Dygns utworzono 24 lutego 2010 utworzono 24 lutego 2010 (edytowane) witam otóż mam problem , gdy wchodze do mojego komputera i klikam na dysk c lub inny wyskakuje mi okienko " uruchom za pomocą .. "i wybieranie programu ... z czego się to wzieło ? nie mam pojęcia. Skanowalem antyvirem i nic nie wykrył . PRoszę o pomoc [color="#ff0000"] //przenoszę //dan[/color] Edytowane 24 lutego 2010 przez danielek316 przenoszę do odpowiedniego działu
danielek316 komentarz 24 lutego 2010 komentarz 24 lutego 2010 Zapoznaj się z tym tematem : [url="http://www.forumpc.pl/index.php?showtopic=104338"]http://www.forumpc.p...howtopic=104338[/url] i daj loga z OTL
Dygns komentarz 24 lutego 2010 Autor komentarz 24 lutego 2010 [log]OTL logfile created on: 2010-02-24 23:52:44 - Run 1 OTL by OldTimer - Version 3.1.30.1 Folder = E:\ Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 57,09 Gb Total Space | 12,97 Gb Free Space | 22,73% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 175,78 Gb Total Space | 127,35 Gb Free Space | 72,45% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VALOR Current User Name: Pwnz0rd Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-02-24 23:50:38 | 000,549,376 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2010-02-24 23:01:14 | 000,215,104 | ---- | M] () -- C:\WINNT\system32\PnkBstrB.exe PRC - [2010-02-22 10:33:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-02-13 18:46:43 | 000,075,064 | ---- | M] () -- C:\WINNT\system32\PnkBstrA.exe PRC - [2010-01-20 13:05:04 | 012,067,432 | ---- | M] (GG Network S.A.) -- E:\Gadu-Gadu 10\gg.exe PRC - [2010-01-11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2009-11-20 19:01:18 | 000,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-11-16 09:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- E:\hamachi\hamachi-2.exe PRC - [2009-09-27 18:19:46 | 000,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe PRC - [2009-01-09 06:49:18 | 033,570,816 | ---- | M] (VIA Technologies, Inc.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe PRC - [2008-07-25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe PRC - [2007-08-23 17:40:48 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2007-08-23 17:36:30 | 000,455,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe PRC - [2007-06-27 19:04:00 | 000,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe PRC - [2007-06-25 08:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe PRC - [2007-06-25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2007-06-25 08:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe PRC - [2006-05-13 15:22:59 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spoolsv.exe PRC - [2006-01-19 16:54:34 | 000,925,696 | ---- | M] ( ) -- C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE PRC - [2005-02-21 14:56:00 | 001,826,885 | ---- | M] (Stardock) -- C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe PRC - [2004-08-04 01:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winlogon.exe PRC - [2004-08-04 01:44:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wscntfy.exe PRC - [2004-08-04 01:44:28 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\services.exe PRC - [2004-08-04 01:44:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\smss.exe PRC - [2004-08-04 01:44:28 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rundll32.exe PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [RPCSS] PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [NETWORKSERVICE] PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [NETSVCS] PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [LOCALSERVICE] PRC - [2004-08-04 01:44:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\svchost.exe [DCOMLAUNCH] PRC - [2004-08-04 01:44:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lsass.exe PRC - [2004-08-04 01:44:20 | 001,882,112 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe PRC - [2004-08-04 01:44:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ctfmon.exe PRC - [2004-08-04 01:44:20 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\csrss.exe PRC - [2004-08-04 01:44:18 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\alg.exe PRC - [2004-08-04 00:55:54 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe PRC - [2002-09-29 14:41:00 | 000,090,112 | ---- | M] (Y'z@Home) -- C:\WINNT\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-02-24 23:50:38 | 000,549,376 | ---- | M] (OldTimer Tools) -- E:\OTL.exe MOD - [2010-02-24 23:08:32 | 000,085,504 | RHS- | M] () -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Temp\cvasds0.dll MOD - [2010-02-18 19:09:30 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\uxtheme.dll MOD - [2006-05-13 15:28:12 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\gdi32.dll MOD - [2006-05-13 15:25:54 | 001,285,632 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ole32.dll MOD - [2006-05-13 15:22:00 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\user32.dll MOD - [2006-03-17 06:08:07 | 031,199,232 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shell32.dll MOD - [2006-03-04 05:01:32 | 001,225,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wininet.dll MOD - [2006-03-04 05:01:32 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\shlwapi.dll MOD - [2005-01-11 13:31:00 | 000,020,480 | ---- | M] () -- C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll MOD - [2004-08-04 01:44:32 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\winspool.drv MOD - [2004-08-04 01:44:16 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wldap32.dll MOD - [2004-08-04 01:44:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ws2_32.dll MOD - [2004-08-04 01:44:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ws2help.dll MOD - [2004-08-04 01:44:14 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\version.dll MOD - [2004-08-04 01:44:12 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\srclient.dll MOD - [2004-08-04 01:44:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\setupapi.dll MOD - [2004-08-04 01:44:10 | 000,581,120 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\rpcrt4.dll MOD - [2004-08-04 01:44:10 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\samlib.dll MOD - [2004-08-04 01:44:10 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\secur32.dll MOD - [2004-08-04 01:44:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\psapi.dll MOD - [2004-08-04 01:44:08 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\oleaut32.dll MOD - [2004-08-04 01:44:08 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntmarta.dll MOD - [2004-08-04 01:44:08 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\olepro32.dll MOD - [2004-08-04 01:44:06 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msvcrt.dll MOD - [2004-08-04 01:44:04 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\MSCTF.dll MOD - [2004-08-04 01:44:04 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msasn1.dll MOD - [2004-08-04 01:44:02 | 001,012,224 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\kernel32.dll MOD - [2004-08-04 01:43:58 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\framedyn.dll MOD - [2004-08-04 01:43:56 | 000,601,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\crypt32.dll MOD - [2004-08-04 01:43:56 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\Comdlg32.dll MOD - [2004-08-04 01:43:52 | 000,686,080 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\advapi32.dll MOD - [2004-08-04 01:43:48 | 000,716,288 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\ntdll.dll MOD - [2004-08-04 01:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll MOD - [2002-09-29 14:41:00 | 000,057,344 | ---- | M] () -- C:\WINNT\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-02-24 23:01:14 | 000,215,104 | ---- | M] () [Auto | Running] -- C:\WINNT\system32\PnkBstrB.exe -- (PnkBstrB) SRV - [2010-02-22 10:33:15 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2010-02-21 08:01:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-02-13 18:46:43 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINNT\system32\PnkBstrA.exe -- (PnkBstrA) SRV - [2009-11-16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2009-09-27 18:19:46 | 000,172,100 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINNT\system32\nvsvc32.exe -- (nvsvc) SRV - [2007-08-23 17:40:48 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007-06-29 19:16:56 | 000,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService) SRV - [2007-06-27 19:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007-06-25 08:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-02-24 17:42:50 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-11-16 09:06:50 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINNT\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009-11-16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINNT\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009-11-16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\eamon.sys -- (eamon) DRV - [2009-09-28 00:12:21 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009-09-23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2008-12-19 04:39:30 | 000,993,280 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2008-02-14 07:12:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\monfilt.sys -- (monfilt) DRV - [2007-06-25 08:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINNT\system32\drivers\InCDRm.sys -- (incdrm) DRV - [2007-06-25 08:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINNT\system32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007-06-25 08:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINNT\system32\drivers\InCDfs.sys -- (InCDfs) DRV - [2006-01-18 14:09:40 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ZDPSp50.sys -- (ZDPSp50) DRV - [2005-12-22 14:45:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\WlanBZXP.sys -- (SG762_XP) DRV - [2005-01-07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2004-07-17 12:36:38 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2001-08-18 00:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1123561945-1960408961-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKU\S-1-5-21-1123561945-1960408961-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage IE - HKU\S-1-5-21-1123561945-1960408961-725345543-1003\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\S-1-5-21-1123561945-1960408961-725345543-1003\S-1-5-21-1123561945-1960408961-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.daemon-search.com/startpage" FF - prefs.js..extensions.enabledItems: info@finbu.com:1.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.1.110 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014 FF - prefs.js..keyword.URL: "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_US&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-23 23:41:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-23 17:15:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-02-12 21:18:43 | 000,000,000 | ---D | M] [2010-02-23 17:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Mozilla\Extensions [2010-02-24 10:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Mozilla\Firefox\Profiles\s1pcrqsx.default\extensions [2010-02-24 17:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Mozilla\Firefox\Profiles\s1pcrqsx.default\extensions\DTToolbar@toolbarnet.com [2010-02-24 10:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Mozilla\Firefox\Profiles\s1pcrqsx.default\extensions\toolbar@ask.com [2010-02-24 10:47:14 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Mozilla\Firefox\Profiles\s1pcrqsx.default\searchplugins\askcom.xml [2010-02-24 17:43:22 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Mozilla\Firefox\Profiles\s1pcrqsx.default\searchplugins\daemon-search.xml [2010-02-24 10:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-02-23 17:15:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\info@finbu.com O1 HOSTS File: ([2001-10-26 18:45:16 | 000,000,742 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (Loader Class) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINNT\BricoPacks\LeopardXP\FindeXer.dll File not found O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003..\Run: [cdoosoft] C:\DOCUME~1\Pwnz0rd\USTAWI~1\Temp\herss.exe File not found O4 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( ) O4 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003..\Run: [DAEMON Tools Lite] E:\DAEMON Tools Lite\DTLite.exe File not found O4 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003..\Run: [Gadu-Gadu 10] E:\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003..\Run: [uTorrent] E:\torrent\uTorrent.exe File not found O4 - HKU\.DEFAULT..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [nlsf] C:\WINNT\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE ( ) O4 - Startup: C:\Documents and Settings\Pwnz0rd\Menu Start\Programy\Autostart\Stardock ObjectDock.lnk = C:\WINNT\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe (Stardock) O4 - Startup: C:\Documents and Settings\Pwnz0rd\Menu Start\Programy\Autostart\Y'z ToolBar.lnk = C:\WINNT\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe (Y'z@Home) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-02-12 14:22:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-02-24 23:52:52 | 000,000,051 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-02-24 23:52:52 | 000,000,051 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{221e0ec6-2161-11df-8f5c-0060b34a6454}\Shell\AutoRun\command - "" = F:\62.exe -- File not found O33 - MountPoints2\{221e0ec6-2161-11df-8f5c-0060b34a6454}\Shell\open\Command - "" = F:\62.exe -- File not found O33 - MountPoints2\{83a1af0a-17da-11df-8083-806d6172696f}\Shell\AutoRun\command - "" = 62.exe O33 - MountPoints2\{83a1af0a-17da-11df-8083-806d6172696f}\Shell\open\Command - "" = 62.exe O33 - MountPoints2\{83a1af0b-17da-11df-8083-806d6172696f}\Shell\AutoRun\command - "" = 62.exe O33 - MountPoints2\{83a1af0b-17da-11df-8083-806d6172696f}\Shell\open\Command - "" = 62.exe O33 - MountPoints2\{aa2c8db2-17e1-11df-b049-0060b34a6454}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\62.exe -- File not found O33 - MountPoints2\D\Shell\open\Command - "" = D:\62.exe -- File not found O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\62.exe -- File not found O33 - MountPoints2\F\Shell\open\Command - "" = F:\62.