x-kom hosting

Wylaczony rejestr

Ryuga
utworzono
utworzono

[log]
OTL logfile created on: 2010-02-21 12:32:48 - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\KedzioR\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 19,55 Gb Free Space | 52,48% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 5,74 Gb Free Space | 14,69% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 6,53 Gb Free Space | 4,38% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name:
Current User Name:
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-02-21 12:31:50 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\KedzioR\Ustawienia lokalne\temp\winihdrv.exe
PRC - [2010-02-21 11:55:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KedzioR\Pulpit\OTL.exe
PRC - [2009-11-20 19:01:18 | 000,910,120 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009-08-17 02:03:00 | 000,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009-06-03 11:58:50 | 000,319,192 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe
PRC - [2008-04-14 21:51:18 | 000,977,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-08-09 08:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-02-21 11:55:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KedzioR\Pulpit\OTL.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-02-04 20:23:06 | 000,361,216 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009-11-16 10:39:10 | 000,146,432 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009-08-17 02:03:00 | 000,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2009-07-14 20:19:00 | 003,280,192 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009-06-03 11:58:50 | 000,319,192 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (xxzqcrl)
SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (vhvpvnnwp)
SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (lzemwxxsw)
SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (fwoxxshbh)
SRV - [2007-08-09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006-10-26 23:47:54 | 000,135,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006-10-26 18:49:34 | 000,518,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 13:03:08 | 000,223,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | Disabled | Running] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)
DRV - [2009-08-16 23:57:00 | 007,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-08-11 15:02:11 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-08-11 14:19:07 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009-06-03 11:58:54 | 001,006,296 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed)
DRV - [2009-04-23 10:15:06 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-04-13 21:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008-04-13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007-01-30 11:57:50 | 004,474,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-11-27 15:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-11-27 15:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-10-18 15:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006-06-18 22:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006-04-13 01:04:39 | 000,049,664 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006-04-13 01:04:39 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006-04-13 01:04:39 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005-10-27 13:34:06 | 000,390,849 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2001-08-18 00:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://kingsage.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaultthis.engineName: "FarmView Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465202&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "FarmView Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2465202&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {aaca570e-e990-4b4d-ad93-140243de4c85}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-19 08:56:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-19 08:56:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009-08-11 15:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Extensions
[2010-02-18 10:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\extensions
[2010-01-08 22:51:26 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010-02-12 15:07:11 | 000,000,000 | ---D | M] (FarmView Toolbar) -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\extensions\{aaca570e-e990-4b4d-ad93-140243de4c85}
[2010-01-08 22:51:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-01-23 12:06:02 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009-08-15 01:13:24 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\searchplugins\ask.xml
[2010-01-20 12:16:28 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\KedzioR\Dane aplikacji\Mozilla\Firefox\Profiles\ab31nia1.default\searchplugins\conduit.xml
[2010-02-18 10:55:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-05-20 00:49:50 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009-05-27 15:41:50 | 000,069,632 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009-12-22 04:48:34 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-12-22 04:48:34 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-12-22 04:48:34 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-12-22 04:48:34 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-12-22 04:48:34 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-12-22 04:48:34 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2009-09-27 19:20:14 | 000,003,744 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 89.149.200.219 l2authd.lineage2.com
O1 - Hosts: 89.149.200.219 l2testauthd.lineage2.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE (Vimicro)
O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - Startup: C:\Documents and Settings\KedzioR\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\KedzioR\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\KedzioR\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-08-11 13:17:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - C:\autorun.inf.vir -- [ NTFS ]
O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - D:\autorun.inf.vir -- [ NTFS ]
O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - E:\autorun.inf.vir -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-08-11 15:03:13 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: dgsotns - File not found
NetSvcs: vhvpvnnwp - C:\WINDOWS\system32\exbaynvk.dll ()
NetSvcs: lzemwxxsw - C:\WINDOWS\system32\exbaynvk.dll ()
NetSvcs: deywl - File not found
NetSvcs: xxzqcrl - C:\WINDOWS\system32\exbaynvk.dll ()
NetSvcs: fwoxxshbh - C:\WINDOWS\system32\exbaynvk.dll ()

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-02-21 12:27:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-02-21 12:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
[2010-02-21 11:55:22 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\KedzioR\Pulpit\OTL.exe
[2010-02-21 00:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-02-21 00:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KedzioR\Moje dokumenty\Simply Super Software
[2010-02-21 00:05:47 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010-02-21 00:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010-02-21 00:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KedzioR\Dane aplikacji\Simply Super Software
[2010-02-21 00:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
[2010-02-21 00:05:03 | 009,228,416 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\KedzioR\Pulpit\trjsetup681.exe
[2010-02-20 16:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KedzioR\Pulpit\Satsuki.Decoder.Pack-4.3.0.4
[2010-02-13 11:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KedzioR\Pulpit\DenDenMushi
[2010-02-08 19:47:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\KedzioR\Moje dokumenty\Moje źródła danych
[2010-02-05 15:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2010-02-05 08:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Symantec
[2010-02-04 20:23:06 | 000,361,216 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010-02-04 19:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton
[2010-02-04 19:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller
[2010-02-03 16:22:13 | 001,006,296 | ---- | C] (cFos Software GmbH) -- C:\WINDOWS\System32\drivers\cfosspeed.sys
[2010-02-03 16:22:13 | 000,288,472 | ---- | C] (cFos Software GmbH) -- C:\WINDOWS\System32\cfosspeed.dll
[2010-02-03 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\cFosSpeed
[2010-01-24 08:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2010-01-23 22:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\KedzioR\Moje dokumenty\Ewka
[2009-10-04 01:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET
[2009-08-11 13:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-08-11 13:17:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-08-11 13:17:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-02-21 12:27:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-21 12:24:59 | 000,000,289 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-21 12:19:22 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Konserwacja 1 kliknięciem.job
[2010-02-21 12:19:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-21 12:18:29 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\KedzioR\NTUSER.DAT
[2010-02-21 12:18:29 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\KedzioR\ntuser.ini
[2010-02-21 11:55:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\KedzioR\Pulpit\OTL.exe
[2010-02-21 00:53:20 | 000,141,824 | ---- | M] () -- C:\Documents and Settings\KedzioR\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-21 00:11:31 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-02-21 00:05:25 | 009,228,416 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\KedzioR\Pulpit\trjsetup681.exe
[2010-02-20 23:58:43 | 000,000,292 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\fix.reg
[2010-02-20 23:52:29 | 000,013,311 | ---- | M] () -- C:\Documents and Settings\KedzioR\Moje dokumenty\Plan lekcji.docx
[2010-02-20 16:39:45 | 003,701,180 | -H-- | M] () -- C:\Documents and Settings\KedzioR\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-20 14:19:19 | 012,249,107 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\Satsuki.Decoder.Pack-4.3.0.4.zip
[2010-02-19 21:01:26 | 000,000,053 | ---- | M] () -- C:\autorun.inf.vir
[2010-02-16 22:20:55 | 003,196,583 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\kacezet & dreadsquad - czego ona chce .mp3
[2010-02-16 00:55:57 | 000,000,873 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-02-15 23:50:50 | 000,011,134 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\Impreza.xlsx
[2010-02-15 15:55:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-13 11:59:42 | 000,405,409 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\DenDenMushi.rar
[2010-02-13 10:26:17 | 012,648,395 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\01. Beautiful World.mp3
[2010-02-13 09:03:18 | 000,013,929 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\FarmVille.xlsx
[2010-02-12 16:54:59 | 006,958,195 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\pmm_feat.ostr-daj_mi_bit.mp3
[2010-02-11 15:02:59 | 008,369,072 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\Dams - Znajdź w sobie to (prod.AdiPrw).mp3
[2010-02-10 17:34:12 | 000,000,040 | ---- | M] () -- C:\Session.xml
[2010-02-05 07:56:09 | 009,505,565 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\WFD_Wuwua_MLODYGRZECH_RMX.mp3
[2010-02-04 20:23:06 | 000,361,216 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010-02-01 02:49:18 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-01-27 15:09:59 | 007,544,395 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\DamS - Wiem więcej.mp3
[2010-01-24 08:43:54 | 000,001,056 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010-01-24 06:52:15 | 000,010,641 | ---- | M] () -- C:\Documents and Settings\KedzioR\Pulpit\Ataki KingsAge.xlsx
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-02-21 12:19:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-02-21 00:05:47 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010-02-21 00:05:47 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010-02-21 00:05:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010-02-21 00:05:47 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010-02-20 23:58:43 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\fix.reg
[2010-02-20 14:16:20 | 012,249,107 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\Satsuki.Decoder.Pack-4.3.0.4.zip
[2010-02-16 22:18:18 | 003,196,583 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\kacezet & dreadsquad - czego ona chce .mp3
[2010-02-15 16:55:53 | 000,000,053 | ---- | C] () -- C:\autorun.inf.vir
[2010-02-13 11:59:41 | 000,405,409 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\DenDenMushi.rar
[2010-02-13 10:23:40 | 012,648,395 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\01. Beautiful World.mp3
[2010-02-12 16:43:00 | 006,958,195 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\pmm_feat.ostr-daj_mi_bit.mp3
[2010-02-11 15:00:41 | 008,369,072 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\Dams - Znajdź w sobie to (prod.AdiPrw).mp3
[2010-02-08 19:38:10 | 000,013,929 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\FarmVille.xlsx
[2010-02-05 07:55:52 | 009,505,565 | ---- | C] () -- C:\Documents and Settings\KedzioR\Pulpit\WFD_Wuwua_MLODYGRZECH_RMX.mp3
[2010-02-01 02:49:18 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-01-24 08:40:55 | 000,001,056 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009-11-29 13:47:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009-10-30 17:23:51 | 000,000,126 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009-10-30 17:23:46 | 000,000,212 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009-09-12 12:20:15 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\fsgscom.dll
[2009-08-22 12:15:16 | 000,002,012 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009-08-11 16:44:10 | 000,024,576 | ---- | C] () -- C:\WINDOWS\VMPipe.dll
[2009-08-11 15:46:15 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2009-08-11 13:54:21 | 000,141,824 | ---- | C] () -- C:\Documents and Settings\KedzioR\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-07-10 17:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006-10-31 07:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-10-31 07:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-10-31 07:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-10-31 07:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-31 07:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-10-31 07:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-08-10 14:47:39 | 000,168,096 | RHS- | C] () -- C:\WINDOWS\System32\exbaynvk.dll
[2006-01-04 10:12:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2001-07-07 02:00:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-08-11 13:17:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-02-19 21:01:26 | 000,000,053 | ---- | M] () -- C:\autorun.inf.vir
[2009-08-11 14:08:54 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2009-08-11 16:16:19 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004-08-03 22:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr
[2009-08-11 13:17:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-08-11 13:17:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-12-21 20:32:21 | 000,039,770 | ---- | M] () -- C:\Kontakty_2389723.xml
[2009-10-01 15:43:02 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin
[2009-08-11 13:17:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-08-11 13:56:42 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-02-21 12:19:13 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009-08-11 14:10:06 | 000,000,348 | ---- | M] () -- C:\RHDSetup.log
[2010-02-10 17:34:12 | 000,000,040 | ---- | M] () -- C:\Session.xml

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9
< End of report >
[/log]

Mateusz J.
komentarz
komentarz

Uruchom OTL i w oknie Custom Scans/Fixes wklej[code]
:OTL
PRC - [2010-02-21 12:31:50 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\KedzioR\Ustawienia lokalne\temp\winihdrv.exe
SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (xxzqcrl)
SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (vhvpvnnwp)
SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (lzemwxxsw)
SRV - [2008-04-14 21:50:36 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\exbaynvk.dll -- (fwoxxshbh)
O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - C:\autorun.inf.vir -- [ NTFS ]
O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - D:\autorun.inf.vir -- [ NTFS ]
O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - E:\autorun.inf.vir -- [ NTFS ]

:Files
C:\Documents and Settings\KedzioR\Ustawienia lokalne\temp\winihdrv.exe
C:\WINDOWS\system32\exbaynvk.dll
C:\WINDOWS\system32\exbaynvk.dll
C:\WINDOWS\system32\exbaynvk.dll
C:\WINDOWS\system32\exbaynvk.dll

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]
[Reboot][/code]Kliknij Run Fix. Zatwierdź restart komputera.
Po ponownym uruchomieniu komputera tworzysz nowy log i pokazujesz do kontroli.

