2010-02-07 19:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\SpeedSim [2010-02-07 19:31:55 | 000,417,792 | ---- | C] (SpeedSim Developers) -- C:\Documents and Settings\Sulski\Pulpit\SpeedSim.exe [2010-02-07 19:31:55 | 000,225,280 | ---- | C] (SpeedSim Developers) -- C:\Documents and Settings\Sulski\Pulpit\SpeedKernel.dll [2010-02-07 19:31:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\WinRAR [2010-02-06 16:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\JRE [2010-02-06 16:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2010-02-06 16:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Pulpit\OpenOffice.org 3.1 (pl) Installation Files [2010-02-05 21:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Ustawienia lokalne\Dane aplikacji\cache [2010-02-05 17:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\Media Player Classic [2010-02-04 21:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\Gadu-Gadu 10 [2010-02-04 18:53:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2010-02-04 18:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-02-04 18:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10 [2010-02-04 18:34:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010-02-04 18:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\Sun [2010-02-04 18:34:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sulski\PrivacIE [2010-02-04 17:55:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Sulski\Moje dokumenty\Moje wideo [2010-02-04 17:55:53 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo [2010-02-04 17:47:35 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys [2010-02-04 17:46:55 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll [2010-02-04 17:46:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moja muzyka [2010-02-04 17:45:58 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer [2010-02-04 17:45:57 | 000,000,000 | ---D | C] -- C:\Program Files [2010-02-04 17:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC [2010-02-04 17:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files [2010-02-04 17:45:48 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll [2010-02-04 17:45:48 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll [2010-02-04 17:45:48 | 000,085,532 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll [2010-02-04 17:45:48 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2010-02-04 17:45:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2010-02-04 17:45:47 | 000,127,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL [2010-02-04 17:45:47 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL [2010-02-04 17:45:47 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL [2010-02-04 17:45:47 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL [2010-02-04 17:45:47 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV [2010-02-04 17:45:47 | 000,009,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL [2010-02-04 17:45:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL [2010-02-04 17:45:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV [2010-02-04 17:45:47 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV [2010-02-04 17:45:47 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV [2010-02-04 17:45:47 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV [2010-02-04 17:45:46 | 000,109,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL [2010-02-04 17:45:46 | 000,073,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV [2010-02-04 17:45:46 | 000,070,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL [2010-02-04 17:45:46 | 000,033,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL [2010-02-04 17:45:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV [2010-02-04 17:45:46 | 000,025,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV [2010-02-04 17:45:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE [2010-02-04 17:45:46 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL [2010-02-04 17:45:46 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV [2010-02-04 17:45:46 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV [2010-02-04 17:45:46 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK [2010-02-04 17:45:45 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV [2010-02-04 17:45:45 | 000,069,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL [2010-02-04 17:45:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll [2010-02-04 17:45:44 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll [2010-02-04 17:45:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start [2010-02-04 17:45:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty [2010-02-04 17:45:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Szablony [2010-02-04 17:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Ulubione [2010-02-04 17:43:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2010-02-04 17:43:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot [2010-02-04 17:43:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft [2010-02-04 17:43:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji [2010-02-04 17:42:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010-02-04 17:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings [2010-02-04 17:39:08 | 000,000,000 | --SD | C] -- C:\WINDOWS\Offline Web Pages [2010-02-04 17:39:08 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2010-02-04 17:39:08 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Web [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32 [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32 [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\system [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\security [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-pl [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\NLDRV [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\java [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\inf [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076 [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052 [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054 [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1045 [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042 [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041 [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037 [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033 [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031 [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028 [2010-02-04 17:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025 [2010-02-04 17:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\Macromedia [2010-02-04 17:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\Adobe [2010-02-04 17:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Ustawienia lokalne\Dane aplikacji\Opera [2010-02-04 17:16:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\Opera [2010-02-04 17:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2010-02-04 17:12:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS [2010-02-04 17:09:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations [2010-02-04 17:09:13 | 000,454,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\CapabilityTable.exe [2010-02-04 17:09:07 | 000,400,384 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizard.dll [2010-02-04 17:09:07 | 000,084,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvraidservice.exe [2010-02-04 17:09:07 | 000,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardde.dll [2010-02-04 17:09:07 | 000,080,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardpt.dll [2010-02-04 17:09:07 | 000,079,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardit.dll [2010-02-04 17:09:07 | 000,079,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardfr.dll [2010-02-04 17:09:07 | 000,079,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardes.dll [2010-02-04 17:09:07 | 000,079,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardel.dll [2010-02-04 17:09:07 | 000,078,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardsl.dll [2010-02-04 17:09:07 | 000,078,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardptb.dll [2010-02-04 17:09:07 | 000,077,824 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardru.dll [2010-02-04 17:09:07 | 000,077,312 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardtr.dll [2010-02-04 17:09:07 | 000,077,312 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardno.dll [2010-02-04 17:09:07 | 000,077,312 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardnl.dll [2010-02-04 17:09:07 | 000,077,312 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardcs.dll [2010-02-04 17:09:07 | 000,076,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardth.dll [2010-02-04 17:09:07 | 000,076,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardhu.dll [2010-02-04 17:09:07 | 000,076,288 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardsv.dll [2010-02-04 17:09:07 | 000,076,288 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardpl.dll [2010-02-04 17:09:07 | 000,076,288 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardfi.dll [2010-02-04 17:09:07 | 000,075,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardsk.dll [2010-02-04 17:09:07 | 000,075,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardEnu.dll [2010-02-04 17:09:07 | 000,075,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardda.dll [2010-02-04 17:09:07 | 000,075,264 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardeng.dll [2010-02-04 17:09:07 | 000,074,752 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardhe.dll [2010-02-04 17:09:07 | 000,073,216 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardar.dll [2010-02-04 17:09:07 | 000,068,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardko.dll [2010-02-04 17:09:07 | 000,068,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardja.dll [2010-02-04 17:09:07 | 000,067,072 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardzht.dll [2010-02-04 17:09:07 | 000,065,536 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidWizardzhc.dll [2010-02-04 17:09:07 | 000,021,504 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidel.dll [2010-02-04 17:09:07 | 000,020,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidsl.dll [2010-02-04 17:09:07 | 000,020,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidru.dll [2010-02-04 17:09:07 | 000,020,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidptb.dll [2010-02-04 17:09:07 | 000,020,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidpt.dll [2010-02-04 17:09:07 | 000,020,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidpl.dll [2010-02-04 17:09:07 | 000,020,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidnl.dll [2010-02-04 17:09:07 | 