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINNT\system32\ias [2010-02-12 14:42:42 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-24 23:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi [2010-02-24 18:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\My Games [2010-02-24 18:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters [2010-02-24 18:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\microsoft [2010-02-24 18:06:17 | 000,872,448 | ---- | C] (Blue Ripple Sound Limited) -- C:\WINNT\System32\rapture3d_oal.dll [2010-02-24 18:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\BRS [2010-02-24 18:02:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010-02-24 18:00:52 | 000,000,000 | ---D | C] -- C:\WINNT\System32\xlive [2010-02-24 18:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE [2010-02-24 18:00:40 | 000,445,016 | ---- | C] (Creative Labs) -- C:\WINNT\System32\wrap_oal.dll [2010-02-24 18:00:40 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINNT\System32\OpenAL32.dll [2010-02-24 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2010-02-24 17:43:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\AskToolbar [2010-02-24 17:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar [2010-02-24 17:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\DAEMON Tools Lite [2010-02-24 17:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-02-24 17:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\ESET [2010-02-24 15:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2010-02-24 14:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Ahead [2010-02-24 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe [2010-02-24 14:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Ahead [2010-02-24 14:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Ahead [2010-02-24 14:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Nero [2010-02-24 14:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nero [2010-02-24 14:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead [2010-02-24 11:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2010-02-24 11:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\SystemRequirementsLab [2010-02-23 23:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Downloads [2010-02-23 23:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2010-02-23 23:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\uTorrent [2010-02-23 17:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Mozilla [2010-02-23 17:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Mozilla [2010-02-23 17:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010-02-23 09:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Pulpit\Shity z SV [2010-02-23 09:16:41 | 000,000,000 | ---D | C] -- C:\Windows [2010-02-22 10:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2010-02-22 10:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-02-22 10:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010-02-22 10:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Sun [2010-02-22 10:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\assembly [2010-02-22 10:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\NCSoft [2010-02-22 10:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\InstallShield [2010-02-22 10:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\GetRightToGo [2010-02-21 16:07:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Moje wideo [2010-02-21 16:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\gctmp [2010-02-21 16:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Xenocode [2010-02-21 12:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Publish Providers [2010-02-21 12:34:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Sony [2010-02-21 12:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-21 12:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony [2010-02-21 12:25:54 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\UMDF [2010-02-21 12:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2010-02-21 12:22:38 | 000,000,000 | ---D | C] -- C:\WINNT\System32\XPSViewer [2010-02-21 12:22:37 | 000,000,000 | ---D | C] -- C:\WINNT\System32\en-us [2010-02-21 12:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2010-02-21 08:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\AdobeStockPhotos [2010-02-21 08:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Adobe [2010-02-21 08:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2010-02-21 08:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe [2010-02-21 08:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010-02-21 08:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2010-02-21 08:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010-02-20 00:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\BESTplayer [2010-02-19 20:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\FileSubmit [2010-02-19 20:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET [2010-02-19 19:52:49 | 000,000,000 | ---D | C] -- C:\WINNT\System32\VITrans [2010-02-19 19:52:47 | 000,000,000 | ---D | C] -- C:\VTPFiles [2010-02-19 19:52:46 | 000,094,208 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINNT\System32\pskill.exe [2010-02-19 19:52:46 | 000,019,968 | ---- | C] (Dead Knight) -- C:\WINNT\System32\reico.exe [2010-02-19 19:52:18 | 000,020,480 | ---- | C] (Windows X) -- C:\WINNT\System32\scrnrdr.exe [2010-02-19 15:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow [2010-02-18 19:13:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Identities [2010-02-18 19:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\FindeXer [2010-02-18 19:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Stardock [2010-02-18 19:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\RK Launcher [2010-02-18 19:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\CursorXP [2010-02-18 19:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\MacSearch_v.1.4.3 [2010-02-18 19:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\iColorFolder [2010-02-18 19:06:35 | 000,000,000 | ---D | C] -- C:\WINNT\BricoPacks [2010-02-17 18:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Pulpit\Sony Vegas Pro 9 Activation by tano1221 [2010-02-14 13:07:25 | 000,029,184 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINNT\System32\drivers\BRGSp50a64.sys [2010-02-14 13:07:25 | 000,020,608 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINNT\System32\drivers\BRGSp50.sys [2010-02-14 13:07:25 | 000,017,664 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINNT\System32\drivers\ZDPSp50.sys [2010-02-14 13:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\SAGEM WiFi manager [2010-02-14 13:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\SAGEM [2010-02-14 13:06:18 | 000,493,440 | ---- | C] (ZyDAS Technology Corporation) -- C:\WINNT\System32\drivers\WlanBZ64.SYS [2010-02-14 13:06:18 | 000,402,432 | ---- | C] (ZyDAS Technology Corporation) -- C:\WINNT\System32\drivers\WlanBZXP.sys [2010-02-14 13:06:11 | 000,031,744 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINNT\System32\drivers\ZDPSp50a64.sys [2010-02-13 20:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi [2010-02-13 20:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\TS3Client [2010-02-13 18:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\PunkBuster [2010-02-13 14:29:56 | 000,000,000 | ---D | C] -- C:\WINNT\System32\LogFiles [2010-02-13 14:11:35 | 000,000,000 | -HSD | C] -- C:\WINNT\ftpcache [2010-02-13 14:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Pulpit\profiles [2010-02-13 12:33:09 | 000,000,000 | ---D | C] -- C:\WINNT\System32\appmgmt [2010-02-13 11:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Sony [2010-02-13 11:14:41 | 000,000,000 | R-SD | C] -- C:\WINNT\assembly [2010-02-13 11:14:21 | 000,000,000 | ---D | C] -- C:\WINNT\Microsoft.NET [2010-02-13 11:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Sony Setup [2010-02-12 23:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\teamspeak2 [2010-02-12 21:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010-02-12 21:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-02-12 19:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Winamp Toolbar [2010-02-12 18:19:51 | 000,008,704 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINNT\System32\viahdcpl.cpl [2010-02-12 18:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\VIA [2010-02-12 17:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\WinRAR [2010-02-12 17:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\GTA San Andreas User Files [2010-02-12 17:22:39 | 000,000,000 | ---D | C] -- C:\WINNT\Logs [2010-02-12 17:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar [2010-02-12 17:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar [2010-02-12 17:21:11 | 000,000,000 | ---D | C] -- C:\WINNT\RegisteredPackages [2010-02-12 17:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Winamp [2010-02-12 17:12:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010-02-12 16:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Adobe [2010-02-12 16:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Macromedia [2010-02-12 16:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\cache [2010-02-12 16:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Gadu-Gadu 10 [2010-02-12 16:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-02-12 15:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2010-02-12 15:08:22 | 000,000,000 | ---D | C] -- C:\WINNT\System32\AGEIA [2010-02-12 15:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010-02-12 15:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA Corporation [2010-02-12 15:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010-02-12 15:06:34 | 000,000,000 | ---D | C] -- C:\NVIDIA [2010-02-12 14:47:28 | 000,000,000 | -HSD | C] -- C:\WINNT\Installer [2010-02-12 14:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC [2010-02-12 14:47:24 | 000,000,000 | R--D | C] -- C:\Program Files [2010-02-12 14:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines [2010-02-12 14:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared [2010-02-12 14:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files [2010-02-12 14:46:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Menu Start [2010-02-12 14:46:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty [2010-02-12 14:46:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Szablony [2010-02-12 14:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Ulubione [2010-02-12 14:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Pulpit [2010-02-12 14:46:48 | 000,000,000 | ---D | C] -- C:\WINNT\System32\CatRoot2 [2010-02-12 14:46:48 | 000,000,000 | ---D | C] -- C:\WINNT\System32\CatRoot [2010-02-12 14:46:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft [2010-02-12 14:46:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji [2010-02-12 14:46:20 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2010-02-12 14:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings [2010-02-12 14:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Opera [2010-02-12 14:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Opera [2010-02-12 14:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2010-02-12 14:41:34 | 000,000,000 | R-SD | C] -- C:\WINNT\Fonts [2010-02-12 14:41:34 | 000,000,000 | RHSD | C] -- C:\WINNT\System32\dllcache [2010-02-12 14:41:34 | 000,000,000 | R--D | C] -- C:\WINNT\Web [2010-02-12 14:41:34 | 000,000,000 | -H-D | C] -- C:\WINNT\inf [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\WinSxS [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\wins [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\wbem [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\usmt [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\twain_32 [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\Temp [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\system32 [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\system [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\spool [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\ShellExt [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\Setup [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\security [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\Resources [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\repair [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\ras [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\Provisioning [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\PreInstall [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\PeerNet [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\pchealth [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\oobe [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\npp [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\mui [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\mui [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\msapps [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\msagent [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\Media [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\java [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\inetsrv [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\IME [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\ime [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\icsxml [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\ias [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\Help [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\export [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\etc [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\ehome [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\Driver Cache [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\disdn [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\dhcp [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\Debug [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\Cursors [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\Connection Wizard [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\config [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\Config [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\AppPatch [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\addins [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\3com_dmi [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\3076 [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\2052 [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\1054 [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\1045 [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\1042 [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\1041 [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\1037 [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\1033 [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\1031 [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\1028 [2010-02-12 14:41:34 | 000,000,000 | ---D | C] -- C:\WINNT\System32\1025 [2010-02-12 14:41:00 | 011,650,440 | ---- | C] (Opera Software ASA ) -- C:\Opera.exe [2010-02-12 14:31:22 | 000,061,440 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINNT\System32\W32N50.dll [2010-02-12 14:31:21 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2010-02-12 14:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2010-02-12 14:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Identities [2010-02-12 14:24:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2010-02-12 14:24:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Moje obrazy [2010-02-12 14:24:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Moja muzyka [2010-02-12 14:24:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Microsoft [2010-02-12 14:24:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Pwnz0rd\Cookies [2010-02-12 14:24:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pwnz0rd\SendTo [2010-02-12 14:24:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pwnz0rd\Recent [2010-02-12 14:24:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji [2010-02-12 14:24:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pwnz0rd\Ulubione [2010-02-12 14:24:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty [2010-02-12 14:24:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pwnz0rd\Menu Start [2010-02-12 14:24:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne [2010-02-12 14:24:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Pwnz0rd\Szablony [2010-02-12 14:24:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Pwnz0rd\PrintHood [2010-02-12 14:24:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Pwnz0rd\NetHood [2010-02-12 14:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Pulpit [2010-02-12 14:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-12 14:24:00 | 000,000,000 | ---D | C] -- C:\WINNT\SoftwareDistribution [2010-02-12 14:23:59 | 000,000,000 | ---D | C] -- C:\WINNT\Prefetch [2010-02-12 14:23:58 | 000,000,000 | --SD | C] -- C:\WINNT\System32\Microsoft [2010-02-12 14:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-12 14:22:33 | 000,000,000 | -H-D | C] -- C:\WINNT\$hf_mig$ [2010-02-12 14:22:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-02-12 14:22:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-02-12 14:21:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM [2010-02-12 14:21:34 | 000,000,000 | --SD | C] -- C:\WINNT\Downloaded Program Files [2010-02-12 14:21:34 | 000,000,000 | R--D | C] -- C:\WINNT\Offline Web Pages [2010-02-12 14:21:27 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate [2010-02-12 14:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Usługi online [2010-02-12 14:21:10 | 000,000,000 | ---D | C] -- C:\WINNT\System32\DirectX [2010-02-12 14:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services [2010-02-12 14:20:43 | 000,000,000 | --SD | C] -- C:\WINNT\Tasks [2010-02-12 14:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2010-02-12 14:20:39 | 000,000,000 | ---D | C] -- C:\WINNT\srchasst [2010-02-12 14:20:38 | 000,000,000 | ---D | C] -- C:\WINNT\System32\Macromed [2010-02-12 14:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker [2010-02-12 14:20:24 | 000,000,000 | ---D | C] -- C:\WINNT\System32\Restore [2010-02-12 14:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting [2010-02-12 14:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express [2010-02-12 14:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System [2010-02-12 14:20:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje obrazy [2010-02-12 14:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer [2010-02-12 14:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2010-02-12 14:19:41 | 000,000,000 | ---D | C] -- C:\WINNT\Registration [2010-02-12 14:19:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moja muzyka [2010-02-12 14:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player [2010-02-12 14:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger [2010-02-12 14:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone [2010-02-12 14:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT [2010-02-12 14:19:03 | 000,000,000 | ---D | C] -- C:\WINNT\System32\MsDtc [2010-02-12 14:19:02 | 000,000,000 | ---D | C] -- C:\WINNT\System32\Com [2010-02-12 14:18:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo [8 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] [3 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-02-24 23:53:17 | 000,000,051 | RHS- | M] () -- C:\autorun.inf [2010-02-24 23:12:40 | 001,087,636 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI [2010-02-24 23:12:40 | 000,490,284 | ---- | M] () -- C:\WINNT\System32\perfh015.dat [2010-02-24 23:12:40 | 000,432,356 | ---- | M] () -- C:\WINNT\System32\perfh009.dat [2010-02-24 23:12:40 | 000,083,660 | ---- | M] () -- C:\WINNT\System32\perfc015.dat [2010-02-24 23:12:40 | 000,067,312 | ---- | M] () -- C:\WINNT\System32\perfc009.dat [2010-02-24 23:08:30 | 000,253,748 | ---- | M] () -- C:\WINNT\System32\NvApps.xml [2010-02-24 23:08:28 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT [2010-02-24 23:08:27 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat [2010-02-24 23:07:47 | 002,359,296 | -H-- | M] () -- C:\Documents and Settings\Pwnz0rd\NTUSER.DAT [2010-02-24 23:01:14 | 000,215,104 | ---- | M] () -- C:\WINNT\System32\PnkBstrB.xtr [2010-02-24 23:01:14 | 000,215,104 | ---- | M] () -- C:\WINNT\System32\PnkBstrB.exe [2010-02-24 23:01:00 | 000,000,238 | ---- | M] () -- C:\WINNT\tasks\Scheduled Update for Ask Toolbar.job [2010-02-24 22:54:52 | 000,138,576 | ---- | M] () -- C:\WINNT\System32\drivers\PnkBstrK.sys [2010-02-24 21:33:33 | 001,402,776 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT [2010-02-24 18:58:48 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\aionmemo_d23ac796.dat [2010-02-24 18:44:07 | 000,015,424 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-02-24 18:06:23 | 000,000,489 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DiRT2.lnk [2010-02-24 18:00:40 | 000,445,016 | ---- | M] (Creative Labs) -- C:\WINNT\System32\wrap_oal.dll [2010-02-24 18:00:40 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINNT\System32\OpenAL32.dll [2010-02-24 17:42:53 | 000,000,575 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-02-24 17:42:50 | 000,691,696 | ---- | M] () -- C:\WINNT\System32\drivers\sptd.sys [2010-02-24 15:58:26 | 000,000,109 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\default.pls [2010-02-24 15:58:21 | 000,000,069 | ---- | M] () -- C:\WINNT\NeroDigital.ini [2010-02-24 15:55:54 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-24 14:58:31 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl [2010-02-24 14:50:38 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nero StartSmart Essentials.lnk [2010-02-24 14:50:38 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nero Home Essentials SE.lnk [2010-02-24 14:50:38 | 000,001,901 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Uaktualnienie online pakietu Nero.lnk [2010-02-23 23:40:46 | 000,000,445 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk [2010-02-23 18:11:32 | 3861,180,232 | ---- | M] () -- C:\Program Files\NCSoft.rar [2010-02-23 17:15:23 | 000,000,000 | ---- | M] () -- C:\WINNT\nsreg.dat [2010-02-23 17:15:12 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-02-23 09:42:57 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\Aion.lnk [2010-02-22 20:36:56 | 002,475,604 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\maypole - mistake by mistake.mp3 [2010-02-22 10:14:23 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\Aion (North America).lnk [2010-02-22 10:13:31 | 000,001,669 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\NCsoft Launcher.lnk [2010-02-21 16:07:13 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\Game Cam V2.lnk [2010-02-21 12:34:59 | 000,002,592 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Register Vegas Pro.htm [2010-02-21 12:29:26 | 000,001,375 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Vegas Pro 9.0.lnk [2010-02-21 12:26:23 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK [2010-02-21 12:26:21 | 000,316,640 | ---- | M] () -- C:\WINNT\WMSysPr9.prx [2010-02-21 12:25:55 | 000,000,000 | -H-- | M] () -- C:\WINNT\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010-02-21 08:08:48 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\EVEREST Home Edition.lnk [2010-02-19 22:25:47 | 000,118,394 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\zamknijmorde3.wav [2010-02-19 20:24:39 | 000,035,693 | ---- | M] () -- C:\WINNT\BricoPackUninst.cmd [2010-02-19 20:24:39 | 000,002,094 | ---- | M] () -- C:\WINNT\BricoPackFoldersDelete.cmd [2010-02-19 20:24:38 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Menu Start\Programy\Autostart\Y'z ToolBar.lnk [2010-02-19 20:24:37 | 000,000,932 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Menu Start\Programy\Autostart\Stardock ObjectDock.lnk [2010-02-19 20:24:20 | 003,932,214 | ---- | M] () -- C:\WINNT\BricoPack Wallpaper.bmp [2010-02-18 13:05:47 | 000,002,512 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\as.htm [2010-02-18 13:05:06 | 000,002,512 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\asd.htm [2010-02-17 19:39:09 | 000,002,428 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Register Vegas Movie Studio Platinum.htm [2010-02-17 19:32:50 | 000,002,428 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Register Vegas Movie Studio Platinum111.htm [2010-02-17 19:25:32 | 000,002,480 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Register Vegas Movie Studio Platinum1.htm [2010-02-17 19:15:28 | 000,002,444 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Register Vegas Movie Studio Platinum22.htm [2010-02-15 18:17:51 | 000,000,450 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\Audacity.lnk [2010-02-14 13:07:21 | 000,001,465 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk [2010-02-14 13:07:19 | 000,001,581 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Konfiguracja.lnk [2010-02-14 13:07:19 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.url [2010-02-14 02:31:15 | 006,405,466 | -H-- | M] () -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-13 20:57:49 | 000,000,457 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\LogMeIn Hamachi.lnk [2010-02-13 20:54:06 | 000,000,514 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\TeamSpeak 3 Client.lnk [2010-02-13 18:46:43 | 000,075,064 | ---- | M] () -- C:\WINNT\System32\PnkBstrA.exe [2010-02-13 17:16:02 | 000,000,305 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CoD 4 Multi.lnk [2010-02-13 17:16:02 | 000,000,305 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) 4 - Modern Warfare(TM) Jeden gracz.lnk [2010-02-13 17:15:40 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\PnkBstrK.sys [2010-02-13 17:15:06 | 000,000,268 | ---- | M] () -- C:\WINNT\game.ini [2010-02-13 15:05:09 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Pwnz0rd\ntuser.ini [2010-02-13 11:20:57 | 000,000,023 | -HS- | M] () -- C:\WINNT\System32\eabafbbac7.dat [2010-02-13 11:20:57 | 000,000,023 | ---- | M] () -- C:\WINNT\System32\ddaaeacaeca0.xml [2010-02-13 00:05:34 | 000,085,504 | ---- | M] () -- C:\WINNT\System32\ff_vfw.dll [2010-02-12 23:41:47 | 000,000,471 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\Teamspeak 2 RC2.lnk [2010-02-12 22:51:16 | 000,000,446 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Fraps.lnk [2010-02-12 22:50:35 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\MTA.lnk [2010-02-12 18:21:25 | 000,000,371 | ---- | M] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\Muza.lnk [2010-02-12 17:29:17 | 000,000,454 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Winamp.lnk [2010-02-12 16:41:26 | 000,000,470 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2010-02-12 14:47:23 | 000,000,231 | ---- | M] () -- C:\WINNT\system.ini [2010-02-12 14:42:01 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2010-02-12 14:41:00 | 011,650,440 | ---- | M] (Opera Software ASA ) -- C:\Opera.exe [2010-02-12 14:23:43 | 000,008,192 | ---- | M] () -- C:\WINNT\REGLOCS.OLD [2010-02-12 14:22:56 | 000,000,261 | ---- | M] () -- C:\WINNT\System32\$winnt$.inf [2010-02-12 14:22:20 | 000,002,596 | ---- | M] () -- C:\WINNT\System32\CONFIG.NT [2010-02-12 14:22:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-02-12 14:22:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-02-12 14:22:20 | 000,000,000 | ---- | M] () -- C:\WINNT\control.ini [2010-02-12 14:22:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-02-12 14:22:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-02-12 14:22:19 | 000,000,477 | ---- | M] () -- C:\WINNT\win.ini [2010-02-12 14:22:17 | 000,023,392 | ---- | M] () -- C:\WINNT\System32\nscompat.tlb [2010-02-12 14:22:17 | 000,016,832 | ---- | M] () -- C:\WINNT\System32\amcompat.tlb [2010-02-12 14:22:09 | 000,004,205 | ---- | M] () -- C:\WINNT\ODBCINST.INI [2010-02-12 14:21:34 | 000,000,488 | RH-- | M] () -- C:\WINNT\System32\WindowsLogon.manifest [2010-02-12 14:21:34 | 000,000,488 | RH-- | M] () -- C:\WINNT\System32\logonui.exe.manifest [2010-02-12 14:21:30 | 000,000,749 | RH-- | M] () -- C:\WINNT\System32\wuaucpl.cpl.manifest [2010-02-12 14:21:30 | 000,000,749 | RH-- | M] () -- C:\WINNT\WindowsShell.Manifest [2010-02-12 14:21:30 | 000,000,749 | RH-- | M] () -- C:\WINNT\System32\sapi.cpl.manifest [2010-02-12 14:21:30 | 000,000,749 | RH-- | M] () -- C:\WINNT\System32\nwc.cpl.manifest [2010-02-12 14:21:30 | 000,000,749 | RH-- | M] () -- C:\WINNT\System32\ncpa.cpl.manifest [2010-02-12 14:21:30 | 000,000,749 | RH-- | M] () -- C:\WINNT\System32\cdplayer.exe.manifest [2010-02-12 14:19:53 | 000,021,856 | ---- | M] () -- C:\WINNT\System32\emptyregdb.dat [2010-02-12 14:19:44 | 000,000,037 | ---- | M] () -- C:\WINNT\vbaddin.ini [2010-02-12 14:19:44 | 000,000,036 | ---- | M] () -- C:\WINNT\vb.ini [2010-02-12 14:18:13 | 000,000,207 | -HS- | M] () -- C:\boot.ini [8 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] [3 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-24 18:06:23 | 000,000,489 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DiRT2.lnk [2010-02-24 17:42:53 | 000,000,575 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2010-02-24 17:42:50 | 000,691,696 | ---- | C] () -- C:\WINNT\System32\drivers\sptd.sys [2010-02-24 15:58:26 | 000,000,109 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\default.pls [2010-02-24 15:58:20 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini [2010-02-24 15:48:49 | 000,000,051 | RHS- | C] () -- C:\autorun.inf [2010-02-24 14:50:38 | 000,002,385 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nero StartSmart Essentials.lnk [2010-02-24 14:50:38 | 000,002,305 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nero Home Essentials SE.lnk [2010-02-24 14:50:38 | 000,001,901 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Uaktualnienie online pakietu Nero.lnk [2010-02-23 23:41:11 | 000,000,238 | ---- | C] () -- C:\WINNT\tasks\Scheduled Update for Ask Toolbar.job [2010-02-23 23:40:46 | 000,000,445 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk [2010-02-23 17:15:23 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat [2010-02-23 17:15:12 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-02-23 16:56:13 | 3861,180,232 | ---- | C] () -- C:\Program Files\NCSoft.rar [2010-02-23 12:38:32 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\aionmemo_d23ac796.dat [2010-02-23 09:42:57 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\Aion.lnk [2010-02-22 20:34:12 | 002,475,604 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\maypole - mistake by mistake.mp3 [2010-02-22 10:14:23 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\Aion (North America).lnk [2010-02-22 10:13:31 | 000,001,669 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\NCsoft Launcher.lnk [2010-02-21 16:07:13 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\Game Cam V2.lnk [2010-02-21 12:34:58 | 000,002,592 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Register Vegas Pro.htm [2010-02-21 12:29:26 | 000,001,375 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Vegas Pro 9.0.lnk [2010-02-21 12:26:26 | 000,764,868 | ---- | C] () -- C:\WINNT\System32\dllcache\apph_sp.sdb [2010-02-21 12:26:26 | 000,217,118 | ---- | C] () -- C:\WINNT\System32\dllcache\apphelp.sdb [2010-02-21 12:25:55 | 000,000,000 | -H-- | C] () -- C:\WINNT\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2010-02-21 12:24:23 | 000,098,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-02-21 08:08:48 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\EVEREST Home Edition.lnk [2010-02-19 22:25:30 | 000,118,394 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\zamknijmorde3.wav [2010-02-19 20:24:38 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Menu Start\Programy\Autostart\Y'z ToolBar.lnk [2010-02-19 20:24:37 | 000,000,932 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Menu Start\Programy\Autostart\Stardock ObjectDock.lnk [2010-02-19 20:23:55 | 000,002,094 | ---- | C] () -- C:\WINNT\BricoPackFoldersDelete.cmd [2010-02-19 20:21:16 | 000,656,542 | ---- | C] () -- C:\271_icol.dll [2010-02-19 19:52:47 | 000,111,104 | ---- | C] () -- C:\WINNT\System32\Uharc.exe [2010-02-19 19:52:46 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\moveex.exe [2010-02-19 19:52:46 | 000,008,636 | ---- | C] () -- C:\WINNT\System32\modifype.exe [2010-02-19 15:34:59 | 000,000,547 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll.manifest [2010-02-19 15:34:58 | 000,085,504 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll [2010-02-18 19:09:30 | 000,035,693 | ---- | C] () -- C:\WINNT\BricoPackUninst.cmd [2010-02-18 19:07:52 | 003,932,214 | ---- | C] () -- C:\WINNT\BricoPack Wallpaper.bmp [2010-02-18 13:05:47 | 000,002,512 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\as.htm [2010-02-18 13:05:06 | 000,002,512 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\asd.htm [2010-02-17 19:32:50 | 000,002,428 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Register Vegas Movie Studio Platinum111.htm [2010-02-17 19:25:32 | 000,002,480 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Register Vegas Movie Studio Platinum1.htm [2010-02-17 19:15:28 | 000,002,444 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Register Vegas Movie Studio Platinum22.htm [2010-02-17 19:08:23 | 000,002,428 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Moje dokumenty\Register Vegas Movie Studio Platinum.htm [2010-02-15 18:17:51 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\Audacity.lnk [2010-02-14 13:07:21 | 000,001,465 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk [2010-02-14 13:07:19 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Konfiguracja.lnk [2010-02-14 13:07:19 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.url [2010-02-13 20:57:49 | 000,000,457 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\LogMeIn Hamachi.lnk [2010-02-13 20:54:06 | 000,000,514 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\TeamSpeak 3 Client.lnk [2010-02-13 18:54:02 | 000,215,104 | ---- | C] () -- C:\WINNT\System32\PnkBstrB.xtr [2010-02-13 17:16:02 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CoD 4 Multi.lnk [2010-02-13 17:16:02 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Call of Duty(R) 4 - Modern Warfare(TM) Jeden gracz.lnk [2010-02-13 17:15:11 | 000,215,104 | ---- | C] () -- C:\WINNT\System32\PnkBstrB.exe [2010-02-13 14:30:13 | 000,138,576 | ---- | C] () -- C:\WINNT\System32\drivers\PnkBstrK.sys [2010-02-13 14:30:13 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\PnkBstrK.sys [2010-02-13 14:29:56 | 000,075,064 | ---- | C] () -- C:\WINNT\System32\PnkBstrA.exe [2010-02-13 14:29:54 | 000,000,268 | ---- | C] () -- C:\WINNT\game.ini [2010-02-13 11:20:57 | 000,000,023 | -HS- | C] () -- C:\WINNT\System32\eabafbbac7.dat [2010-02-13 11:20:57 | 000,000,023 | ---- | C] () -- C:\WINNT\System32\ddaaeacaeca0.xml [2010-02-12 23:49:29 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-12 23:41:47 | 000,000,471 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\Teamspeak 2 RC2.lnk [2010-02-12 22:51:16 | 000,000,446 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Fraps.lnk [2010-02-12 22:50:35 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\MTA.lnk [2010-02-12 18:21:27 | 000,000,371 | ---- | C] () -- C:\Documents and Settings\Pwnz0rd\Pulpit\Muza.lnk [2010-02-12 17:22:43 | 000,000,454 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Winamp.lnk [2010-02-12 16:41:26 | 000,000,470 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk [2010-02-12 15:06:36 | 001,604,482 | ---- | C] () -- C:\WINNT\System32\nvdata.bin [2010-02-12 14:47:30 | 000,001,374 | ---- | C] () -- C:\WINNT\imsins.BAK [2010-02-12 14:47:19 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\c_28603.nls [2010-02-12 14:47:18 | 000,066,594 | ---- | C] () -- C:\WINNT\System32\c_857.nls [2010-02-12 14:47:18 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\c_28599.nls [2010-02-12 14:47:18 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\c_10081.nls [2010-02-12 14:47:16 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\C_28595.NLS [2010-02-12 14:47:16 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\c_10017.nls [2010-02-12 14:47:16 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\c_10007.nls [2010-02-12 14:47:15 | 000,066,594 | ---- | C] () -- C:\WINNT\System32\c_869.nls [2010-02-12 14:47:15 | 000,066,594 | ---- | C] () -- C:\WINNT\System32\c_737.nls [2010-02-12 14:47:15 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\c_875.nls [2010-02-12 14:47:15 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\C_28597.NLS [2010-02-12 14:47:15 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\c_10006.nls [2010-02-12 14:47:14 | 000,066,594 | ---- | C] () -- C:\WINNT\System32\c_866.nls [2010-02-12 14:47:14 | 000,066,594 | ---- | C] () -- C:\WINNT\System32\c_855.nls [2010-02-12 14:47:14 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\C_28594.NLS [2010-02-12 14:47:10 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\c_20127.nls [2010-02-12 14:47:08 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\c_10082.nls [2010-02-12 14:47:08 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\c_10029.nls [2010-02-12 14:47:08 | 000,066,082 | ---- | C] () -- C:\WINNT\System32\c_10010.nls [2010-02-12 14:47:06 | 000,001,734 | ---- | C] () -- C:\WINNT\System32\AUTOEXEC.NT [2010-02-12 14:46:57 | 000,141,702 | ---- | C] () -- C:\WINNT\System32\dllcache\netfx.cat [2010-02-12 14:46:57 | 000,102,826 | ---- | C] () -- C:\WINNT\System32\dllcache\tabletpc.cat [2010-02-12 14:46:57 | 000,037,509 | ---- | C] () -- C:\WINNT\System32\dllcache\MW770.CAT [2010-02-12 14:46:57 | 000,031,965 | ---- | C] () -- C:\WINNT\System32\dllcache\mediactr.cat [2010-02-12 14:46:57 | 000,008,599 | ---- | C] () -- C:\WINNT\System32\dllcache\IASNT4.CAT [2010-02-12 14:46:57 | 000,007,382 | ---- | C] () -- C:\WINNT\System32\dllcache\OEMBIOS.CAT [2010-02-12 14:46:57 | 000,007,334 | ---- | C] () -- C:\WINNT\System32\dllcache\wmerrenu.cat [2010-02-12 14:46:57 | 000,007,245 | ---- | C] () -- C:\WINNT\System32\dllcache\MSTSWEB.CAT [2010-02-12 14:46:56 | 001,896,400 | ---- | C] () -- C:\WINNT\System32\dllcache\NT5.CAT [2010-02-12 14:46:56 | 001,014,483 | ---- | C] () -- C:\WINNT\System32\dllcache\SP2.CAT [2010-02-12 14:46:56 | 000,808,524 | ---- | C] () -- C:\WINNT\System32\dllcache\NT5IIS.CAT [2010-02-12 14:46:56 | 000,620,500 | ---- | C] () -- C:\WINNT\System32\dllcache\NT5INF.CAT [2010-02-12 14:46:56 | 000,399,670 | ---- | C] () -- C:\WINNT\System32\dllcache\MAPIMIG.CAT [2010-02-12 14:46:56 | 000,030,983 | ---- | C] () -- C:\WINNT\System32\dllcache\FP4.CAT [2010-02-12 14:46:56 | 000,014,043 | ---- | C] () -- C:\WINNT\System32\dllcache\IMS.CAT [2010-02-12 14:46:56 | 000,013,497 | ---- | C] () -- C:\WINNT\System32\dllcache\HPCRDP.CAT [2010-02-12 14:46:56 | 000,009,581 | ---- | C] () -- C:\WINNT\System32\dllcache\MSMSGS.CAT [2010-02-12 14:46:19 | 001,402,776 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT [2010-02-12 14:45:34 | 000,000,207 | -HS- | C] () -- C:\boot.ini [2010-02-12 14:45:31 | 000,000,261 | ---- | C] () -- C:\WINNT\System32\$winnt$.inf [2010-02-12 14:42:01 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk [2010-02-12 14:31:22 | 000,114,688 | ---- | C] () -- C:\WINNT\System32\WLANUTL.dll [2010-02-12 14:24:52 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Pwnz0rd\ntuser.ini [2010-02-12 14:24:51 | 002,359,296 | -H-- | C] () -- C:\Documents and Settings\Pwnz0rd\NTUSER.DAT [2010-02-12 14:23:43 | 000,008,192 | ---- | C] () -- C:\WINNT\REGLOCS.OLD [2010-02-12 14:22:56 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat [2010-02-12 14:22:20 | 000,002,596 | ---- | C] () -- C:\WINNT\System32\CONFIG.NT [2010-02-12 14:22:20 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2010-02-12 14:22:20 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2010-02-12 14:22:20 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS [2010-02-12 14:22:20 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT [2010-02-12 14:22:17 | 000,023,392 | ---- | C] () -- C:\WINNT\System32\nscompat.tlb [2010-02-12 14:22:17 | 000,016,832 | ---- | C] () -- C:\WINNT\System32\amcompat.tlb [2010-02-12 14:22:16 | 000,316,640 | ---- | C] () -- C:\WINNT\WMSysPr9.prx [2010-02-12 14:21:34 | 000,000,488 | RH-- | C] () -- C:\WINNT\System32\WindowsLogon.manifest [2010-02-12 14:21:34 | 000,000,488 | RH-- | C] () -- C:\WINNT\System32\logonui.exe.manifest [2010-02-12 14:21:30 | 000,000,749 | RH-- | C] () -- C:\WINNT\System32\wuaucpl.cpl.manifest [2010-02-12 14:21:30 | 000,000,749 | RH-- | C] () -- C:\WINNT\WindowsShell.Manifest [2010-02-12 14:21:30 | 000,000,749 | RH-- | C] () -- C:\WINNT\System32\sapi.cpl.manifest [2010-02-12 14:21:30 | 000,000,749 | RH-- | C] () -- C:\WINNT\System32\nwc.cpl.manifest [2010-02-12 14:21:30 | 000,000,749 | RH-- | C] () -- C:\WINNT\System32\ncpa.cpl.manifest [2010-02-12 14:21:30 | 000,000,749 | RH-- | C] () -- C:\WINNT\System32\cdplayer.exe.manifest [2010-02-12 14:20:52 | 000,048,680 | -HS- | C] () -- C:\WINNT\winnt256.bmp [2010-02-12 14:20:52 | 000,048,680 | -HS- | C] () -- C:\WINNT\winnt.bmp [2010-02-12 14:19:53 | 000,021,856 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat [2010-02-12 14:19:16 | 000,065,954 | ---- | C] () -- C:\WINNT\Pod mikroskopem.bmp [2010-02-12 14:19:16 | 000,065,832 | ---- | C] () -- C:\WINNT\Stiuk z Santa Fe.bmp [2010-02-12 14:19:16 | 000,026,680 | ---- | C] () -- C:\WINNT\Wachlarze.bmp [2010-02-12 14:19:16 | 000,017,362 | ---- | C] () -- C:\WINNT\Rododendron.bmp [2010-02-12 14:19:16 | 000,009,522 | ---- | C] () -- C:\WINNT\Indiański pled.bmp [2010-02-12 14:19:15 | 000,093,702 | ---- | C] () -- C:\WINNT\System32\subrange.uce [2010-02-12 14:19:15 | 000,065,978 | ---- | C] () -- C:\WINNT\Bąbelki.bmp [2010-02-12 14:19:15 | 000,060,458 | ---- | C] () -- C:\WINNT\System32\ideograf.uce [2010-02-12 14:19:15 | 000,026,582 | ---- | C] () -- C:\WINNT\Nefryt.bmp [2010-02-12 14:19:15 | 000,017,336 | ---- | C] () -- C:\WINNT\Na rybkach.bmp [2010-02-12 14:19:15 | 000,017,062 | ---- | C] () -- C:\WINNT\Kawa.bmp [2010-02-12 14:19:15 | 000,016,740 | ---- | C] () -- C:\WINNT\System32\shiftjis.uce [2010-02-12 14:19:15 | 000,016,730 | ---- | C] () -- C:\WINNT\Puch.bmp [2010-02-12 14:19:15 | 000,012,876 | ---- | C] () -- C:\WINNT\System32\korean.uce [2010-02-12 14:19:15 | 000,008,484 | ---- | C] () -- C:\WINNT\System32\kanji_2.uce [2010-02-12 14:19:15 | 000,006,948 | ---- | C] () -- C:\WINNT\System32\kanji_1.uce [2010-02-12 14:19:15 | 000,001,272 | ---- | C] () -- C:\WINNT\Niebieska koronka 16.bmp [2010-02-12 14:19:14 | 000,024,006 | ---- | C] () -- C:\WINNT\System32\gb2312.uce [2010-02-12 14:19:14 | 000,022,984 | ---- | C] () -- C:\WINNT\System32\bopomofo.uce [2010-02-12 14:19:13 | 000,003,286 | ---- | C] () -- C:\WINNT\System32\tslabels.h [2010-02-12 14:19:13 | 000,001,225 | ---- | C] () -- C:\WINNT\System32\usrlogon.cmd [2010-02-12 14:19:12 | 000,000,768 | ---- | C] () -- C:\WINNT\System32\msdtcprf.h [2010-02-12 14:19:07 | 000,063,488 | ---- | C] () -- C:\WINNT\System32\wmimgmt.msc [2009-10-20 01:23:46 | 000,178,960 | ---- | C] () -- C:\WINNT\System32\xlive.dll.cat [2009-08-03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINNT\System32\physxcudart_20.dll [2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelTraditionalChinese.dll [2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelSwedish.dll [2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelSpanish.dll [2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelSimplifiedChinese.dll [2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelPortugese.dll [2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelKorean.dll [2009-08-03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelJapanese.dll [2009-08-03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelGerman.dll [2009-08-03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINNT\System32\AgCPanelFrench.dll [2004-08-04 01:44:00 | 000,081,920 | ---- | C] () -- C:\WINNT\System32\ieencode.dll [2004-07-17 12:36:38 | 000,027,440 | ---- | C] () -- C:\WINNT\System32\drivers\secdrv.sys [color=#E56717]========== LOP Check ==========[/color] [2010-02-24 18:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters [2010-02-24 17:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-02-12 21:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-02-12 16:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-02-24 15:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2010-02-21 12:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony [2010-02-22 00:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\BESTplayer [2010-02-24 17:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\DAEMON Tools Lite [2010-02-18 19:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\FindeXer [2010-02-12 16:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Gadu-Gadu 10 [2010-02-22 10:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\GetRightToGo [2010-02-12 14:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Opera [2010-02-21 12:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Publish Providers [2010-02-21 12:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Sony [2010-02-21 07:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Sony Setup [2010-02-13 20:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\TS3Client [2010-02-24 23:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pwnz0rd\Dane aplikacji\uTorrent [2010-02-24 23:01:00 | 000,000,238 | ---- | M] () -- C:\WINNT\Tasks\Scheduled Update for Ask Toolbar.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2004-06-18 13:07:33 | 000,656,542 | ---- | M] () -- C:\271_icol.dll [2010-02-12 14:22:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-02-24 23:53:17 | 000,000,051 | RHS- | M] () -- C:\autorun.inf [2010-02-12 14:18:13 | 000,000,207 | -HS- | M] () -- C:\boot.ini [2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-02-12 14:22:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-02-12 14:22:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-02-12 14:22:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-03 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004-08-03 23:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr [2010-02-12 14:41:00 | 011,650,440 | ---- | M] (Opera Software ASA ) -- C:\Opera.exe [2010-02-24 23:08:23 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2010-02-14 13:07:26 | 000,000,090 | ---- | M] () -- C:\Setup.log [2010-02-12 15:06:14 | 117,736,936 | ---- | M] (NVIDIA Corporation) -- C:\vga_driver_nvidia_xp32_191.07.exe < End of report >[/log]
Psycholandia komentarz 24 lutego 2010 komentarz 24 lutego 2010 W okienko OTL wklej poniższy skrypt i klik na Run Fix: [code]:Processes explorer.exe :OTL FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.1.110 O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found O4 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003..\Run: [cdoosoft] C:\DOCUME~1\Pwnz0rd\USTAWI~1\Temp\herss.exe File not found O4 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-1123561945-1960408961-725345543-1003..\Run: [uTorrent] E:\torrent\uTorrent.exe File not found O32 - AutoRun File - [2010-02-24 23:52:52 | 000,000,051 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-02-24 23:52:52 | 000,000,051 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{221e0ec6-2161-11df-8f5c-0060b34a6454}\Shell\AutoRun\command - "" = F:\62.exe -- File not found O33 - MountPoints2\{221e0ec6-2161-11df-8f5c-0060b34a6454}\Shell\open\Command - "" = F:\62.exe -- File not found O33 - MountPoints2\{83a1af0a-17da-11df-8083-806d6172696f}\Shell\AutoRun\command - "" = 62.exe O33 - MountPoints2\{83a1af0a-17da-11df-8083-806d6172696f}\Shell\open\Command - "" = 62.exe O33 - MountPoints2\{83a1af0b-17da-11df-8083-806d6172696f}\Shell\AutoRun\command - "" = 62.exe O33 - MountPoints2\{83a1af0b-17da-11df-8083-806d6172696f}\Shell\open\Command - "" = 62.exe O33 - MountPoints2\{aa2c8db2-17e1-11df-b049-0060b34a6454}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\62.exe -- File not found O33 - MountPoints2\D\Shell\open\Command - "" = D:\62.exe -- File not found O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\62.exe -- File not found O33 - MountPoints2\F\Shell\open\Command - "" = F:\62.exe -- File not found :Files C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Temp\cvasds0.dll C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Mozilla\Firefox\Profiles\s1pcrqsx.default\searchplugins\askcom. xml C:\Documents and Settings\Pwnz0rd\Dane aplikacji\Mozilla\Firefox\Profiles\s1pcrqsx.default\extensions\toolbar@ask. com C:\Program Files\Ask.com C:\autorun.inf E:\autorun.inf :Commands [emptytemp] [start explorer] [Reboot] [/code] Otwórz notatnik tekstowy i wklej do niego poniższy tekst: [code]Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [/code] Zapisz jako->Wybierz [b]Wszystkie pliki[/b]->wpisz [b]Fix.reg[/b]->Następnie kliknij na zapisany plik i uruchom komputer ponownie. Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)
Dygns komentarz 24 lutego 2010 Autor komentarz 24 lutego 2010 (edytowane) [log]Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3787 Windows 5.1.2600 Dodatek Service Pack 2 Internet Explorer 6.0.2900.2180 2010-02-25 00:36:55 mbam-log-2010-02-25 (00-36-55).txt Typ skanowania: Pełne skanowanie (C:\|E:\|) Przeskanowane obiekty: 180289 Upłynęło: 20 minute(s), 46 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 1 Zainfekowane pliki rejestru: 1 Zainfekowane foldery: 0 Zainfekowane pliki: 8 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully. Zainfekowane pliki rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Temp\CSM134.tmp (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Temp\CSM13B.tmp (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Temp\CSM17.tmp (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Temp\CSM630.tmp (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. E:\Gry\Lineage 2\system1\l2.exe (Malware.Packer.T) -> Quarantined and deleted successfully. E:\System Volume Information\_restore{37345B48-5116-42AB-BF6A-A4C0CBD66352}\RP13\A0000359.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Opera.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Pwnz0rd\Ustawienia lokalne\Temp\cvasds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. [/log]EDIT:Teraz moge normalnie wejsc do dysku E: , a do C dalej ten problem Edytowane 24 lutego 2010 przez Dygns
Dygns komentarz 24 lutego 2010 Autor komentarz 24 lutego 2010 tak jak napisalem , do dysku E gdzie mam gry i programy sie odczepil , normalnie wchodzi , lecz do dysku C sie czepnol i dalej mam ten blad
Psycholandia komentarz 25 lutego 2010 komentarz 25 lutego 2010 Daj loga z Combofixa: http://www.forumpc.pl/index.php?showtopic=120614
Dygns komentarz 25 lutego 2010 Autor komentarz 25 lutego 2010 (edytowane) sorry ze dopiero teraz ale bylem bardzo spiacy ;p tu jest log z tego programu [log]ComboFix 10-02-24.03 - Pwnz0rd 2010-02-25 10:05:20.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.2047.1686 [GMT 1:00] Uruchomiony z: c:\documents and settings\Pwnz0rd\Pulpit\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Rezydentny antywirus jest aktywny . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\winnt\system32\ieuinit.inf E:\Autorun.inf . ((((((((((((((((((((((((( Pliki utworzone od 2010-01-25 do 2010-02-25 ))))))))))))))))))))))))))))))) . 2010-02-24 23:14 . 2010-02-24 23:14 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Malwarebytes 2010-02-24 23:14 . 2010-01-07 15:07 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys 2010-02-24 23:14 . 2010-02-24 23:14 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2010-02-24 23:14 . 2010-01-07 15:07 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys 2010-02-24 23:14 . 2010-02-24 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-24 17:18 . 2010-02-24 17:18 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Codemasters 2010-02-24 17:06 . 2009-07-13 18:04 839680 ----a-w- c:\winnt\system32\mkl_vml_p4.dll 2010-02-24 17:06 . 2009-07-13 18:04 532480 ----a-w- c:\winnt\system32\mkl_vml_p3.dll 2010-02-24 17:06 . 2009-07-13 18:04 512000 ----a-w- c:\winnt\system32\mkl_vml_def.dll 2010-02-24 17:06 . 2009-07-13 18:04 3485696 ----a-w- c:\winnt\system32\mkl_p4.dll 2010-02-24 17:06 . 2009-07-13 18:04 2793472 ----a-w- c:\winnt\system32\mkl_p3.dll 2010-02-24 17:06 . 2009-07-13 18:04 2174976 ----a-w- c:\winnt\system32\mkl_lapack32.dll 2010-02-24 17:06 . 2009-07-13 18:04 2125824 ----a-w- c:\winnt\system32\mkl_lapack64.dll 2010-02-24 17:06 . 2009-10-16 10:19 872448 ----a-w- c:\winnt\system32\rapture3d_oal.dll 2010-02-24 17:06 . 2009-07-13 18:04 2441216 ----a-w- c:\winnt\system32\mkl_def.dll 2010-02-24 17:06 . 2009-07-13 18:04 184320 ----a-w- c:\winnt\system32\libguide40.dll 2010-02-24 17:06 . 2010-02-24 17:06 -------- d-----w- c:\program files\BRS 2010-02-24 17:00 . 2010-02-24 17:01 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2010-02-24 17:00 . 2010-02-24 17:00 -------- d-----w- c:\winnt\system32\xlive 2010-02-24 17:00 . 2010-02-24 17:00 445016 ----a-w- c:\winnt\system32\wrap_oal.dll 2010-02-24 17:00 . 2010-02-24 17:00 109144 ----a-w- c:\winnt\system32\OpenAL32.dll 2010-02-24 17:00 . 2010-02-24 17:00 -------- d-----w- c:\program files\OpenAL 2010-02-24 17:00 . 2009-09-04 16:44 515416 ----a-w- c:\winnt\system32\XAudio2_5.dll 2010-02-24 17:00 . 2009-09-04 16:44 238936 ----a-w- c:\winnt\system32\xactengine3_5.dll 2010-02-24 17:00 . 2009-09-04 16:29 235344 ----a-w- c:\winnt\system32\d3dx11_42.dll 2010-02-24 17:00 . 2009-09-04 16:29 5501792 ----a-w- c:\winnt\system32\d3dcsx_42.dll 2010-02-24 17:00 . 2009-09-04 16:29 1974616 ----a-w- c:\winnt\system32\D3DCompiler_42.dll 2010-02-24 17:00 . 2009-09-04 16:29 453456 ----a-w- c:\winnt\system32\d3dx10_42.dll 2010-02-24 16:43 . 2010-02-24 18:24 -------- d-----w- c:\documents and settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\AskToolbar 2010-02-24 16:43 . 2010-02-24 16:43 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2010-02-24 16:42 . 2010-02-24 16:42 691696 ----a-w- c:\winnt\system32\drivers\sptd.sys 2010-02-24 16:42 . 2010-02-24 16:48 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\DAEMON Tools Lite 2010-02-24 16:42 . 2010-02-24 16:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2010-02-24 16:25 . 2010-02-24 16:25 -------- d-----w- c:\documents and settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\ESET 2010-02-24 14:05 . 2010-02-24 14:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\LightScribe 2010-02-24 13:58 . 2010-02-24 14:05 -------- d-----w- c:\documents and settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Ahead 2010-02-24 13:56 . 2010-02-24 13:56 -------- d-----w- c:\program files\Common Files\LightScribe 2010-02-24 13:50 . 2010-02-24 16:35 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Ahead 2010-02-24 13:49 . 2010-02-24 13:49 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Ahead 2010-02-24 13:45 . 2010-02-24 13:49 -------- d-----w- c:\program files\Common Files\Ahead 2010-02-24 13:45 . 2010-02-24 13:45 -------- d-----w- c:\program files\Nero 2010-02-24 13:45 . 2010-02-24 13:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nero 2010-02-24 10:08 . 2010-02-24 10:08 -------- d-----w- c:\program files\SystemRequirementsLab 2010-02-24 10:08 . 2010-02-24 10:08 -------- d-----w- c:\documents and settings\Pwnz0rd\SystemRequirementsLab 2010-02-23 22:41 . 2010-02-23 22:41 -------- d-----w- c:\program files\Ask.com 2010-02-23 22:39 . 2010-02-25 08:50 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\uTorrent 2010-02-23 16:15 . 2010-02-23 16:15 0 ----a-w- c:\winnt\nsreg.dat 2010-02-23 16:15 . 2010-02-23 16:15 -------- d-----w- c:\documents and settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Mozilla 2010-02-23 08:16 . 2010-02-23 08:16 -------- d-----w- C:\Windows 2010-02-22 09:33 . 2010-02-22 09:33 503808 ----a-w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7742ed35-n\msvcp71.dll 2010-02-22 09:33 . 2010-02-22 09:33 499712 ----a-w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7742ed35-n\jmc.dll 2010-02-22 09:33 . 2010-02-22 09:33 348160 ----a-w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7742ed35-n\msvcr71.dll 2010-02-22 09:33 . 2010-02-22 09:33 61440 ----a-w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5a55cb61-n\decora-sse.dll 2010-02-22 09:33 . 2010-02-22 09:33 12800 ----a-w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5a55cb61-n\decora-d3d.dll 2010-02-22 09:33 . 2010-02-22 09:33 -------- d-----w- c:\program files\Common Files\Java 2010-02-22 09:33 . 2010-02-22 09:33 411368 ----a-w- c:\winnt\system32\deploytk.dll 2010-02-22 09:33 . 2010-02-22 09:33 -------- d-----w- c:\program files\Java 2010-02-22 09:13 . 2010-02-22 09:13 -------- d-----w- c:\documents and settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\assembly 2010-02-22 09:13 . 2010-02-22 09:14 -------- d-----w- c:\program files\NCSoft 2010-02-22 09:13 . 2010-02-22 09:13 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\InstallShield 2010-02-22 09:12 . 