Wykonaj: http://www.forumpc.pl/index.php?showtopic=107753&st=0&p=752434&#entry752434 (raport na forum)

Ryuga
komentarz
komentarz

Log po formacie:
[log]
OTL logfile created on: 10-02-21 16:30:01 - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Kedzior\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 84,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 33,08 Gb Free Space | 88,79% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 6,20 Gb Free Space | 15,87% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 5,16 Gb Free Space | 3,46% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINDOWSXP
Current User Name: Kedzior
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-02-21 16:26:43 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Temp\winimmfhq.exe
PRC - [2010-02-21 15:59:08 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kedzior\Pulpit\OTL.exe
PRC - [2010-02-20 21:50:44 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2010-02-20 21:50:25 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2010-02-20 21:50:25 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2010-02-20 21:50:25 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2010-02-20 21:50:25 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2010-02-20 21:50:25 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2010-02-20 21:50:23 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2010-02-20 21:50:18 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2010-02-20 21:50:15 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2010-02-20 21:50:12 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2010-02-20 21:49:36 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2010-02-20 21:49:06 | 001,133,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010-02-20 21:48:53 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2010-02-20 21:48:53 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2009-11-20 19:01:18 | 000,901,928 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008-01-30 18:02:08 | 000,487,936 | ---- | M] (AIMP DevTeam) -- C:\Program Files\AIMP2\AIMP2.exe
PRC - [2007-03-18 23:05:02 | 000,778,240 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
PRC - [2007-01-30 11:54:36 | 016,116,224 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006-10-31 07:35:00 | 000,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-02-21 15:59:08 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kedzior\Pulpit\OTL.exe
MOD - [2010-02-21 14:29:53 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2010-02-20 21:50:52 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll
MOD - [2010-02-20 21:50:52 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll
MOD - [2010-02-20 21:50:47 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2010-02-20 21:50:47 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2010-02-20 21:50:32 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2010-02-20 21:50:31 | 001,233,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll
MOD - [2010-02-20 21:50:31 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2010-02-20 21:50:31 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2010-02-20 21:50:24 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2010-02-20 21:50:16 | 012,903,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2010-02-20 21:50:16 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2010-02-20 21:50:15 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2010-02-20 21:50:14 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2010-02-20 21:50:13 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2010-02-20 21:50:12 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2010-02-20 21:50:09 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2010-02-20 21:50:03 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2010-02-20 21:50:03 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2010-02-20 21:50:03 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2010-02-20 21:49:59 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntshrui.dll
MOD - [2010-02-20 21:49:59 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2010-02-20 21:49:58 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2010-02-20 21:49:58 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdsapi.dll
MOD - [2010-02-20 21:49:54 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netapi32.dll
MOD - [2010-02-20 21:49:52 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2010-02-20 21:49:52 | 000,246,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mswsock.dll
MOD - [2010-02-20 21:49:51 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstask.dll
MOD - [2010-02-20 21:49:45 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2010-02-20 21:49:45 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2010-02-20 21:49:43 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mpr.dll
MOD - [2010-02-20 21:49:36 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2010-02-20 21:49:21 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2010-02-20 21:49:16 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2010-02-20 21:49:14 | 006,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieframe.dll
MOD - [2010-02-20 21:49:14 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll
MOD - [2010-02-20 21:49:09 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2010-02-20 21:49:08 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2010-02-20 21:48:56 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dnsapi.dll
MOD - [2010-02-20 21:48:52 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2010-02-20 21:48:44 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2010-02-20 21:48:43 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2010-02-20 21:48:37 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\atl.dll
MOD - [2010-02-20 21:48:36 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2010-02-20 21:48:31 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\apphelp.dll
MOD - [2010-02-20 21:48:30 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2007-03-18 23:04:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-02-20 21:49:21 | 000,168,096 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\bxqvnx.dll -- (zidxaw)
SRV - [2006-10-31 07:35:00 | 000,155,715 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)
DRV - [2010-02-21 14:44:13 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-02-20 21:50:14 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2010-02-20 21:50:09 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2010-02-20 21:49:11 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2010-02-20 21:48:20 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2010-02-20 21:48:20 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2008-04-13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2007-01-30 11:57:50 | 004,474,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-11-27 16:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-11-27 16:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-10-31 07:35:00 | 003,964,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-10-18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006-06-18 23:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\S-1-5-21-583907252-776561741-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-583907252-776561741-839522115-1003\S-1-5-21-583907252-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2001-10-26 18:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\.DEFAULT..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nlpo_02] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nlpo_03] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nlpo_04] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nlpo_05] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nlpo_06] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlpo_02] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlpo_03] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlpo_04] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlpo_05] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlpo_06] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [nlpo_01] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nlpo_02] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nlpo_03] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nlpo_04] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nlpo_05] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nlpo_06] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe File not found
O4 - Startup: C:\Documents and Settings\Kedzior\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-776561741-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-776561741-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-583907252-776561741-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.7.1.1 8.8.4.4 212.160.234.111
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-02-21 13:40:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-02-20 21:49:21 | 000,095,034 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-02-19 21:01:26 | 000,000,053 | ---- | M] () - E:\autorun.inf.vir -- [ NTFS ]
O33 - MountPoints2\{f4f9aec0-1efc-11df-b134-806d6172696f}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010-02-21 15:03:51 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: zidxaw - C:\WINDOWS\system32\bxqvnx.dll ()

