Ryuga utworzono 21 lutego 2010 utworzono 21 lutego 2010 [log] OTL logfile created on: 2010-02-21 12:32:48 - Run 2 OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\KedzioR\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,26 Gb Total Space | 19,55 Gb Free Space | 52,48% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 5,74 Gb Free Space | 14,69% Space Free | Partition Type: NTFS Drive E: | 149,05 Gb Total Space | 6,53 Gb Free Space | 4,38% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: Current User Name: Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-02-21 12:31:50 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\KedzioR\Ustawienia lokalne\temp\winihdrv.exe PRC - [2010-02-21 11:55:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KedzioR\Pulpit\OTL.exe PRC - [2009-11-20 19:01:18 | 000,910,120 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2009-08-17 02:03:00 | 000,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2009-06-03 11:58:50 | 000,319,192 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe PRC - [2008-04-14 21:51:18 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-08-09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-02-21 11:55:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KedzioR\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-02-04 20:23:06 | 000,361,216 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009-11-16 10:39:10 | 000,146,432 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2009-08-17 02:03:00 | 000,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2009-07-14 20:19:00 | 003,280,192 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2009-06-03 11:58:50 | 000,319,192 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS) SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (xxzqcrl) SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (vhvpvnnwp) SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (lzemwxxsw) SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (fwoxxshbh) SRV - [2007-08-09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2006-10-26 23:47:54 | 000,135,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006-10-26 18:49:34 | 000,518,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006-10-26 13:03:08 | 000,223,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Disabled | Running] -- -- (catchme) DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5) DRV - [2009-08-16 23:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009-08-11 15:02:11 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-08-11 14:19:07 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009-06-03 11:58:54 | 001,006,296 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed) DRV - [2009-04-23 10:15:06 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2008-04-13 21:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-04-13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-01-30 11:57:50 | 004,474,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-11-27 15:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006-11-27 15:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006-10-18 15:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2006-06-18 22:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006-04-13 01:04:39 | 000,049,664 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2006-04-13 01:04:39 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2006-04-13 01:04:39 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2005-10-27 13:34:06 | 000,390,849 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303) DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2001-08-18 00:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://kingsage.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Ask" FF - prefs.js..browser.search.defaultthis.engineName: "FarmView Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465202&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "FarmView Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2465202&SearchSource=13" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {aaca570e-e990-4b4d-ad93-140243de4c85}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7 FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-19 08:56:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-19 08:56:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-08-11 15:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Extensions [2010-02-18 10:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\extensions [2010-01-08 22:51:26 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010-02-12 15:07:11 | 000,000,000 | ---D | M] (FarmView Toolbar) -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\extensions\{aaca570e-e990-4b4d-ad93-140243de4c85} [2010-01-08 22:51:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-01-23 12:06:02 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2009-08-15 01:13:24 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\searchplugins\ask.xml [2010-01-20 12:16:28 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\searchplugins\conduit.xml [2010-02-18 10:55:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-05-20 00:49:50 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll [2009-05-27 15:41:50 | 000,069,632 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll [2009-12-22 04:48:34 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-12-22 04:48:34 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-12-22 04:48:34 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-12-22 04:48:34 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-12-22 04:48:34 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-12-22 04:48:34 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2009-09-27 19:20:14 | 000,003,744 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 89.149.200.219 l2authd.lineage2.com O1 - Hosts: 89.149.200.219 l2testauthd.lineage2.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE (Vimicro) O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - Startup: C:\Documents and Settings\KedzioR\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\KedzioR\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\KedzioR\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-08-11 13:17:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - C:\autorun.inf.vir -- [ NTFS ] O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - D:\autorun.inf.vir -- [ NTFS ] O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - E:\autorun.inf.vir -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-08-11 15:03:13 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: dgsotns - File not found NetSvcs: vhvpvnnwp - C:\WINDOWS\system32\exbaynvk.dll () NetSvcs: lzemwxxsw - C:\WINDOWS\system32\exbaynvk.dll () NetSvcs: deywl - File not found NetSvcs: xxzqcrl - C:\WINDOWS\system32\exbaynvk.dll () NetSvcs: fwoxxshbh - C:\WINDOWS\system32\exbaynvk.dll () [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-21 12:27:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010-02-21 12:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi [2010-02-21 11:55:22 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KedzioR\Pulpit\OTL.exe [2010-02-21 00:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-02-21 00:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KedzioR\Moje dokumenty\Simply Super Software [2010-02-21 00:05:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll [2010-02-21 00:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2010-02-21 00:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KedzioR\Dane aplikacji\Simply Super Software [2010-02-21 00:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2010-02-21 00:05:03 | 009,228,416 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\KedzioR\Pulpit\trjsetup681.exe [2010-02-20 16:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KedzioR\Pulpit\Satsuki.Decoder.Pack-4.3.0.4 [2010-02-13 11:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KedzioR\Pulpit\DenDenMushi [2010-02-08 19:47:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\KedzioR\Moje dokumenty\Moje źródła danych [2010-02-05 15:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-05 08:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Symantec [2010-02-04 20:23:06 | 000,361,216 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe [2010-02-04 19:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton [2010-02-04 19:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller [2010-02-03 16:22:13 | 001,006,296 | ---- | C] (cFos Software GmbH) -- C:\WINDOWS\System32\drivers\cfosspeed.sys [2010-02-03 16:22:13 | 000,288,472 | ---- | C] (cFos Software GmbH) -- C:\WINDOWS\System32\cfosspeed.dll [2010-02-03 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\cFosSpeed [2010-01-24 08:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Corel [2010-01-23 22:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KedzioR\Moje dokumenty\Ewka [2009-10-04 01:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET [2009-08-11 13:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-08-11 13:17:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-08-11 13:17:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-02-21 12:27:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-21 12:24:59 | 000,000,289 | ---- | M] () -- C:\WINDOWS\system.ini [2010-02-21 12:19:22 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Konserwacja 1 kliknięciem.job [2010-02-21 12:19:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-21 12:18:29 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\KedzioR\NTUSER.DAT [2010-02-21 12:18:29 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\KedzioR\ntuser.ini [2010-02-21 11:55:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KedzioR\Pulpit\OTL.exe [2010-02-21 00:53:20 | 000,141,824 | ---- | M] () -- C:\Documents and Settings\KedzioR\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-21 00:11:31 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-02-21 00:05:25 | 009,228,416 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\KedzioR\Pulpit\trjsetup681.exe [2010-02-20 23:58:43 | 000,000,292 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\fix.reg [2010-02-20 23:52:29 | 000,013,311 | ---- | M] () -- C:\Documents and Settings\KedzioR\Moje dokumenty\Plan lekcji.docx [2010-02-20 16:39:45 | 003,701,180 | -H-- | M] () -- C:\Documents and Settings\KedzioR\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-20 14:19:19 | 012,249,107 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\Satsuki.Decoder.Pack-4.3.0.4.zip [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () -- C:\autorun.inf.vir [2010-02-16 22:20:55 | 003,196,583 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\kacezet & dreadsquad - czego ona chce .mp3 [2010-02-16 00:55:57 | 000,000,873 | ---- | M] () -- C:\WINDOWS\win.ini [2010-02-15 23:50:50 | 000,011,134 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\Impreza.xlsx [2010-02-15 15:55:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-13 11:59:42 | 000,405,409 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\DenDenMushi.rar [2010-02-13 10:26:17 | 012,648,395 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\01. Beautiful World.mp3 [2010-02-13 09:03:18 | 000,013,929 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\FarmVille.xlsx [2010-02-12 16:54:59 | 006,958,195 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\pmm_feat.ostr-daj_mi_bit.mp3 [2010-02-11 15:02:59 | 008,369,072 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\Dams - Znajdź w sobie to (prod.AdiPrw).mp3 [2010-02-10 17:34:12 | 000,000,040 | ---- | M] () -- C:\Session.xml [2010-02-05 07:56:09 | 009,505,565 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\WFD_Wuwua_MLODYGRZECH_RMX.mp3 [2010-02-04 20:23:06 | 000,361,216 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe [2010-02-01 02:49:18 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-01-27 15:09:59 | 007,544,395 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\DamS - Wiem więcej.mp3 [2010-01-24 08:43:54 | 000,001,056 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2010-01-24 06:52:15 | 000,010,641 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\Ataki KingsAge.xlsx [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-21 12:19:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010-02-21 00:05:47 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2010-02-21 00:05:47 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2010-02-21 00:05:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2010-02-21 00:05:47 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2010-02-20 23:58:43 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\fix.reg [2010-02-20 14:16:20 | 012,249,107 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\Satsuki.Decoder.Pack-4.3.0.4.zip [2010-02-16 22:18:18 | 003,196,583 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\kacezet & dreadsquad - czego ona chce .mp3 [2010-02-15 16:55:53 | 000,000,053 | ---- | C] () -- C:\autorun.inf.vir [2010-02-13 11:59:41 | 000,405,409 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\DenDenMushi.rar [2010-02-13 10:23:40 | 012,648,395 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\01. Beautiful World.mp3 [2010-02-12 16:43:00 | 006,958,195 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\pmm_feat.ostr-daj_mi_bit.mp3 [2010-02-11 15:00:41 | 008,369,072 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\Dams - Znajdź w sobie to (prod.AdiPrw).mp3 [2010-02-08 19:38:10 | 000,013,929 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\FarmVille.xlsx [2010-02-05 07:55:52 | 009,505,565 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\WFD_Wuwua_MLODYGRZECH_RMX.mp3 [2010-02-01 02:49:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-01-24 08:40:55 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2009-11-29 13:47:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll [2009-10-30 17:23:51 | 000,000,126 | ---- | C] () -- C:\WINDOWS\disney.ini [2009-10-30 17:23:46 | 000,000,212 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2009-09-12 12:20:15 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\fsgscom.dll [2009-08-22 12:15:16 | 000,002,012 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009-08-11 16:44:10 | 000,024,576 | ---- | C] () -- C:\WINDOWS\VMPipe.dll [2009-08-11 15:46:15 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2009-08-11 13:54:21 | 000,141,824 | ---- | C] () -- C:\Documents and Settings\KedzioR\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-07-10 17:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2006-10-31 07:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-31 07:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-31 07:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-31 07:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-31 07:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-31 07:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-08-10 14:47:39 | 000,168,096 | RHS- | C] () -- C:\WINDOWS\System32\exbaynvk.dll [2006-01-04 10:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2001-07-07 02:00:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2009-08-11 13:17:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () -- C:\autorun.inf.vir [2009-08-11 14:08:54 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2009-08-11 16:16:19 | 000,000,293 | RHS- | M] () -- C:\boot.ini [2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004-08-03 22:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr [2009-08-11 13:17:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-08-11 13:17:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-12-21 20:32:21 | 000,039,770 | ---- | M] () -- C:\Kontakty_2389723.xml [2009-10-01 15:43:02 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin [2009-08-11 13:17:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2009-08-11 13:56:42 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-02-21 12:19:13 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2009-08-11 14:10:06 | 000,000,348 | ---- | M] () -- C:\RHDSetup.log [2010-02-10 17:34:12 | 000,000,040 | ---- | M] () -- C:\Session.xml [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 < End of report > [/log]