2010-02-22 09:13 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\GetRightToGo 2010-02-21 15:07 . 2010-02-21 15:07 -------- d-----w- c:\documents and settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\gctmp 2010-02-21 15:07 . 2010-02-21 15:07 -------- d-----w- c:\documents and settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Xenocode 2010-02-21 11:35 . 2010-02-21 11:35 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Publish Providers 2010-02-21 11:34 . 2010-02-21 11:35 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Sony 2010-02-21 11:29 . 2010-02-21 11:29 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Sony 2010-02-21 11:25 . 2010-02-21 11:26 -------- d-----w- c:\winnt\system32\drivers\UMDF 2010-02-21 11:24 . 2010-02-21 11:24 -------- d-----w- c:\program files\MSBuild 2010-02-21 11:24 . 2010-02-24 17:05 98432 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2010-02-21 11:22 . 2010-02-24 17:05 -------- d-----w- c:\winnt\system32\XPSViewer 2010-02-21 11:22 . 2010-02-21 11:22 -------- d-----w- c:\program files\Reference Assemblies 2010-02-21 11:22 . 2008-07-06 12:06 89088 ----a-w- c:\winnt\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-02-21 11:21 . 2006-06-29 12:07 14048 ------w- c:\winnt\system32\spmsg2.dll 2010-02-21 07:10 . 2010-02-21 07:10 -------- d-----w- c:\documents and settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Adobe 2010-02-21 07:08 . 2010-02-21 07:08 -------- d-----w- c:\program files\Lavalys 2010-02-21 07:01 . 2010-02-21 07:01 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-02-21 07:00 . 2010-02-21 07:07 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-21 06:59 . 2010-02-21 07:06 52770576 ----a-w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe 2010-02-19 23:25 . 2010-02-21 23:01 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\BESTplayer 2010-02-19 19:23 . 2010-02-19 19:24 2094 ----a-w- c:\winnt\BricoPackFoldersDelete.cmd 2010-02-19 19:21 . 2004-06-18 12:07 656542 ----a-w- C:\271_icol.dll 2010-02-19 19:07 . 2010-02-19 19:11 -------- d-----w- c:\program files\FileSubmit 2010-02-19 19:04 . 2010-02-19 19:04 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET 2010-02-19 18:52 . 2010-02-19 18:52 -------- d-----w- c:\winnt\system32\VITrans 2010-02-19 18:52 . 2010-02-19 18:54 -------- d-----w- C:\VTPFiles 2010-02-19 18:52 . 2006-12-03 16:15 111104 ----a-w- c:\winnt\system32\Uharc.exe 2010-02-19 18:52 . 2006-12-03 16:15 19968 ----a-w- c:\winnt\system32\reico.exe 2010-02-19 18:52 . 2006-12-03 16:15 69632 ----a-w- c:\winnt\system32\moveex.exe 2010-02-19 18:52 . 2006-12-03 16:14 8636 ----a-w- c:\winnt\system32\modifype.exe 2010-02-19 18:52 . 2004-11-27 18:00 94208 ----a-w- c:\winnt\system32\pskill.exe 2010-02-19 18:52 . 2009-03-23 16:39 20480 ----a-w- c:\winnt\system32\scrnrdr.exe 2010-02-19 14:34 . 2010-02-12 23:05 85504 ----a-w- c:\winnt\system32\ff_vfw.dll 2010-02-19 14:34 . 2010-02-19 14:34 -------- d-----w- c:\program files\ffdshow 2010-02-18 18:13 . 2010-02-18 18:13 -------- d-----w- c:\documents and settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Identities 2010-02-18 18:12 . 2010-02-18 18:12 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\FindeXer 2010-02-18 18:10 . 2010-02-19 19:25 -------- d-----w- c:\documents and settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Stardock 2010-02-18 18:09 . 2010-02-19 19:24 35693 ----a-w- c:\winnt\BricoPackUninst.cmd 2010-02-18 18:08 . 2010-02-18 18:08 -------- d-----w- c:\program files\RK Launcher 2010-02-18 18:08 . 2010-02-19 19:21 -------- d-----w- c:\program files\CursorXP 2010-02-18 18:08 . 2010-02-19 19:23 -------- d-----w- c:\program files\MacSearch_v.1.4.3 2010-02-18 18:08 . 2010-02-18 18:10 -------- d-----w- c:\program files\iColorFolder 2010-02-18 18:06 . 2010-02-19 19:23 -------- d-----w- c:\winnt\BricoPacks 2010-02-14 12:07 . 2006-01-18 13:09 29184 ----a-w- c:\winnt\system32\drivers\BRGSp50a64.sys 2010-02-14 12:07 . 2006-01-18 13:09 20608 ----a-w- c:\winnt\system32\drivers\BRGSp50.sys 2010-02-14 12:07 . 2006-01-18 13:09 17664 ----a-w- c:\winnt\system32\drivers\ZDPSp50.sys 2010-02-14 12:07 . 2010-02-14 12:07 -------- d-----w- c:\program files\SAGEM WiFi manager 2010-02-14 12:07 . 2010-02-14 12:07 -------- d-----w- c:\program files\SAGEM 2010-02-14 12:06 . 2005-12-22 13:45 493440 ----a-w- c:\winnt\system32\drivers\WlanBZ64.SYS 2010-02-14 12:06 . 2005-12-22 13:45 402432 ----a-w- c:\winnt\system32\drivers\WlanBZXP.sys 2010-02-14 12:06 . 2006-01-18 13:09 31744 ----a-w- c:\winnt\system32\drivers\ZDPSp50a64.sys 2010-02-13 19:58 . 2010-02-13 20:17 -------- d-----w- c:\documents and settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi 2010-02-13 19:58 . 2010-02-25 09:03 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi 2010-02-13 19:55 . 2010-02-13 19:55 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\TS3Client 2010-02-13 17:46 . 2010-02-13 17:46 -------- d-----w- c:\documents and settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\PunkBuster 2010-02-13 16:15 . 2010-02-24 22:01 215104 ----a-w- c:\winnt\system32\PnkBstrB.exe 2010-02-13 13:30 . 2010-02-24 21:54 138576 ----a-w- c:\winnt\system32\drivers\PnkBstrK.sys 2010-02-13 13:30 . 2010-02-13 16:15 22328 ----a-w- c:\documents and settings\Pwnz0rd\Dane aplikacji\PnkBstrK.sys 2010-02-13 13:29 . 2010-02-21 11:25 -------- d-----w- c:\winnt\system32\LogFiles 2010-02-13 13:29 . 2010-02-13 17:46 75064 ----a-w- c:\winnt\system32\PnkBstrA.exe 2010-02-13 13:11 . 2010-02-13 13:11 -------- d-sh--w- c:\winnt\ftpcache 2010-02-13 10:20 . 2010-02-13 10:20 23 --sha-w- c:\winnt\system32\eabafbbac7.dat 2010-02-13 10:19 . 2010-02-21 11:34 -------- d-----w- c:\documents and settings\Pwnz0rd\Ustawienia lokalne\Dane aplikacji\Sony 2010-02-13 10:05 . 2010-02-13 10:09 23510720 ----a-w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe 2010-02-13 10:05 . 2010-02-21 06:59 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Sony Setup 2010-02-12 22:41 . 2010-02-12 22:41 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\teamspeak2 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-25 09:07 . 2001-10-26 18:15 83660 ----a-w- c:\winnt\system32\perfc015.dat 2010-02-25 09:07 . 2001-10-26 18:15 490284 ----a-w- c:\winnt\system32\perfh015.dat 2010-02-24 16:48 . 2010-02-12 13:31 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-23 17:11 . 2010-02-23 15:56 8156147529 ----a-w- c:\program files\NCSoft.rar 2010-02-22 22:21 . 2010-02-12 13:21 86315 ----a-w- c:\winnt\pchealth\helpctr\OfflineCache\index.dat 2010-02-18 18:09 . 2004-08-04 00:44 219648 ----a-w- c:\winnt\system32\uxtheme.dll 2010-02-14 12:05 . 2010-02-12 13:31 -------- d-----w- c:\program files\Common Files\InstallShield 2010-02-12 17:21 . 2010-02-12 16:18 -------- d-----w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Winamp 2010-02-12 17:19 . 2010-02-12 17:19 -------- d-----w- c:\program files\VIA 2010-02-12 14:06 . 2010-02-12 13:50 117736936 ----a-w- C:\vga_driver_nvidia_xp32_191.07.exe 2010-02-12 13:42 . 2010-02-12 13:41 -------- d-----w- c:\program files\Opera 2010-02-12 13:21 . 2010-02-12 13:21 -------- d-----w- c:\program files\Usługi online 2010-02-12 13:19 . 2010-02-12 13:19 21856 ----a-w- c:\winnt\system32\emptyregdb.dat 2010-01-20 12:05 . 2010-01-20 12:05 42088 ----a-w- c:\documents and settings\Pwnz0rd\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll . ------- Sigcheck ------- [-] 2006-04-10 . C1F1C3DC07A77A08074B589517A041AC . 6450176 . . [6.00.2900.2883] . . c:\winnt\system32\VITrans\mshtml.dll [-] 2006-04-10 . 987CBF7FFD526BAE89C46D082EF1BC84 . 4988416 . . [6.00.2900.2883] . . c:\winnt\system32\mshtml.dll [-] 2006-03-04 . B170F3D231A5DFDAFDCA2D44EAF7ED20 . 1225728 . . [6.00.2900.2861] . . c:\winnt\system32\wininet.dll [-] 2004-08-04 . 9A675B49106FD252BB9A35BE0DBB3EB8 . 1882112 . . [6.00.2900.2180] . . c:\winnt\explorer.exe [-] 2004-08-04 . CC061EEDF4C5FC930ED9F62AA1D8F40B . 3189248 . . [6.00.2900.2180] . . c:\winnt\system32\VITrans\explorer.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-09-02 13:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu 10"="e:\gadu-gadu 10\gg.exe" [2010-01-20 12067432] "CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 128000] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1694208] "uTorrent"="e:\torrent\uTorrent.exe" [2010-02-23 319280] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2009-09-27 86016] "NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2009-09-27 13918208] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-01-09 33570816] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\Pwnz0rd\Menu Start\Programy\Autostart\ Stardock ObjectDock.lnk - c:\winnt\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885] Y'z ToolBar.lnk - c:\winnt\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-9-29 90112] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - c:\program files\SAGEM WiFi manager\WLANUTL.exe [2010-2-14 925696] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "e:\\Gadu-Gadu 10\\gg.exe"= "c:\\WINNT\\system32\\PnkBstrA.exe"= "c:\\WINNT\\system32\\PnkBstrB.exe"= "c:\\Program Files\\NCSoft\\Launcher\\IALauncher.exe"= "e:\\torrent\\uTorrent.exe"= R1 ehdrv;ehdrv;c:\winnt\system32\drivers\ehdrv.sys [2009-11-16 108792] R1 epfwtdir;epfwtdir;c:\winnt\system32\drivers\epfwtdir.sys [2009-11-16 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\hamachi\hamachi-2.exe -s --> e:\hamachi\hamachi-2.exe -s [?] R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\winnt\system32\drivers\WlanBZXP.sys [2010-02-14 402432] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\winnt\system32\drivers\viahduaa.sys [2010-02-12 993280] S0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [2010-02-24 691696] S3 AsrCDDrv;AsrCDDrv;\??\c:\winnt\system32\Drivers\AsrCDDrv.sys --> c:\winnt\system32\Drivers\AsrCDDrv.sys [?] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\winnt\system32\ZDCndis5.SYS --> c:\winnt\system32\ZDCndis5.SYS [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Zawartość folderu 'Zaplanowane zadania' 2010-02-25 c:\winnt\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-09-02 13:56] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.daemon-search.com/startpage IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html FF - ProfilePath - c:\documents and settings\Pwnz0rd\Dane aplikacji\Mozilla\Firefox\Profiles\s1pcrqsx.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_US&q= FF - component: c:\documents and settings\Pwnz0rd\Dane aplikacji\Mozilla\Firefox\Profiles\s1pcrqsx.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-PlayNC Launcher - (no file) HKCU-Run-DAEMON Tools Lite - e:\daemon tools lite\DTLite.exe HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe AddRemove-Audacity_is1 - e:\audacity\unins000.exe AddRemove-Fraps - e:\fraps\uninstall.exe AddRemove-Game Cam - e:\gamecam\Game Cam V2\uninst.exe AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe AddRemove-Teamspeak 2 RC2_is1 - e:\teamspeak2_rc2\unins000.exe AddRemove-TeamSpeak 3 Client - e:\ts3\uninstall.exe AddRemove-Winamp Detect - e:\winamp detect\UninstWaDetect.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-25 10:07 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2010-02-25 10:07:48 ComboFix-quarantined-files.txt 2010-02-25 09:07 Przed: 13 545 123 840 bajtów wolnych Po: 14 234 710 016 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINNT [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 811BA305654C236DD1D45300D75642E0 [/log] EDIT: Wszystko smiga, dyski sie otwieraja bez problemu , Wielkie dzieki ! Edytowane 25 lutego 2010 przez Dygns
Dygns komentarz 28 lutego 2010 Autor komentarz 28 lutego 2010 TO znowu ja , tym razem moj kolega ma ten sam problem , tu jest log z otl [log]OTL logfile created on: 2010-02-28 11:26:00 - Run 1 OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\0wner\Moje dokumenty\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 19,19 Gb Free Space | 49,13% Space Free | Partition Type: NTFS Drive D: | 193,82 Gb Total Space | 116,56 Gb Free Space | 60,14% Space Free | Partition Type: NTFS Drive E: | 36,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BARTEK Current User Name: 0wner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-02-28 11:25:07 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\0wner\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-02-28 11:16:53 | 000,215,104 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe PRC - [2010-02-18 21:21:14 | 000,908,248 | ---- | M] (Mozilla Corporation) -- D:\Programy\Mozilla Firefox\firefox.exe PRC - [2010-01-16 13:14:48 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- D:\Programy\LogMeIn Hamachi\hamachi-2.exe PRC - [2009-10-28 13:44:08 | 011,539,048 | ---- | M] (GG Network S.A.) -- D:\Programy\Nowe Gadu-Gadu\gg.exe PRC - [2009-10-28 12:43:06 | 000,077,824 | ---- | M] () -- D:\Programy\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-08-06 19:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2009-02-09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009-02-06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- D:\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-02-06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- D:\Programy\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2008-08-06 08:20:07 | 000,561,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 22:51:14 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllhost.exe PRC - [2008-04-14 22:51:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2007-07-17 11:13:56 | 000,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2007-07-17 11:13:34 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe PRC - [2006-09-12 16:58:14 | 016,264,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-02-24 11:58:14 | 000,868,352 | R--- | M] (Sony Ericsson Mobile Communications AB) -- D:\Programy\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe PRC - [2006-02-19 05:24:52 | 000,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- D:\Programy\HP\Digital Imaging\bin\hpqste08.exe PRC - [2006-02-19 04:21:22 | 000,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- D:\Programy\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2006-02-19 02:41:10 | 000,049,152 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- D:\Programy\HP\HP Software