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-02-21 16:09:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kedzior\Recent
[2010-02-21 16:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010-02-21 16:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Malwarebytes
[2010-02-21 16:06:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-02-21 16:06:01 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-02-21 16:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-02-21 16:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-02-21 16:00:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-02-21 15:59:42 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kedzior\Pulpit\mbam-setup.exe
[2010-02-21 15:58:49 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kedzior\Pulpit\OTL.exe
[2010-02-21 15:56:49 | 003,513,760 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Kedzior\Pulpit\ccsetup228.exe
[2010-02-21 15:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-02-21 15:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Moje dokumenty\Simply Super Software
[2010-02-21 15:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010-02-21 15:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Simply Super Software
[2010-02-21 15:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
[2010-02-21 15:43:45 | 009,228,416 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Kedzior\Pulpit\trjsetup681.exe
[2010-02-21 15:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Dane aplikacji\Opera
[2010-02-21 15:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Opera
[2010-02-21 15:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010-02-21 15:33:25 | 011,724,168 | ---- | C] (Opera Software ASA ) -- C:\Documents and Settings\Kedzior\Pulpit\Opera_1010_in_Setup.exe
[2010-02-21 15:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\AIMP2
[2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-pl
[2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl
[2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\NLDRV
[2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010-02-21 15:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010-02-21 14:44:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010-02-21 14:42:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010-02-21 14:41:52 | 002,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2010-02-21 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010-02-21 14:41:50 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010-02-21 14:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010-02-21 14:41:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010-02-21 14:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010-02-21 14:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010-02-21 14:38:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010-02-21 14:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji\InstallShield
[2010-02-21 14:34:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010-02-21 14:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010-02-21 14:34:44 | 000,000,000 | R--D | C] -- C:\Program Files
[2010-02-21 14:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010-02-21 14:34:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start
[2010-02-21 14:34:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty
[2010-02-21 14:34:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Szablony
[2010-02-21 14:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Ulubione
[2010-02-21 14:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Pulpit
[2010-02-21 14:32:42 | 000,014,656 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys
[2010-02-21 14:32:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010-02-21 14:32:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010-02-21 14:32:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft
[2010-02-21 14:32:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji
[2010-02-21 14:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010-02-21 14:32:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010-02-21 14:29:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-02-21 14:27:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\BricoPacks
[2010-02-21 14:25:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kedzior\Moje dokumenty\Moje wideo
[2010-02-21 14:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Identities
[2010-02-21 14:22:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kedzior\Moje dokumenty\Moje obrazy
[2010-02-21 14:22:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kedzior\Moje dokumenty\Moja muzyka
[2010-02-21 14:22:01 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010-02-21 14:21:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Kedzior\Cookies
[2010-02-21 14:21:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Dane aplikacji\Microsoft
[2010-02-21 14:21:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Microsoft
[2010-02-21 14:21:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kedzior\SendTo
[2010-02-21 14:21:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kedzior\Dane aplikacji
[2010-02-21 14:21:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kedzior\Ulubione
[2010-02-21 14:21:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kedzior\Moje dokumenty
[2010-02-21 14:21:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Kedzior\Menu Start
[2010-02-21 14:21:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kedzior\Ustawienia lokalne
[2010-02-21 14:21:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kedzior\Szablony
[2010-02-21 14:21:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kedzior\PrintHood
[2010-02-21 14:21:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Kedzior\NetHood
[2010-02-21 14:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kedzior\Pulpit
[2010-02-21 14:21:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010-02-21 14:20:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010-02-21 14:20:32 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010-02-21 14:20:32 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010-02-21 14:20:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1045
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010-02-21 14:20:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010-02-21 14:20:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010-02-21 14:20:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010-02-21 14:18:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010-02-21 14:17:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2010-02-21 14:16:49 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010-02-21 14:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Usługi online
[2010-02-21 14:16:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010-02-21 14:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010-02-21 14:15:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010-02-21 14:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010-02-21 14:15:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010-02-21 14:15:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010-02-21 14:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010-02-21 14:15:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010-02-21 14:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010-02-21 14:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010-02-21 14:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010-02-21 14:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010-02-21 14:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010-02-21 14:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010-02-21 14:11:31 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2010-02-21 14:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010-02-21 14:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010-02-21 13:56:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010-02-21 13:52:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010-02-21 13:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010-02-21 13:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010-02-21 13:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010-02-21 13:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010-02-21 13:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010-02-21 13:51:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010-02-21 13:42:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010-02-21 13:41:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2010-02-21 13:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2010-02-21 13:40:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2010-02-21 13:40:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010-02-21 13:39:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010-02-21 13:39:59 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010-02-21 13:39:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje obrazy
[2010-02-21 13:39:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moja muzyka
[2010-02-21 13:39:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo
[2010-02-20 21:50:29 | 000,094,832 | ---- | C] (Grupa robocza Twain) -- C:\WINDOWS\twain.dll
[2010-02-20 21:50:29 | 000,050,688 | ---- | C] (Grupa robocza Twain) -- C:\WINDOWS\twain_32.dll
[2010-02-20 21:48:20 | 000,062,208 | ---- | C] (Silicon Image, Inc.) -- C:\WINDOWS\System32\drivers\si3112.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-02-21 16:23:10 | 000,081,496 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-02-21 16:23:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-21 16:23:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-21 16:21:31 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Kedzior\NTUSER.DAT
[2010-02-21 16:21:26 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Kedzior\ntuser.ini
[2010-02-21 16:21:19 | 003,716,130 | -H-- | M] () -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-21 16:08:54 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Kedzior\Pulpit\CCleaner.lnk
[2010-02-21 16:08:51 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Kedzior\Pulpit\mbam-setup.exe
[2010-02-21 16:06:05 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-02-21 15:59:08 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kedzior\Pulpit\OTL.exe
[2010-02-21 15:57:41 | 003,513,760 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Kedzior\Pulpit\ccsetup228.exe
[2010-02-21 15:45:32 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Trojan Remover.lnk
[2010-02-21 15:44:57 | 009,228,416 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\Kedzior\Pulpit\trjsetup681.exe
[2010-02-21 15:35:28 | 000,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-02-21 15:35:28 | 000,355,830 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-02-21 15:35:28 | 000,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-02-21 15:35:28 | 000,049,712 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-02-21 15:35:28 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-02-21 15:33:47 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-02-21 15:33:25 | 011,724,168 | ---- | M] (Opera Software ASA ) -- C:\Documents and Settings\Kedzior\Pulpit\Opera_1010_in_Setup.exe
[2010-02-21 15:31:23 | 003,940,701 | ---- | M] () -- C:\Documents and Settings\Kedzior\Pulpit\gfhfg.exe
[2010-02-21 15:27:39 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Kedzior\Pulpit\AIMP2 Utilities.lnk
[2010-02-21 15:27:39 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Kedzior\Pulpit\AIMP2.lnk
[2010-02-21 14:44:13 | 000,014,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\gdrv.sys
[2010-02-21 14:44:11 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010-02-21 14:44:11 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010-02-21 14:41:14 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2010-02-21 14:29:53 | 000,052,477 | ---- | M] () -- C:\WINDOWS\BricoPackUninst.cmd
[2010-02-21 14:29:53 | 000,006,118 | ---- | M] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd
[2010-02-21 14:29:52 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-02-21 14:29:39 | 005,760,054 | ---- | M] () -- C:\WINDOWS\BricoPack Wallpaper.bmp
[2010-02-21 14:29:29 | 000,000,842 | ---- | M] () -- C:\Documents and Settings\Kedzior\Menu Start\Programy\Autostart\RocketDock.lnk
[2010-02-21 14:28:28 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\Kedzior\Pulpit\Vista Inspirat 2 Help.lnk
[2010-02-21 14:28:14 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Kedzior\Pulpit\Vista Inspirat 2 Config.lnk
[2010-02-21 14:26:51 | 000,000,267 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-02-21 14:23:18 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-21 14:21:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-21 14:20:06 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010-02-21 14:19:54 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-02-21 14:19:02 | 000,012,293 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010-02-21 14:18:08 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-02-21 14:18:02 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010-02-21 14:18:01 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010-02-21 14:17:59 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010-02-21 14:17:49 | 000,004,293 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010-02-21 14:16:56 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010-02-21 14:16:56 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-02-21 14:16:53 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-02-21 14:16:53 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-02-21 14:16:53 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-02-21 14:16:53 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-02-21 14:16:53 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-02-21 14:16:53 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-02-21 14:14:17 | 000,021,856 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-02-21 14:09:41 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010-02-21 13:52:18 | 000,234,376 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010-02-21 13:52:09 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010-02-21 13:52:09 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010-02-21 13:40:29 | 000,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-02-21 13:40:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-02-21 13:40:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-02-21 13:40:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010-02-21 13:40:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-02-21 13:40:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-02-20 21:50:56 | 000,009,522 | ---- | M] () -- C:\WINDOWS\Indiański pled.bmp
[2010-02-20 21:50:53 | 000,239,616 | ---- | M] () -- C:\WINDOWS\System32\wstrenderer.ax
[2010-02-20 21:50:53 | 000,164,352 | ---- | M] () -- C:\WINDOWS\System32\wstpager.ax
[2010-02-20 21:50:51 | 000,036,946 | ---- | M] () -- C:\WINDOWS\wmprfPLK.prx
[2010-02-20 21:50:48 | 000,063,488 | ---- | M] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010-02-20 21:50:44 | 000,028,171 | ---- | M] () -- C:\WINDOWS\System32\winhelp.hlp
[2010-02-20 21:50:36 | 001,356,288 | ---- | M] () -- C:\WINDOWS\System32\webfldrs.msi
[2010-02-20 21:50:36 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt256.bmp
[2010-02-20 21:50:36 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt.bmp
[2010-02-20 21:50:36 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\wiasf.ax
[2010-02-20 21:50:36 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\win87em.dll
[2010-02-20 21:50:35 | 000,937,984 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.sve
[2010-02-20 21:50:35 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\wdl.trm
[2010-02-20 21:50:34 | 001,309,184 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.deu
[2010-02-20 21:50:34 | 001,095,680 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.nld
[2010-02-20 21:50:34 | 000,957,440 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.enu
[2010-02-20 21:50:34 | 000,867,840 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.ita
[2010-02-20 21:50:34 | 000,786,944 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.fra
[2010-02-20 21:50:34 | 000,750,080 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.esn
[2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.sve
[2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.nld
[2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.ita
[2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.fra
[2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.esn
[2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.enu
[2010-02-20 21:50:34 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.deu
[2010-02-20 21:50:33 | 000,001,148 | ---- | M] () -- C:\WINDOWS\System32\vwipxspx.exe
[2010-02-20 21:50:32 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\vbicodec.ax
[2010-02-20 21:50:32 | 000,018,832 | ---- | M] () -- C:\WINDOWS\System32\v7vga.rom
[2010-02-20 21:50:31 | 000,001,225 | ---- | M] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010-02-20 21:50:30 | 000,089,588 | ---- | M] () -- C:\WINDOWS\System32\unicode.nls
[2010-02-20 21:50:29 | 000,094,832 | ---- | M] (Grupa robocza Twain) -- C:\WINDOWS\twain.dll
[2010-02-20 21:50:29 | 000,050,688 | ---- | M] (Grupa robocza Twain) -- C:\WINDOWS\twain_32.dll
[2010-02-20 21:50:29 | 000,026,717 | ---- | M] () -- C:\WINDOWS\System32\tslabels.ini
[2010-02-20 21:50:29 | 000,015,360 | ---- | M] () -- C:\WINDOWS\System32\tsd32.dll
[2010-02-20 21:50:29 | 000,003,286 | ---- | M] () -- C:\WINDOWS\System32\tslabels.h
[2010-02-20 21:50:27 | 000,053,478 | ---- | M] () -- C:\WINDOWS\System32\tcpmon.ini
[2010-02-20 21:50:27 | 000,000,862 | ---- | M] () -- C:\WINDOWS\System32\termcap
[2010-02-20 21:50:26 | 000,003,577 | ---- | M] () -- C:\WINDOWS\System32\sysprtj.sep
[2010-02-20 21:50:26 | 000,003,214 | ---- | M] () -- C:\WINDOWS\System32\sysprint.sep
[2010-02-20 21:50:25 | 000,093,702 | ---- | M] () -- C:\WINDOWS\System32\subrange.uce
[2010-02-20 21:50:23 | 000,050,404 | ---- | M] () -- C:\WINDOWS\System32\sqlsodbc.chm
[2010-02-20 21:50:18 | 000,262,148 | ---- | M] () -- C:\WINDOWS\System32\sortkey.nls
[2010-02-20 21:50:18 | 000,023,044 | ---- | M] () -- C:\WINDOWS\System32\sorttbls.nls
[2010-02-20 21:50:16 | 000,016,740 | ---- | M] () -- C:\WINDOWS\System32\shiftjis.uce
[2010-02-20 21:50:15 | 000,240,120 | ---- | M] () -- C:\WINDOWS\System32\setup.bmp
[2010-02-20 21:50:15 | 000,033,080 | ---- | M] () -- C:\WINDOWS\System32\services.msc
[2010-02-20 21:50:15 | 000,011,859 | ---- | M] () -- C:\WINDOWS\System32\setver.exe
[2010-02-20 21:50:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\share.exe
[2010-02-20 21:50:14 | 000,035,718 | ---- | M] () -- C:\WINDOWS\System32\secpol.msc
[2010-02-20 21:50:14 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\scriptpw.dll
[2010-02-20 21:50:14 | 000,007,208 | ---- | M] () -- C:\WINDOWS\System32\secupd.sig
[2010-02-20 21:50:14 | 000,004,569 | ---- | M] () -- C:\WINDOWS\System32\secupd.dat
[2010-02-20 21:50:13 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\sbe.dll
[2010-02-20 21:50:13 | 000,065,832 | ---- | M] () -- C:\WINDOWS\Stiuk z Santa Fe.bmp
[2010-02-20 21:50:13 | 000,026,680 | ---- | M] () -- C:\WINDOWS\Wachlarze.bmp
[2010-02-20 21:50:12 | 000,043,964 | R--- | M] () -- C:\WINDOWS\System32\rsop.msc
[2010-02-20 21:50:12 | 000,016,024 | ---- | M] () -- C:\WINDOWS\System32\rsvp.ini