Mateusz J. komentarz 21 lutego 2010 komentarz 21 lutego 2010 Uruchom OTL i w oknie Custom Scans/Fixes wklej[code] :OTL PRC - [2010-02-21 12:31:50 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\KedzioR\Ustawienia lokalne\temp\winihdrv.exe SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (xxzqcrl) SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (vhvpvnnwp) SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (lzemwxxsw) SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (fwoxxshbh) O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - C:\autorun.inf.vir -- [ NTFS ] O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - D:\autorun.inf.vir -- [ NTFS ] O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - E:\autorun.inf.vir -- [ NTFS ] :Files C:\Documents and Settings\KedzioR\Ustawienia lokalne\temp\winihdrv.exe C:\WINDOWS\system32\exbaynvk.dll C:\WINDOWS\system32\exbaynvk.dll C:\WINDOWS\system32\exbaynvk.dll C:\WINDOWS\system32\exbaynvk.dll :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp] [Reboot][/code]Kliknij Run Fix. Zatwierdź restart komputera. Po ponownym uruchomieniu komputera tworzysz nowy log i pokazujesz do kontroli. Wykonaj: http://www.forumpc.pl/index.php?showtopic=107753&st=0&p=752434&#entry752434 (raport na forum)
Ryuga komentarz 21 lutego 2010 Autor komentarz 21 lutego 2010 Log po formacie: [log] OTL logfile created on: 10-02-21 16:30:01 - Run 2 OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Kedzior\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 84,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): c:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,26 Gb Total Space | 33,08 Gb Free Space | 88,79% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 6,20 Gb Free Space | 15,87% Space Free | Partition Type: NTFS Drive E: | 149,05 Gb Total Space | 5,16 Gb Free Space | 3,46% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WINDOWSXP Current User Name: Kedzior Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-02-21 16:26:43 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Temp\winimmfhq.exe PRC - [2010-02-21 15:59:08 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kedzior\Pulpit\OTL.exe PRC - [2010-02-20 21:50:44 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2010-02-20 21:50:25 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2010-02-20 21:50:25 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2010-02-20 21:50:25 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2010-02-20 21:50:25 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2010-02-20 21:50:25 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2010-02-20 21:50:23 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2010-02-20 21:50:18 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2010-02-20 21:50:15 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2010-02-20 21:50:12 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe PRC - [2010-02-20 21:49:36 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2010-02-20 21:49:06 | 001,133,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2010-02-20 21:48:53 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2010-02-20 21:48:53 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2009-11-20 19:01:18 | 000,901,928 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2008-01-30 18:02:08 | 000,487,936 | ---- | M] (AIMP DevTeam) -- C:\Program Files\AIMP2\AIMP2.exe PRC - [2007-03-18 23:05:02 | 000,778,240 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe PRC - [2007-01-30 11:54:36 | 016,116,224 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-10-31 07:35:00 | 000,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-02-21 15:59:08 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kedzior\Pulpit\OTL.exe MOD - [2010-02-21 14:29:53 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2010-02-20 21:50:52 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll MOD - [2010-02-20 21:50:52 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll MOD - [2010-02-20 21:50:47 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2010-02-20 21:50:47 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2010-02-20 21:50:32 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2010-02-20 21:50:31 | 001,233,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll MOD - [2010-02-20 21:50:31 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2010-02-20 21:50:31 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2010-02-20 21:50:24 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2010-02-20 21:50:16 | 012,903,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2010-02-20 21:50:16 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2010-02-20 21:50:15 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2010-02-20 21:50:14 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2010-02-20 21:50:13 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2010-02-20 21:50:12 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2010-02-20 21:50:09 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2010-02-20 21:50:03 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2010-02-20 21:50:03 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2010-02-20 21:50:03 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2010-02-20 21:49:59 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll MOD - [2010-02-20 21:49:59 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2010-02-20 21:49:58 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2010-02-20 21:49:58 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll MOD - [2010-02-20 21:49:54 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll MOD - [2010-02-20 21:49:52 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2010-02-20 21:49:52 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mswsock.dll MOD - [2010-02-20 21:49:51 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstask.dll MOD - [2010-02-20 21:49:45 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll MOD - [2010-02-20 21:49:45 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2010-02-20 21:49:43 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll MOD - [2010-02-20 21:49:36 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll MOD - [2010-02-20 21:49:21 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2010-02-20 21:49:16 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2010-02-20 21:49:14 | 006,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieframe.dll MOD - [2010-02-20 21:49:14 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll MOD - [2010-02-20 21:49:09 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2010-02-20 21:49:08 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2010-02-20 21:48:56 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll MOD - [2010-02-20 21:48:52 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll MOD - [2010-02-20 21:48:44 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2010-02-20 21:48:43 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll MOD - [2010-02-20 21:48:37 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll MOD - [2010-02-20 21:48:36 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2010-02-20 21:48:31 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll MOD - [2010-02-20 21:48:30 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2007-03-18 23:04:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-02-20 21:49:21 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\bxqvnx.dll -- (zidxaw) SRV - [2006-10-31 07:35:00 | 000,155,715 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5) DRV - [2010-02-21 14:44:13 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2010-02-20 21:50:14 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2010-02-20 21:50:09 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2010-02-20 21:49:11 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2010-02-20 21:48:20 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus) DRV - [2010-02-20 21:48:20 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112) DRV - [2008-04-13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2007-01-30 11:57:50 | 004,474,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-11-27 16:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006-11-27 16:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006-10-31 07:35:00 | 003,964,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2006-10-18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-583907252-776561741-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-583907252-776561741-839522115-1003\S-1-5-21-583907252-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2001-10-26 18:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\.DEFAULT..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [nlpo_02] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [nlpo_03] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [nlpo_04] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [nlpo_05] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [nlpo_06] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe File not found O4 - HKU\S-1-5-18..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [nlpo_02] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [nlpo_03] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [nlpo_04] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [nlpo_05] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [nlpo_06] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [nlpo_02] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [nlpo_03] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [nlpo_04] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [nlpo_05] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [nlpo_06] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-19..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe File not found O4 - Startup: C:\Documents and Settings\Kedzior\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-583907252-776561741-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-583907252-776561741-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\S-1-5-21-583907252-776561741-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.7.1.1 8.8.4.4 212.160.234.111 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-02-21 13:40:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-02-20 21:49:21 | 000,095,034 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - E:\autorun.inf.vir -- [ NTFS ] O33 - MountPoints2\{f4f9aec0-1efc-11df-b134-806d6172696f}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-02-21 15:03:51 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: zidxaw - C:\WINDOWS\system32\bxqvnx.dll () [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-21 16:09:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kedzior\Recent [2010-02-21 16:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010-02-21 16:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Malwarebytes [2010-02-21 16:06:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-02-21 16:06:01 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-02-21 16:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-02-21 16:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-02-21 16:00:12 | 000,000,000 | ---D | C] -- C:\_OTL [2010-02-21 15:59:42 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kedzior\Pulpit\mbam-setup.exe [2010-02-21 15:58:49 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kedzior\Pulpit\OTL.exe [2010-02-21 15:56:49 | 003,513,760 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Kedzior\Pulpit\ccsetup228.exe [2010-02-21 15:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-02-21 15:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Moje dokumenty\Simply Super Software [2010-02-21 15:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2010-02-21 15:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Simply Super Software [2010-02-21 15:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2010-02-21 15:43:45 | 009,228,416 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Kedzior\Pulpit\trjsetup681.exe [2010-02-21 15:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Dane aplikacji\Opera [2010-02-21 15:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Opera [2010-02-21 15:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2010-02-21 15:33:25 | 011,724,168 | ---- | C] (Opera Software ASA ) -- C:\Documents and Settings\Kedzior\Pulpit\Opera_1010_in_Setup.exe [2010-02-21 15:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\AIMP2 [2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-pl [2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl [2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\NLDRV [2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic [2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas [2010-02-21 14:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang [2010-02-21 14:42:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM [2010-02-21 14:41:52 | 002,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe [2010-02-21 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2010-02-21 14:41:50 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2010-02-21 14:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010-02-21 14:41:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2010-02-21 14:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview [2010-02-21 14:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2010-02-21 14:38:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2010-02-21 14:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji\InstallShield [2010-02-21 14:34:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer [2010-02-21 14:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC [2010-02-21 14:34:44 | 000,000,000 | R--D | C] -- C:\Program Files [2010-02-21 14:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files [2010-02-21 14:34:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start [2010-02-21 14:34:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty [2010-02-21 14:34:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Szablony [2010-02-21 14:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Ulubione [2010-02-21 14:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Pulpit [2010-02-21 14:32:42 | 000,014,656 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys [2010-02-21 14:32:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2010-02-21 14:32:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot [2010-02-21 14:32:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft [2010-02-21 14:32:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji [2010-02-21 14:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings [2010-02-21 14:32:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010-02-21 14:29:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-02-21 14:27:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\BricoPacks [2010-02-21 14:25:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kedzior\Moje dokumenty\Moje wideo [2010-02-21 14:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Identities [2010-02-21 14:22:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kedzior\Moje dokumenty\Moje obrazy [2010-02-21 14:22:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kedzior\Moje dokumenty\Moja muzyka [2010-02-21 14:22:01 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2010-02-21 14:21:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kedzior\Cookies [2010-02-21 14:21:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-21 14:21:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Microsoft [2010-02-21 14:21:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kedzior\SendTo [2010-02-21 14:21:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji [2010-02-21 14:21:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kedzior\Ulubione [2010-02-21 14:21:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kedzior\Moje dokumenty [2010-02-21 14:21:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kedzior\Menu Start [2010-02-21 14:21:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kedzior\Ustawienia lokalne [2010-02-21 14:21:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kedzior\Szablony [2010-02-21 14:21:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kedzior\PrintHood [2010-02-21 14:21:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kedzior\NetHood [2010-02-21 14:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Pulpit [2010-02-21 14:21:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2010-02-21 14:20:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2010-02-21 14:20:32 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts [2010-02-21 14:20:32 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web [2010-02-21 14:20:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32 [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32 [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\system [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\security [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\java [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076 [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052 [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054 [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1045 [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042 [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041 [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037 [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033 [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031 [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028 [2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025 [2010-02-21 14:20:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010-02-21 14:20:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2010-02-21 14:18:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2010-02-21 14:17:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-21 14:16:49 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate [2010-02-21 14:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Usługi online [2010-02-21 14:16:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX [2010-02-21 14:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services [2010-02-21 14:15:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2010-02-21 14:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2010-02-21 14:15:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst [2010-02-21 14:15:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed [2010-02-21 14:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker [2010-02-21 14:15:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore [2010-02-21 14:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting [2010-02-21 14:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express [2010-02-21 14:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System [2010-02-21 14:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer [2010-02-21 14:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2010-02-21 14:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2010-02-21 14:11:31 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys [2010-02-21 14:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines [2010-02-21 14:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared [2010-02-21 13:56:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss [2010-02-21 13:52:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration [2010-02-21 13:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player [2010-02-21 13:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger [2010-02-21 13:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone [2010-02-21 13:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT [2010-02-21 13:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc [2010-02-21 13:51:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com [2010-02-21 13:42:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2010-02-21 13:41:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-02-21 13:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-21 13:40:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-02-21 13:40:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM [2010-02-21 13:39:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2010-02-21 13:39:59 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages [2010-02-21 13:39:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje obrazy [2010-02-21 13:39:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moja muzyka [2010-02-21 13:39:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo [2010-02-20 21:50:29 | 000,094,832 | ---- | C] (Grupa robocza Twain) -- C:\WINDOWS\twain.dll [2010-02-20 21:50:29 | 000,050,688 | ---- | C] (Grupa robocza Twain) -- C:\WINDOWS\twain_32.dll [2010-02-20 21:48:20 | 000,062,208 | ---- | C] (Silicon Image, Inc.) -- C:\WINDOWS\System32\drivers\si3112.sys [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-02-21 16:23:10 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-02-21 16:23:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-21 16:23:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-21 16:21:31 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Kedzior\NTUSER.DAT [2010-02-21 16:21:26 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Kedzior\ntuser.ini [2010-02-21 16:21:19 | 003,716,130 | -H-- | M] () -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-21 16:08:54 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Kedzior\Pulpit\CCleaner.lnk [2010-02-21 16:08:51 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kedzior\Pulpit\mbam-setup.exe [2010-02-21 16:06:05 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2010-02-21 15:59:08 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kedzior\Pulpit\OTL.exe [2010-02-21 15:57:41 | 003,513,760 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Kedzior\Pulpit\ccsetup228.exe [2010-02-21 15:45:32 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Trojan Remover.lnk [2010-02-21 15:44:57 | 009,228,416 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\Kedzior\Pulpit\trjsetup681.exe [2010-02-21 15:35:28 | 000,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-02-21 15:35:28 | 000,355,830 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-02-21 15:35:28 | 000,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-02-21 15:35:28 | 000,049,712 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-02-21 15:35:28 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-02-21 15:33:47 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2010-02-21 15:33:25 | 011,724,168 | ---- | M] (Opera Software ASA ) -- C:\Documents and Settings\Kedzior\Pulpit\Opera_1010_in_Setup.exe [2010-02-21 15:31:23 | 003,940,701 | ---- | M] () -- C:\Documents and Settings\Kedzior\Pulpit\gfhfg.exe [2010-02-21 15:27:39 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Kedzior\Pulpit\AIMP2 Utilities.lnk [2010-02-21 15:27:39 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Kedzior\Pulpit\AIMP2.lnk [2010-02-21 14:44:13 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys [2010-02-21 14:44:11 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav [2010-02-21 14:44:11 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav [2010-02-21 14:41:14 | 000,000,223 | RHS- | M] () -- C:\boot.ini [2010-02-21 14:29:53 | 000,052,477 | ---- | M] () -- C:\WINDOWS\BricoPackUninst.cmd [2010-02-21 14:29:53 | 000,006,118 | ---- | M] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd [2010-02-21 14:29:52 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-02-21 14:29:39 | 005,760,054 | ---- | M] () -- C:\WINDOWS\BricoPack Wallpaper.bmp [2010-02-21 14:29:29 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\Kedzior\Menu Start\Programy\Autostart\RocketDock.lnk [2010-02-21 14:28:28 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\Kedzior\Pulpit\Vista Inspirat 2 Help.lnk [2010-02-21 14:28:14 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Kedzior\Pulpit\Vista Inspirat 2 Config.lnk [2010-02-21 14:26:51 | 000,000,267 | ---- | M] () -- C:\WINDOWS\system.ini [2010-02-21 14:23:18 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-21 14:21:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-21 14:20:06 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2010-02-21 14:19:54 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-02-21 14:19:02 | 000,012,293 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2010-02-21 14:18:08 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini [2010-02-21 14:18:02 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2010-02-21 14:18:01 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2010-02-21 14:17:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010-02-21 14:17:49 | 000,004,293 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2010-02-21 14:16:56 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2010-02-21 14:16:56 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010-02-21 14:16:53 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010-02-21 14:16:53 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010-02-21 14:16:53 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010-02-21 14:16:53 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010-02-21 14:16:53 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010-02-21 14:16:53 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010-02-21 14:14:17 | 000,021,856 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2010-02-21 14:09:41 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2010-02-21 13:52:18 | 000,234,376 | ---- | M] () -- C:\WINDOWS\setupapi.old [2010-02-21 13:52:09 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini [2010-02-21 13:52:09 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini [2010-02-21 13:40:29 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010-02-21 13:40:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-02-21 13:40:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-02-21 13:40:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini [2010-02-21 13:40:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-02-21 13:40:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-02-20 21:50:56 | 000,009,522 | ---- | M] () -- C:\WINDOWS\Indiański pled.bmp [2010-02-20 21:50:53 | 000,239,616 | ---- | M] () -- C:\WINDOWS\System32\wstrenderer.ax [2010-02-20 21:50:53 | 000,164,352 | ---- | M] () -- C:\WINDOWS\System32\wstpager.ax [2010-02-20 21:50:51 | 000,036,946 | ---- | M] () -- C:\WINDOWS\wmprfPLK.prx [2010-02-20 21:50:48 | 000,063,488 | ---- | M] () -- C:\WINDOWS\System32\wmimgmt.msc [2010-02-20 21:50:44 | 000,028,171 | ---- | M] () -- C:\WINDOWS\System32\winhelp.hlp [2010-02-20 21:50:36 | 001,356,288 | ---- | M] () -- C:\WINDOWS\System32\webfldrs.msi [2010-02-20 21:50:36 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt256.bmp [2010-02-20 21:50:36 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt.bmp [2010-02-20 21:50:36 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\wiasf.ax [2010-02-20 21:50:36 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\win87em.dll [2010-02-20 21:50:35 | 000,937,984 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.sve [2010-02-20 21:50:35 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\wdl.trm [2010-02-20 21:50:34 | 001,309,184 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.deu [2010-02-20 21:50:34 | 001,095,680 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.nld [2010-02-20 21:50:34 | 000,957,440 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.enu [2010-02-20 21:50:34 | 000,867,840 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.ita [2010-02-20 21:50:34 | 000,786,944 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.fra [2010-02-20 21:50:34 | 000,750,080 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.esn [2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.sve [2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.nld [2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.ita [2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.fra [2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.esn [2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.enu [2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.deu [2010-02-20 21:50:33 | 000,001,148 | ---- | M] () -- C:\WINDOWS\System32\vwipxspx.exe [2010-02-20 21:50:32 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\vbicodec.ax [2010-02-20 21:50:32 | 000,018,832 | ---- | M] () -- C:\WINDOWS\System32\v7vga.rom [2010-02-20 21:50:31 | 000,001,225 | ---- | M] () -- C:\WINDOWS\System32\usrlogon.cmd [2010-02-20 21:50:30 | 000,089,588 | ---- | M] () -- C:\WINDOWS\System32\unicode.nls [2010-02-20 21:50:29 | 000,094,832 | ---- | M] (Grupa robocza Twain) -- C:\WINDOWS\twain.dll [2010-02-20 21:50:29 | 000,050,688 | ---- | M] (Grupa robocza Twain) -- C:\WINDOWS\twain_32.dll [2010-02-20 21:50:29 | 000,026,717 | ---- | M] () -- C:\WINDOWS\System32\tslabels.ini [2010-02-20 21:50:29 | 000,015,360 | ---- | M] () -- C:\WINDOWS\System32\tsd32.dll [2010-02-20 21:50:29 | 000,003,286 | ---- | M] () -- C:\WINDOWS\System32\tslabels.h [2010-02-20 21:50:27 | 000,053,478 | ---- | M] () -- C:\WINDOWS\System32\tcpmon.ini [2010-02-20 21:50:27 | 000,000,862 | ---- | M] () -- C:\WINDOWS\System32\termcap [2010-02-20 21:50:26 | 000,003,577 | ---- | M] () -- C:\WINDOWS\System32\sysprtj.sep [2010-02-20 21:50:26 | 000,003,214 | ---- | M] () -- C:\WINDOWS\System32\sysprint.sep [2010-02-20 21:50:25 | 000,093,702 | ---- | M] () -- C:\WINDOWS\System32\subrange.uce [2010-02-20 21:50:23 | 000,050,404 | ---- | M] () -- C:\WINDOWS\System32\sqlsodbc.chm [2010-02-20 21:50:18 | 000,262,148 | ---- | M] () -- C:\WINDOWS\System32\sortkey.nls [2010-02-20 21:50:18 | 000,023,044 | ---- | M] () -- C:\WINDOWS\System32\sorttbls.nls [2010-02-20 21:50:16 | 000,016,740 | ---- | M] () -- C:\WINDOWS\System32\shiftjis.uce [2010-02-20 21:50:15 | 000,240,120 | ---- | M] () -- C:\WINDOWS\System32\setup.bmp [2010-02-20 21:50:15 | 000,033,080 | ---- | M] () -- C:\WINDOWS\System32\services.msc [2010-02-20 21:50:15 | 000,011,859 | ---- | M] () -- C:\WINDOWS\System32\setver.exe [2010-02-20 21:50:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\share.exe [2010-02-20 21:50:14 | 000,035,718 | ---- | M] () -- C:\WINDOWS\System32\secpol.msc [2010-02-20 21:50:14 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\scriptpw.dll [2010-02-20 21:50:14 | 000,007,208 | ---- | M] () -- C:\WINDOWS\System32\secupd.sig [2010-02-20 21:50:14 | 000,004,569 | ---- | M] () -- C:\WINDOWS\System32\secupd.dat [2010-02-20 21:50:13 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\sbe.dll [2010-02-20 21:50:13 | 000,065,832 | ---- | M] () -- C:\WINDOWS\Stiuk z Santa Fe.bmp [2010-02-20 21:50:13 | 000,026,680 | ---- | M] () -- C:\WINDOWS\Wachlarze.bmp [2010-02-20 21:50:12 | 000,043,964 | R--- | M] () -- C:\WINDOWS\System32\rsop.msc [2010-02-20 21:50:12 | 000,016,024 | ---- | M] () -- C:\WINDOWS\System32\rsvp.ini [2010-02-20 21:50:12 | 000,003,334 | ---- | M] () -- C:\WINDOWS\System32\rsaci.rat [2010-02-20 21:50:12 | 000,003,178 | ---- | M] () -- C:\WINDOWS\System32\rsvpcnts.h [2010-02-20 21:50:11 | 000,017,362 | ---- | M] () -- C:\WINDOWS\Rododendron.bmp [2010-02-20 21:50:11 | 000,003,346 | ---- | M] () -- C:\WINDOWS\System32\redir.exe [2010-02-20 21:50:10 | 000,006,074 | ---- | M] () -- C:\WINDOWS\System32\rasctrs.ini [2010-02-20 21:50:10 | 000,001,818 | ---- | M] () -- C:\WINDOWS\System32\rasctrnm.h [2010-02-20 21:50:09 | 000,733,696 | ---- | M] () -- C:\WINDOWS\System32\qedwipes.dll [2010-02-20 21:50:09 | 000,013,819 | ---- | M] () -- C:\WINDOWS\System32\pschdprf.ini [2010-02-20 21:50:09 | 000,003,776 | ---- | M] () -- C:\WINDOWS\System32\pubprn.vbs [2010-02-20 21:50:09 | 000,003,010 | ---- | M] () -- C:\WINDOWS\System32\pschdcnt.h [2010-02-20 21:50:09 | 000,000,359 | ---- | M] () -- C:\WINDOWS\System32\prodspec.ini [2010-02-20 21:50:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\System32\pscript.sep [2010-02-20 21:50:06 | 000,065,954 | ---- | M] () -- C:\WINDOWS\Pod mikroskopem.bmp [2010-02-20 21:50:06 | 000,036,055 | ---- | M] () -- C:\WINDOWS\System32\prncnfg.vbs [2010-02-20 21:50:06 | 000,032,746 | ---- | M] () -- C:\WINDOWS\System32\prnmngr.vbs [2010-02-20 21:50:06 | 000,029,629 | ---- | M] () -- C:\WINDOWS\System32\prnport.vbs [2010-02-20 21:50:06 | 000,025,615 | ---- | M] () -- C:\WINDOWS\System32\prndrvr.vbs [2010-02-20 21:50:06 | 000,021,786 | ---- | M] () -- C:\WINDOWS\System32\prnjobs.vbs [2010-02-20 21:50:06 | 000,016,013 | ---- | M] () -- C:\WINDOWS\System32\prnqctl.vbs [2010-02-20 21:50:05 | 000,313,828 | ---- | M] () -- C:\WINDOWS\System32\perfi015.dat [2010-02-20 21:50:05 | 000,272,128 | ---- | M] () -- C:\WINDOWS\System32\perfi009.dat [2010-02-20 21:50:05 | 000,057,845 | R--- | M] () -- C:\WINDOWS\System32\perfmon.msc [2010-02-20 21:50:05 | 000,002,890 | ---- | M] () -- C:\WINDOWS\System32\perfwci.ini [2010-02-20 21:50:05 | 000,001,950 | ---- | M] () -- C:\WINDOWS\System32\pid.inf [2010-02-20 21:50:05 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\perfwci.h [2010-02-20 21:50:04 | 000,168,167 | ---- | M] () -- C:\WINDOWS\System32\pagefileconfig.vbs [2010-02-20 21:50:04 | 000,034,990 | ---- | M] () -- C:\WINDOWS\System32\perfd015.dat [2010-02-20 21:50:04 | 000,028,626 | ---- | M] () -- C:\WINDOWS\System32\perfd009.dat [2010-02-20 21:50:04 | 000,002,992 | ---- | M] () -- C:\WINDOWS\System32\perfci.ini [2010-02-20 21:50:04 | 000,001,295 | ---- | M] () -- C:\WINDOWS\System32\perffilt.ini [2010-02-20 21:50:04 | 000,000,427 | ---- | M] () -- C:\WINDOWS\System32\perfci.h [2010-02-20 21:50:04 | 000,000,140 | ---- | M] () -- C:\WINDOWS\System32\perffilt.h [2010-02-20 21:50:04 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\pcl.sep [2010-02-20 21:50:02 | 013,107,200 | ---- | M] () -- C:\WINDOWS\System32\oembios.bin [2010-02-20 21:50:02 | 000,006,761 | ---- | M] () -- C:\WINDOWS\System32\oembios.sig [2010-02-20 21:50:02 | 000,004,463 | ---- | M] () -- C:\WINDOWS\System32\oembios.dat [2010-02-20 21:50:00 | 000,004,310 | ---- | M] () -- C:\WINDOWS\System32\odbcconf.rsp [2010-02-20 21:49:59 | 000,032,590 | ---- | M] () -- C:\WINDOWS\System32\ntmsoprq.msc [2010-02-20 21:49:59 | 000,025,906 | ---- | M] () -- C:\WINDOWS\System32\ntmsmgr.msc [2010-02-20 21:49:59 | 000,003,260 | ---- | M] () -- C:\WINDOWS\System32\nw16.exe [2010-02-20 21:49:58 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-02-20 21:49:58 | 000,048,794 | ---- | M] () -- C:\WINDOWS\System32\ntimage.gif [2010-02-20 21:49:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010-02-20 21:49:58 | 000,035,648 | ---- | M] () -- C:\WINDOWS\System32\ntio411.sys [2010-02-20 21:49:58 | 000,035,424 | ---- | M] () -- C:\WINDOWS\System32\ntio412.sys [2010-02-20 21:49:58 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio804.sys [2010-02-20 21:49:58 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio404.sys [2010-02-20 21:49:58 | 000,033,936 | ---- | M] () -- C:\WINDOWS\System32\ntio.sys [2010-02-20 21:49:58 | 000,029,370 | ---- | M] () -- C:\WINDOWS\System32\ntdos411.sys [2010-02-20 21:49:58 | 000,029,274 | ---- | M] () -- C:\WINDOWS\System32\ntdos412.sys [2010-02-20 21:49:58 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\ntdos804.sys [2010-02-20 21:49:58 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\ntdos404.sys [2010-02-20 21:49:58 | 000,027,898 | ---- | M] () -- C:\WINDOWS\System32\ntdos.sys [2010-02-20 21:49:57 | 000,001,696 | ---- | M] () -- C:\WINDOWS\System32\noise.cht [2010-02-20 21:49:57 | 000,001,696 | ---- | M] () -- C:\WINDOWS\System32\noise.chs [2010-02-20 21:49:56 | 000,007,116 | ---- | M] () -- C:\WINDOWS\System32\nlsfunc.exe [2010-02-20 21:49:56 | 000,002,656 | ---- | M] () -- C:\WINDOWS\System32\netware.drv [2010-02-20 21:49:53 | 000,105,758 | ---- | M] () -- C:\WINDOWS\System32\net.hlp [2010-02-20 21:49:48 | 000,355,112 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll [2010-02-20 21:49:46 | 000,094,282 | ---- | M] () -- C:\WINDOWS\System32\msencode.dll [2010-02-20 21:49:46 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\msdmo.dll [2010-02-20 21:49:46 | 000,003,813 | ---- | M] () -- C:\WINDOWS\System32\msdtcprf.ini [2010-02-20 21:49:46 | 000,001,405 | ---- | M] () -- C:\WINDOWS\msdfmap.ini [2010-02-20 21:49:46 | 000,000,768 | ---- | M] () -- C:\WINDOWS\System32\msdtcprf.h [2010-02-20 21:49:45 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\mscdexnt.exe [2010-02-20 21:49:43 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\mpg2splt.ax [2010-02-20 21:49:43 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\mpeg2data.ax [2010-02-20 21:49:43 | 000,020,629 | ---- | M] () -- C:\WINDOWS\System32\mqperf.ini [2010-02-20 21:49:43 | 000,002,755 | ---- | M] () -- C:\WINDOWS\System32\mqprfsym.h [2010-02-20 21:49:41 | 000,001,492 | ---- | M] () -- C:\WINDOWS\System32\mmdriver.inf [2010-02-20 21:49:40 | 000,673,088 | ---- | M] () -- C:\WINDOWS\System32\mlang.dat [2010-02-20 21:49:40 | 000,046,258 | ---- | M] () -- C:\WINDOWS\System32\mib.bin [2010-02-20 21:49:39 | 000,039,434 | ---- | M] () -- C:\WINDOWS\System32\mem.exe [2010-02-20 21:49:36 | 003,881,949 | ---- | M] () -- C:\WINDOWS\System32\logon.scr [2010-02-20 21:49:36 | 000,265,948 | ---- | M] () -- C:\WINDOWS\System32\locale.nls [2010-02-20 21:49:36 | 000,041,851 | ---- | M] () -- C:\WINDOWS\System32\lusrmgr.msc [2010-02-20 21:49:36 | 000,001,168 | ---- | M] () -- C:\WINDOWS\System32\loadfix.com [2010-02-20 21:49:36 | 000,000,507 | ---- | M] () -- C:\WINDOWS\System32\login.cmd [2010-02-20 21:49:22 | 000,012,876 | ---- | M] () -- C:\WINDOWS\System32\korean.uce [2010-02-20 21:49:22 | 000,007,046 | ---- | M] () -- C:\WINDOWS\System32\l_intl.nls [2010-02-20 21:49:22 | 000,000,168 | ---- | M] () -- C:\WINDOWS\System32\l_except.nls [2010-02-20 21:49:21 | 000,168,096 | RHS- | M] () -- C:\WINDOWS\System32\bxqvnx.dll [2010-02-20 21:49:21 | 000,042,809 | ---- | M] () -- C:\WINDOWS\System32\key01.sys [2010-02-20 21:49:21 | 000,042,537 | ---- | M] () -- C:\WINDOWS\System32\keyboard.sys [2010-02-20 21:49:19 | 000,014,913 | ---- | M] () -- C:\WINDOWS\System32\kb16.com [2010-02-20 21:49:19 | 000,008,484 | ---- | M] () -- C:\WINDOWS\System32\kanji_2.uce [2010-02-20 21:49:19 | 000,006,948 | ---- | M] () -- C:\WINDOWS\System32\kanji_1.uce [2010-02-20 21:49:18 | 000,199,168 | ---- | M] () -- C:\WINDOWS\System32\ir32_32.dll [2010-02-20 21:49:17 | 000,956,990 | ---- | M] () -- C:\WINDOWS\System32\instcat.sql [2010-02-20 21:49:13 | 000,060,458 | ---- | M] () -- C:\WINDOWS\System32\ideograf.uce [2010-02-20 21:49:12 | 000,000,929 | ---- | M] () -- C:\WINDOWS\System32\homepage.inf [2010-02-20 21:49:11 | 000,004,976 | ---- | M] () -- C:\WINDOWS\System32\himem.sys [2010-02-20 21:49:10 | 000,026,582 | ---- | M] () -- C:\WINDOWS\Nefryt.bmp [2010-02-20 21:49:10 | 000,021,232 | ---- | M] () -- C:\WINDOWS\System32\graphics.pro [2010-02-20 21:49:09 | 003,440,660 | ---- | M] () -- C:\WINDOWS\System32\drivers\gm.dls [2010-02-20 21:49:09 | 000,034,346 | ---- | M] () -- C:\WINDOWS\System32\gpedit.msc [2010-02-20 21:49:09 | 000,024,772 | ---- | M] () -- C:\WINDOWS\System32\geo.nls [2010-02-20 21:49:09 | 000,024,006 | ---- | M] () -- C:\WINDOWS\System32\gb2312.uce [2010-02-20 21:49:09 | 000,019,806 | ---- | M] () -- C:\WINDOWS\System32\graphics.com [2010-02-20 21:49:09 | 000,017,336 | ---- | M] () -- C:\WINDOWS\Na rybkach.bmp [2010-02-20 21:49:08 | 000,032,422 | ---- | M] () -- C:\WINDOWS\System32\fsmgmt.msc [2010-02-20 21:49:07 | 000,016,730 | ---- | M] () -- C:\WINDOWS\Puch.bmp [2010-02-20 21:49:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\fastopen.exe [2010-02-20 21:49:06 | 001,015,477 | ---- | M] () -- C:\WINDOWS\System32\esentprf.ini [2010-02-20 21:49:06 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\encdec.dll [2010-02-20 21:49:06 | 000,098,434 | ---- | M] () -- C:\WINDOWS\System32\eventquery.vbs [2010-02-20 21:49:06 | 000,056,276 | ---- | M] () -- C:\WINDOWS\System32\eventvwr.msc [2010-02-20 21:49:06 | 000,008,520 | ---- | M] () -- C:\WINDOWS\System32\exe2bin.exe [2010-02-20 21:49:06 | 000,006,708 | ---- | M] () -- C:\WINDOWS\System32\esentprf.hxx [2010-02-20 21:49:06 | 000,000,080 | ---- | M] () -- C:\WINDOWS\explorer.scf [2010-02-20 21:49:05 | 000,218,003 | ---- | M] () -- C:\WINDOWS\System32\dssec.dat [2010-02-20 21:49:05 | 000,127,213 | ---- | M] () -- C:\WINDOWS\System32\ega.cpi [2010-02-20 21:49:05 | 000,070,622 | ---- | M] () -- C:\WINDOWS\System32\edit.com [2010-02-20 21:49:05 | 000,012,866 | ---- | M] () -- C:\WINDOWS\System32\edlin.exe [2010-02-20 21:49:05 | 000,010,853 | ---- | M] () -- C:\WINDOWS\System32\edit.hlp [2010-02-20 21:49:05 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\dsound.vxd [2010-02-20 21:49:03 | 000,157,696 | ---- | M] () -- C:\WINDOWS\System32\paqsp.dll [2010-02-20 21:49:03 | 000,057,856 | ---- | M] () -- C:\WINDOWS\System32\dvdplay.exe [2010-02-20 21:48:56 | 000,053,920 | ---- | M] () -- C:\WINDOWS\System32\dosx.exe [2010-02-20 21:48:55 | 000,033,317 | ---- | M] () -- C:\WINDOWS\System32\diskmgmt.msc [2010-02-20 21:48:54 | 000,041,134 | ---- | M] () -- C:\WINDOWS\System32\dfrg.msc [2010-02-20 21:48:54 | 000,032,721 | ---- | M] () -- C:\WINDOWS\System32\devmgmt.msc [2010-02-20 21:48:54 | 000,020,986 | ---- | M] () -- C:\WINDOWS\System32\debug.exe [2010-02-20 21:48:54 | 000,001,804 | ---- | M] () -- C:\WINDOWS\System32\Dcache.bin [2010-02-20 21:48:53 | 000,008,386 | ---- | M] () -- C:\WINDOWS\System32\ctype.nls [2010-02-20 21:48:52 | 000,037,364 | ---- | M] () -- C:\WINDOWS\System32\compmgmt.msc [2010-02-20 21:48:52 | 000,027,097 | ---- | M] () -- C:\WINDOWS\System32\country.sys [2010-02-20 21:48:44 | 000,253,440 | ---- | M] () -- C:\WINDOWS\System32\compatUI.dll [2010-02-20 21:48:44 | 000,071,424 | ---- | M] () -- C:\WINDOWS\System32\cmmgr32.hlp [2010-02-20 21:48:44 | 000,051,823 | ---- | M] () -- C:\WINDOWS\System32\command.com [2010-02-20 21:48:44 | 000,040,698 | ---- | M] () -- C:\WINDOWS\System32\cmdlib.wsc [2010-02-20 21:48:44 | 000,017,062 | ---- | M] () -- C:\WINDOWS\Kawa.bmp [2010-02-20 21:48:44 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\cmos.ram [2010-02-20 21:48:43 | 000,082,944 | ---- | M] () -- C:\WINDOWS\clock.avi [2010-02-20 21:48:43 | 000,062,125 | ---- | M] () -- C:\WINDOWS\System32\cliconf.chm [2010-02-20 21:48:43 | 000,041,466 | ---- | M] () -- C:\WINDOWS\System32\ciadv.msc [2010-02-20 21:48:43 | 000,000,075 | ---- | M] () -- C:\WINDOWS\System32\Pokaż kanały.scf [2010-02-20 21:48:42 | 000,041,998 | ---- | M] () -- C:\WINDOWS\System32\certmgr.msc [2010-02-20 21:48:41 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_950.nls [2010-02-20 21:48:41 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_949.nls [2010-02-20 21:48:41 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_936.nls [2010-02-20 21:48:41 | 000,162,850 | ---- | M] () -- C:\WINDOWS\System32\c_932.nls [2010-02-20 21:48:41 | 000,139,810 | ---- | M] () -- C:\WINDOWS\System32\c_20261.