Update\hpwuSchd2.exe PRC - [2006-02-10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- D:\Programy\HP\Digital Imaging\bin\hpqimzone.exe PRC - [2005-10-26 16:17:24 | 000,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- D:\Programy\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe PRC - [2005-08-10 07:54:34 | 000,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe PRC - [2005-06-08 16:45:04 | 000,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-02-28 11:25:07 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\0wner\Moje dokumenty\Pobieranie\OTL.exe MOD - [2009-12-08 10:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-25 09:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 15:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 15:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 11:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-02-09 11:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-10-23 13:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-06-17 20:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 22:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 22:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 22:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 22:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 22:50:38 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 22:29:10 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-02-28 11:16:53 | 000,215,104 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB) SRV - [2010-01-16 13:14:48 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA) SRV - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Programy\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2009-02-06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Programy\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009-02-06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- D:\Programy\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2008-08-06 08:20:07 | 000,561,152 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller) SRV - [2008-07-03 21:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart) SRV - [2008-04-07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2006-10-26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006-03-03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Start_Pending] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-02-02 21:56:09 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm) DRV - [2010-02-02 21:56:09 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2010-02-02 21:56:09 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex) DRV - [2010-02-02 21:56:09 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2010-02-02 21:56:08 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [2009-09-23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2009-03-31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-03-20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009-03-20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009-03-20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009-02-06 14:24:24 | 000,093,336 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009-02-06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009-02-06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2008-08-06 08:20:07 | 003,230,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008-05-09 21:33:30 | 000,023,217 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\Programy\Lineage II\system\npkcrypt.sys -- (npkcrypt) DRV - [2008-04-14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2008-04-13 22:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-09-17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2006-09-12 19:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-04-13 01:04:39 | 000,049,664 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2006-04-13 01:04:39 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2006-04-13 01:04:39 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2004-08-04 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1547161642-2147158821-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15161&l=dis IE - HKU\S-1-5-21-1547161642-2147158821-682003330-1003\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\S-1-5-21-1547161642-2147158821-682003330-1003\S-1-5-21-1547161642-2147158821-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..keyword.URL: "" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: D:\Programy\Mozilla Firefox\components [2010-02-20 15:58:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: D:\Programy\Mozilla Firefox\plugins [2010-02-18 21:21:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: D:\Programy\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-02-28 09:56:08 | 000,000,000 | ---D | M] [2009-12-19 12:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\Mozilla\Extensions [2010-02-28 09:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\Mozilla\Firefox\Profiles\feh2z022.default\extensions [2009-12-19 13:07:28 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\0wner\Dane aplikacji\Mozilla\Firefox\Profiles\feh2z022.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010-01-09 22:09:55 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\0wner\Dane aplikacji\Mozilla\Firefox\Profiles\feh2z022.default\searchplugins\askcom.xml [2009-12-19 13:07:38 | 000,001,250 | ---- | M] () -- C:\Documents and Settings\0wner\Dane aplikacji\Mozilla\Firefox\Profiles\feh2z022.default\searchplugins\winamp-search.xml O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\0wner\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-1547161642-2147158821-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-1547161642-2147158821-682003330-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [egui] D:\Programy\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [HP Software Update] D:\Programy\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Sony Ericsson PC Suite] D:\Programy\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1547161642-2147158821-682003330-1003..\Run: [ALLUpdate] D:\Programy\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-1547161642-2147158821-682003330-1003..\Run: [cdoosoft] C:\DOCUME~1\0wner\USTAWI~1\Temp\herss.exe File not found O4 - HKU\S-1-5-21-1547161642-2147158821-682003330-1003..\Run: [MaxUp Video Downloader] D:\Programy\MaxUp Video Downloader\maxup.exe () O4 - HKU\S-1-5-21-1547161642-2147158821-682003330-1003..\Run: [Nowe Gadu-Gadu] D:\Programy\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKU\S-1-5-21-1547161642-2147158821-682003330-1003..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = D:\Programy\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Photosmart Premier - Szybkie uruchomienie.lnk = D:\Programy\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1547161642-2147158821-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-12-19 11:35:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-02-28 10:52:04 | 000,000,051 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-02-28 10:52:04 | 000,000,051 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2007-09-17 16:30:18 | 000,000,022 | R--- | M] () - E:\autorun.bat -- [ CDFS ] O32 - AutoRun File - [2007-05-04 08:43:30 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{09b58e43-ec91-11de-8c38-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{09b58e43-ec91-11de-8c38-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.bat -- [2007-09-17 16:30:18 | 000,000,022 | R--- | M] () O33 - MountPoints2\{0a30094d-ec8e-11de-8152-806d6172696f}\Shell\AutoRun\command - "" = s1.exe O33 - MountPoints2\{0a30094d-ec8e-11de-8152-806d6172696f}\Shell\open\Command - "" = s1.exe O33 - MountPoints2\{0a30094e-ec8e-11de-8152-806d6172696f}\Shell\AutoRun\command - "" = s1.exe O33 - MountPoints2\{0a30094e-ec8e-11de-8152-806d6172696f}\Shell\open\Command - "" = s1.exe O33 - MountPoints2\{31ef3922-fec4-11de-8c8c-001556ffd2dc}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{31ef3922-fec4-11de-8c8c-001556ffd2dc}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{423449b4-1c0c-11df-8d00-001556ffd2dc}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{423449b4-1c0c-11df-8d00-001556ffd2dc}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{62611d0b-ed9c-11de-8c40-001556ffd2dc}\Shell\AutoRun\command - "" = F:\mbdm.exe -- File not found O33 - MountPoints2\{62611d0b-ed9c-11de-8c40-001556ffd2dc}\Shell\open\Command - "" = F:\mbdm.exe -- File not found O33 - MountPoints2\{80ec096d-103d-11df-8ccf-001556ffd2dc}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{80ec096d-103d-11df-8ccf-001556ffd2dc}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{87de2283-f7ce-11de-8c74-001556ffd2dc}\Shell\AutoRun\command - "" = F:\h0.exe -- File not found O33 - MountPoints2\{87de2283-f7ce-11de-8c74-001556ffd2dc}\Shell\open\Command - "" = F:\h0.exe -- File not found O33 - MountPoints2\{87de2284-f7ce-11de-8c74-001556ffd2dc}\Shell\AutoRun\command - "" = G:\h0.exe -- File not found O33 - MountPoints2\{87de2284-f7ce-11de-8c74-001556ffd2dc}\Shell\open\Command - "" = G:\h0.exe -- File not found O33 - MountPoints2\{c71a0541-05f2-11df-8ca5-001556ffd2dc}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{c71a0541-05f2-11df-8ca5-001556ffd2dc}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-12-19 12:16:38 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-28 10:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi [2010-02-28 10:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET [2010-02-28 09:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Ustawienia lokalne\Dane aplikacji\ESET [2010-02-28 09:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-02-18 19:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Pulpit\Daniela [2010-02-13 20:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Dane aplikacji\TS3Client [2010-02-13 20:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi [2010-02-12 15:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Moje dokumenty\Odebrane pliki [2010-02-12 09:19:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010-02-11 23:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Pulpit\Dirt.2.PL-PSiGC07E [2010-02-11 23:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Pulpit\Dirt.2.PL-PSiG [2010-02-10 09:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Pulpit\Welcome Stranger (1974) [DVDRip].avi [2010-02-10 09:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Pulpit\Totalna zagłada (lektor PL) [2010-02-10 09:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Pulpit\Miss.March.2009.PL.DVDRip.XViD-G0M0Ri45 [2010-02-10 09:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Pulpit\Miss.March.2009.PL.BRRip.XviD.AC3-delfin [2010-02-10 09:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Pulpit\Daybreakers.DVDSCR.LINE.XviD-MENTiON- [ www.torrentday.com ] [2010-02-09 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Dane aplikacji\maxup [2010-02-02 22:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Ustawienia lokalne\Dane aplikacji\Sony Ericsson [2010-02-02 21:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\0wner\Dane aplikacji\Teleca [2010-02-02 21:58:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents [2010-02-02 21:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson [2010-02-02 21:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Teleca Shared [2010-02-02 21:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Teleca [2010-02-02 21:56:09 | 000,089,872 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\k750mdm.sys [2010-02-02 21:56:09 | 000,081,728 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\k750mgmt.sys [2010-02-02 21:56:09 | 000,079,488 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\k750obex.sys [2010-02-02 21:56:09 | 000,006,576 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\k750mdfl.sys [2010-02-02 21:56:09 | 000,006,144 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\k750cmnt.sys [2010-02-02 21:56:09 | 000,006,144 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\k750cm.sys [2010-02-02 21:56:09 | 000,005,744 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\k750whnt.sys [2010-02-02 21:56:09 | 000,005,744 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\k750wh.sys [2010-02-02 21:56:08 | 000,055,216 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\k750bus.sys [2010-02-02 21:55:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations [2009-12-31 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-12-19 11:38:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2009-12-19 11:38:09 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-12-19 11:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2006-02-19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-02-28 11:16:53 | 000,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010-02-28 11:16:53 | 000,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2010-02-28 11:11:11 | 000,138,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-02-28 11:10:39 | 000,000,483 | ---- | M] () -- C:\Documents and Settings\0wner\Pulpit\COD IV.lnk [2010-02-28 10:53:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-28 10:53:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-28 10:52:24 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\0wner\NTUSER.DAT [2010-02-28 10:52:24 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\0wner\ntuser.ini [2010-02-28 10:52:04 | 000,000,051 | RHS- | M] () -- C:\autorun.inf [2010-02-27 17:24:44 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\0wner\Moje dokumenty\aionmemo_24dd979a.dat [2010-02-26 21:19:38 | 000,392,400 | ---- | M] () -- C:\AnalysisLog.sr0 [2010-02-25 21:23:16 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\0wner\Moje dokumenty\aionmemo_65203d82.dat [2010-02-25 20:48:10 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\0wner\Moje dokumenty\aionmemo_d23ac796.dat [2010-02-25 19:11:19 | 000,463,027 | ---- | M] () -- C:\Documents and Settings\0wner\Moje dokumenty\skanuj0001.GIF [2010-02-25 19:10:58 | 000,674,997 | ---- | M] () -- C:\Documents and Settings\0wner\Moje dokumenty\skanuj0003.gif [2010-02-25 19:08:48 | 000,335,341 | ---- | M] () -- C:\Documents and Settings\0wner\Moje dokumenty\skanuj0002.gif [2010-02-25 19:06:22 | 001,595,723 | ---- | M] () -- C:\Documents and