[2010-02-20 21:50:12 | 000,003,334 | ---- | M] () -- C:\WINDOWS\System32\rsaci.rat
[2010-02-20 21:50:12 | 000,003,178 | ---- | M] () -- C:\WINDOWS\System32\rsvpcnts.h
[2010-02-20 21:50:11 | 000,017,362 | ---- | M] () -- C:\WINDOWS\Rododendron.bmp
[2010-02-20 21:50:11 | 000,003,346 | ---- | M] () -- C:\WINDOWS\System32\redir.exe
[2010-02-20 21:50:10 | 000,006,074 | ---- | M] () -- C:\WINDOWS\System32\rasctrs.ini
[2010-02-20 21:50:10 | 000,001,818 | ---- | M] () -- C:\WINDOWS\System32\rasctrnm.h
[2010-02-20 21:50:09 | 000,733,696 | ---- | M] () -- C:\WINDOWS\System32\qedwipes.dll
[2010-02-20 21:50:09 | 000,013,819 | ---- | M] () -- C:\WINDOWS\System32\pschdprf.ini
[2010-02-20 21:50:09 | 000,003,776 | ---- | M] () -- C:\WINDOWS\System32\pubprn.vbs
[2010-02-20 21:50:09 | 000,003,010 | ---- | M] () -- C:\WINDOWS\System32\pschdcnt.h
[2010-02-20 21:50:09 | 000,000,359 | ---- | M] () -- C:\WINDOWS\System32\prodspec.ini
[2010-02-20 21:50:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\System32\pscript.sep
[2010-02-20 21:50:06 | 000,065,954 | ---- | M] () -- C:\WINDOWS\Pod mikroskopem.bmp
[2010-02-20 21:50:06 | 000,036,055 | ---- | M] () -- C:\WINDOWS\System32\prncnfg.vbs
[2010-02-20 21:50:06 | 000,032,746 | ---- | M] () -- C:\WINDOWS\System32\prnmngr.vbs
[2010-02-20 21:50:06 | 000,029,629 | ---- | M] () -- C:\WINDOWS\System32\prnport.vbs
[2010-02-20 21:50:06 | 000,025,615 | ---- | M] () -- C:\WINDOWS\System32\prndrvr.vbs
[2010-02-20 21:50:06 | 000,021,786 | ---- | M] () -- C:\WINDOWS\System32\prnjobs.vbs
[2010-02-20 21:50:06 | 000,016,013 | ---- | M] () -- C:\WINDOWS\System32\prnqctl.vbs
[2010-02-20 21:50:05 | 000,313,828 | ---- | M] () -- C:\WINDOWS\System32\perfi015.dat
[2010-02-20 21:50:05 | 000,272,128 | ---- | M] () -- C:\WINDOWS\System32\perfi009.dat
[2010-02-20 21:50:05 | 000,057,845 | R--- | M] () -- C:\WINDOWS\System32\perfmon.msc
[2010-02-20 21:50:05 | 000,002,890 | ---- | M] () -- C:\WINDOWS\System32\perfwci.ini
[2010-02-20 21:50:05 | 000,001,950 | ---- | M] () -- C:\WINDOWS\System32\pid.inf
[2010-02-20 21:50:05 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\perfwci.h
[2010-02-20 21:50:04 | 000,168,167 | ---- | M] () -- C:\WINDOWS\System32\pagefileconfig.vbs
[2010-02-20 21:50:04 | 000,034,990 | ---- | M] () -- C:\WINDOWS\System32\perfd015.dat
[2010-02-20 21:50:04 | 000,028,626 | ---- | M] () -- C:\WINDOWS\System32\perfd009.dat
[2010-02-20 21:50:04 | 000,002,992 | ---- | M] () -- C:\WINDOWS\System32\perfci.ini
[2010-02-20 21:50:04 | 000,001,295 | ---- | M] () -- C:\WINDOWS\System32\perffilt.ini
[2010-02-20 21:50:04 | 000,000,427 | ---- | M] () -- C:\WINDOWS\System32\perfci.h
[2010-02-20 21:50:04 | 000,000,140 | ---- | M] () -- C:\WINDOWS\System32\perffilt.h
[2010-02-20 21:50:04 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\pcl.sep
[2010-02-20 21:50:02 | 013,107,200 | ---- | M] () -- C:\WINDOWS\System32\oembios.bin
[2010-02-20 21:50:02 | 000,006,761 | ---- | M] () -- C:\WINDOWS\System32\oembios.sig
[2010-02-20 21:50:02 | 000,004,463 | ---- | M] () -- C:\WINDOWS\System32\oembios.dat
[2010-02-20 21:50:00 | 000,004,310 | ---- | M] () -- C:\WINDOWS\System32\odbcconf.rsp
[2010-02-20 21:49:59 | 000,032,590 | ---- | M] () -- C:\WINDOWS\System32\ntmsoprq.msc
[2010-02-20 21:49:59 | 000,025,906 | ---- | M] () -- C:\WINDOWS\System32\ntmsmgr.msc
[2010-02-20 21:49:59 | 000,003,260 | ---- | M] () -- C:\WINDOWS\System32\nw16.exe
[2010-02-20 21:49:58 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-02-20 21:49:58 | 000,048,794 | ---- | M] () -- C:\WINDOWS\System32\ntimage.gif
[2010-02-20 21:49:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010-02-20 21:49:58 | 000,035,648 | ---- | M] () -- C:\WINDOWS\System32\ntio411.sys
[2010-02-20 21:49:58 | 000,035,424 | ---- | M] () -- C:\WINDOWS\System32\ntio412.sys
[2010-02-20 21:49:58 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio804.sys
[2010-02-20 21:49:58 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio404.sys
[2010-02-20 21:49:58 | 000,033,936 | ---- | M] () -- C:\WINDOWS\System32\ntio.sys
[2010-02-20 21:49:58 | 000,029,370 | ---- | M] () -- C:\WINDOWS\System32\ntdos411.sys
[2010-02-20 21:49:58 | 000,029,274 | ---- | M] () -- C:\WINDOWS\System32\ntdos412.sys
[2010-02-20 21:49:58 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\ntdos804.sys
[2010-02-20 21:49:58 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\ntdos404.sys
[2010-02-20 21:49:58 | 000,027,898 | ---- | M] () -- C:\WINDOWS\System32\ntdos.sys
[2010-02-20 21:49:57 | 000,001,696 | ---- | M] () -- C:\WINDOWS\System32\noise.cht
[2010-02-20 21:49:57 | 000,001,696 | ---- | M] () -- C:\WINDOWS\System32\noise.chs
[2010-02-20 21:49:56 | 000,007,116 | ---- | M] () -- C:\WINDOWS\System32\nlsfunc.exe
[2010-02-20 21:49:56 | 000,002,656 | ---- | M] () -- C:\WINDOWS\System32\netware.drv
[2010-02-20 21:49:53 | 000,105,758 | ---- | M] () -- C:\WINDOWS\System32\net.hlp
[2010-02-20 21:49:48 | 000,355,112 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2010-02-20 21:49:46 | 000,094,282 | ---- | M] () -- C:\WINDOWS\System32\msencode.dll
[2010-02-20 21:49:46 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\msdmo.dll
[2010-02-20 21:49:46 | 000,003,813 | ---- | M] () -- C:\WINDOWS\System32\msdtcprf.ini
[2010-02-20 21:49:46 | 000,001,405 | ---- | M] () -- C:\WINDOWS\msdfmap.ini
[2010-02-20 21:49:46 | 000,000,768 | ---- | M] () -- C:\WINDOWS\System32\msdtcprf.h
[2010-02-20 21:49:45 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\mscdexnt.exe
[2010-02-20 21:49:43 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\mpg2splt.ax
[2010-02-20 21:49:43 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\mpeg2data.ax
[2010-02-20 21:49:43 | 000,020,629 | ---- | M] () -- C:\WINDOWS\System32\mqperf.ini
[2010-02-20 21:49:43 | 000,002,755 | ---- | M] () -- C:\WINDOWS\System32\mqprfsym.h
[2010-02-20 21:49:41 | 000,001,492 | ---- | M] () -- C:\WINDOWS\System32\mmdriver.inf
[2010-02-20 21:49:40 | 000,673,088 | ---- | M] () -- C:\WINDOWS\System32\mlang.dat
[2010-02-20 21:49:40 | 000,046,258 | ---- | M] () -- C:\WINDOWS\System32\mib.bin
[2010-02-20 21:49:39 | 000,039,434 | ---- | M] () -- C:\WINDOWS\System32\mem.exe
[2010-02-20 21:49:36 | 003,881,949 | ---- | M] () -- C:\WINDOWS\System32\logon.scr
[2010-02-20 21:49:36 | 000,265,948 | ---- | M] () -- C:\WINDOWS\System32\locale.nls
[2010-02-20 21:49:36 | 000,041,851 | ---- | M] () -- C:\WINDOWS\System32\lusrmgr.msc
[2010-02-20 21:49:36 | 000,001,168 | ---- | M] () -- C:\WINDOWS\System32\loadfix.com
[2010-02-20 21:49:36 | 000,000,507 | ---- | M] () -- C:\WINDOWS\System32\login.cmd
[2010-02-20 21:49:22 | 000,012,876 | ---- | M] () -- C:\WINDOWS\System32\korean.uce
[2010-02-20 21:49:22 | 000,007,046 | ---- | M] () -- C:\WINDOWS\System32\l_intl.nls
[2010-02-20 21:49:22 | 000,000,168 | ---- | M] () -- C:\WINDOWS\System32\l_except.nls
[2010-02-20 21:49:21 | 000,168,096 | RHS- | M] () -- C:\WINDOWS\System32\bxqvnx.dll
[2010-02-20 21:49:21 | 000,042,809 | ---- | M] () -- C:\WINDOWS\System32\key01.sys
[2010-02-20 21:49:21 | 000,042,537 | ---- | M] () -- C:\WINDOWS\System32\keyboard.sys
[2010-02-20 21:49:19 | 000,014,913 | ---- | M] () -- C:\WINDOWS\System32\kb16.com
[2010-02-20 21:49:19 | 000,008,484 | ---- | M] () -- C:\WINDOWS\System32\kanji_2.uce
[2010-02-20 21:49:19 | 000,006,948 | ---- | M] () -- C:\WINDOWS\System32\kanji_1.uce
[2010-02-20 21:49:18 | 000,199,168 | ---- | M] () -- C:\WINDOWS\System32\ir32_32.dll
[2010-02-20 21:49:17 | 000,956,990 | ---- | M] () -- C:\WINDOWS\System32\instcat.sql
[2010-02-20 21:49:13 | 000,060,458 | ---- | M] () -- C:\WINDOWS\System32\ideograf.uce
[2010-02-20 21:49:12 | 000,000,929 | ---- | M] () -- C:\WINDOWS\System32\homepage.inf
[2010-02-20 21:49:11 | 000,004,976 | ---- | M] () -- C:\WINDOWS\System32\himem.sys
[2010-02-20 21:49:10 | 000,026,582 | ---- | M] () -- C:\WINDOWS\Nefryt.bmp
[2010-02-20 21:49:10 | 000,021,232 | ---- | M] () -- C:\WINDOWS\System32\graphics.pro
[2010-02-20 21:49:09 | 003,440,660 | ---- | M] () -- C:\WINDOWS\System32\drivers\gm.dls
[2010-02-20 21:49:09 | 000,034,346 | ---- | M] () -- C:\WINDOWS\System32\gpedit.msc
[2010-02-20 21:49:09 | 000,024,772 | ---- | M] () -- C:\WINDOWS\System32\geo.nls
[2010-02-20 21:49:09 | 000,024,006 | ---- | M] () -- C:\WINDOWS\System32\gb2312.uce
[2010-02-20 21:49:09 | 000,019,806 | ---- | M] () -- C:\WINDOWS\System32\graphics.com
[2010-02-20 21:49:09 | 000,017,336 | ---- | M] () -- C:\WINDOWS\Na rybkach.bmp
[2010-02-20 21:49:08 | 000,032,422 | ---- | M] () -- C:\WINDOWS\System32\fsmgmt.msc
[2010-02-20 21:49:07 | 000,016,730 | ---- | M] () -- C:\WINDOWS\Puch.bmp
[2010-02-20 21:49:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\fastopen.exe
[2010-02-20 21:49:06 | 001,015,477 | ---- | M] () -- C:\WINDOWS\System32\esentprf.ini
[2010-02-20 21:49:06 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\encdec.dll
[2010-02-20 21:49:06 | 000,098,434 | ---- | M] () -- C:\WINDOWS\System32\eventquery.vbs
[2010-02-20 21:49:06 | 000,056,276 | ---- | M] () -- C:\WINDOWS\System32\eventvwr.msc
[2010-02-20 21:49:06 | 000,008,520 | ---- | M] () -- C:\WINDOWS\System32\exe2bin.exe
[2010-02-20 21:49:06 | 000,006,708 | ---- | M] () -- C:\WINDOWS\System32\esentprf.hxx
[2010-02-20 21:49:06 | 000,000,080 | ---- | M] () -- C:\WINDOWS\explorer.scf
[2010-02-20 21:49:05 | 000,218,003 | ---- | M] () -- C:\WINDOWS\System32\dssec.dat
[2010-02-20 21:49:05 | 000,127,213 | ---- | M] () -- C:\WINDOWS\System32\ega.cpi
[2010-02-20 21:49:05 | 000,070,622 | ---- | M] () -- C:\WINDOWS\System32\edit.com
[2010-02-20 21:49:05 | 000,012,866 | ---- | M] () -- C:\WINDOWS\System32\edlin.exe
[2010-02-20 21:49:05 | 000,010,853 | ---- | M] () -- C:\WINDOWS\System32\edit.hlp
[2010-02-20 21:49:05 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\dsound.vxd
[2010-02-20 21:49:03 | 000,157,696 | ---- | M] () -- C:\WINDOWS\System32\paqsp.dll
[2010-02-20 21:49:03 | 000,057,856 | ---- | M] () -- C:\WINDOWS\System32\dvdplay.exe
[2010-02-20 21:48:56 | 000,053,920 | ---- | M] () -- C:\WINDOWS\System32\dosx.exe
[2010-02-20 21:48:55 | 000,033,317 | ---- | M] () -- C:\WINDOWS\System32\diskmgmt.msc
[2010-02-20 21:48:54 | 000,041,134 | ---- | M] () -- C:\WINDOWS\System32\dfrg.msc
[2010-02-20 21:48:54 | 000,032,721 | ---- | M] () -- C:\WINDOWS\System32\devmgmt.msc
[2010-02-20 21:48:54 | 000,020,986 | ---- | M] () -- C:\WINDOWS\System32\debug.exe
[2010-02-20 21:48:54 | 000,001,804 | ---- | M] () -- C:\WINDOWS\System32\Dcache.bin
[2010-02-20 21:48:53 | 000,008,386 | ---- | M] () -- C:\WINDOWS\System32\ctype.nls
[2010-02-20 21:48:52 | 000,037,364 | ---- | M] () -- C:\WINDOWS\System32\compmgmt.msc
[2010-02-20 21:48:52 | 000,027,097 | ---- | M] () -- C:\WINDOWS\System32\country.sys
[2010-02-20 21:48:44 | 000,253,440 | ---- | M] () -- C:\WINDOWS\System32\compatUI.dll
[2010-02-20 21:48:44 | 000,071,424 | ---- | M] () -- C:\WINDOWS\System32\cmmgr32.hlp
[2010-02-20 21:48:44 | 000,051,823 | ---- | M] () -- C:\WINDOWS\System32\command.com
[2010-02-20 21:48:44 | 000,040,698 | ---- | M] () -- C:\WINDOWS\System32\cmdlib.wsc
[2010-02-20 21:48:44 | 000,017,062 | ---- | M] () -- C:\WINDOWS\Kawa.bmp
[2010-02-20 21:48:44 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\cmos.ram
[2010-02-20 21:48:43 | 000,082,944 | ---- | M] () -- C:\WINDOWS\clock.avi
[2010-02-20 21:48:43 | 000,062,125 | ---- | M] () -- C:\WINDOWS\System32\cliconf.chm
[2010-02-20 21:48:43 | 000,041,466 | ---- | M] () -- C:\WINDOWS\System32\ciadv.msc
[2010-02-20 21:48:43 | 000,000,075 | ---- | M] () -- C:\WINDOWS\System32\Pokaż kanały.scf
[2010-02-20 21:48:42 | 000,041,998 | ---- | M] () -- C:\WINDOWS\System32\certmgr.msc
[2010-02-20 21:48:41 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_950.nls
[2010-02-20 21:48:41 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_949.nls
[2010-02-20 21:48:41 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_936.nls
[2010-02-20 21:48:41 | 000,162,850 | ---- | M] () -- C:\WINDOWS\System32\c_932.nls
[2010-02-20 21:48:41 | 000,139,810 | ---- | M] () -- C:\WINDOWS\System32\c_20261.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_874.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_869.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_866.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_865.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_863.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_861.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_860.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_857.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_855.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_852.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_850.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_775.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_737.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_437.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_875.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_500.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28605.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28603.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28599.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28598.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28597.NLS
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28595.NLS
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28594.NLS
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28593.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28592.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28591.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_21866.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20905.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20866.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20127.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1258.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1257.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1256.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1255.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1254.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1253.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1252.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1251.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1250.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1026.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10082.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10081.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10079.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10029.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10017.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10010.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10007.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10006.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10000.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_037.nls
[2010-02-20 21:48:40 | 000,065,978 | ---- | M] () -- C:\WINDOWS\Bąbelki.bmp
[2010-02-20 21:48:39 | 000,028,420 | ---- | M] () -- C:\WINDOWS\System32\bios1.rom
[2010-02-20 21:48:39 | 000,022,984 | ---- | M] () -- C:\WINDOWS\System32\bopomofo.uce
[2010-02-20 21:48:39 | 000,008,191 | ---- | M] () -- C:\WINDOWS\System32\bios4.rom
[2010-02-20 21:48:39 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-02-20 21:48:39 | 000,001,272 | ---- | M] () -- C:\WINDOWS\Niebieska koronka 16.bmp
[2010-02-20 21:48:31 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\amstream.dll
[2010-02-20 21:48:31 | 000,012,594 | ---- | M] () -- C:\WINDOWS\System32\append.exe
[2010-02-20 21:48:31 | 000,009,043 | ---- | M] () -- C:\WINDOWS\System32\ansi.sys
[2010-02-20 21:48:27 | 000,001,988 | ---- | M] () -- C:\WINDOWS\System32\ticrf.rat
[2010-02-20 21:48:20 | 000,062,208 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\System32\drivers\si3112.sys
[2010-02-20 21:48:20 | 000,018,870 | ---- | M] () -- C:\WINDOWS\System32\oemlogo.bmp
[2010-02-20 21:48:20 | 000,000,082 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini
[2010-02-20 21:48:19 | 000,066,384 | ---- | M] () -- C:\WINDOWS\System32\normnfkc.nls
[2010-02-20 21:48:19 | 000,060,294 | ---- | M] () -- C:\WINDOWS\System32\normnfkd.nls
[2010-02-20 21:48:19 | 000,059,342 | ---- | M] () -- C:\WINDOWS\System32\normidna.nls
[2010-02-20 21:48:19 | 000,045,794 | ---- | M] () -- C:\WINDOWS\System32\normnfc.nls
[2010-02-20 21:48:19 | 000,039,284 | ---- | M] () -- C:\WINDOWS\System32\normnfd.nls
[2010-02-20 21:48:15 | 000,056,700 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2010-02-20 21:48:13 | 000,008,798 | ---- | M] () -- C:\WINDOWS\System32\icrav03.rat
[2010-02-20 21:48:12 | 000,002,233 | ---- | M] () -- C:\WINDOWS\System32\12520850.cpx
[2010-02-20 21:48:12 | 000,002,151 | ---- | M] () -- C:\WINDOWS\System32\12520437.cpx
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-02-21 16:08:54 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Kedzior\Pulpit\CCleaner.lnk
[2010-02-21 16:06:05 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-02-21 15:45:32 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Trojan Remover.lnk
[2010-02-21 15:45:29 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010-02-21 15:45:29 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010-02-21 15:45:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010-02-21 15:45:29 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010-02-21 15:33:47 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-02-21 15:31:23 | 003,940,701 | ---- | C] () -- C:\Documents and Settings\Kedzior\Pulpit\gfhfg.exe
[2010-02-21 15:27:39 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Kedzior\Pulpit\AIMP2 Utilities.lnk
[2010-02-21 15:27:39 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Kedzior\Pulpit\AIMP2.lnk
[2010-02-21 14:44:11 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010-02-21 14:44:11 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010-02-21 14:42:40 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010-02-21 14:40:49 | 000,081,496 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010-02-21 14:40:19 | 000,017,056 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010-02-21 14:38:18 | 000,001,570 | ---- | C] () -- C:\WINDOWS\System32\nvide.nvu
[2010-02-21 14:38:03 | 000,003,903 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2010-02-21 14:38:03 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010-02-21 14:34:35 | 000,001,734 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010-02-21 14:32:24 | 000,234,376 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010-02-21 14:32:01 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-02-21 14:29:53 | 000,052,477 | ---- | C] () -- C:\WINDOWS\BricoPackUninst.cmd
[2010-02-21 14:29:52 | 000,000,842 | ---- | C] () -- C:\Documents and Settings\Kedzior\Menu Start\Programy\Autostart\RocketDock.lnk
[2010-02-21 14:29:39 | 005,760,054 | ---- | C] () -- C:\WINDOWS\BricoPack Wallpaper.bmp
[2010-02-21 14:28:28 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\Kedzior\Pulpit\Vista Inspirat 2 Help.lnk
[2010-02-21 14:28:14 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Kedzior\Pulpit\Vista Inspirat 2 Config.lnk
[2010-02-21 14:27:37 | 000,006,118 | ---- | C] () -- C:\WINDOWS\BricoPackFoldersDelete.cmd
[2010-02-21 14:26:33 | 000,000,223 | RHS- | C] () -- C:\boot.ini
[2010-02-21 14:26:30 | 000,012,293 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010-02-21 14:23:00 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Kedzior\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-21 14:21:46 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Kedzior\ntuser.ini