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_874.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_869.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_866.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_865.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_863.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_861.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_860.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_857.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_855.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_852.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_850.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_775.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_737.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_437.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_875.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_500.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28605.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28603.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28599.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28598.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28597.NLS [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28595.NLS [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28594.NLS [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28593.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28592.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28591.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_21866.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20905.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20866.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20127.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1258.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1257.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1256.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1255.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1254.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1253.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1252.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1251.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1250.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1026.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10082.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10081.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10079.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10029.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10017.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10010.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10007.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10006.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10000.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_037.nls [2010-02-20 21:48:40 | 000,065,978 | ---- | M] () -- C:\WINDOWS\Bąbelki.bmp [2010-02-20 21:48:39 | 000,028,420 | ---- | M] () -- C:\WINDOWS\System32\bios1.rom [2010-02-20 21:48:39 | 000,022,984 | ---- | M] () -- C:\WINDOWS\System32\bopomofo.uce [2010-02-20 21:48:39 | 000,008,191 | ---- | M] () -- C:\WINDOWS\System32\bios4.rom [2010-02-20 21:48:39 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-02-20 21:48:39 | 000,001,272 | ---- | M] () -- C:\WINDOWS\Niebieska koronka 16.bmp [2010-02-20 21:48:31 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\amstream.dll [2010-02-20 21:48:31 | 000,012,594 | ---- | M] () -- C:\WINDOWS\System32\append.exe [2010-02-20 21:48:31 | 000,009,043 | ---- | M] () -- C:\WINDOWS\System32\ansi.sys [2010-02-20 21:48:27 | 000,001,988 | ---- | M] () -- C:\WINDOWS\System32\ticrf.rat [2010-02-20 21:48:20 | 000,062,208 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\System32\drivers\si3112.sys [2010-02-20 21:48:20 | 000,018,870 | ---- | M] () -- C:\WINDOWS\System32\oemlogo.bmp [2010-02-20 21:48:20 | 000,000,082 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini [2010-02-20 21:48:19 | 000,066,384 | ---- | M] () -- C:\WINDOWS\System32\normnfkc.nls [2010-02-20 21:48:19 | 000,060,294 | ---- | M] () -- C:\WINDOWS\System32\normnfkd.nls [2010-02-20 21:48:19 | 000,059,342 | ---- | M] () -- C:\WINDOWS\System32\normidna.nls [2010-02-20 21:48:19 | 000,045,794 | ---- | M] () -- C:\WINDOWS\System32\normnfc.nls [2010-02-20 21:48:19 | 000,039,284 | ---- | M] () -- C:\WINDOWS\System32\normnfd.nls [2010-02-20 21:48:15 | 000,056,700 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf [2010-02-20 21:48:13 | 000,008,798 | ---- | M] () -- C:\WINDOWS\System32\icrav03.rat [2010-02-20 21:48:12 | 000,002,233 | ---- | M] () -- C:\WINDOWS\System32\12520850.cpx [2010-02-20 21:48:12 | 000,002,151 | ---- | M] () -- C:\WINDOWS\System32\12520437.cpx [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-21 16:08:54 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Kedzior\Pulpit\CCleaner.lnk [2010-02-21 16:06:05 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2010-02-21 15:45:32 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Trojan Remover.lnk [2010-02-21 15:45:29 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll [2010-02-21 15:45:29 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll [2010-02-21 15:45:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll [2010-02-21 15:45:29 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll [2010-02-21 15:33:47 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2010-02-21 15:31:23 | 003,940,701 | ---- | C] () -- C:\Documents and Settings\Kedzior\Pulpit\gfhfg.exe [2010-02-21 15:27:39 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Kedzior\Pulpit\AIMP2 Utilities.lnk [2010-02-21 15:27:39 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Kedzior\Pulpit\AIMP2.lnk [2010-02-21 14:44:11 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav [2010-02-21 14:44:11 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav [2010-02-21 14:42:40 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2010-02-21 14:40:49 | 000,081,496 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml [2010-02-21 14:40:19 | 000,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu [2010-02-21 14:38:18 | 000,001,570 | ---- | C] () -- C:\WINDOWS\System32\nvide.nvu [2010-02-21 14:38:03 | 000,003,903 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu [2010-02-21 14:38:03 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2010-02-21 14:34:35 | 000,001,734 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2010-02-21 14:32:24 | 000,234,376 | ---- | C] () -- C:\WINDOWS\setupapi.old [2010-02-21 14:32:01 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-02-21 14:29:53 | 000,052,477 | ---- | C] () -- C:\WINDOWS\BricoPackUninst.cmd [2010-02-21 14:29:52 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\Kedzior\Menu Start\Programy\Autostart\RocketDock.lnk [2010-02-21 14:29:39 | 005,760,054 | ---- | C] () -- C:\WINDOWS\BricoPack Wallpaper.bmp [2010-02-21 14:28:28 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\Kedzior\Pulpit\Vista Inspirat 2 Help.lnk [2010-02-21 14:28:14 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Kedzior\Pulpit\Vista Inspirat 2 Config.lnk [2010-02-21 14:27:37 | 000,006,118 | ---- | C] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd [2010-02-21 14:26:33 | 000,000,223 | RHS- | C] () -- C:\boot.ini [2010-02-21 14:26:30 | 000,012,293 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf [2010-02-21 14:23:00 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-21 14:21:46 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Kedzior\ntuser.ini [2010-02-21 14:21:44 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Kedzior\NTUSER.DAT [2010-02-21 14:20:06 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2010-02-21 14:18:20 | 000,050,105 | ---- | C] () -- C:\WINDOWS\activ.exe [2010-02-21 14:18:02 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb [2010-02-21 14:18:01 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb [2010-02-21 14:17:59 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx [2010-02-21 14:16:56 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2010-02-21 14:16:53 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010-02-21 14:16:53 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2010-02-21 14:16:53 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010-02-21 14:16:53 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010-02-21 14:16:53 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010-02-21 14:16:16 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp [2010-02-21 14:16:16 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp [2010-02-21 14:14:17 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010-02-21 14:13:15 | 000,001,225 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd [2010-02-21 14:13:14 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h [2010-02-21 14:09:41 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF [2010-02-21 14:09:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls [2010-02-21 14:09:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls [2010-02-21 14:09:27 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls [2010-02-21 14:09:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls [2010-02-21 14:09:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS [2010-02-21 14:09:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls [2010-02-21 14:09:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls [2010-02-21 14:09:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls [2010-02-21 14:09:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls [2010-02-21 14:09:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls [2010-02-21 14:09:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS [2010-02-21 14:09:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls [2010-02-21 14:09:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls [2010-02-21 14:09:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls [2010-02-21 14:09:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS [2010-02-21 14:09:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls [2010-02-21 13:51:40 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Indiański pled.bmp [2010-02-21 13:51:39 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Bąbelki.bmp [2010-02-21 13:51:39 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Pod mikroskopem.bmp [2010-02-21 13:51:39 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Stiuk z Santa Fe.bmp [2010-02-21 13:51:39 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Wachlarze.bmp [2010-02-21 13:51:39 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Nefryt.bmp [2010-02-21 13:51:39 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rododendron.bmp [2010-02-21 13:51:39 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Na rybkach.bmp [2010-02-21 13:51:39 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kawa.bmp [2010-02-21 13:51:39 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Puch.bmp [2010-02-21 13:51:39 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Niebieska koronka 16.bmp [2010-02-21 13:51:38 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce [2010-02-21 13:51:38 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce [2010-02-21 13:51:38 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce [2010-02-21 13:51:38 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce [2010-02-21 13:51:38 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce [2010-02-21 13:51:38 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce [2010-02-21 13:51:38 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce [2010-02-21 13:51:38 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce [2010-02-21 13:51:37 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h [2010-02-21 13:51:31 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc [2010-02-21 13:40:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010-02-21 13:40:29 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT [2010-02-21 13:40:29 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2010-02-21 13:40:29 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2010-02-21 13:40:29 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2010-02-21 13:40:29 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2010-02-21 13:39:59 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2010-02-21 13:39:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010-02-20 21:50:53 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax [2010-02-20 21:50:53 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax [2010-02-20 21:50:51 | 000,036,946 | ---- | C] () -- C:\WINDOWS\wmprfPLK.prx [2010-02-20 21:50:44 | 000,028,171 | ---- | C] () -- C:\WINDOWS\System32\winhelp.hlp [2010-02-20 21:50:36 | 001,356,288 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi [2010-02-20 21:50:36 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\wiasf.ax [2010-02-20 21:50:35 | 000,937,984 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.sve [2010-02-20 21:50:35 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\wdl.trm [2010-02-20 21:50:34 | 001,309,184 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.deu [2010-02-20 21:50:34 | 001,095,680 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.nld [2010-02-20 21:50:34 | 000,957,440 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.enu [2010-02-20 21:50:34 | 000,867,840 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.ita [2010-02-20 21:50:34 | 000,786,944 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.fra [2010-02-20 21:50:34 | 000,750,080 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.esn [2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.sve [2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.nld [2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.ita [2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.fra [2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.esn [2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.enu [2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.deu [2010-02-20 21:50:33 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe [2010-02-20 21:50:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax [2010-02-20 21:50:32 | 000,018,832 | ---- | C] () -- C:\WINDOWS\System32\v7vga.rom [2010-02-20 21:50:30 | 000,089,588 | ---- | C] () -- C:\WINDOWS\System32\unicode.nls [2010-02-20 21:50:27 | 000,000,862 | ---- | C] () -- C:\WINDOWS\System32\termcap [2010-02-20 21:50:26 | 000,003,577 | ---- | C] () -- C:\WINDOWS\System32\sysprtj.sep [2010-02-20 21:50:26 | 000,003,214 | ---- | C] () -- C:\WINDOWS\System32\sysprint.sep [2010-02-20 21:50:23 | 000,050,404 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm [2010-02-20 21:50:18 | 000,262,148 | ---- | C] () -- C:\WINDOWS\System32\sortkey.nls [2010-02-20 21:50:18 | 000,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls [2010-02-20 21:50:15 | 000,240,120 | ---- | C] () -- C:\WINDOWS\System32\setup.bmp [2010-02-20 21:50:15 | 000,033,080 | ---- | C] () -- C:\WINDOWS\System32\services.msc [2010-02-20 21:50:15 | 000,011,859 | ---- | C] () -- C:\WINDOWS\System32\setver.exe [2010-02-20 21:50:15 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe [2010-02-20 21:50:14 | 000,035,718 | ---- | C] () -- C:\WINDOWS\System32\secpol.msc [2010-02-20 21:50:14 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig [2010-02-20 21:50:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2010-02-20 21:50:12 | 000,043,964 | R--- | C] () -- C:\WINDOWS\System32\rsop.msc [2010-02-20 21:50:12 | 000,003,334 | ---- | C] () -- C:\WINDOWS\System32\rsaci.rat [2010-02-20 21:50:12 | 000,003,178 | ---- | C] () -- C:\WINDOWS\System32\rsvpcnts.h [2010-02-20 21:50:11 | 000,003,346 | ---- | C] () -- C:\WINDOWS\System32\redir.exe [2010-02-20 21:50:10 | 000,001,818 | ---- | C] () -- C:\WINDOWS\System32\rasctrnm.h [2010-02-20 21:50:09 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\pubprn.vbs [2010-02-20 21:50:09 | 000,003,010 | ---- | C] () -- C:\WINDOWS\System32\pschdcnt.h [2010-02-20 21:50:09 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\pscript.sep [2010-02-20 21:50:06 | 000,036,055 | ---- | C] () -- C:\WINDOWS\System32\prncnfg.vbs [2010-02-20 21:50:06 | 000,032,746 | ---- | C] () -- C:\WINDOWS\System32\prnmngr.vbs [2010-02-20 21:50:06 | 000,029,629 | ---- | C] () -- C:\WINDOWS\System32\prnport.vbs [2010-02-20 21:50:06 | 000,025,615 | ---- | C] () -- C:\WINDOWS\System32\prndrvr.vbs [2010-02-20 21:50:06 | 000,021,786 | ---- | C] () -- C:\WINDOWS\System32\prnjobs.vbs [2010-02-20 21:50:06 | 000,016,013 | ---- | C] () -- C:\WINDOWS\System32\prnqctl.vbs [2010-02-20 21:50:05 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat [2010-02-20 21:50:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2010-02-20 21:50:05 | 000,057,845 | R--- | C] () -- C:\WINDOWS\System32\perfmon.msc [2010-02-20 21:50:05 | 000,001,950 | ---- | C] () -- C:\WINDOWS\System32\pid.inf [2010-02-20 21:50:05 | 000,000,435 | ---- | C] () -- C:\WINDOWS\System32\perfwci.h [2010-02-20 21:50:04 | 000,168,167 | ---- | C] () -- C:\WINDOWS\System32\pagefileconfig.vbs [2010-02-20 21:50:04 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat [2010-02-20 21:50:04 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2010-02-20 21:50:04 | 000,000,427 | ---- | C] () -- C:\WINDOWS\System32\perfci.h [2010-02-20 21:50:04 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\perffilt.h [2010-02-20 21:50:04 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\pcl.sep [2010-02-20 21:50:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2010-02-20 21:50:02 | 000,006,761 | ---- | C] () -- C:\WINDOWS\System32\oembios.sig [2010-02-20 21:50:02 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2010-02-20 21:50:00 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp [2010-02-20 21:49:59 | 000,032,590 | ---- | C] () -- C:\WINDOWS\System32\ntmsoprq.msc [2010-02-20 21:49:59 | 000,025,906 | ---- | C] () -- C:\WINDOWS\System32\ntmsmgr.msc [2010-02-20 21:49:59 | 000,003,260 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe [2010-02-20 21:49:58 | 000,251,152 | RHS- | C] () -- C:\ntldr [2010-02-20 21:49:58 | 000,048,794 | ---- | C] () -- C:\WINDOWS\System32\ntimage.gif [2010-02-20 21:49:58 | 000,047,564 | RHS- | C] () -- C:\NTDETECT.COM [2010-02-20 21:49:57 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.cht [2010-02-20 21:49:57 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.chs [2010-02-20 21:49:56 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe [2010-02-20 21:49:53 | 000,105,758 | ---- | C] () -- C:\WINDOWS\System32\net.hlp [2010-02-20 21:49:45 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe [2010-02-20 21:49:43 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax [2010-02-20 21:49:43 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax [2010-02-20 21:49:43 | 000,002,755 | ---- | C] () -- C:\WINDOWS\System32\mqprfsym.h [2010-02-20 21:49:41 | 000,001,492 | ---- | C] () -- C:\WINDOWS\System32\mmdriver.inf [2010-02-20 21:49:40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2010-02-20 21:49:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2010-02-20 21:49:39 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe [2010-02-20 21:49:36 | 003,881,949 | ---- | C] () -- C:\WINDOWS\System32\logon.scr [2010-02-20 21:49:36 | 000,265,948 | ---- | C] () -- C:\WINDOWS\System32\locale.nls [2010-02-20 21:49:36 | 000,041,851 | ---- | C] () -- C:\WINDOWS\System32\lusrmgr.msc [2010-02-20 21:49:36 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com [2010-02-20 21:49:36 | 000,000,507 | ---- | C] () -- C:\WINDOWS\System32\login.cmd [2010-02-20 21:49:22 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\l_intl.nls [2010-02-20 21:49:22 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\l_except.nls [2010-02-20 21:49:21 | 000,168,096 | RHS- | C] () -- C:\WINDOWS\System32\bxqvnx.dll [2010-02-20 21:49:19 | 000,014,913 | ---- | C] () -- C:\WINDOWS\System32\kb16.com [2010-02-20 21:49:17 | 000,956,990 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql [2010-02-20 21:49:12 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\homepage.inf [2010-02-20 21:49:10 | 000,021,232 | ---- | C] () -- C:\WINDOWS\System32\graphics.pro [2010-02-20 21:49:09 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\gm.dls [2010-02-20 21:49:09 | 000,034,346 | ---- | C] () -- C:\WINDOWS\System32\gpedit.msc [2010-02-20 21:49:09 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\geo.nls [2010-02-20 21:49:09 | 000,019,806 | ---- | C] () -- C:\WINDOWS\System32\graphics.com [2010-02-20 21:49:08 | 000,032,422 | ---- | C] () -- C:\WINDOWS\System32\fsmgmt.msc [2010-02-20 21:49:07 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe [2010-02-20 21:49:06 | 000,098,434 | ---- | C] () -- C:\WINDOWS\System32\eventquery.vbs [2010-02-20 21:49:06 | 000,056,276 | ---- | C] () -- C:\WINDOWS\System32\eventvwr.msc [2010-02-20 21:49:06 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe [2010-02-20 21:49:06 | 000,006,708 | ---- | C] () -- C:\WINDOWS\System32\esentprf.hxx [2010-02-20 21:49:06 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf [2010-02-20 21:49:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2010-02-20 21:49:05 | 000,127,213 | ---- | C] () -- C:\WINDOWS\System32\ega.cpi [2010-02-20 21:49:05 | 000,070,622 | ---- | C] () -- C:\WINDOWS\System32\edit.com [2010-02-20 21:49:05 | 000,012,866 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe [2010-02-20 21:49:05 | 000,010,853 | ---- | C] () -- C:\WINDOWS\System32\edit.hlp [2010-02-20 21:49:05 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\dsound.vxd [2010-02-20 21:48:56 | 000,053,920 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe [2010-02-20 21:48:55 | 000,033,317 | ---- | C] () -- C:\WINDOWS\System32\diskmgmt.msc [2010-02-20 21:48:54 | 000,041,134 | ---- | C] () -- C:\WINDOWS\System32\dfrg.msc [2010-02-20 21:48:54 | 000,032,721 | ---- | C] () -- C:\WINDOWS\System32\devmgmt.msc [2010-02-20 21:48:54 | 000,020,986 | ---- | C] () -- C:\WINDOWS\System32\debug.exe [2010-02-20 21:48:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2010-02-20 21:48:53 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\ctype.nls [2010-02-20 21:48:52 | 000,037,364 | ---- | C] () -- C:\WINDOWS\System32\compmgmt.msc [2010-02-20 21:48:44 | 000,071,424 | ---- | C] () -- C:\WINDOWS\System32\cmmgr32.hlp [2010-02-20 21:48:44 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\command.com [2010-02-20 21:48:44 | 000,040,698 | ---- | C] () -- C:\WINDOWS\System32\cmdlib.wsc [2010-02-20 21:48:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmos.ram [2010-02-20 21:48:43 | 000,082,944 | ---- | C] () -- C:\WINDOWS\clock.avi [2010-02-20 21:48:43 | 000,062,125 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm [2010-02-20 21:48:43 | 000,041,466 | ---- | C] () -- C:\WINDOWS\System32\ciadv.msc [2010-02-20 21:48:43 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\Pokaż kanały.scf [2010-02-20 21:48:42 | 000,041,998 | ---- | C] () -- C:\WINDOWS\System32\certmgr.msc [2010-02-20 21:48:41 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_950.nls [2010-02-20 21:48:41 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_949.nls [2010-02-20 21:48:41 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_936.nls [2010-02-20 21:48:41 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_932.nls [2010-02-20 21:48:41 | 000,139,810 | ---- | C] () -- C:\WINDOWS\System32\c_20261.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_874.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_865.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_863.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_861.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_860.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_850.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_775.nls [2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_437.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_500.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28605.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28598.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28593.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28592.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28591.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21866.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20905.nls [2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20866.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1258.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1257.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1256.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1255.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1254.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1253.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1252.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1251.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1250.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1026.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10079.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10000.nls [2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_037.nls [2010-02-20 21:48:39 | 000,028,420 | ---- | C] () -- C:\WINDOWS\System32\bios1.rom [2010-02-20 21:48:39 | 000,008,191 | ---- | C] () -- C:\WINDOWS\System32\bios4.rom [2010-02-20 21:48:39 | 000,004,952 | RHS- | C] () -- C:\Bootfont.bin [2010-02-20 21:48:31 | 000,012,594 | ---- | C] () -- C:\WINDOWS\System32\append.exe [2010-02-20 21:48:27 | 000,001,988 | ---- | C] () -- C:\WINDOWS\System32\ticrf.rat [2010-02-20 21:48:20 | 000,018,870 | ---- | C] () -- C:\WINDOWS\System32\oemlogo.bmp [2010-02-20 21:48:20 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2010-02-20 21:48:19 | 000,066,384 | ---- | C] () -- C:\WINDOWS\System32\normnfkc.nls [2010-02-20 21:48:19 | 000,060,294 | ---- | C] () -- C:\WINDOWS\System32\normnfkd.nls [2010-02-20 21:48:19 | 000,059,342 | ---- | C] () -- C:\WINDOWS\System32\normidna.nls [2010-02-20 21:48:19 | 000,045,794 | ---- | C] () -- C:\WINDOWS\System32\normnfc.nls [2010-02-20 21:48:19 | 000,039,284 | ---- | C] () -- C:\WINDOWS\System32\normnfd.nls [2010-02-20 21:48:15 | 000,056,700 | ---- | C] () -- C:\WINDOWS\System32\ieuinit.inf [2010-02-20 21:48:13 | 000,008,798 | ---- | C] () -- C:\WINDOWS\System32\icrav03.rat [2010-02-20 21:48:12 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\12520850.cpx [2010-02-20 21:48:12 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\12520437.cpx [2006-10-31 07:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-10-31 07:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-10-31 07:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-10-31 07:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006-10-31 07:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-10-31 07:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006-10-31 07:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [color=#E56717]========== LOP Check ==========[/color] [2010-02-21 15:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software [2010-02-21 15:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-02-21 15:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Opera [2010-02-21 15:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Simply Super Software [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-02-21 13:40:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-02-21 14:41:14 | 000,000,223 | RHS- | M] () -- C:\boot.ini [2010-02-20 21:48:39 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-02-21 13:40:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-02-21 14:42:45 | 000,000,152 | ---- | M] () -- C:\csb.log [2010-02-21 13:40:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-02-21 13:40:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-02-20 21:49:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010-02-20 21:49:58 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-02-21 16:22:59 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2010-02-21 14:42:45 | 000,000,348 | ---- | M] () -- C:\RHDSetup.log [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 < End of report > [/log]
Mateusz J. komentarz 21 lutego 2010 komentarz 21 lutego 2010 Czy nie podpinałeś pendrive po formacie? Z niego prawdopodobnie przenosi się infekcja. Jeśli podpinałeś, to podepnij go ponownie, zrób jego format, uruchom ComboFix i wykonaj z niego loga, następnie wykonaj: http://www.forumpc.pl/index.php?showtopic=107753&st=0&p=752434&#entry752434 (raport na forum).
Ryuga komentarz 21 lutego 2010 Autor komentarz 21 lutego 2010 Nie podpinalem pendriva, ale mam druga partycje, ktora jest zainfekowana. ComboFix jest odrazu blokowany przez wirusa i sie nie odpala. Antywirus dezaktywuje sie samoczynnie, a zapora po kazdym reboocie jest wylaczona. Dodatkowo odblokowuja sie dodatkowe porty, a wszystkie ostrzezenia w windowsie sa wylaczane. Przy probie przeniesienia pliku komputer zwiesza sie.
Mateusz J. komentarz 21 lutego 2010 komentarz 21 lutego 2010 Spróbuj zmienić nazwę ComboFix podczas pobierania (w Trybie Awaryjnym) i wykonać loga.