000,020,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidit.dll [2010-02-04 17:09:07 | 000,020,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidhu.dll [2010-02-04 17:09:07 | 000,020,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidfr.dll [2010-02-04 17:09:07 | 000,020,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaides.dll [2010-02-04 17:09:07 | 000,020,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidde.dll [2010-02-04 17:09:07 | 000,020,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidcs.dll [2010-02-04 17:09:07 | 000,020,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidtr.dll [2010-02-04 17:09:07 | 000,020,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidth.dll [2010-02-04 17:09:07 | 000,020,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidsv.dll [2010-02-04 17:09:07 | 000,020,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidsk.dll [2010-02-04 17:09:07 | 000,020,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidno.dll [2010-02-04 17:09:07 | 000,020,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidfi.dll [2010-02-04 17:09:07 | 000,020,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidEnu.dll [2010-02-04 17:09:07 | 000,020,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaideng.dll [2010-02-04 17:09:07 | 000,020,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidda.dll [2010-02-04 17:09:07 | 000,019,968 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidhe.dll [2010-02-04 17:09:07 | 000,019,968 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidar.dll [2010-02-04 17:09:07 | 000,019,456 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidko.dll [2010-02-04 17:09:07 | 000,019,456 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidja.dll [2010-02-04 17:09:07 | 000,018,944 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidzht.dll [2010-02-04 17:09:07 | 000,018,944 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidzhc.dll [2010-02-04 17:09:07 | 000,006,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvpt.dll [2010-02-04 17:09:07 | 000,006,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvde.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvtr.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvth.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvsv.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvsl.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvsk.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvru.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvptb.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvpl.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvno.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvnl.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvit.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvhu.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvhe.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvfr.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvfi.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSves.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvEnu.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSveng.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvel.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvda.dll [2010-02-04 17:09:07 | 000,006,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvcs.dll [2010-02-04 17:09:07 | 000,005,632 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvar.dll [2010-02-04 17:09:07 | 000,005,120 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvzht.dll [2010-02-04 17:09:07 | 000,005,120 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvzhc.dll [2010-02-04 17:09:07 | 000,005,120 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvko.dll [2010-02-04 17:09:07 | 000,005,120 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRaidSvja.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionzht.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionzhc.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectiontr.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionth.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionsv.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionsl.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionsk.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionru.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionptb.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionpt.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionpl.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionno.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionnl.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionko.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionja.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionit.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionhu.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionhe.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionfr.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionfi.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectiones.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionEnu.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectioneng.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionel.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionde.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionda.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectioncs.dll [2010-02-04 17:09:07 | 000,004,096 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvSataConnectionar.dll [2010-02-04 17:08:04 | 000,176,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvunrm.exe [2010-02-04 17:08:03 | 000,176,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvusmb.exe [2010-02-04 17:08:03 | 000,176,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE [2010-02-04 17:07:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2010-02-04 17:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\Xentient [2010-02-04 17:07:25 | 000,261,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvnrm.sys [2010-02-04 17:07:25 | 000,208,256 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvsnpu.sys [2010-02-04 17:07:25 | 000,092,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvatabus.sys [2010-02-04 17:07:25 | 000,092,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvata.sys [2010-02-04 17:07:25 | 000,076,288 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvraid.sys [2010-02-04 17:07:25 | 000,033,536 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\NVENETFD.sys [2010-02-04 17:07:25 | 000,012,928 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvnetbus.sys [2010-02-04 17:07:20 | 000,300,032 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\idecoi.dll [2010-02-04 17:07:20 | 000,201,728 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\fdco1ins.dll [2010-02-04 17:07:20 | 000,201,728 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\fdco1.dll [2010-02-04 17:07:20 | 000,032,256 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvconrm.dll [2010-02-04 17:07:20 | 000,009,728 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\bdco1ins.dll [2010-02-04 17:07:20 | 000,009,728 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\bdco1.dll [2010-02-04 17:05:29 | 004,017,536 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\alcxwdm.sys [2010-02-04 17:05:29 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys [2010-02-04 17:05:29 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax [2010-02-04 17:05:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll [2010-02-04 17:05:28 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys [2010-02-04 17:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek Sound Manager [2010-02-04 17:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\AvRack [2010-02-04 17:05:20 | 010,528,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe [2010-02-04 17:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97 [2010-02-04 17:05:19 | 018,804,736 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\alsndmgr.cpl [2010-02-04 17:05:19 | 000,577,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe [2010-02-04 17:05:19 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe [2010-02-04 17:05:19 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcrmv.exe [2010-02-04 17:05:19 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2010-02-04 17:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2010-02-04 17:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA Corporation [2010-02-04 17:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010-02-04 17:03:41 | 013,602,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll [2010-02-04 17:03:41 | 011,374,592 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll [2010-02-04 17:03:41 | 010,235,968 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys [2010-02-04 17:03:41 | 004,038,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll [2010-02-04 17:03:41 | 002,259,560 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll [2010-02-04 17:03:41 | 001,989,224 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll [2010-02-04 17:03:41 | 001,056,768 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll [2010-02-04 17:03:41 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll [2010-02-04 17:03:41 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll [2010-02-04 17:03:41 | 000,069,632 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll [2010-02-04 17:03:39 | 006,282,752 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll [2010-02-04 17:03:37 | 000,000,000 | ---D | C] -- C:\NVIDIA [2010-02-04 17:02:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sulski\IETldCache [2010-02-04 17:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\Identities [2010-02-04 17:02:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Sulski\Moje dokumenty\Moje obrazy [2010-02-04 17:02:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Sulski\Moje dokumenty\Moja muzyka [2010-02-04 17:02:22 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2010-02-04 17:02:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Sulski\Ulubione [2010-02-04 17:02:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Sulski\Moje dokumenty [2010-02-04 17:02:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Sulski\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-04 17:02:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sulski\SendTo [2010-02-04 17:02:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sulski\Cookies [2010-02-04 17:02:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sulski\Ustawienia lokalne [2010-02-04 17:02:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sulski\Szablony [2010-02-04 17:02:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sulski\PrintHood [2010-02-04 