[2010-02-21 14:21:44 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Kedzior\NTUSER.DAT
[2010-02-21 14:20:06 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010-02-21 14:18:20 | 000,050,105 | ---- | C] () -- C:\WINDOWS\activ.exe
[2010-02-21 14:18:02 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010-02-21 14:18:01 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010-02-21 14:17:59 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010-02-21 14:16:56 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010-02-21 14:16:53 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010-02-21 14:16:53 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010-02-21 14:16:53 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010-02-21 14:16:53 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010-02-21 14:16:53 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010-02-21 14:16:16 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010-02-21 14:16:16 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010-02-21 14:14:17 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-02-21 14:13:15 | 000,001,225 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010-02-21 14:13:14 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010-02-21 14:09:41 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010-02-21 14:09:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010-02-21 14:09:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010-02-21 14:09:27 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010-02-21 14:09:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010-02-21 14:09:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010-02-21 14:09:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010-02-21 14:09:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010-02-21 14:09:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010-02-21 14:09:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010-02-21 14:09:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010-02-21 14:09:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010-02-21 14:09:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010-02-21 14:09:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010-02-21 14:09:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010-02-21 14:09:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010-02-21 14:09:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010-02-21 13:51:40 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Indiański pled.bmp
[2010-02-21 13:51:39 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Bąbelki.bmp
[2010-02-21 13:51:39 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Pod mikroskopem.bmp
[2010-02-21 13:51:39 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Stiuk z Santa Fe.bmp
[2010-02-21 13:51:39 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Wachlarze.bmp
[2010-02-21 13:51:39 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Nefryt.bmp
[2010-02-21 13:51:39 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rododendron.bmp
[2010-02-21 13:51:39 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Na rybkach.bmp
[2010-02-21 13:51:39 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kawa.bmp
[2010-02-21 13:51:39 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Puch.bmp
[2010-02-21 13:51:39 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Niebieska koronka 16.bmp
[2010-02-21 13:51:38 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010-02-21 13:51:38 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010-02-21 13:51:38 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010-02-21 13:51:38 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010-02-21 13:51:38 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010-02-21 13:51:38 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010-02-21 13:51:38 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010-02-21 13:51:38 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010-02-21 13:51:37 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010-02-21 13:51:31 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010-02-21 13:40:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010-02-21 13:40:29 | 000,002,596 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-02-21 13:40:29 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010-02-21 13:40:29 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010-02-21 13:40:29 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010-02-21 13:40:29 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010-02-21 13:39:59 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010-02-21 13:39:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010-02-20 21:50:53 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2010-02-20 21:50:53 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2010-02-20 21:50:51 | 000,036,946 | ---- | C] () -- C:\WINDOWS\wmprfPLK.prx
[2010-02-20 21:50:44 | 000,028,171 | ---- | C] () -- C:\WINDOWS\System32\winhelp.hlp
[2010-02-20 21:50:36 | 001,356,288 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2010-02-20 21:50:36 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\wiasf.ax
[2010-02-20 21:50:35 | 000,937,984 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.sve
[2010-02-20 21:50:35 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\wdl.trm
[2010-02-20 21:50:34 | 001,309,184 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.deu
[2010-02-20 21:50:34 | 001,095,680 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.nld
[2010-02-20 21:50:34 | 000,957,440 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.enu
[2010-02-20 21:50:34 | 000,867,840 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.ita
[2010-02-20 21:50:34 | 000,786,944 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.fra
[2010-02-20 21:50:34 | 000,750,080 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.esn
[2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.sve
[2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.nld
[2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.ita
[2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.fra
[2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.esn
[2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.enu
[2010-02-20 21:50:34 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.deu
[2010-02-20 21:50:33 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe
[2010-02-20 21:50:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2010-02-20 21:50:32 | 000,018,832 | ---- | C] () -- C:\WINDOWS\System32\v7vga.rom
[2010-02-20 21:50:30 | 000,089,588 | ---- | C] () -- C:\WINDOWS\System32\unicode.nls
[2010-02-20 21:50:27 | 000,000,862 | ---- | C] () -- C:\WINDOWS\System32\termcap
[2010-02-20 21:50:26 | 000,003,577 | ---- | C] () -- C:\WINDOWS\System32\sysprtj.sep
[2010-02-20 21:50:26 | 000,003,214 | ---- | C] () -- C:\WINDOWS\System32\sysprint.sep
[2010-02-20 21:50:23 | 000,050,404 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm
[2010-02-20 21:50:18 | 000,262,148 | ---- | C] () -- C:\WINDOWS\System32\sortkey.nls
[2010-02-20 21:50:18 | 000,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls
[2010-02-20 21:50:15 | 000,240,120 | ---- | C] () -- C:\WINDOWS\System32\setup.bmp
[2010-02-20 21:50:15 | 000,033,080 | ---- | C] () -- C:\WINDOWS\System32\services.msc
[2010-02-20 21:50:15 | 000,011,859 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2010-02-20 21:50:15 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2010-02-20 21:50:14 | 000,035,718 | ---- | C] () -- C:\WINDOWS\System32\secpol.msc
[2010-02-20 21:50:14 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2010-02-20 21:50:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010-02-20 21:50:12 | 000,043,964 | R--- | C] () -- C:\WINDOWS\System32\rsop.msc
[2010-02-20 21:50:12 | 000,003,334 | ---- | C] () -- C:\WINDOWS\System32\rsaci.rat
[2010-02-20 21:50:12 | 000,003,178 | ---- | C] () -- C:\WINDOWS\System32\rsvpcnts.h
[2010-02-20 21:50:11 | 000,003,346 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2010-02-20 21:50:10 | 000,001,818 | ---- | C] () -- C:\WINDOWS\System32\rasctrnm.h
[2010-02-20 21:50:09 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\pubprn.vbs
[2010-02-20 21:50:09 | 000,003,010 | ---- | C] () -- C:\WINDOWS\System32\pschdcnt.h
[2010-02-20 21:50:09 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\pscript.sep
[2010-02-20 21:50:06 | 000,036,055 | ---- | C] () -- C:\WINDOWS\System32\prncnfg.vbs
[2010-02-20 21:50:06 | 000,032,746 | ---- | C] () -- C:\WINDOWS\System32\prnmngr.vbs
[2010-02-20 21:50:06 | 000,029,629 | ---- | C] () -- C:\WINDOWS\System32\prnport.vbs
[2010-02-20 21:50:06 | 000,025,615 | ---- | C] () -- C:\WINDOWS\System32\prndrvr.vbs
[2010-02-20 21:50:06 | 000,021,786 | ---- | C] () -- C:\WINDOWS\System32\prnjobs.vbs
[2010-02-20 21:50:06 | 000,016,013 | ---- | C] () -- C:\WINDOWS\System32\prnqctl.vbs
[2010-02-20 21:50:05 | 000,313,828 | ---- | C] () -- C:\WINDOWS\System32\perfi015.dat
[2010-02-20 21:50:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010-02-20 21:50:05 | 000,057,845 | R--- | C] () -- C:\WINDOWS\System32\perfmon.msc
[2010-02-20 21:50:05 | 000,001,950 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010-02-20 21:50:05 | 000,000,435 | ---- | C] () -- C:\WINDOWS\System32\perfwci.h
[2010-02-20 21:50:04 | 000,168,167 | ---- | C] () -- C:\WINDOWS\System32\pagefileconfig.vbs
[2010-02-20 21:50:04 | 000,034,990 | ---- | C] () -- C:\WINDOWS\System32\perfd015.dat
[2010-02-20 21:50:04 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010-02-20 21:50:04 | 000,000,427 | ---- | C] () -- C:\WINDOWS\System32\perfci.h
[2010-02-20 21:50:04 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\perffilt.h
[2010-02-20 21:50:04 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\pcl.sep
[2010-02-20 21:50:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010-02-20 21:50:02 | 000,006,761 | ---- | C] () -- C:\WINDOWS\System32\oembios.sig
[2010-02-20 21:50:02 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010-02-20 21:50:00 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2010-02-20 21:49:59 | 000,032,590 | ---- | C] () -- C:\WINDOWS\System32\ntmsoprq.msc
[2010-02-20 21:49:59 | 000,025,906 | ---- | C] () -- C:\WINDOWS\System32\ntmsmgr.msc
[2010-02-20 21:49:59 | 000,003,260 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe
[2010-02-20 21:49:58 | 000,251,152 | RHS- | C] () -- C:\ntldr
[2010-02-20 21:49:58 | 000,048,794 | ---- | C] () -- C:\WINDOWS\System32\ntimage.gif
[2010-02-20 21:49:58 | 000,047,564 | RHS- | C] () -- C:\NTDETECT.COM
[2010-02-20 21:49:57 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.cht
[2010-02-20 21:49:57 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.chs
[2010-02-20 21:49:56 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2010-02-20 21:49:53 | 000,105,758 | ---- | C] () -- C:\WINDOWS\System32\net.hlp
[2010-02-20 21:49:45 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2010-02-20 21:49:43 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2010-02-20 21:49:43 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2010-02-20 21:49:43 | 000,002,755 | ---- | C] () -- C:\WINDOWS\System32\mqprfsym.h
[2010-02-20 21:49:41 | 000,001,492 | ---- | C] () -- C:\WINDOWS\System32\mmdriver.inf
[2010-02-20 21:49:40 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010-02-20 21:49:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010-02-20 21:49:39 | 000,039,434 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2010-02-20 21:49:36 | 003,881,949 | ---- | C] () -- C:\WINDOWS\System32\logon.scr
[2010-02-20 21:49:36 | 000,265,948 | ---- | C] () -- C:\WINDOWS\System32\locale.nls
[2010-02-20 21:49:36 | 000,041,851 | ---- | C] () -- C:\WINDOWS\System32\lusrmgr.msc
[2010-02-20 21:49:36 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2010-02-20 21:49:36 | 000,000,507 | ---- | C] () -- C:\WINDOWS\System32\login.cmd
[2010-02-20 21:49:22 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\l_intl.nls
[2010-02-20 21:49:22 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\l_except.nls
[2010-02-20 21:49:21 | 000,168,096 | RHS- | C] () -- C:\WINDOWS\System32\bxqvnx.dll
[2010-02-20 21:49:19 | 000,014,913 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2010-02-20 21:49:17 | 000,956,990 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql
[2010-02-20 21:49:12 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\homepage.inf
[2010-02-20 21:49:10 | 000,021,232 | ---- | C] () -- C:\WINDOWS\System32\graphics.pro
[2010-02-20 21:49:09 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\gm.dls
[2010-02-20 21:49:09 | 000,034,346 | ---- | C] () -- C:\WINDOWS\System32\gpedit.msc
[2010-02-20 21:49:09 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\geo.nls
[2010-02-20 21:49:09 | 000,019,806 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2010-02-20 21:49:08 | 000,032,422 | ---- | C] () -- C:\WINDOWS\System32\fsmgmt.msc
[2010-02-20 21:49:07 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2010-02-20 21:49:06 | 000,098,434 | ---- | C] () -- C:\WINDOWS\System32\eventquery.vbs
[2010-02-20 21:49:06 | 000,056,276 | ---- | C] () -- C:\WINDOWS\System32\eventvwr.msc
[2010-02-20 21:49:06 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2010-02-20 21:49:06 | 000,006,708 | ---- | C] () -- C:\WINDOWS\System32\esentprf.hxx
[2010-02-20 21:49:06 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2010-02-20 21:49:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010-02-20 21:49:05 | 000,127,213 | ---- | C] () -- C:\WINDOWS\System32\ega.cpi
[2010-02-20 21:49:05 | 000,070,622 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2010-02-20 21:49:05 | 000,012,866 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2010-02-20 21:49:05 | 000,010,853 | ---- | C] () -- C:\WINDOWS\System32\edit.hlp
[2010-02-20 21:49:05 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\dsound.vxd
[2010-02-20 21:48:56 | 000,053,920 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2010-02-20 21:48:55 | 000,033,317 | ---- | C] () -- C:\WINDOWS\System32\diskmgmt.msc
[2010-02-20 21:48:54 | 000,041,134 | ---- | C] () -- C:\WINDOWS\System32\dfrg.msc
[2010-02-20 21:48:54 | 000,032,721 | ---- | C] () -- C:\WINDOWS\System32\devmgmt.msc
[2010-02-20 21:48:54 | 000,020,986 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2010-02-20 21:48:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010-02-20 21:48:53 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\ctype.nls
[2010-02-20 21:48:52 | 000,037,364 | ---- | C] () -- C:\WINDOWS\System32\compmgmt.msc
[2010-02-20 21:48:44 | 000,071,424 | ---- | C] () -- C:\WINDOWS\System32\cmmgr32.hlp
[2010-02-20 21:48:44 | 000,051,823 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2010-02-20 21:48:44 | 000,040,698 | ---- | C] () -- C:\WINDOWS\System32\cmdlib.wsc
[2010-02-20 21:48:44 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmos.ram
[2010-02-20 21:48:43 | 000,082,944 | ---- | C] () -- C:\WINDOWS\clock.avi
[2010-02-20 21:48:43 | 000,062,125 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm
[2010-02-20 21:48:43 | 000,041,466 | ---- | C] () -- C:\WINDOWS\System32\ciadv.msc
[2010-02-20 21:48:43 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\Pokaż kanały.scf
[2010-02-20 21:48:42 | 000,041,998 | ---- | C] () -- C:\WINDOWS\System32\certmgr.msc
[2010-02-20 21:48:41 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_950.nls
[2010-02-20 21:48:41 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_949.nls
[2010-02-20 21:48:41 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_936.nls
[2010-02-20 21:48:41 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_932.nls
[2010-02-20 21:48:41 | 000,139,810 | ---- | C] () -- C:\WINDOWS\System32\c_20261.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_874.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_865.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_863.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_861.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_860.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_850.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_775.nls
[2010-02-20 21:48:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_437.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_500.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28605.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28598.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28593.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28592.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28591.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21866.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20905.nls
[2010-02-20 21:48:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20866.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1258.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1257.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1256.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1255.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1254.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1253.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1252.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1251.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1250.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1026.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10079.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10000.nls
[2010-02-20 21:48:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_037.nls
[2010-02-20 21:48:39 | 000,028,420 | ---- | C] () -- C:\WINDOWS\System32\bios1.rom
[2010-02-20 21:48:39 | 000,008,191 | ---- | C] () -- C:\WINDOWS\System32\bios4.rom
[2010-02-20 21:48:39 | 000,004,952 | RHS- | C] () -- C:\Bootfont.bin
[2010-02-20 21:48:31 | 000,012,594 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2010-02-20 21:48:27 | 000,001,988 | ---- | C] () -- C:\WINDOWS\System32\ticrf.rat
[2010-02-20 21:48:20 | 000,018,870 | ---- | C] () -- C:\WINDOWS\System32\oemlogo.bmp
[2010-02-20 21:48:20 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2010-02-20 21:48:19 | 000,066,384 | ---- | C] () -- C:\WINDOWS\System32\normnfkc.nls
[2010-02-20 21:48:19 | 000,060,294 | ---- | C] () -- C:\WINDOWS\System32\normnfkd.nls
[2010-02-20 21:48:19 | 000,059,342 | ---- | C] () -- C:\WINDOWS\System32\normidna.nls
[2010-02-20 21:48:19 | 000,045,794 | ---- | C] () -- C:\WINDOWS\System32\normnfc.nls
[2010-02-20 21:48:19 | 000,039,284 | ---- | C] () -- C:\WINDOWS\System32\normnfd.nls
[2010-02-20 21:48:15 | 000,056,700 | ---- | C] () -- C:\WINDOWS\System32\ieuinit.inf
[2010-02-20 21:48:13 | 000,008,798 | ---- | C] () -- C:\WINDOWS\System32\icrav03.rat
[2010-02-20 21:48:12 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\12520850.cpx
[2010-02-20 21:48:12 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\12520437.cpx
[2006-10-31 07:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-10-31 07:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-10-31 07:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-10-31 07:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-31 07:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-10-31 07:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-10-31 07:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010-02-21 15:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
[2010-02-21 15:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-02-21 15:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Opera
[2010-02-21 15:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kedzior\Dane aplikacji\Simply Super Software