Ryuga komentarz 21 lutego 2010 Autor komentarz 21 lutego 2010 [log] ComboFix 10-02-21.01 - Kedzior 10-02-21 21:05:54.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2495.2212 [GMT 1:00] Uruchomiony z: c:\documents and settings\Kedzior\Pulpit\fdsfsd.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Alcmtr.exe c:\windows\system32\prnqctl.vbs c:\windows\explorer.exe . . . jest zainfekowany!! . ((((((((((((((((((((((((( Pliki utworzone od 2010-01-21 do 2010-02-21 ))))))))))))))))))))))))))))))) . 2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\windows\system32\xircom 2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\windows\system32\wbem\snmp 2010-02-21 20:09 . 2010-02-21 20:09 -------- d-sh--w- c:\windows\system32\dllcache 2010-02-21 17:40 . 2010-02-21 17:40 96976 ----a-w- c:\windows\system32\drivers\klin.dat 2010-02-21 17:40 . 2010-02-21 17:40 87855 ----a-w- c:\windows\system32\drivers\klick.dat 2010-02-21 17:39 . 2010-02-21 17:43 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-02-21 17:39 . 2010-02-21 17:43 32 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-02-21 17:39 . 2010-02-21 17:39 -------- d-----w- c:\program files\Kaspersky Lab 2010-02-21 17:39 . 2010-02-21 17:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2010-02-21 17:39 . 2009-12-11 17:05 3613560 ----a-w- c:\documents and settings\Kedzior\Dane aplikacji\Simply Super Software\Trojan Remover\fbo4F.exe 2010-02-21 17:38 . 2010-02-21 17:38 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2010-02-21 17:38 . 2010-02-21 17:38 -------- d-----w- c:\program files\NAPI-PROJEKT 2010-02-21 17:34 . 2009-12-11 17:05 3613560 ----a-w- c:\documents and settings\Kedzior\Dane aplikacji\Simply Super Software\Trojan Remover\acu20.exe 2010-02-21 17:19 . 2010-02-21 17:19 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Media Player Classic 2010-02-21 17:16 . 2010-02-21 17:17 -------- d-----w- c:\program files\Satsuki Decoder Pack 2010-02-21 17:13 . 2007-10-23 08:27 180224 ----a-w- c:\documents and settings\Kedzior\Dane aplikacji\U3\temp\cleanup.exe 2010-02-21 17:10 . 2007-10-23 08:22 3424256 ---ha-w- c:\documents and settings\Kedzior\Dane aplikacji\U3\temp\Launchpad Removal.exe 2010-02-21 17:10 . 2010-02-21 18:38 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\U3 2010-02-21 16:54 . 2010-02-21 16:54 604416 ----a-w- c:\windows\system32\TUProgSt.exe 2010-02-21 16:54 . 2009-04-27 13:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll 2010-02-21 16:54 . 2010-02-21 16:54 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2010-02-21 16:54 . 2010-02-21 16:54 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\TuneUp Software 2010-02-21 16:54 . 2010-02-21 16:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TuneUp Software 2010-02-21 16:54 . 2010-02-21 16:54 -------- d-----w- c:\program files\TuneUp Utilities 2009 2010-02-21 16:54 . 2010-02-21 16:54 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357} 2010-02-21 16:47 . 2010-02-21 16:47 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-21 16:47 . 2010-02-21 16:47 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\DAEMON Tools Lite 2010-02-21 16:32 . 2010-02-21 16:32 -------- d-----w- c:\documents and settings\Kedzior\WapSter 2010-02-21 16:32 . 2010-02-21 16:32 -------- d-----w- c:\program files\WapSter 2010-02-21 16:29 . 2010-02-21 16:29 -------- d-----w- c:\program files\soundbase 2010-02-21 16:01 . 2010-02-21 16:03 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Mp3tag 2010-02-21 16:01 . 2010-02-21 16:04 -------- d-----w- c:\program files\Mp3tag 2010-02-21 15:08 . 2010-02-21 15:08 -------- d-----w- c:\program files\CCleaner 2010-02-21 15:06 . 2010-02-21 15:06 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Malwarebytes 2010-02-21 15:06 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-21 15:06 . 2010-02-21 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-21 15:06 . 2010-02-21 15:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2010-02-21 15:06 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-21 15:00 . 2010-02-21 15:24 -------- d-----w- C:\_OTL 2010-02-21 14:45 . 2010-02-21 17:39 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2010-02-21 14:45 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2010-02-21 14:45 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2010-02-21 14:45 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2010-02-21 14:45 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2010-02-21 14:45 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2010-02-21 14:45 . 2010-02-21 14:45 -------- d-----w- c:\program files\Trojan Remover 2010-02-21 14:45 . 2010-02-21 14:45 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Simply Super Software 2010-02-21 14:45 . 2010-02-21 14:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software 2010-02-21 14:33 . 2010-02-21 14:33 -------- d-----w- c:\documents and settings\Kedzior\Ustawienia lokalne\Dane aplikacji\Opera 2010-02-21 14:33 . 2010-02-21 14:33 -------- d-----w- c:\program files\Opera 2010-02-21 14:27 . 2010-02-21 19:39 -------- d-----w- c:\program files\AIMP2 2010-02-21 14:02 . 2010-02-21 14:06 -------- d-----w- c:\windows\L2Schemas 2010-02-21 14:02 . 2010-02-21 14:06 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-02-21 14:02 . 2010-02-21 14:05 -------- d-----w- c:\windows\system32\pl 2010-02-21 14:02 . 2010-02-21 14:02 -------- d-----w- c:\windows\NLDRV 2010-02-21 14:02 . 2010-02-21 13:13 -------- d-----w- c:\windows\system32\pl-pl . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\program files\microsoft frontpage 2010-02-21 17:43 . 2010-02-21 17:39 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-02-21 17:43 . 2010-02-21 17:39 32 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-02-21 16:57 . 2001-10-26 18:15 49712 ----a-w- c:\windows\system32\perfc015.dat 2010-02-21 16:57 . 2001-10-26 18:15 355830 ----a-w- c:\windows\system32\perfh015.dat 2010-02-21 15:46 . 2010-02-21 13:17 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-02-21 13:44 . 2010-02-21 13:32 14656 ----a-w- c:\windows\gdrv.sys 2010-02-21 13:41 . 2010-02-21 13:41 -------- d-----w- c:\program files\Realtek 2010-02-21 13:41 . 2010-02-21 13:41 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-21 13:41 . 2010-02-21 13:41 315392 ----a-w- c:\windows\HideWin.exe 2010-02-21 13:41 . 2010-02-21 13:41 -------- d-----w- c:\program files\DIFX 2010-02-21 13:39 . 2010-02-21 13:39 -------- d-----w- c:\program files\Common Files\InstallShield 2010-02-21 13:37 . 2010-02-21 13:37 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\InstallShield 2010-02-21 13:29 . 2010-02-21 13:29 52477 ----a-w- c:\windows\BricoPackUninst.cmd 2010-02-21 13:29 . 2010-02-21 13:27 6118 ----a-w- c:\windows\BricoPackFoldersDelete.cmd 2010-02-21 13:29 . 2010-02-20 20:48 219648 ----a-w- c:\windows\system32\uxtheme.dll 2010-02-21 13:29 . 2010-02-21 13:29 12328 ----a-w- c:\documents and settings\Kedzior\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-02-21 13:25 . 2010-02-21 13:13 -------- d-----w- c:\program files\Windows Media Connect 2 2010-02-21 13:16 . 2010-02-21 13:16 -------- d-----w- c:\program files\Usługi online 2010-02-21 13:14 . 2010-02-21 13:14 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-21 12:45 . 2010-02-21 12:45 12328 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-02-20 20:49 . 2010-02-21 13:08 1088840 ----a-r- c:\windows\SET5F.tmp 2010-02-20 20:48 . 2010-02-20 20:48 9216 ----a-w- c:\windows\system32\dot3dlg.dll 2010-02-01 01:49 . 2010-02-01 01:49 85504 ----a-w- c:\windows\system32\ff_vfw.dll . ------- Sigcheck ------- Błąd usług kryptograficznych !! . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2009-11-17 6807552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1699840] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlpo_01"="md" [X] "nlpo_03"="md" [X] "nlpo_04"="move" [X] "nltide_2"="shell32" [X] "nlpo_02"="advpack.dll" [2010-02-20 124928] "nlpo_05"="advpack.dll" [2010-02-20 124928] "nlpo_06"="advpack.dll" [2010-02-20 124928] "nltide_3"="advpack.dll" [2010-02-20 124928] c:\documents and settings\Kedzior\Menu Start\Programy\Autostart\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 847872] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\Program Files\\McDC++\\McDCPlusPlus.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "d:\\DC++\\Programy\\Wyglad Vista\\pack-vista-inspirat-2-1.0.exe"= "c:\\WINDOWS\\RTHDCPL.EXE"= "c:\\WINDOWS\\BricoPacks\\Vista Inspirat 2\\RocketDock\\RocketDock.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\TuneUp Utilities 2009\\OneClickStarter.exe"= "c:\\Documents and Settings\\Kedzior\\Pulpit\\OTL.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= "c:\\WINDOWS\\system32\\nwiz.exe"= "c:\\Program Files\\TuneUp Utilities 2009\\RegistryCleaner.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"= "c:\\Program Files\\Opera\\opera.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "55224:TCP"= 55224:TCP:122.168.114.201/255.255.255.255:Disabled:wkcouiouiouio R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [08-01-29 17:29 32784] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-02-21 17:47 721904] R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\jnjlqn.sys --> c:\windows\system32\drivers\jnjlqn.sys [?] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [08-03-13 18:02 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [08-04-30 17:06 24592] S2 zidxaw;Universal Time;c:\windows\system32\svchost.exe -k netsvcs [10-02-20 21:50 14336] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp zidxaw . Zawartość folderu 'Zaplanowane zadania' 2010-02-21 c:\windows\Tasks\Konserwacja 1 kliknięciem.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 14:59] . . ------- Skan uzupełniający ------- . uStart Page = about:blank . - - - - USUNIĘTO PUSTE WPISY - - - - HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-21 21:10 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spzg.sys >>UNKNOWN [0x8A690938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28 \Driver\ACPI -> ACPI.sys @ 0xba665cb8 \Driver\atapi -> atapi.sys @ 0xba5fab40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2 ParseProcedure -> ntkrnlpa.exe @ 0x80577c04 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2 ParseProcedure -> ntkrnlpa.exe @ 0x80577c04 NDIS: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba4d0bd4 PacketIndicateHandler -> NDIS.sys @ 0xba4dca21 SendHandler -> NDIS.sys @ 0xba4d0d44 user & kernel MBR OK ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(1160) c:\windows\system32\scecli.dll - - - - - - - > 'explorer.exe'(1356) c:\windows\system32\SHDOCVW.dll c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll c:\windows\system32\ntshrui.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\System32\TUProgSt.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE . ************************************************************************** . Czas ukończenia: 2010-02-21 21:12:28 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-02-21 20:12 Przed: 33 345 200 128 bajtów wolnych Po: 33 335 595 008 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - A87A75787D8A33EFA53E3C67AF2DC0CF [/log]
Mateusz J. komentarz 21 lutego 2010 komentarz 21 lutego 2010 Do notatnika wklje: [code]File:: c:\windows\system32\drivers\jnjlqn.sys Driver:: abp470n5 zidxaw Registry:: [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlpo_01"=- "nlpo_03"=- "nlpo_04"=- "nltide_2"=- "nlpo_02"=- "nlpo_05"=- "nlpo_06"=- "nltide_3"=- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=- "DisableRegistryTools"=-[/code]W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą[b] CFScript.txt[/b] i zapisz go w tym katalogu co ściągnięty i zapisany został [b]combofix[/b] Na ikonę [b]ComboFix[/b] przeciągasz zrobiony plik [b]CFScript.txt[/b] Tak jak na obrazku: [img]http://img212.imageshack.us/img212/740/cfscript10uc2su5.gif[/img] Rozpocznie się usuwanie [b]i powstanie log , który pokazujesz na forum.[/b] Następnie spróbuj odpalić http://www.freedrweb.com/cureit/