17:02:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Sulski\NetHood [2010-02-04 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Ustawienia lokalne\Dane aplikacji\Real [2010-02-04 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\Real [2010-02-04 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Pulpit [2010-02-04 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\nsq6BC.tmp [2010-02-04 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\Microsoft [2010-02-04 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Menu Start [2010-02-04 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\FindeXer [2010-02-04 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Ustawienia lokalne\Dane aplikacji\Finder Bar [2010-02-04 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\Finder Bar [2010-02-04 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji [2010-02-04 17:02:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sulski\Dane aplikacji\AIMP [2010-02-04 16:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Pulpit [2010-02-04 16:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Finder Bar [2010-02-04 16:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\FolderSize [2010-02-04 16:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Command Prompt Explorer Bar [2010-02-04 16:57:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010-02-04 16:57:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-04 16:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-02-04 16:57:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010-02-04 16:57:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2010-02-04 16:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-02-04 16:56:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2010-02-04 16:56:07 | 001,562,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe [2010-02-04 16:56:07 | 000,880,640 | ---- | C] (Xentient) -- C:\WINDOWS\System32\thumbs.dll [2010-02-04 16:56:07 | 000,414,208 | ---- | C] (MiTeC) -- C:\WINDOWS\System32\MPEISE.dll [2010-02-04 16:56:07 | 000,150,256 | ---- | C] (Moon Software) -- C:\WINDOWS\System32\UrlFileShellExt.dll [2010-02-04 16:56:07 | 000,134,656 | ---- | C] (BAxBEx Software) -- C:\WINDOWS\System32\ShellPicture.dll [2010-02-04 16:56:07 | 000,069,632 | ---- | C] (Villain) -- C:\WINDOWS\System32\TaskbarForms.exe [2010-02-04 16:56:07 | 000,053,248 | ---- | C] (Quizo) -- C:\WINDOWS\System32\QTFileTools.dll [2010-02-04 16:56:07 | 000,036,864 | ---- | C] (Quizo) -- C:\WINDOWS\System32\QTViewModeButton.dll [2010-02-04 16:56:07 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phototoys.dll [2010-02-04 16:56:07 | 000,020,480 | ---- | C] (Quizo) -- C:\WINDOWS\System32\OptionButton.dll [2010-02-04 16:56:06 | 000,609,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx [2010-02-04 16:56:06 | 000,488,448 | ---- | C] (MiTeC) -- C:\WINDOWS\System32\MIPSE.dll [2010-02-04 16:56:06 | 000,387,584 | ---- | C] (MiTeC) -- C:\WINDOWS\System32\MAISE.dll [2010-02-04 16:56:06 | 000,185,856 | ---- | C] (A Part of the LessCliX Suite by Alianyn) -- C:\WINDOWS\System32\FindeXer.dll [2010-02-04 16:56:06 | 000,146,672 | ---- | C] (Moon Software) -- C:\WINDOWS\System32\FolderBackgroundShellExt.dll [2010-02-04 16:56:06 | 000,036,864 | ---- | C] (Quizo) -- C:\WINDOWS\System32\CreateNewItemButton.dll [2010-02-04 16:56:06 | 000,016,792 | ---- | C] (NTWind Software) -- C:\WINDOWS\System32\hstart.exe [2010-02-04 16:56:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\locale [2010-02-04 16:56:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\books [2010-02-04 16:56:05 | 001,312,256 | ---- | C] (Softpointer Inc) -- C:\WINDOWS\System32\AudioShellExt.dll [2010-02-04 16:56:05 | 000,150,256 | ---- | C] (Moon Software) -- C:\WINDOWS\System32\AnyFileShellExt.dll [2010-02-04 16:56:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe [2010-02-04 16:56:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Gry [2010-02-04 16:56:00 | 006,237,301 | ---- | C] (www.crazyscribbles.com) -- C:\WINDOWS\crazyscreen.scr [2010-02-04 16:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Taskix [2010-02-04 16:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\SubEdit-Player [2010-02-04 16:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Stack [2010-02-04 16:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\SpiritPyre Extensions [2010-02-04 16:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\shutoffxp [2010-02-04 16:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Shell Picture [2010-02-04 16:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\QDAcces [2010-02-04 16:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\PNotes [2010-02-04 16:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\Perlovga Removal Tool [2010-02-04 16:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\MaZZicK [2010-02-04 16:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ikony paska narzędzi [2010-02-04 16:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\BESTplayer [2010-02-04 16:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\IconZ [2010-02-04 16:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\EdgeSwap [2010-02-04 16:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\LClock [2010-02-04 16:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\LaunchTab [2010-02-04 16:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\GG Lite [2010-02-04 16:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\DesktopListViewv1.0 [2010-02-04 16:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Cymes Desktop Changer 1.7 [2010-02-04 16:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\AeroSnap [2010-02-04 16:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Aero shake [2010-02-04 16:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Fadebar [2010-02-04 16:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Contextaware [2010-02-04 16:55:46 | 000,000,000 | ---D | C] -- C:\Program Files\FreeRapiD-0.82 [2010-02-04 16:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinFlip [2010-02-04 16:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\TrueTransparency [2010-02-04 16:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\WindowZ [2010-02-04 16:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\ViGlance OneStep [2010-02-04 16:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Thumbnail Resize [2010-02-04 16:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\VisualTaskTips [2010-02-04 16:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\VPX.PL Uploader [2010-02-04 16:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2010-02-04 16:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit [2010-02-04 16:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\Switch Off [2010-02-04 16:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\StyleFolder [2010-02-04 16:55:30 | 000,172,032 | ---- | C] (Herf Consulting LLC) -- C:\WINDOWS\vjpeg.exe [2010-02-04 16:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Quizo [2010-02-04 16:55:20 | 000,090,112 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010-02-04 16:55:20 | 000,057,344 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts [2010-02-04 16:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer [2010-02-04 16:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative [2010-02-04 16:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Prio [2010-02-04 16:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\RegCompact.NET [2010-02-04 16:55:06 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll [2010-02-04 16:55:06 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2010-02-04 16:55:06 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2010-02-04 16:55:06 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2010-02-04 16:55:03 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm [2010-02-04 16:55:03 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll [2010-02-04 16:55:03 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm [2010-02-04 16:55:02 | 000,086,016 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll [2010-02-04 16:55:01 | 000,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll [2010-02-04 16:54:58 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll [2010-02-04 16:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Real [2010-02-04 16:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2010-02-04 16:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\System [2010-02-04 16:54:48 | 000,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2010-02-04 16:54:48 | 000,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010-02-04 16:54:48 | 000,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010-02-04 16:54:48 | 000,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010-02-04 16:54:48 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010-02-04 16:54:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010-02-04 16:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView [2010-02-04 16:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Drive Space Indicator [2010-02-04 16:54:25 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscomctl.ocx [2010-02-04 16:54:25 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll [2010-02-04 16:54:25 | 000,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XCEEDZIP.DLL [2010-02-04 16:54:25 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Tabctl32.ocx [2010-02-04 16:54:25 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Comdlg32.ocx [2010-02-04 16:54:25 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msinet.ocx [2010-02-04 16:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Magician [2010-02-04 16:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2010-02-04 16:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2010-02-04 16:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010-02-04 16:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\AIMP2 [2010-02-04 16:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt [2010-02-04 16:54:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2010-02-04 16:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\AbiSuite2 [2010-02-04 16:52:32 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly [2010-02-04 16:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp [2010-02-04 16:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET [2010-02-04 16:52:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-04 16:51:39 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll [2010-02-04 16:51:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache [2010-02-04 16:51:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM [2010-02-04 16:51:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje obrazy [2010-02-04 16:51:01 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate [2010-02-04 16:50:42 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll [2010-02-04 16:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services [2010-02-04 16:50:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll [2010-02-04 16:50:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2010-02-04 16:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2010-02-04 16:50:32 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll [2010-02-04 16:50:32 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll [2010-02-04 16:50:31 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll [2010-02-04 16:50:31 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe [2010-02-04 16:50:31 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll [2010-02-04 16:50:31 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll [2010-02-04 16:50:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll [2010-02-04 16:50:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2010-02-04 16:50:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll [2010-02-04 16:50:30 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe [2010-02-04 16:50:29 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll [2010-02-04 16:50:29 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll [2010-02-04 16:50:29 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll [2010-02-04 16:50:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore [2010-02-04 16:50:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll [2010-02-04 16:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express [2010-02-04 16:50:25 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll [2010-02-04 16:50:25 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll [2010-02-04 16:50:25 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll [2010-02-04 16:50:25 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll [2010-02-04 16:50:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe [2010-02-04 16:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System [2010-02-04 16:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared [2010-02-04 16:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer [2010-02-04 16:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2010-02-04 16:49:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration [2010-02-04 16:49:33 | 000,774,144 | ---- | C] (3Planesoft) -- C:\WINDOWS\System32\Deep Space 3D Screensaver.scr [2010-02-04 16:49:30 | 012,360,192 | ---- | C] (3Planesoft) -- C:\WINDOWS\System32\Deep Space 3D Screensaver.exe [2010-02-04 16:49:29 | 000,848,896 | ---- | C] (3Planesoft) -- C:\WINDOWS\System32\Mechanical Clock 3D Screensaver.scr [2010-02-04 16:49:28 | 002,529,280 | ---- | C] (3Planesoft) -- C:\WINDOWS\System32\Mechanical Clock 3D Screensaver.exe [2010-02-04 16:49:28 | 000,841,728 | ---- | C] (3Planesoft) -- C:\WINDOWS\System32\Koi Fish 3D Screensaver.scr [2010-02-04 16:49:25 | 010,203,136 | ---- | C] (3Planesoft) -- C:\WINDOWS\System32\Koi Fish 3D Screensaver.exe [2010-02-04 16:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2010-02-04 16:49:18 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe [2010-02-04 16:49:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe [2010-02-04 16:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player [2010-02-04 16:49:17 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll [2010-02-04 16:49:16 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe [2010-02-04 16:49:15 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe [2010-02-04 16:49:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe [2010-02-04 16:49:15 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe [2010-02-04 16:49:15 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe [2010-02-04 16:49:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe [2010-02-04 16:49:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe [2010-02-04 16:49:14 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe [2010-02-04 16:49:14 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe [2010-02-04 16:49:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe [2010-02-04 16:49:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe [2010-02-04 16:49:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe [2010-02-04 16:49:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll [2010-02-04 16:49:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe [2010-02-04 16:49:14 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll [2010-02-04 16:49:08 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe [2010-02-04 16:49:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl [2010-02-04 16:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT [2010-02-04 16:49:07 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe [2010-02-04 16:49:07 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe [2010-02-04 16:49:07 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe [2010-02-04 16:49:06 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll [2010-02-04 16:49:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll [2010-02-04 16:49:06 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll [2010-02-04 16:49:06 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll [2010-02-04 16:49:05 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe [2010-02-04 16:49:05 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll [2010-02-04 16:49:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe [2010-02-04 16:49:05 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe [2010-02-04 16:49:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll [2010-02-04 16:49:04 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll [2010-02-04 16:49:04 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll [2010-02-04 16:49:04 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe [2010-02-04 16:49:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll [2010-02-04 16:49:04 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe [2010-02-04 16:49:04 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll [2010-02-04 16:49:04 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll [2010-02-04 16:49:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc [2010-02-04 16:49:03 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll [2010-02-04 16:49:03 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll [2010-02-04 16:49:03 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll [2010-02-04 16:49:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll [2010-02-04 16:49:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe [2010-02-04 16:49:02 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll [2010-02-04 16:49:02 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll [2010-02-04 16:49:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll [2010-02-04 16:49:02 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll [2010-02-04 16:49:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll [2010-02-04 16:49:02 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll [2010-02-04 16:49:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll [2010-02-04 16:49:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll [2010-02-04 16:49:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll [2010-02-04 16:49:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com [2010-02-04 16:49:01 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll [2010-02-04 16:49:01 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll [2010-02-04 16:49:01 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll [2010-02-04 16:49:01 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll [2010-02-04 16:49:01 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll [2010-02-04 16:48:55 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll [2010-02-04 16:48:55 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll [2010-02-04 16:48:55 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll [2010-02-04 16:48:55 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Sulski\*.tmp files -> C:\Documents and Settings\Sulski\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-02-08 21:35:53 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sulski\Pulpit\OTL.exe [2010-02-08 21:34:30 | 000,003,380 | ---- | M] () -- C:\WINDOWS\System32\NOTEPAD.ini [2010-02-08 20:02:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-08 20:01:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-02-08 19:58:42 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010-02-08 19:53:51 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Sulski\Pulpit\HijackThis.lnk [2010-02-08 19:10:35 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Winamp.lnk [2010-02-08 16:37:50 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-02-08 15:57:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-08 06:07:11 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Sulski\NTUSER.DAT [2010-02-07 23:36:30 | 004,829,500 | -H-- | M] () -- C:\Documents and Settings\Sulski\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-07 19:31:49 | 000,317,101 | ---- | M] () -- C:\Documents and Settings\Sulski\Pulpit\SpeedSim.zip [2010-02-06 19:27:43 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Sulski\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-06 19:26:57 | 000,013,416 | ---- | M] () -- C:\Documents and Settings\Sulski\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-02-06 19:13:53 | 000,110,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-02-06 16:29:28 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenOffice.org 3.1.lnk [2010-02-06 15:15:00 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Sulski\ntuser.ini [2010-02-06 13:02:05 | 000,011,288 | ---- | M] () -- C:\Documents and Settings\Sulski\Pulpit\skrzypkopia7wn.jpg [2010-02-04 18:53:27 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2010-02-04 18:53:27 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2010-02-04 18:31:08 | 000,312,859 | ---- | M] () -- C:\Documents and Settings\Sulski\Pulpit\mapa-polityczna-swiata.jpg [2010-02-04 17:46:01 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2010-02-04 17:17:27 | 001,003,792 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-02-04 17:17:27 | 000,454,962 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-02-04 17:17:27 | 000,398,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-02-04 17:17:27 | 000,077,594 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-02-04 17:17:27 | 000,061,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-02-04 17:15:58 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2010-02-04 17:10:31 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\NVIDIA Firewall.lnk [2010-02-04 17:10:26 | 000,001,024 | ---- | M] () -- C:\.rnd [2010-02-04 17:10:21 | 000,000,022 | ---- | M] () -- C:\WINDOWS\FileName [2010-02-04 17:05:27 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AvRack.lnk [2010-02-04 17:02:33 | 000,001,474 | ---- | M] () -- C:\Documents and Settings\Sulski\Menu Start\Programy\Autostart\Transparent fx - lite.lnk [2010-02-04 16:57:39 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-04 16:56:53 | 000,001,314 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2010-02-04 16:55:30 | 000,172,032 | ---- | M] (Herf Consulting LLC) -- C:\WINDOWS\vjpeg.exe [2010-02-04 16:55:30 | 000,053,812 | ---- | M] () -- C:\WINDOWS\uninst-vj.exe [2010-02-04 16:55:27 | 000,082,898 | ---- | M] () -- C:\WINDOWS\uninstall.exe [2010-02-04 16:54:42 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2010-02-04 16:54:42 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010-02-04 16:54:42 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010-02-04 16:54:42 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010-02-04 16:54:42 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010-02-04 16:52:12 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-02-04 16:52:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-02-04 16:52:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-02-04 16:52:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini [2010-02-04 16:52:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-02-04 16:52:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-02-04 16:52:10 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini [2010-02-04 16:52:06 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010-02-04 16:52:06 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010-02-04 16:52:05 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010-02-04 16:51:39 | 000,004,293 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010-02-04 16:51:09 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2010-02-04 16:51:09 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010-02-04 16:51:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010-02-04 16:51:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010-02-04 16:51:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010-02-04 16:51:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010-02-04 16:51:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010-02-04 16:51:06 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010-02-04 16:49:57 | 000,021,856 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2010-02-04 16:49:48 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini [2010-02-04 16:49:48 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini [2010-02-04 16:48:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Sulski\*.tmp files -> C:\Documents and Settings\Sulski\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-08 19:58:42 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010-02-08 19:58:41 | 000,262,400 | ---- | C] () -- C:\cmldr [2010-02-08 19:57:43 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010-02-08 19:57:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010-02-08 19:57:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010-02-08 19:57:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-02-08 19:57:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010-02-08 19:53:51 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Sulski\Pulpit\HijackThis.lnk [2010-02-08 19:10:35 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Winamp.lnk [2010-02-07 19:31:55 | 000,070,041 | ---- | C] () -- C:\Documents and Settings\Sulski\Pulpit\bw.jpg [2010-02-07 19:31:55 | 000,021,116 | ---- | C] () -- C:\Documents and Settings\Sulski\Pulpit\pol_lang.ini [2010-02-07 19:31:55 | 000,010,442 | ---- | C] () -- C:\Documents and Settings\Sulski\Pulpit\eng_lang.ini [2010-02-07 19:31:55 | 000,004,588 | ---- | C] () -- C:\Documents and Settings\Sulski\Pulpit\bwc.css [2010-02-07 19:31:55 | 000,004,468 | ---- | C] () -- C:\Documents and Settings\Sulski\Pulpit\cr.css [2010-02-07 19:31:55 | 000,004,153 | ---- | C] () -- C:\Documents and Settings\Sulski\Pulpit\Standard.rf [2010-02-07 19:31:55 | 000,001,464 | ---- | C] () -- C:\Documents and Settings\Sulski\Pulpit\Standard.sd [2010-02-07 19:31:55 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\Sulski\Pulpit\Plik pobrany z ogame.bajo.pl.url [2010-02-07 19:31:46 | 000,317,101 | ---- | C] () -- C:\Documents and Settings\Sulski\Pulpit\SpeedSim.zip [2010-02-06 19:27:43 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Sulski\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-06 16:29:28 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenOffice.org 3.1.lnk [2010-02-06 13:02:05 | 000,011,288 | ---- | C] () -- C:\Documents and Settings\Sulski\Pulpit\skrzypkopia7wn.jpg [2010-02-04 18:53:27 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk [2010-02-04 18:53:27 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2010-02-04 18:31:08 | 000,312,859 | ---- | C] () -- C:\Documents and Settings\Sulski\Pulpit\mapa-polityczna-swiata.jpg [2010-02-04 17:46:01 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF [2010-02-04 17:45:54 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls [2010-02-04 17:45:54 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls [2010-02-04 17:45:54 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls [2010-02-04 17:45:54 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls [2010-02-04 17:45:54 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls [2010-02-04 17:45:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls [2010-02-04 17:45:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls [2010-02-04 17:45:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls [2010-02-04 17:45:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS [2010-02-04 17:45:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS [2010-02-04 17:45:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS [2010-02-04 17:45:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls [2010-02-04 17:45:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls [2010-02-04 17:45:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls [2010-02-04 17:45:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls [2010-02-04 17:45:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls [2010-02-04 17:45:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls [2010-02-04 17:45:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls [2010-02-04 17:45:49 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls [2010-02-04 17:45:45 | 000,744,448 | ---- | C] () -- C:\WINDOWS\NOTEPAD.EXE [2010-02-04 17:45:45 | 000,001,734 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2010-02-04 17:42:54 | 000,110,992 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-02-04 17:42:11 | 000,000,281 | RHS- | C] () -- C:\boot.ini [2010-02-04 17:42:08 | 000,001,314 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf [2010-02-04 17:20:50 | 000,003,380 | ---- | C] () -- C:\WINDOWS\System32\NOTEPAD.ini [2010-02-04 17:15:58 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2010-02-04 17:10:31 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\NVIDIA Firewall.lnk [2010-02-04 17:10:26 | 000,001,024 | ---- | C] () -- C:\.rnd [2010-02-04 17:10:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FileName [2010-02-04 17:09:07 | 000,249,344 | ---- | C] () -- C:\WINDOWS\System32\NvRaidMan.exe [2010-02-04 17:09:07 | 000,223,232 | ---- | C] () -- C:\WINDOWS\System32\nvsataconnection.exe [2010-02-04 17:08:04 | 000,003,596 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu [2010-02-04 17:08:03 | 000,001,231 | ---- | C] () -- C:\WINDOWS\System32\nvsmb.nvu [2010-02-04 17:05:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2010-02-04 17:05:27 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AvRack.lnk [2010-02-04 17:05:27 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2010-02-04 17:05:20 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav [2010-02-04 17:05:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010-02-04 17:03:41 | 000,008,743 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb [2010-02-04 17:03:39 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010-02-04 17:02:08 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Sulski\ntuser.ini [2010-02-04 17:02:07 | 000,009,024 | ---- | C] () -- C:\Documents and Settings\Sulski\Logo0.jpg [2010-02-04 17:02:07 | 000,001,474 | ---- | C] () -- C:\Documents and Settings\Sulski\Menu Start\Programy\Autostart\Transparent fx - lite.lnk [2010-02-04 17:02:07 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\Sulski\Dane aplikacji\prio.ini [2010-02-04 17:02:06 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Sulski\NTUSER.DAT [2010-02-04 17:02:06 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\Sulski\Pulpit\ .lnk [2010-02-04 16:56:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010-02-04 16:56:07 | 000,013,339 | ---- | C] () -- C:\WINDOWS\System32\shConvert.dll [2010-02-04 16:56:07 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\shpicgf.dll [2010-02-04 16:56:07 | 000,002,362 | ---- | C] () -- C:\WINDOWS\System32\opty.vbs [2010-02-04 16:56:07 | 000,000,582 | ---- | C] () -- C:\WINDOWS\System32\TaskbarForms.exe.manifest [2010-02-04 16:56:07 | 000,000,368 | ---- | C] () -- C:\WINDOWS\System32\y.cmd [2010-02-04 16:56:07 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\undock.vbs [2010-02-04 16:56:07 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\wylaczshell.cmd [2010-02-04 16:56:07 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\uninstall.bat [2010-02-04 16:56:07 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\uruchomshell.cmd [2010-02-04 16:56:07 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\UrlFileOff.bat [2010-02-04 16:56:07 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\notatkaoff.bat [2010-02-04 16:56:07 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\UrlFileOn.bat [2010-02-04 16:56:07 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\notatkaon.bat [2010-02-04 16:56:07 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\optymalizacja.cmd [2010-02-04 16:56:07 | 000,000,027 | ---- | C] () -- C:\WINDOWS\System32\Unregister.bat [2010-02-04 16:56:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\MPEISEoff.bat [2010-02-04 16:56:07 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\MIPSEoff.bat [2010-02-04 16:56:07 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\MPEISEon.bat [2010-02-04 16:56:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\Register.bat [2010-02-04 16:56:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\MIPSEon.bat [2010-02-04 16:56:06 | 001,583,189 | ---- | C] () -- C:\WINDOWS\System32\eco-timer.scr [2010-02-04 16:56:06 | 000,284,367 | ---- | C] () -- C:\WINDOWS\System32\hddspace.exe [2010-02-04 16:56:06 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\Formats.dll [2010-02-04 16:56:06 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\cdeject.dll [2010-02-04 16:56:06 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\fstoggle.exe [2010-02-04 16:56:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\instalacja.bat [2010-02-04 16:56:06 | 000,000,297 | ---- | C] () -- C:\WINDOWS\System32\find_target.vbs [2010-02-04 16:56:06 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\FolderBackgrounOff.bat [2010-02-04 16:56:06 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\FolderBackgrounOn.bat [2010-02-04 16:56:06 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\MAISEoff.bat [2010-02-04 16:56:06 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\MAISEon.bat [2010-02-04 16:56:06 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\czysc.cmd [2010-02-04 16:56:02 | 000,025,780 | ---- | C] () -- C:\WINDOWS\Windowz.png [2010-02-04 16:56:02 | 000,007,690 | ---- | C] () -- C:\WINDOWS\Lng_QTTabBar_Polish.xml [2010-02-04 16:56:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\labelson.cmd [2010-02-04 16:56:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\prio.ini [2010-02-04 16:56:01 | 000,483,328 | ---- | C] () -- C:\WINDOWS\Helios.scr [2010-02-04 16:56:01 | 000,348,160 | ---- | C] () -- C:\WINDOWS\labels.dll [2010-02-04 16:56:01 | 000,000,042 | ---- | C] () -- C:\WINDOWS\labelsoff.cmd [2010-02-04 16:55:30 | 000,053,812 | ---- | C] () -- C:\WINDOWS\uninst-vj.exe [2010-02-04 16:55:27 | 000,082,898 | ---- | C] () -- C:\WINDOWS\uninstall.exe [2010-02-04 16:55:05 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-02-04 16:55:04 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml [2010-02-04 16:55:02 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2010-02-04 16:55:02 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-02-04 16:55:02 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-02-04 16:55:00 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-02-04 16:55:00 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-02-04 16:54:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\cttune.cpl [2010-02-04 16:54:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl [2010-02-04 16:54:25 | 000,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin [2010-02-04 16:52:12 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT [2010-02-04 16:52:12 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2010-02-04 16:52:12 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2010-02-04 16:52:12 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2010-02-04 16:52:12 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2010-02-04 16:52:06 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb [2010-02-04 16:52:06 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb [2010-02-04 16:52:05 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx [2010-02-04 16:51:09 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2010-02-04 16:51:09 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010-02-04 16:51:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010-02-04 16:51:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2010-02-04 16:51:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010-02-04 16:51:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010-02-04 16:51:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010-02-04 16:51:06 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010-02-04 16:49:57 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010-02-04 16:49:17 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce [2010-02-04 16:49:17 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce [2010-02-04 16:49:17 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce [2010-02-04 16:49:17 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce [2010-02-04 16:49:17 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce [2010-02-04 16:49:17 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce [2010-02-04 16:49:16 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce [2010-02-04 16:49:16 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce [2010-02-04 16:49:15 | 006,160,384 | ---- | C] () -- C:\WINDOWS\System32\calc.exe [2010-02-04 16:49:15 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h [2010-02-04 16:49:15 | 000,001,225 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd [2010-02-04 16:49:14 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h [2010-02-04 16:49:09 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc [2003-06-09 14:05:18 | 000,094,636 | ---- | C] () -- C:\WINDOWS\dropcpyr.dll < End of report > [/log] [log]OTL Extras logfile created on: 2010-02-08 21:38:10 - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Sulski\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 33,72 Gb Free Space | 86,32% Space Free | Partition Type: NTFS Drive D: | 193,82 Gb Total Space | 131,19 Gb Free Space | 67,69% Space Free | Partition Type: NTFS Drive E: | 36,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WINDOWZ Current User Name: Sulski Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software) .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE () .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE () .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE () [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 () batfile [open] -- "%1" %* batfile [print] -- Reg Error: Key error. cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 () cmdfile [open] -- "%1" %* cmdfile [print] -- Reg Error: Key error. comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 () inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 () inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 () inifile [print] -- Reg Error: Key error. jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 () jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 () jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 () jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 () piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 () regfile [merge] -- Reg Error: Key error. regfile [print] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 () txtfile [print] -- Reg Error: Key error. txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" () vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 () vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 () vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 () vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 () wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 () wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 () Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [openNew] -- explorer %1 (Microsoft Corporation) Directory [StyleFolder] -- "C:\Program Files\StyleFolder\StyleFolder.exe" %1 (Xaviorsoft Studios) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver "{9DC696F3-BEDF-4069-A18D-89B41BF89769}" = Command Prompt Explorer Bar "{C93C7A4B-7DD9-4725-9993-4F032063926B}_is1" = VPX.PL Uploader 1.0 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 "{D2D3D146-67BC-43D0-9015-2E7BAC2E032B}" = OpenOffice.org 3.1 "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10 "{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows "AbiWord2" = AbiWord 2.6.8 "AbiwordToolsPlugins" = AbiWord Tools Plugins "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AIMP2" = AIMP2 "CCleaner" = CCleaner (remove only) "CPLBonus" = Kels' CPL Bonus Pack! "Deep Space 3D Screensaver" = Deep Space 3D Screensaver "Defraggler" = Defraggler (remove only) "Driver Magician_is1" = Driver Magician 3.42 "DriveSpace" = Drive Space Indicator "Gadu-Gadu 10" = Gadu-Gadu 10 "HFSLIPTotalSlipstream" = HFSLIP Total Slipstream (v1.7.8, build 80614) "HijackThis" = HijackThis 2.0.2 "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5 "Koi Fish 3D Screensaver" = Koi Fish 3D Screensaver "Mechanical Clock 3D Screensaver" = Mechanical Clock 3D Screensaver "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Prio" = Prio v1.9.9.1732 "QuicktimeAlt_is1" = QuickTime Alternative 2.8.0 "RegCompact.NET" = RegCompact.NET 2.0 "StyleFolder_is1" = StyleFolder 1.0.3 "SwitchOff" = Switch Off "Total Copy 1.1 NetHorror Edition" = Total Copy 1.1 NetHorror Edition "Visual Task Tips" = Visual Task Tips 3.4 "vjpeg" = VJPEG Image Viewer (remove) "Winamp" = Winamp "WinRAR archiver" = Archiwizator WinRAR [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Detektor Winampa [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-02-04 11:53:58 | Computer Name = WINDOWZ | Source = .NET Runtime Optimization Service | ID = 1111 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x800736b1. Error - 2010-02-04 11:54:50 | Computer Name = WINDOWZ | Source = PerfNet | ID = 2004 Description = Nie można otworzyć usługi Server. Dane wydajności usługi Server nie zostaną zwrócone. Zwrócony kod stanu to dane DWORD 0. Error - 2010-02-06 11:28:51 | Computer Name = WINDOWZ | Source = MsiInstaller | ID = 11722 Description = Product: Java(TM) 6 Update 13 -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action FilesInUseDialog, location: C:\WINDOWS\Installer\MSI13F.tmp, command: C:\Program Files\Java\jre6\ Error - 2010-02-08 15:00:13 | Computer Name = WINDOWZ | Source = crypt32 | ID = 131080 Description = Nie można automatycznie pobrać aktualizacji numeru sekwencji głównej listy innych firm z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>, wystąpił błąd: The server name or address could not be resolved [ System Events ] Error - 2010-02-08 14:12:36 | Computer Name = WINDOWZ | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień machine-default nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń (S-1-5-19). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2010-02-08 14:32:06 | Computer Name = WINDOWZ | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień machine-default nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń (S-1-5-19). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2010-02-08 14:51:36 | Computer Name = WINDOWZ | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień machine-default nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń (S-1-5-19). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2010-02-08 14:51:36 | Computer Name = WINDOWZ | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień machine-default nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń (S-1-5-19). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2010-02-08 15:11:06 | Computer Name = WINDOWZ | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień machine-default nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń (S-1-5-19). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2010-02-08 15:11:06 | Computer Name = WINDOWZ | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień machine-default nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń (S-1-5-19). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2010-02-08 15:30:36 | Computer Name = WINDOWZ | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień machine-default nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń (S-1-5-19). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2010-02-08 15:30:36 | Computer Name = WINDOWZ | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień machine-default nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń (S-1-5-19). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2010-02-08 15:50:06 | Computer Name = WINDOWZ | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień machine-default nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń (S-1-5-19). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. Error - 2010-02-08 16:09:36 | Computer Name = WINDOWZ | Source = DCOM | ID = 10016 Description = Zgodnie z ustawieniami uprawnień machine-default nie jest udzielane uprawnienie Local Activation do aplikacji serwera COM z identyfikatorem klasy {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} użytkownikowi ZARZĄDZANIE NT\USŁUGA LOKALNA o identyfikatorze zabezpieczeń (S-1-5-19). To uprawnienie zabezpieczeń można modyfikować przy użyciu narzędzia administracyjnego usług składowych. < End of report > [/log]