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-02-21 13:40:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-02-21 14:41:14 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2010-02-20 21:48:39 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-02-21 13:40:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-02-21 14:42:45 | 000,000,152 | ---- | M] () -- C:\csb.log
[2010-02-21 13:40:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-02-21 13:40:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-02-20 21:49:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010-02-20 21:49:58 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-02-21 16:22:59 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010-02-21 14:42:45 | 000,000,348 | ---- | M] () -- C:\RHDSetup.log

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9
< End of report >
[/log]

Mateusz J.
komentarz
komentarz

Czy nie podpinałeś pendrive po formacie? Z niego prawdopodobnie przenosi się infekcja.
Jeśli podpinałeś, to podepnij go ponownie, zrób jego format, uruchom ComboFix i wykonaj z niego loga, następnie wykonaj: http://www.forumpc.pl/index.php?showtopic=107753&st=0&p=752434&#entry752434 (raport na forum).

Ryuga
komentarz
komentarz

Nie podpinalem pendriva, ale mam druga partycje, ktora jest zainfekowana.

ComboFix jest odrazu blokowany przez wirusa i sie nie odpala. Antywirus dezaktywuje sie samoczynnie, a zapora po kazdym reboocie jest wylaczona. Dodatkowo odblokowuja sie dodatkowe porty, a wszystkie ostrzezenia w windowsie sa wylaczane. Przy probie przeniesienia pliku komputer zwiesza sie.