Ryuga komentarz 21 lutego 2010 Autor komentarz 21 lutego 2010 (edytowane) [log]ComboFix 10-02-21.02 - Kedzior 10-02-21 21:30:22.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2495.2203 [GMT 1:00] Uruchomiony z: c:\documents and settings\Kedzior\Pulpit\dsdfsd.exe Użyto następujących komend :: c:\documents and settings\Kedzior\Pulpit\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FILE :: "c:\windows\system32\drivers\jnjlqn.sys" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\explorer.exe . . . jest zainfekowany!! . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ABP470N5 -------\Legacy_ZIDXAW -------\Service_abp470n5 -------\Service_zidxaw ((((((((((((((((((((((((( Pliki utworzone od 2010-01-21 do 2010-02-21 ))))))))))))))))))))))))))))))) . 2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\windows\system32\xircom 2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\windows\system32\wbem\snmp 2010-02-21 20:09 . 2010-02-21 20:09 -------- d-sh--w- c:\windows\system32\dllcache 2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\program files\microsoft frontpage 2010-02-21 17:40 . 2010-02-21 17:40 96976 ----a-w- c:\windows\system32\drivers\klin.dat 2010-02-21 17:40 . 2010-02-21 17:40 87855 ----a-w- c:\windows\system32\drivers\klick.dat 2010-02-21 17:39 . 2010-02-21 17:43 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-02-21 17:39 . 2010-02-21 17:43 32 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-02-21 17:39 . 2010-02-21 17:39 -------- d-----w- c:\program files\Kaspersky Lab 2010-02-21 17:39 . 2010-02-21 17:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2010-02-21 17:39 . 2009-12-11 17:05 3613560 ----a-w- c:\documents and settings\Kedzior\Dane aplikacji\Simply Super Software\Trojan Remover\fbo4F.exe 2010-02-21 17:38 . 2010-02-21 17:38 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2010-02-21 17:38 . 2010-02-21 17:38 -------- d-----w- c:\program files\NAPI-PROJEKT 2010-02-21 17:34 . 2009-12-11 17:05 3613560 ----a-w- c:\documents and settings\Kedzior\Dane aplikacji\Simply Super Software\Trojan Remover\acu20.exe 2010-02-21 17:19 . 2010-02-21 17:19 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Media Player Classic 2010-02-21 17:16 . 2010-02-21 17:17 -------- d-----w- c:\program files\Satsuki Decoder Pack 2010-02-21 17:13 . 2007-10-23 08:27 180224 ----a-w- c:\documents and settings\Kedzior\Dane aplikacji\U3\temp\cleanup.exe 2010-02-21 17:10 . 2007-10-23 08:22 3424256 ---ha-w- c:\documents and settings\Kedzior\Dane aplikacji\U3\temp\Launchpad Removal.exe 2010-02-21 17:10 . 2010-02-21 18:38 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\U3 2010-02-21 16:54 . 2010-02-21 16:54 604416 ----a-w- c:\windows\system32\TUProgSt.exe 2010-02-21 16:54 . 2009-04-27 13:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll 2010-02-21 16:54 . 2010-02-21 16:54 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2010-02-21 16:54 . 2010-02-21 16:54 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\TuneUp Software 2010-02-21 16:54 . 2010-02-21 16:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TuneUp Software 2010-02-21 16:54 . 2010-02-21 16:54 -------- d-----w- c:\program files\TuneUp Utilities 2009 2010-02-21 16:54 . 2010-02-21 16:54 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357} 2010-02-21 16:47 . 2010-02-21 16:47 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-21 16:47 . 2010-02-21 16:47 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\DAEMON Tools Lite 2010-02-21 16:32 . 2010-02-21 16:32 -------- d-----w- c:\documents and settings\Kedzior\WapSter 2010-02-21 16:32 . 2010-02-21 16:32 -------- d-----w- c:\program files\WapSter 2010-02-21 16:29 . 2010-02-21 16:29 -------- d-----w- c:\program files\soundbase 2010-02-21 16:01 . 2010-02-21 16:03 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Mp3tag 2010-02-21 16:01 . 2010-02-21 16:04 -------- d-----w- c:\program files\Mp3tag 2010-02-21 15:08 . 2010-02-21 15:08 -------- d-----w- c:\program files\CCleaner 2010-02-21 15:06 . 2010-02-21 15:06 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Malwarebytes 2010-02-21 15:06 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-21 15:06 . 2010-02-21 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-21 15:06 . 2010-02-21 15:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2010-02-21 15:06 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-21 15:00 . 2010-02-21 15:24 -------- d-----w- C:\_OTL 2010-02-21 14:45 . 2010-02-21 17:39 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2010-02-21 14:45 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2010-02-21 14:45 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2010-02-21 14:45 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2010-02-21 14:45 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2010-02-21 14:45 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2010-02-21 14:45 . 2010-02-21 14:45 -------- d-----w- c:\program files\Trojan Remover 2010-02-21 14:45 . 2010-02-21 14:45 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Simply Super Software 2010-02-21 14:45 . 2010-02-21 14:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software 2010-02-21 14:33 . 2010-02-21 14:33 -------- d-----w- c:\documents and settings\Kedzior\Ustawienia lokalne\Dane aplikacji\Opera 2010-02-21 14:33 . 2010-02-21 14:33 -------- d-----w- c:\program files\Opera 2010-02-21 14:27 . 2010-02-21 19:39 -------- d-----w- c:\program files\AIMP2 2010-02-21 14:02 . 2010-02-21 14:06 -------- d-----w- c:\windows\L2Schemas 2010-02-21 14:02 . 2010-02-21 14:06 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-02-21 14:02 . 2010-02-21 14:05 -------- d-----w- c:\windows\system32\pl 2010-02-21 14:02 . 2010-02-21 14:02 -------- d-----w- c:\windows\NLDRV 2010-02-21 14:02 . 2010-02-21 13:13 -------- d-----w- c:\windows\system32\pl-pl . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-21 17:43 . 2010-02-21 17:39 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-02-21 17:43 . 2010-02-21 17:39 32 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-02-21 16:57 . 2001-10-26 18:15 49712 ----a-w- c:\windows\system32\perfc015.dat 2010-02-21 16:57 . 2001-10-26 18:15 355830 ----a-w- c:\windows\system32\perfh015.dat 2010-02-21 15:46 . 2010-02-21 13:17 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-02-21 13:44 . 2010-02-21 13:32 14656 ----a-w- c:\windows\gdrv.sys 2010-02-21 13:41 . 2010-02-21 13:41 -------- d-----w- c:\program files\Realtek 2010-02-21 13:41 . 2010-02-21 13:41 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-21 13:41 . 2010-02-21 13:41 315392 ----a-w- c:\windows\HideWin.exe 2010-02-21 13:41 . 2010-02-21 13:41 -------- d-----w- c:\program files\DIFX 2010-02-21 13:39 . 2010-02-21 13:39 -------- d-----w- c:\program files\Common Files\InstallShield 2010-02-21 13:37 . 2010-02-21 13:37 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\InstallShield 2010-02-21 13:29 . 2010-02-21 13:29 52477 ----a-w- c:\windows\BricoPackUninst.cmd 2010-02-21 13:29 . 2010-02-21 13:27 6118 ----a-w- c:\windows\BricoPackFoldersDelete.cmd 2010-02-21 13:29 . 2010-02-20 20:48 219648 ----a-w- c:\windows\system32\uxtheme.dll 2010-02-21 13:29 . 2010-02-21 13:29 12328 ----a-w- c:\documents and settings\Kedzior\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-02-21 13:25 . 2010-02-21 13:13 -------- d-----w- c:\program files\Windows Media Connect 2 2010-02-21 13:16 . 2010-02-21 13:16 -------- d-----w- c:\program files\Usługi online 2010-02-21 13:14 . 2010-02-21 13:14 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-21 12:45 . 2010-02-21 12:45 12328 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-02-20 20:49 . 2010-02-21 13:08 1088840 ----a-r- c:\windows\SET5F.tmp 2010-02-20 20:48 . 2010-02-20 20:48 9216 ----a-w- c:\windows\system32\dot3dlg.dll 2010-02-01 01:49 . 2010-02-01 01:49 85504 ----a-w- c:\windows\system32\ff_vfw.dll . ------- Sigcheck ------- [-] 2010-02-20 . 8E036EEC565910417EA020CE0962AA24 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\5cb56d26ae277f6fc62b86faa15488d1\sp3qfe\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\5cb56d26ae277f6fc62b86faa15488d1\sp3gdr\tcpip.sys [-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe [7] 2010-02-20 . 8B994BB807C03EFE52561B832204D8BA . 3591680 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\0c6fcf2c02c2e088ad7560eed06e2b95\backup\sp3gdr\mshtml.dll [7] 2010-02-20 . 8B994BB807C03EFE52561B832204D8BA . 3591680 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\0c6fcf2c02c2e088ad7560eed06e2b95\backup\sp3qfe\mshtml.dll [-] 2010-02-20 . 40F20BCFBC845AA1DCADD9DDDC148898 . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\mshtml.dll [7] 2008-03-01 . B119ED057CDCB0EA1C9235CE8AE66885 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll [7] 2010-02-20 . ACB31B4ED243D4DFFA5268F4AD2B0D6F . 826368 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\0c6fcf2c02c2e088ad7560eed06e2b95\backup\sp3gdr\wininet.dll [7] 2010-02-20 . ACB31B4ED243D4DFFA5268F4AD2B0D6F . 826368 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\0c6fcf2c02c2e088ad7560eed06e2b95\backup\sp3qfe\wininet.dll [-] 2010-02-20 . C18CC1B019BA1082F6925FD603993777 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\wininet.dll [7] 2008-03-01 . B1DB24042F335198EAD97AAA675B1078 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll [-] 2010-02-20 . 089EF4AFEA4A13AC4EBDAF3C5F332267 . 1206784 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2010-02-20 . 5279BA2254BEDE571D2FABB4D8C11523 . 89088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe . ((((((((((((((((((((((((((((( SnapShot@2010-02-21_20.10.01 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-21 20:34 . 2010-02-21 20:34 16384 c:\windows\system32\config\systemprofile\Ustawienia lokalne\temp\Perflib_Perfdata_dd8.dat + 2010-02-21 20:33 . 2010-02-21 20:33 16384 c:\windows\system32\config\systemprofile\Ustawienia lokalne\temp\Perflib_Perfdata_cc8.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2009-11-17 6807552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1699840] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984] c:\documents and settings\Kedzior\Menu Start\Programy\Autostart\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 847872] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\Program Files\\McDC++\\McDCPlusPlus.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "d:\\DC++\\Programy\\Wyglad Vista\\pack-vista-inspirat-2-1.0.exe"= "c:\\WINDOWS\\RTHDCPL.EXE"= "c:\\WINDOWS\\BricoPacks\\Vista Inspirat 2\\RocketDock\\RocketDock.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\TuneUp Utilities 2009\\OneClickStarter.exe"= "c:\\Documents and Settings\\Kedzior\\Pulpit\\OTL.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= "c:\\WINDOWS\\system32\\nwiz.exe"= "c:\\Program Files\\TuneUp Utilities 2009\\RegistryCleaner.exe"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"= "c:\\Program Files\\Opera\\opera.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "55224:TCP"= 55224:TCP:122.168.114.201/255.255.255.255:Disabled:wkcouiouiouio "7095:TCP"= 7095:TCP:wkcsrwrp R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [08-01-29 17:29 32784] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-02-21 17:47 721904] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [08-03-13 18:02 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [08-04-30 17:06 24592] S2 fgluhsi;Installer Config;c:\windows\system32\svchost.exe -k netsvcs [10-02-20 21:50 14336] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - ABP470N5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp fgluhsi . Zawartość folderu 'Zaplanowane zadania' 2010-02-21 c:\windows\Tasks\Konserwacja 1 kliknięciem.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 14:59] . . ------- Skan uzupełniający ------- . uStart Page = about:blank . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-21 21:35 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spmr.sys >>UNKNOWN [0x8A68F938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28 \Driver\ACPI -> ACPI.sys @ 0xba665cb8 \Driver\atapi -> atapi.sys @ 0xba5fab40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2 ParseProcedure -> ntkrnlpa.exe @ 0x80577c04 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2 ParseProcedure -> ntkrnlpa.exe @ 0x80577c04 NDIS: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba4d0bd4 PacketIndicateHandler -> NDIS.sys @ 0xba4dca21 SendHandler -> NDIS.sys @ 0xba4d0d44 user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fgluhsi] "ServiceDll"="c:\windows\system32\bxqvnx.dll" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'lsass.exe'(1148) c:\windows\system32\scecli.dll - - - - - - - > 'explorer.exe'(452) c:\windows\system32\SHDOCVW.dll c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll c:\windows\system32\ntshrui.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\System32\TUProgSt.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE . ************************************************************************** . Czas ukończenia: 2010-02-21 21:36:59 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-02-21 20:36 ComboFix2.txt 2010-02-21 20:12 Przed: 35 209 027 584 bajtów wolnych Po: 35 131 740 160 bajtów wolnych - - End Of File - - 4A4586D62701C317C4DE37E0954D1AC5[/log] Niestety ze strona sie nie polacze, poniewaz skutecznie zostala zablokowana. Bede probowal pobrac z innego zrodla.
Mateusz J. komentarz 21 lutego 2010 komentarz 21 lutego 2010 Spróbuj w Trybie awaryjnym. Masz poważną infekcje, jak widać zostały zarażone pliki .exe.
Ryuga komentarz 22 lutego 2010 Autor komentarz 22 lutego 2010 Caly dysk poddalem formatowi. Stracilem sra ilosc plikow, dlatego dalsza walka byla bez sensu. Najistotniejsze zdolalem uchronic. Na chwile obecna jestem posiadaczem Linux'a, wiec problem nie powinien sie powtorzyc. Dziekuje za pomoc.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.