Mateusz J. komentarz 9 lutego 2010 komentarz 9 lutego 2010 Wykonaj skan: http://www.forumpc.pl/index.php?showtopic=107753 Raport pokaż na forum + nowy log z ComboFix.
Sulski komentarz 9 lutego 2010 Autor komentarz 9 lutego 2010 [log]Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3716 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 8.0.6001.18702 2010-02-09 22:10:05 mbam-log-2010-02-09 (22-10-05).txt Typ skanowania: Pełne skanowanie (C:\|D:\|) Przeskanowane obiekty: 229187 Upłynęło: 28 minute(s), 2 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 1 Zainfekowane foldery: 0 Zainfekowane pliki: 0 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: (Nie wykryto groźnych plików)[/log][log]ComboFix 10-02-09.01 - Sulski 2010-02-09 22:26:00.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1535.754 [GMT 1:00] Uruchomiony z: d:\muzyka\Muzyka z serialu Vampire Diares\ComboFix.exe FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\auth.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\burnlib.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\dsp_sps.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\enc_aacplus.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\enc_flac.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\enc_lame.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\enc_vorbis.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\enc_wav.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\enc_wma.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\gen_crasher.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\gen_ff.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\gen_hotkeys.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\gen_ml.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\gen_orgler.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\gen_tray.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_avi.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_cdda.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_dshow.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_flac.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_flv.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_linein.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_midi.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_mkv.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_mod.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_mp3.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_mp4.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_nsv.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_swf.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_vorbis.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_wav.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_wave.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_wm.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\in_wv.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_addons.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_autotag.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_bookmarks.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_disc.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_history.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_impex.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_local.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_nowplaying.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_online.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_orb.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_playlists.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_plg.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_pmp.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_rg.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_transcode.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ml_wire.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\ombrowser.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\out_disk.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\out_ds.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\out_wave.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\playlist.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\pmp_activesync.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\pmp_ipod.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\pmp_njb.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\pmp_p4s.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\pmp_usb.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\tagz.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\vis_avs.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\vis_milk2.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\vis_nsfs.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\winamp.lng c:\docume~1\Sulski\Ustawienia lokalne\Temp\WLZ6BA6.tmp\winampa.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\auth.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\burnlib.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\dsp_sps.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\enc_aacplus.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\enc_flac.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\enc_lame.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\enc_vorbis.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\enc_wav.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\enc_wma.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\gen_crasher.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\gen_ff.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\gen_hotkeys.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\gen_ml.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\gen_orgler.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\gen_tray.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_avi.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_cdda.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_dshow.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_flac.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_flv.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_linein.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_midi.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_mkv.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_mod.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_mp3.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_mp4.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_nsv.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_swf.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_vorbis.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_wav.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_wave.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_wm.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\in_wv.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_addons.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_autotag.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_bookmarks.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_disc.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_history.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_impex.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_local.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_nowplaying.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_online.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_orb.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_playlists.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_plg.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_pmp.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_rg.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_transcode.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ml_wire.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\ombrowser.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\out_disk.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\out_ds.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\out_wave.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\playlist.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\pmp_activesync.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\pmp_ipod.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\pmp_njb.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\pmp_p4s.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\pmp_usb.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\tagz.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\vis_avs.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\vis_milk2.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\vis_nsfs.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\winamp.lng c:\documents and settings\Sulski\Ustawienia lokalne\temp\WLZ6BA6.tmp\winampa.lng c:\windows\system32\proquota.exe . . . brak pliku!! . ((((((((((((((((((((((((( Pliki utworzone od 2010-01-09 do 2010-02-09 ))))))))))))))))))))))))))))))) . 2010-02-09 20:40 . 2010-02-09 20:40 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\Malwarebytes 2010-02-09 20:40 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-09 20:40 . 2010-02-09 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-09 20:40 . 2010-02-09 20:40 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2010-02-09 20:40 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-09 15:48 . 2010-02-09 16:50 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\BESTplayer 2010-02-09 15:44 . 