Mateusz J.
komentarz
komentarz

Spróbuj zmienić nazwę ComboFix podczas pobierania (w Trybie Awaryjnym) i wykonać loga.

Ryuga
komentarz
komentarz

[log]
ComboFix 10-02-21.01 - Kedzior 10-02-21 21:05:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2495.2212 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Kedzior\Pulpit\fdsfsd.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Alcmtr.exe
c:\windows\system32\prnqctl.vbs

c:\windows\explorer.exe . . . jest zainfekowany!!

.
((((((((((((((((((((((((( Pliki utworzone od 2010-01-21 do 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\windows\system32\xircom
2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\windows\system32\wbem\snmp
2010-02-21 20:09 . 2010-02-21 20:09 -------- d-sh--w- c:\windows\system32\dllcache
2010-02-21 17:40 . 2010-02-21 17:40 96976 ----a-w- c:\windows\system32\drivers\klin.dat
2010-02-21 17:40 . 2010-02-21 17:40 87855 ----a-w- c:\windows\system32\drivers\klick.dat
2010-02-21 17:39 . 2010-02-21 17:43 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-21 17:39 . 2010-02-21 17:43 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-21 17:39 . 2010-02-21 17:39 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-21 17:39 . 2010-02-21 17:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2010-02-21 17:39 . 2009-12-11 17:05 3613560 ----a-w- c:\documents and settings\Kedzior\Dane aplikacji\Simply Super Software\Trojan Remover\fbo4F.exe
2010-02-21 17:38 . 2010-02-21 17:38 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2010-02-21 17:38 . 2010-02-21 17:38 -------- d-----w- c:\program files\NAPI-PROJEKT
2010-02-21 17:34 . 2009-12-11 17:05 3613560 ----a-w- c:\documents and settings\Kedzior\Dane aplikacji\Simply Super Software\Trojan Remover\acu20.exe
2010-02-21 17:19 . 2010-02-21 17:19 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Media Player Classic
2010-02-21 17:16 . 2010-02-21 17:17 -------- d-----w- c:\program files\Satsuki Decoder Pack
2010-02-21 17:13 . 2007-10-23 08:27 180224 ----a-w- c:\documents and settings\Kedzior\Dane aplikacji\U3\temp\cleanup.exe
2010-02-21 17:10 . 2007-10-23 08:22 3424256 ---ha-w- c:\documents and settings\Kedzior\Dane aplikacji\U3\temp\Launchpad Removal.exe
2010-02-21 17:10 . 2010-02-21 18:38 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\U3
2010-02-21 16:54 . 2010-02-21 16:54 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-21 16:54 . 2009-04-27 13:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-21 16:54 . 2010-02-21 16:54 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-21 16:54 . 2010-02-21 16:54 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\TuneUp Software
2010-02-21 16:54 . 2010-02-21 16:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TuneUp Software
2010-02-21 16:54 . 2010-02-21 16:54 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-02-21 16:54 . 2010-02-21 16:54 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}
2010-02-21 16:47 . 2010-02-21 16:47 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-21 16:47 . 2010-02-21 16:47 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\DAEMON Tools Lite
2010-02-21 16:32 . 2010-02-21 16:32 -------- d-----w- c:\documents and settings\Kedzior\WapSter
2010-02-21 16:32 . 2010-02-21 16:32 -------- d-----w- c:\program files\WapSter
2010-02-21 16:29 . 2010-02-21 16:29 -------- d-----w- c:\program files\soundbase
2010-02-21 16:01 . 2010-02-21 16:03 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Mp3tag
2010-02-21 16:01 . 2010-02-21 16:04 -------- d-----w- c:\program files\Mp3tag
2010-02-21 15:08 . 2010-02-21 15:08 -------- d-----w- c:\program files\CCleaner
2010-02-21 15:06 . 2010-02-21 15:06 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Malwarebytes
2010-02-21 15:06 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 15:06 . 2010-02-21 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-21 15:06 . 2010-02-21 15:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2010-02-21 15:06 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-21 15:00 . 2010-02-21 15:24 -------- d-----w- C:\_OTL
2010-02-21 14:45 . 2010-02-21 17:39 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-02-21 14:45 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-21 14:45 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-21 14:45 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-21 14:45 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-02-21 14:45 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-21 14:45 . 2010-02-21 14:45 -------- d-----w- c:\program files\Trojan Remover
2010-02-21 14:45 . 2010-02-21 14:45 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Simply Super Software
2010-02-21 14:45 . 2010-02-21 14:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software
2010-02-21 14:33 . 2010-02-21 14:33 -------- d-----w- c:\documents and settings\Kedzior\Ustawienia lokalne\Dane aplikacji\Opera
2010-02-21 14:33 . 2010-02-21 14:33 -------- d-----w- c:\program files\Opera
2010-02-21 14:27 . 2010-02-21 19:39 -------- d-----w- c:\program files\AIMP2
2010-02-21 14:02 . 2010-02-21 14:06 -------- d-----w- c:\windows\L2Schemas
2010-02-21 14:02 . 2010-02-21 14:06 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-02-21 14:02 . 2010-02-21 14:05 -------- d-----w- c:\windows\system32\pl
2010-02-21 14:02 . 2010-02-21 14:02 -------- d-----w- c:\windows\NLDRV
2010-02-21 14:02 . 2010-02-21 13:13 -------- d-----w- c:\windows\system32\pl-pl

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\program files\microsoft frontpage
2010-02-21 17:43 . 2010-02-21 17:39 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-21 17:43 . 2010-02-21 17:39 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-21 16:57 . 2001-10-26 18:15 49712 ----a-w- c:\windows\system32\perfc015.dat
2010-02-21 16:57 . 2001-10-26 18:15 355830 ----a-w- c:\windows\system32\perfh015.dat
2010-02-21 15:46 . 2010-02-21 13:17 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-21 13:44 . 2010-02-21 13:32 14656 ----a-w- c:\windows\gdrv.sys
2010-02-21 13:41 . 2010-02-21 13:41 -------- d-----w- c:\program files\Realtek
2010-02-21 13:41 . 2010-02-21 13:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 13:41 . 2010-02-21 13:41 315392 ----a-w- c:\windows\HideWin.exe
2010-02-21 13:41 . 2010-02-21 13:41 -------- d-----w- c:\program files\DIFX
2010-02-21 13:39 . 2010-02-21 13:39 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-21 13:37 . 2010-02-21 13:37 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\InstallShield
2010-02-21 13:29 . 2010-02-21 13:29 52477 ----a-w- c:\windows\BricoPackUninst.cmd
2010-02-21 13:29 . 2010-02-21 13:27 6118 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-02-21 13:29 . 2010-02-20 20:48 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-21 13:29 . 2010-02-21 13:29 12328 ----a-w- c:\documents and settings\Kedzior\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-02-21 13:25 . 2010-02-21 13:13 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-21 13:16 . 2010-02-21 13:16 -------- d-----w- c:\program files\Usługi online
2010-02-21 13:14 . 2010-02-21 13:14 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-21 12:45 . 2010-02-21 12:45 12328 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-02-20 20:49 . 2010-02-21 13:08 1088840 ----a-r- c:\windows\SET5F.tmp
2010-02-20 20:48 . 2010-02-20 20:48 9216 ----a-w- c:\windows\system32\dot3dlg.dll
2010-02-01 01:49 . 2010-02-01 01:49 85504 ----a-w- c:\windows\system32\ff_vfw.dll
.

------- Sigcheck -------

Błąd usług kryptograficznych !!
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2009-11-17 6807552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"nwiz"="nwiz.exe" [2006-10-31 1699840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="md" [X]
"nlpo_03"="md" [X]
"nlpo_04"="move" [X]
"nltide_2"="shell32" [X]
"nlpo_02"="advpack.dll" [2010-02-20 124928]
"nlpo_05"="advpack.dll" [2010-02-20 124928]
"nlpo_06"="advpack.dll" [2010-02-20 124928]
"nltide_3"="advpack.dll" [2010-02-20 124928]

c:\documents and settings\Kedzior\Menu Start\Programy\Autostart\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 847872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\McDC++\\McDCPlusPlus.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\DC++\\Programy\\Wyglad Vista\\pack-vista-inspirat-2-1.0.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\WINDOWS\\BricoPacks\\Vista Inspirat 2\\RocketDock\\RocketDock.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\TuneUp Utilities 2009\\OneClickStarter.exe"=
"c:\\Documents and Settings\\Kedzior\\Pulpit\\OTL.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\TuneUp Utilities 2009\\RegistryCleaner.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55224:TCP"= 55224:TCP:122.168.114.201/255.255.255.255:Disabled:wkcouiouiouio

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [08-01-29 17:29 32784]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-02-21 17:47 721904]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\jnjlqn.sys --> c:\windows\system32\drivers\jnjlqn.sys [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [08-03-13 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [08-04-30 17:06 24592]
S2 zidxaw;Universal Time;c:\windows\system32\svchost.exe -k netsvcs [10-02-20 21:50 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
zidxaw
.
Zawartość folderu 'Zaplanowane zadania'

2010-02-21 c:\windows\Tasks\Konserwacja 1 kliknięciem.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 14:59]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 21:10
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spzg.sys >>UNKNOWN [0x8A690938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28
\Driver\ACPI -> ACPI.sys @ 0xba665cb8
\Driver\atapi -> atapi.sys @ 0xba5fab40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
NDIS: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba4d0bd4
PacketIndicateHandler -> NDIS.sys @ 0xba4dca21
SendHandler -> NDIS.sys @ 0xba4d0d44
user & kernel MBR OK

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(1160)
c:\windows\system32\scecli.dll

- - - - - - - > 'explorer.exe'(1356)
c:\windows\system32\SHDOCVW.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Czas ukończenia: 2010-02-21 21:12:28 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-02-21 20:12

Przed: 33 345 200 128 bajtów wolnych
Po: 33 335 595 008 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - A87A75787D8A33EFA53E3C67AF2DC0CF

[/log]

Mateusz J.
komentarz
komentarz

Do notatnika wklje:
[code]File::
c:\windows\system32\drivers\jnjlqn.sys

Driver::
abp470n5
zidxaw

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"=-
"nlpo_03"=-
"nlpo_04"=-
"nltide_2"=-
"nlpo_02"=-
"nlpo_05"=-
"nlpo_06"=-
"nltide_3"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
"DisableRegistryTools"=-[/code]W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą[b] CFScript.txt[/b] i zapisz go w tym katalogu co ściągnięty i zapisany został [b]combofix[/b]
Na ikonę [b]ComboFix[/b] przeciągasz zrobiony plik [b]CFScript.txt[/b] Tak jak na obrazku:
[img]http://img212.imageshack.us/img212/740/cfscript10uc2su5.gif[/img]
Rozpocznie się usuwanie [b]i powstanie log , który pokazujesz na forum.[/b]

Następnie spróbuj odpalić http://www.freedrweb.com/cureit/

Ryuga
komentarz
komentarz (edytowane)

[log]ComboFix 10-02-21.02 - Kedzior 10-02-21 21:30:22.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2495.2203 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Kedzior\Pulpit\dsdfsd.exe
Użyto następujących komend :: c:\documents and settings\Kedzior\Pulpit\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\system32\drivers\jnjlqn.sys"
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\explorer.exe . . . jest zainfekowany!!