Settings\0wner\Moje dokumenty\skanuj0001.jpg [2010-02-24 17:04:57 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\0wner\Pulpit\Aion.lnk [2010-02-23 19:44:34 | 000,097,792 | RHS- | M] () -- C:\62.exe [2010-02-23 19:43:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-20 21:17:16 | 000,096,768 | RHS- | M] () -- C:\tgt.exe [2010-02-20 13:27:10 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\0wner\Moje dokumenty\Kartezjusz. [2010-02-20 13:27:10 | 000,008,198 | ---- | M] () -- C:\Documents and Settings\0wner\Moje dokumenty\Kartezjusz [2010-02-19 09:19:20 | 000,000,357 | ---- | M] () -- C:\Documents and Settings\0wner\Pulpit\Muzyka.lnk [2010-02-18 21:35:38 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\0wner\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-13 20:52:31 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk [2010-02-13 11:47:38 | 004,813,556 | -H-- | M] () -- C:\Documents and Settings\0wner\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-13 00:17:04 | 047,870,594 | ---- | M] () -- C:\Documents and Settings\0wner\Moje dokumenty\dd.wav [2010-02-10 15:40:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-02-10 14:52:56 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\0wner\Pulpit\Skrót do Multi Theft Auto.lnk [2010-02-09 21:56:14 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\MaxUp Video Downloader.lnk [2010-02-09 09:31:41 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\0wner\Pulpit\Play MTA San Andreas.lnk [2010-02-02 21:58:59 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Sony Ericsson PC Suite.lnk [2010-02-02 21:56:59 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Disc2Phone.lnk [2010-02-02 21:56:09 | 000,089,872 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\k750mdm.sys [2010-02-02 21:56:09 | 000,081,728 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\k750mgmt.sys [2010-02-02 21:56:09 | 000,079,488 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\k750obex.sys [2010-02-02 21:56:09 | 000,006,576 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\k750mdfl.sys [2010-02-02 21:56:09 | 000,006,144 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\k750cmnt.sys [2010-02-02 21:56:09 | 000,006,144 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\k750cm.sys [2010-02-02 21:56:09 | 000,005,744 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\k750whnt.sys [2010-02-02 21:56:09 | 000,005,744 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\k750wh.sys [2010-02-02 21:56:08 | 000,055,216 | ---- | M] (MCCI) -- C:\WINDOWS\System32\drivers\k750bus.sys [2010-02-02 20:49:42 | 000,094,208 | RHS- | M] () -- C:\9d6tpg.exe [2010-01-30 22:11:22 | 000,094,208 | RHS- | M] () -- C:\1hqup.exe [2010-01-30 15:44:29 | 000,013,217 | ---- | M] () -- C:\Documents and Settings\0wner\Moje dokumenty\Struny.docx [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-26 21:19:34 | 000,392,400 | ---- | C] () -- C:\AnalysisLog.sr0 [2010-02-25 21:10:53 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\0wner\Moje dokumenty\aionmemo_65203d82.dat [2010-02-25 20:46:25 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\0wner\Moje dokumenty\aionmemo_d23ac796.dat [2010-02-25 19:11:17 | 000,463,027 | ---- | C] () -- C:\Documents and Settings\0wner\Moje dokumenty\skanuj0001.GIF [2010-02-25 19:10:58 | 000,674,997 | ---- | C] () -- C:\Documents and Settings\0wner\Moje dokumenty\skanuj0003.gif [2010-02-25 19:08:47 | 000,335,341 | ---- | C] () -- C:\Documents and Settings\0wner\Moje dokumenty\skanuj0002.gif [2010-02-25 19:06:22 | 001,595,723 | ---- | C] () -- C:\Documents and Settings\0wner\Moje dokumenty\skanuj0001.jpg [2010-02-25 16:45:47 | 005,760,054 | ---- | C] () -- C:\Documents and Settings\0wner\Pulpit\022_1600.bmp [2010-02-24 17:16:10 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\0wner\Moje dokumenty\aionmemo_24dd979a.dat [2010-02-24 17:04:57 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\0wner\Pulpit\Aion.lnk [2010-02-23 19:45:00 | 000,097,792 | RHS- | C] () -- C:\62.exe [2010-02-20 13:27:10 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\0wner\Moje dokumenty\Kartezjusz. [2010-02-20 13:27:10 | 000,008,198 | ---- | C] () -- C:\Documents and Settings\0wner\Moje dokumenty\Kartezjusz [2010-02-19 09:19:20 | 000,000,357 | ---- | C] () -- C:\Documents and Settings\0wner\Pulpit\Muzyka.lnk [2010-02-17 20:46:04 | 000,096,768 | RHS- | C] () -- C:\tgt.exe [2010-02-13 20:52:31 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamSpeak 3 Client.lnk [2010-02-12 23:58:57 | 047,870,594 | ---- | C] () -- C:\Documents and Settings\0wner\Moje dokumenty\dd.wav [2010-02-10 14:52:56 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\0wner\Pulpit\Skrót do Multi Theft Auto.lnk [2010-02-09 21:56:14 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\MaxUp Video Downloader.lnk [2010-02-09 20:52:39 | 000,091,648 | RHS- | C] () -- C:\9qqigqwf.exe [2010-02-09 09:31:41 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\0wner\Pulpit\Play MTA San Andreas.lnk [2010-02-04 17:45:31 | 000,091,648 | RHS- | C] () -- C:\ws.exe [2010-02-03 21:11:48 | 000,094,208 | RHS- | C] () -- C:\bveijo.exe [2010-02-02 21:58:59 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Sony Ericsson PC Suite.lnk [2010-02-02 21:56:59 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Disc2Phone.lnk [2010-02-01 18:12:09 | 000,094,208 | RHS- | C] () -- C:\9d6tpg.exe [2010-01-30 22:11:49 | 000,094,208 | RHS- | C] () -- C:\1hqup.exe [2010-01-30 15:44:29 | 000,013,217 | ---- | C] () -- C:\Documents and Settings\0wner\Moje dokumenty\Struny.docx [2010-01-29 18:19:55 | 000,097,280 | RHS- | C] () -- C:\mvmdh.exe [2010-01-16 11:29:11 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010-01-16 11:29:11 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\0wner\Dane aplikacji\PnkBstrK.sys [2010-01-16 11:28:52 | 000,000,298 | ---- | C] () -- C:\WINDOWS\game.ini [2010-01-11 22:07:19 | 000,454,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-01-05 20:33:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010-01-05 20:33:38 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010-01-05 20:33:32 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\0wner\Dane aplikacji\$_hpcst$.hpc [2009-12-28 16:47:40 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\0wner\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2009-12-28 10:10:11 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2009-12-28 10:06:55 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2009-12-19 15:19:01 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-12-19 14:55:20 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\0wner\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-12-19 13:56:30 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-12-19 13:56:29 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-12-19 13:56:27 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-12-19 13:56:27 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-12-19 13:56:25 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-12-19 13:56:24 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-12-19 13:16:55 | 000,002,065 | ---- | C] () -- C:\WINDOWS\ATICIM.INI [2009-12-19 13:07:24 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-12-19 12:54:03 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll [2009-11-06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007-10-25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2001-07-07 03:00:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [color=#E56717]========== LOP Check ==========[/color] [2010-02-13 22:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\BESTplayer [2009-12-24 20:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\Gadu-Gadu 10 [2009-12-28 18:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\Image Zone Express [2010-02-09 21:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\maxup [2010-01-10 15:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\Nowe Gadu-Gadu [2009-12-19 13:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\OpenFM [2010-01-05 20:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\PC Suite [2010-02-12 09:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\Samsung [2009-12-31 13:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\Sony [2010-02-02 22:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\Teleca [2010-02-13 20:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\TS3Client [2010-02-19 23:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\0wner\Dane aplikacji\uTorrent [2010-02-28 09:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-02-13 20:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-01-05 20:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2009-12-31 12:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony [2010-02-02 21:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Teleca [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-01-27 17:54:38 | 000,100,864 | RHS- | M] () -- C:\0fpdq2dw.exe [2010-01-30 22:11:22 | 000,094,208 | RHS- | M] () -- C:\1hqup.exe [2010-02-23 19:44:34 | 000,097,792 | RHS- | M] () -- C:\62.exe [2010-02-02 20:49:42 | 000,094,208 | RHS- | M] () -- C:\9d6tpg.exe [2010-02-26 21:19:38 | 000,392,400 | ---- | M] () -- C:\AnalysisLog.sr0 [2009-12-19 11:35:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-02-28 10:52:04 | 000,000,051 | RHS- | M] () -- C:\autorun.inf [2009-12-19 11:30:20 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2004-08-04 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-12-19 11:35:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-01-26 18:14:28 | 000,100,864 | RHS- | M] () -- C:\df.exe [2009-12-19 11:35:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009-12-19 11:35:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010-01-11 17:43:32 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-02-28 10:53:03 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2009-12-19 12:54:06 | 000,000,159 | ---- | M] () -- C:\Setup.log [2010-01-19 13:45:23 | 000,123,392 | RHS- | M] () -- C:\sywyrl0q.exe [2010-02-20 21:17:16 | 000,096,768 | RHS- | M] () -- C:\tgt.exe < End of report >[/log]
Mateusz J. komentarz 28 lutego 2010 komentarz 28 lutego 2010 (edytowane) Wiec tak infekcja przenosi się poprzez media przenośne, czyli takie urządzenia jak: pendrive, mp3, mp4, dyski zewnętrzne, wszelkie karty pamięci, najlepiej je sformatować lub usuwać pliki z takiego urządzenia ręcznie uprzednio usuwając im atrybuty SH lub włączając pokazywanie plików i folderów z takimi atrybutami, tzn. pokazywanie ukrytych plików i folderów oraz wyłączenie opcji ukrywania plików systemowych. Uruchom OTL i w oknie Custom Scans/Fixes wklej[code] :OTL O32 - AutoRun File - [2010-02-28 10:52:04 | 000,000,051 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-02-28 10:52:04 | 000,000,051 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2007-09-17 16:30:18 | 000,000,022 | R--- | M] () - E:\autorun.bat -- [ CDFS ] O32 - AutoRun File - [2007-05-04 08:43:30 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{09b58e43-ec91-11de-8c38-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{09b58e43-ec91-11de-8c38-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.bat -- [2007-09-17 16:30:18 | 000,000,022 | R--- | M] () O33 - MountPoints2\{0a30094d-ec8e-11de-8152-806d6172696f}\Shell\AutoRun\command - "" = s1.exe O33 - MountPoints2\{0a30094d-ec8e-11de-8152-806d6172696f}\Shell\open\Command - "" = s1.exe O33 - MountPoints2\{0a30094e-ec8e-11de-8152-806d6172696f}\Shell\AutoRun\command - "" = s1.exe O33 - MountPoints2\{0a30094e-ec8e-11de-8152-806d6172696f}\Shell\open\Command - "" = s1.exe O33 - MountPoints2\{31ef3922-fec4-11de-8c8c-001556ffd2dc}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{31ef3922-fec4-11de-8c8c-001556ffd2dc}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{423449b4-1c0c-11df-8d00-001556ffd2dc}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{423449b4-1c0c-11df-8d00-001556ffd2dc}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{62611d0b-ed9c-11de-8c40-001556ffd2dc}\Shell\AutoRun\command - "" = F:\mbdm.exe -- File not found O33 - MountPoints2\{62611d0b-ed9c-11de-8c40-001556ffd2dc}\Shell\open\Command - "" = F:\mbdm.exe -- File not found O33 - MountPoints2\{80ec096d-103d-11df-8ccf-001556ffd2dc}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{80ec096d-103d-11df-8ccf-001556ffd2dc}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{87de2283-f7ce-11de-8c74-001556ffd2dc}\Shell\AutoRun\command - "" = F:\h0.exe -- File not found O33 - MountPoints2\{87de2283-f7ce-11de-8c74-001556ffd2dc}\Shell\open\Command - "" = F:\h0.exe -- File not found O33 - MountPoints2\{87de2284-f7ce-11de-8c74-001556ffd2dc}\Shell\AutoRun\command - "" = G:\h0.exe -- File not found O33 - MountPoints2\{87de2284-f7ce-11de-8c74-001556ffd2dc}\Shell\open\Command - "" = G:\h0.exe -- File not found O33 - MountPoints2\{c71a0541-05f2-11df-8ca5-001556ffd2dc}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found O33 - MountPoints2\{c71a0541-05f2-11df-8ca5-001556ffd2dc}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found :Files C:\autorun.inf D:\autorun.inf E:\autorun.inf E:\autorun.bat C:\tgt.exe C:\62.exe C:\9d6tpg.exe C:\1hqup.exe1 C:\9qqigqwf.exe C:\ws.exe C:\bveijo.exe C:\9d6tpg.exe C:\1hqup.exe C:\mvmdh.exe C:\tgt.exe D:\tgt.exe D:\62.exe D:\9d6tpg.exe D:\1hqup.exe1 D:\9qqigqwf.exe D:\ws.exe D:\bveijo.exe D:\9d6tpg.exe D:\1hqup.exe D:\mvmdh.exe D:\tgt.exe E:\tgt.exe E:\62.exe E:\9d6tpg.exe E:\1hqup.exe1 E:\9qqigqwf.exe E:\ws.exe E:\bveijo.exe E:\9d6tpg.exe E:\1hqup.exe E:\mvmdh.exe E:\tgt.exe C:\df.exe D:\df.exe E:\df.exe :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp] [Reboot][/code]Kliknij Run Fix. Zatwierdź restart komputera. Po ponownym uruchomieniu komputera tworzysz nowy log i pokazujesz do kontroli. Edytowane 28 lutego 2010 przez jesiona
Dygns komentarz 28 lutego 2010 Autor komentarz 28 lutego 2010 po zresetowaniu zaczelo sie cos robic az sie zacielo , czekalm z 5 minut i dalej bylo to samo to zresetowalem kompai wyskoczyl taki blad Files\Folders moved on Reboot... File move failed. E:\AUTORUN.INF scheduled to be moved on reboot. Registry entries deleted on Reboot...
Mateusz J. komentarz 28 lutego 2010 komentarz 28 lutego 2010 Pokaż nowy log, ale tym razem z ComboFix.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.