2010-02-09 15:45 -------- d-----w- c:\program files\NAPI-PROJEKT 2010-02-09 04:42 . 2010-02-09 04:42 -------- d-----w- c:\windows\system32\xircom 2010-02-09 04:42 . 2010-02-09 04:42 -------- d-----w- c:\windows\system32\wbem\snmp 2010-02-09 04:42 . 2010-02-09 04:42 -------- d-----w- c:\windows\system32\oobe 2010-02-09 04:42 . 2010-02-09 04:42 -------- d-----w- c:\windows\srchasst 2010-02-09 04:42 . 2010-02-09 04:42 -------- d-----w- c:\windows\msagent 2010-02-09 04:42 . 2010-02-09 04:42 -------- d-----w- c:\program files\microsoft frontpage 2010-02-08 18:53 . 2010-02-08 18:53 -------- d-----w- c:\program files\Trend Micro 2010-02-07 18:31 . 2010-02-07 18:31 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\SpeedSim 2010-02-06 20:06 . 2010-02-07 19:52 1 ----a-w- c:\documents and settings\Mama\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-02-06 20:05 . 2010-02-06 20:05 -------- d-----w- c:\documents and settings\Mama\Dane aplikacji\OpenOffice.org 2010-02-06 15:29 . 2010-02-06 15:29 -------- d-----w- c:\program files\JRE 2010-02-06 15:28 . 2010-02-06 15:29 -------- d-----w- c:\program files\OpenOffice.org 3 2010-02-06 14:15 . 2010-02-06 14:15 -------- d-----w- c:\documents and settings\Mama\Dane aplikacji\Xentient 2010-02-06 14:15 . 2010-02-07 13:31 13416 ----a-w- c:\documents and settings\Mama\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-02-04 20:14 . 2010-02-04 20:14 -------- d-s---w- c:\documents and settings\Mama\Ulubione 2010-02-04 17:53 . 2010-02-04 20:15 -------- d-----w- c:\windows\SxsCaPendDel 2010-02-04 17:53 . 2010-02-04 17:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10 2010-02-04 17:53 . 2010-02-04 17:53 -------- d-----w- c:\program files\Gadu-Gadu 10 2010-02-04 17:47 . 2010-02-09 06:18 -------- d-----w- c:\documents and settings\Milena 2010-02-04 17:34 . 2010-02-04 17:34 -------- d-----w- c:\windows\Sun 2010-02-04 17:34 . 2010-02-04 17:34 -------- d-sh--w- c:\documents and settings\Sulski\PrivacIE . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-09 15:52 . 2010-02-08 18:10 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\Winamp 2010-02-09 06:06 . 2008-04-15 12:00 77594 ----a-w- c:\windows\system32\perfc015.dat 2010-02-09 06:06 . 2008-04-15 12:00 454962 ----a-w- c:\windows\system32\perfh015.dat 2010-02-08 18:10 . 2010-02-08 18:10 -------- d-----w- c:\program files\Winamp 2010-02-08 18:10 . 2010-02-08 18:10 -------- d-----w- c:\program files\Winamp Detect 2010-02-06 18:26 . 2010-02-04 16:02 13416 ----a-w- c:\documents and settings\Sulski\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-02-05 16:52 . 2010-02-05 16:52 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\Media Player Classic 2010-02-04 20:19 . 2010-02-04 20:19 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\Gadu-Gadu 10 2010-02-04 16:15 . 2010-02-04 16:15 -------- d-----w- c:\program files\Opera 2010-02-04 16:12 . 2010-02-04 16:05 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-04 16:11 . 2010-02-04 16:05 -------- d-----w- c:\program files\Common Files\InstallShield 2010-02-04 16:10 . 2010-02-04 16:04 -------- d-----w- c:\program files\NVIDIA Corporation 2010-02-04 16:07 . 2010-02-04 16:07 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\Xentient 2010-02-04 16:05 . 2010-02-04 16:05 -------- d-----w- c:\program files\Realtek Sound Manager 2010-02-04 16:05 . 2010-02-04 16:05 -------- d-----w- c:\program files\AvRack 2010-02-04 16:05 . 2010-02-04 16:05 -------- d-----w- c:\program files\Realtek AC97 2010-02-04 16:04 . 2010-02-04 16:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA Corporation 2010-02-04 16:00 . 2010-02-04 20:14 -------- d-----w- c:\documents and settings\Mama\Dane aplikacji\Finder Bar 2010-02-04 16:00 . 2010-02-04 16:02 -------- d-----w- c:\documents and settings\Sulski\Dane aplikacji\Finder Bar 2010-02-04 16:00 . 2010-02-04 15:59 -------- d-----w- c:\documents and settings\Default User\Dane aplikacji\Finder Bar 2010-02-04 15:59 . 2010-02-04 15:59 -------- d-----w- c:\documents and settings\Administrator\Dane aplikacji\Xentient 2010-02-04 15:59 . 2010-02-04 15:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Finder Bar 2010-02-04 15:59 . 2010-02-04 15:59 -------- d-----w- c:\program files\FolderSize 2010-02-04 15:59 . 2010-02-04 15:59 138 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2010-02-04 15:59 . 2010-02-04 15:59 -------- d-----w- c:\program files\Command Prompt Explorer Bar 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\program files\VisualTaskTips 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\program files\Foxit 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\program files\StyleFolder 2010-02-04 15:55 . 2010-02-04 15:55 53812 ----a-w- c:\windows\uninst-vj.exe 2010-02-04 15:55 . 2010-02-04 15:55 172032 ----a-w- c:\windows\vjpeg.exe 2010-02-04 15:55 . 2010-02-04 15:55 82898 ----a-w- c:\windows\uninstall.exe 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\program files\Quizo 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\program files\QuickTime Alternative 2010-02-04 15:55 . 2010-02-04 15:55 -------- d-----w- c:\program files\RegCompact.NET 2010-02-04 15:55 . 2010-02-04 15:54 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\System 2010-02-04 15:54 . 2010-02-04 15:54 410984 ----a-w- c:\windows\system32\deploytk.dll 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\Java 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\Drive Space Indicator 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\Driver Magician 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\Defraggler 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\CDBurnerXP 2010-02-04 15:54 . 2010-02-04 15:54 -------- d-----w- c:\program files\CCleaner 2010-02-04 15:49 . 2010-02-04 15:49 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-04 15:49 . 2010-02-04 15:49 -------- d-----w- c:\program files\Windows Media Connect 2 2009-11-21 02:34 . 2010-02-04 16:03 69632 ----a-w- c:\windows\system32\OpenCL.dll 2009-11-21 02:34 . 2010-02-04 16:03 4038656 ----a-w- c:\windows\system32\nvcuda.dll 2009-11-21 02:34 . 2010-02-04 16:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2009-11-21 02:34 . 2010-02-04 16:03 1989224 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-11-21 02:34 . 2010-02-04 16:03 182888 ----a-w- c:\windows\system32\nvcodins.dll 2009-11-21 02:34 . 2010-02-04 16:03 182888 ----a-w- c:\windows\system32\nvcod.dll 2009-11-21 02:34 . 2010-02-04 16:03 13602816 ----a-w- c:\windows\system32\nvoglnt.dll 2009-11-21 02:34 . 2010-02-04 16:03 11374592 ----a-w- c:\windows\system32\nvcompiler.dll 2009-11-21 02:34 . 2010-02-04 16:03 1056768 ----a-w- c:\windows\system32\nvapi.dll 2009-11-21 02:34 . 2010-02-04 16:03 10235968 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-11-21 02:34 . 2010-02-04 16:03 6282752 ----a-w- c:\windows\system32\nv4_disp.dll 2009-11-21 02:34 . 2010-02-04 16:03 2293286 ----a-w- c:\windows\system32\nvdata.bin . ------- Sigcheck ------- [-] 2009-06-25 . DF70435F3D17C40D5CB15E6DC918342E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2009-06-25 . E3AE414813DA8279B2328CFE2D13ED70 . 629760 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2009-06-23 . 150852B3EB5F0C3FB44D38D0375578BB . 8356864 . . [8.00.6001.22873] . . c:\windows\system32\mshtml.dll [-] 2009-06-24 . 1146504E5B0E43C4E5CE70E42F025A26 . 2191744 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe [-] 2009-06-14 . 44E3FE403A9F8A64B1306AAC62B52952 . 678400 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2009-06-14 . AC074B7C8D9966B5019E25EF8C527F54 . 1591808 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2009-06-13 19:06 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2009-06-24 . C71E5B92124E8E8F6B9294E3E5FC8129 . 2068864 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe c:\windows\System32\ctfmon.exe ... - brak elementu !! c:\windows\System32\regsvc.dll ... - brak elementu !! . ((((((((((((((((((((((((((((( SnapShot@2010-02-08_19.01.27 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-15 12:00 . 2010-02-04 16:17 61074 c:\windows\system32\perfc009.dat + 2008-04-15 12:00 . 2010-02-09 06:06 61074 c:\windows\system32\perfc009.dat + 2008-04-15 12:00 . 2010-02-09 06:06 398554 c:\windows\system32\perfh009.dat - 2008-04-15 12:00 . 2010-02-04 16:17 398554 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Resume copy"="copyfstq.exe" [2003-06-10 57344] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544] "SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-01-17 84480] "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-04-29 266240] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-18 39424] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2009-06-25 128512] c:\windows\system32\config\systemprofile\Menu Start\Programy\Autostart\ Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-2-4 211333] z.cmd [2009-5-8 389] c:\documents and settings\Administrator\Menu Start\Programy\Autostart\ del.exe [2009-1-8 615759] run.lnk - c:\program files\WindowZ\Kreator post-instalacyjny\run.bat [2010-2-4 473] Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-2-4 211333] c:\documents and settings\Default User\Menu Start\Programy\Autostart\ Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-2-4 211333] z.cmd [2009-5-8 389] c:\documents and settings\Mama\Menu Start\Programy\Autostart\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-2-4 211333] c:\documents and settings\Sulski\Menu Start\Programy\Autostart\ Transparent fx - lite.lnk - c:\program files\Fadebar\Fadebar.exe [2010-2-4 211333] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [2010-02-04 8576] S4 prio_svc;Prio Service;c:\program files\Prio\prio_svc.exe [2009-01-12 5120] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - VCDROM . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ LSP: %SYSTEMROOT%\system32\nvappfilter.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-09 22:30 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(924) c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(1012) c:\windows\system32\scecli.dll - - - - - - - > 'explorer.exe'(2832) c:\windows\system32\WININET.dll c:\windows\System32\cscui.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll c:\windows\system32\NETSHELL.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\windows\SOUNDMAN.EXE c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Czas ukończenia: 2010-02-09 22:31:13 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-02-09 21:31 ComboFix2.txt 2010-02-08 19:02 Przed: 36 143 972 352 bajtów wolnych Po: 36 132 503 552 bajtów wolnych - - End Of File - - 96E9FB2B9814C1A61FC5A9C6EB932462 [/log]
Mateusz J. komentarz 10 lutego 2010 komentarz 10 lutego 2010 Znasz: c:\program files\Fadebar\Fadebar.exe ? Jeśli nie przeskanuj na www.virustotal.com
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.