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ABP470N5
-------\Legacy_ZIDXAW
-------\Service_abp470n5
-------\Service_zidxaw


((((((((((((((((((((((((( Pliki utworzone od 2010-01-21 do 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\windows\system32\xircom
2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\windows\system32\wbem\snmp
2010-02-21 20:09 . 2010-02-21 20:09 -------- d-sh--w- c:\windows\system32\dllcache
2010-02-21 20:09 . 2010-02-21 20:09 -------- d-----w- c:\program files\microsoft frontpage
2010-02-21 17:40 . 2010-02-21 17:40 96976 ----a-w- c:\windows\system32\drivers\klin.dat
2010-02-21 17:40 . 2010-02-21 17:40 87855 ----a-w- c:\windows\system32\drivers\klick.dat
2010-02-21 17:39 . 2010-02-21 17:43 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-21 17:39 . 2010-02-21 17:43 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-21 17:39 . 2010-02-21 17:39 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-21 17:39 . 2010-02-21 17:39 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab
2010-02-21 17:39 . 2009-12-11 17:05 3613560 ----a-w- c:\documents and settings\Kedzior\Dane aplikacji\Simply Super Software\Trojan Remover\fbo4F.exe
2010-02-21 17:38 . 2010-02-21 17:38 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2010-02-21 17:38 . 2010-02-21 17:38 -------- d-----w- c:\program files\NAPI-PROJEKT
2010-02-21 17:34 . 2009-12-11 17:05 3613560 ----a-w- c:\documents and settings\Kedzior\Dane aplikacji\Simply Super Software\Trojan Remover\acu20.exe
2010-02-21 17:19 . 2010-02-21 17:19 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Media Player Classic
2010-02-21 17:16 . 2010-02-21 17:17 -------- d-----w- c:\program files\Satsuki Decoder Pack
2010-02-21 17:13 . 2007-10-23 08:27 180224 ----a-w- c:\documents and settings\Kedzior\Dane aplikacji\U3\temp\cleanup.exe
2010-02-21 17:10 . 2007-10-23 08:22 3424256 ---ha-w- c:\documents and settings\Kedzior\Dane aplikacji\U3\temp\Launchpad Removal.exe
2010-02-21 17:10 . 2010-02-21 18:38 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\U3
2010-02-21 16:54 . 2010-02-21 16:54 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-21 16:54 . 2009-04-27 13:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-21 16:54 . 2010-02-21 16:54 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-21 16:54 . 2010-02-21 16:54 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\TuneUp Software
2010-02-21 16:54 . 2010-02-21 16:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TuneUp Software
2010-02-21 16:54 . 2010-02-21 16:54 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-02-21 16:54 . 2010-02-21 16:54 -------- d-sh--w- c:\documents and settings\All Users\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}
2010-02-21 16:47 . 2010-02-21 16:47 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-21 16:47 . 2010-02-21 16:47 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\DAEMON Tools Lite
2010-02-21 16:32 . 2010-02-21 16:32 -------- d-----w- c:\documents and settings\Kedzior\WapSter
2010-02-21 16:32 . 2010-02-21 16:32 -------- d-----w- c:\program files\WapSter
2010-02-21 16:29 . 2010-02-21 16:29 -------- d-----w- c:\program files\soundbase
2010-02-21 16:01 . 2010-02-21 16:03 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Mp3tag
2010-02-21 16:01 . 2010-02-21 16:04 -------- d-----w- c:\program files\Mp3tag
2010-02-21 15:08 . 2010-02-21 15:08 -------- d-----w- c:\program files\CCleaner
2010-02-21 15:06 . 2010-02-21 15:06 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Malwarebytes
2010-02-21 15:06 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-21 15:06 . 2010-02-21 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-21 15:06 . 2010-02-21 15:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2010-02-21 15:06 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-21 15:00 . 2010-02-21 15:24 -------- d-----w- C:\_OTL
2010-02-21 14:45 . 2010-02-21 17:39 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-02-21 14:45 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-21 14:45 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-21 14:45 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-21 14:45 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-02-21 14:45 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-21 14:45 . 2010-02-21 14:45 -------- d-----w- c:\program files\Trojan Remover
2010-02-21 14:45 . 2010-02-21 14:45 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\Simply Super Software
2010-02-21 14:45 . 2010-02-21 14:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software
2010-02-21 14:33 . 2010-02-21 14:33 -------- d-----w- c:\documents and settings\Kedzior\Ustawienia lokalne\Dane aplikacji\Opera
2010-02-21 14:33 . 2010-02-21 14:33 -------- d-----w- c:\program files\Opera
2010-02-21 14:27 . 2010-02-21 19:39 -------- d-----w- c:\program files\AIMP2
2010-02-21 14:02 . 2010-02-21 14:06 -------- d-----w- c:\windows\L2Schemas
2010-02-21 14:02 . 2010-02-21 14:06 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-02-21 14:02 . 2010-02-21 14:05 -------- d-----w- c:\windows\system32\pl
2010-02-21 14:02 . 2010-02-21 14:02 -------- d-----w- c:\windows\NLDRV
2010-02-21 14:02 . 2010-02-21 13:13 -------- d-----w- c:\windows\system32\pl-pl

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 17:43 . 2010-02-21 17:39 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-21 17:43 . 2010-02-21 17:39 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-21 16:57 . 2001-10-26 18:15 49712 ----a-w- c:\windows\system32\perfc015.dat
2010-02-21 16:57 . 2001-10-26 18:15 355830 ----a-w- c:\windows\system32\perfh015.dat
2010-02-21 15:46 . 2010-02-21 13:17 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-21 13:44 . 2010-02-21 13:32 14656 ----a-w- c:\windows\gdrv.sys
2010-02-21 13:41 . 2010-02-21 13:41 -------- d-----w- c:\program files\Realtek
2010-02-21 13:41 . 2010-02-21 13:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 13:41 . 2010-02-21 13:41 315392 ----a-w- c:\windows\HideWin.exe
2010-02-21 13:41 . 2010-02-21 13:41 -------- d-----w- c:\program files\DIFX
2010-02-21 13:39 . 2010-02-21 13:39 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-21 13:37 . 2010-02-21 13:37 -------- d-----w- c:\documents and settings\Kedzior\Dane aplikacji\InstallShield
2010-02-21 13:29 . 2010-02-21 13:29 52477 ----a-w- c:\windows\BricoPackUninst.cmd
2010-02-21 13:29 . 2010-02-21 13:27 6118 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-02-21 13:29 . 2010-02-20 20:48 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-21 13:29 . 2010-02-21 13:29 12328 ----a-w- c:\documents and settings\Kedzior\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-02-21 13:25 . 2010-02-21 13:13 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-21 13:16 . 2010-02-21 13:16 -------- d-----w- c:\program files\Usługi online
2010-02-21 13:14 . 2010-02-21 13:14 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-21 12:45 . 2010-02-21 12:45 12328 ----a-w- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-02-20 20:49 . 2010-02-21 13:08 1088840 ----a-r- c:\windows\SET5F.tmp
2010-02-20 20:48 . 2010-02-20 20:48 9216 ----a-w- c:\windows\system32\dot3dlg.dll
2010-02-01 01:49 . 2010-02-01 01:49 85504 ----a-w- c:\windows\system32\ff_vfw.dll
.

------- Sigcheck -------

[-] 2010-02-20 . 8E036EEC565910417EA020CE0962AA24 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\5cb56d26ae277f6fc62b86faa15488d1\sp3qfe\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\5cb56d26ae277f6fc62b86faa15488d1\sp3gdr\tcpip.sys

[-] 2009-08-06 . 0B6DABD6FFF1AD42A3CD65A1C7EE8F35 . 68832 . . [7.4.7600.226] . . c:\windows\system32\wuauclt.exe

[7] 2010-02-20 . 8B994BB807C03EFE52561B832204D8BA . 3591680 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\0c6fcf2c02c2e088ad7560eed06e2b95\backup\sp3gdr\mshtml.dll
[7] 2010-02-20 . 8B994BB807C03EFE52561B832204D8BA . 3591680 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\0c6fcf2c02c2e088ad7560eed06e2b95\backup\sp3qfe\mshtml.dll
[-] 2010-02-20 . 40F20BCFBC845AA1DCADD9DDDC148898 . 3864576 . . [7.00.6000.16640] . . c:\windows\system32\mshtml.dll
[7] 2008-03-01 . B119ED057CDCB0EA1C9235CE8AE66885 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll

[7] 2010-02-20 . ACB31B4ED243D4DFFA5268F4AD2B0D6F . 826368 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\0c6fcf2c02c2e088ad7560eed06e2b95\backup\sp3gdr\wininet.dll
[7] 2010-02-20 . ACB31B4ED243D4DFFA5268F4AD2B0D6F . 826368 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\0c6fcf2c02c2e088ad7560eed06e2b95\backup\sp3qfe\wininet.dll
[-] 2010-02-20 . C18CC1B019BA1082F6925FD603993777 . 817152 . . [7.00.6000.16640] . . c:\windows\system32\wininet.dll
[7] 2008-03-01 . B1DB24042F335198EAD97AAA675B1078 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

[-] 2010-02-20 . 089EF4AFEA4A13AC4EBDAF3C5F332267 . 1206784 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2010-02-20 . 5279BA2254BEDE571D2FABB4D8C11523 . 89088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-21_20.10.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-21 20:34 . 2010-02-21 20:34 16384 c:\windows\system32\config\systemprofile\Ustawienia lokalne\temp\Perflib_Perfdata_dd8.dat
+ 2010-02-21 20:33 . 2010-02-21 20:33 16384 c:\windows\system32\config\systemprofile\Ustawienia lokalne\temp\Perflib_Perfdata_cc8.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AQQ"="c:\progra~1\WapSter\WAPSTE~1\AQQ.exe" [2009-11-17 6807552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"nwiz"="nwiz.exe" [2006-10-31 1699840]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]

c:\documents and settings\Kedzior\Menu Start\Programy\Autostart\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 847872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\McDC++\\McDCPlusPlus.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\DC++\\Programy\\Wyglad Vista\\pack-vista-inspirat-2-1.0.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\WINDOWS\\BricoPacks\\Vista Inspirat 2\\RocketDock\\RocketDock.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\TuneUp Utilities 2009\\OneClickStarter.exe"=
"c:\\Documents and Settings\\Kedzior\\Pulpit\\OTL.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\Program Files\\TuneUp Utilities 2009\\RegistryCleaner.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 2009\\avp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55224:TCP"= 55224:TCP:122.168.114.201/255.255.255.255:Disabled:wkcouiouiouio
"7095:TCP"= 7095:TCP:wkcsrwrp

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [08-01-29 17:29 32784]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-02-21 17:47 721904]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [08-03-13 18:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [08-04-30 17:06 24592]
S2 fgluhsi;Installer Config;c:\windows\system32\svchost.exe -k netsvcs [10-02-20 21:50 14336]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - ABP470N5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
fgluhsi
.
Zawartość folderu 'Zaplanowane zadania'

2010-02-21 c:\windows\Tasks\Konserwacja 1 kliknięciem.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 14:59]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 21:35
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spmr.sys >>UNKNOWN [0x8A68F938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28
\Driver\ACPI -> ACPI.sys @ 0xba665cb8
\Driver\atapi -> atapi.sys @ 0xba5fab40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578fa2
ParseProcedure -> ntkrnlpa.exe @ 0x80577c04
NDIS: Karta Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba4d0bd4
PacketIndicateHandler -> NDIS.sys @ 0xba4dca21
SendHandler -> NDIS.sys @ 0xba4d0d44
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fgluhsi]
"ServiceDll"="c:\windows\system32\bxqvnx.dll"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(1148)
c:\windows\system32\scecli.dll

- - - - - - - > 'explorer.exe'(452)
c:\windows\system32\SHDOCVW.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Czas ukończenia: 2010-02-21 21:36:59 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-02-21 20:36
ComboFix2.txt 2010-02-21 20:12

Przed: 35 209 027 584 bajtów wolnych
Po: 35 131 740 160 bajtów wolnych

- - End Of File - - 4A4586D62701C317C4DE37E0954D1AC5[/log]


Niestety ze strona sie nie polacze, poniewaz skutecznie zostala zablokowana. Bede probowal pobrac z innego zrodla.

Mateusz J.
komentarz
komentarz

Spróbuj w Trybie awaryjnym.

Masz poważną infekcje, jak widać zostały zarażone pliki .exe.

Ryuga
komentarz
komentarz

Caly dysk poddalem formatowi. Stracilem sra ilosc plikow, dlatego dalsza walka byla bez sensu. Najistotniejsze zdolalem uchronic. Na chwile obecna jestem posiadaczem Linux'a, wiec problem nie powinien sie powtorzyc. Dziekuje za pomoc.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.