Skocz do zawartości


Zdjęcie

Logi - Usunięcie trojana Vundo


  • Zamknięty Temat jest zamknięty
9 odpowiedzi w tym temacie

#1 proquest

proquest

    Początkujący

  • 52 postów

Napisano 19 05 2010 - 19:25

Witam, miałem małą infekcję, nagle komputer zaczął strasznie wolno chodzić, przeskanowałem Malwarebytes' Anti-Malware i znalazł okołu 10 "Trojan.Vundo.H" rozmieszczonego w różnych miejscach, plikach, rejestrze. No usunąłem wszystko i chcę się dowiedzieć czy go wywaliłem na amen. Log z HjackThis, jeśli jeszcze jakiś podać, to proszę napisać co.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:35, on 2010-05-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: <a href="http://www.download.net.pl/1/Winamp/">Winamp</a> Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\<a href="http://www.download.net.pl/1/Winamp/">Winamp</a> Toolbar\winamptb.dll
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: <a href="http://www.download.net.pl/1/Winamp/">Winamp</a> Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\<a href="http://www.download.net.pl/1/Winamp/">Winamp</a> Toolbar\winamptb.dll
O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
O3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: <a href="http://www.download.net.pl/1/Winamp/">Winamp</a> Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\<a href="http://www.download.net.pl/1/Winamp/">Winamp</a> Toolbar\winamptb.dll
O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IVONA ControlCenter] "C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" --action=run-silent
O4 - HKCU\..\Run: [ExprOElauncher] C:\Program Files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\195.62\winxp\international\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC04AC61-A9B7-44D7-A57C-3C65494D2C30}: NameServer = 79.163.127.70 217.116.100.65
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6296 bytes

I jeszcze przedchwilą Spyware Terminator wykrył takie coś:
<Trojan.Packed.25637> : C:\Program Files\Syncrosoft\POS\H2O\emu.dll
<Trojan.Downloader.Agent.pxw> : C:\WINDOWS\system32\cardvr.exe

  • 0

#2 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 19 05 2010 - 19:53

Log z HijackThis w dzisiejszych czasach nie ma żadnego znaczenia w walce z infekcjami, dlatego proponuję dać log z >/OTL-t35212/

  • 0

#3 proquest

proquest

    Początkujący

  • 52 postów

Napisano 19 05 2010 - 20:12

Proszę, oto one:
OTL logfile created on: 2010-05-19 20:07:57 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Documents and Settings\Raaf\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 21,49 Gb Total Space | 9,87 Gb Free Space | 45,94% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 1,08 Gb Free Space | 1,84% Space Free | Partition Type: NTFS
Drive E: | 152,79 Gb Total Space | 11,16 Gb Free Space | 7,31% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 587,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: Z-5FAD1ACBAA5C4
Current User Name: Raaf
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010-05-19 20:07:32 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exe
PRC - [2010-05-07 12:23:32 | 000,512,000 | ---- | M] ( ) -- C:\Program Files\Tibia Auto\tibiaauto.exe
PRC - [2010-05-06 17:20:56 | 002,433,024 | ---- | M] (CipSoft GmbH) -- C:\Program Files\Tibia\Tibia.exe
PRC - [2010-05-04 16:05:48 | 011,981,408 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-04-30 17:35:35 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2010-04-14 14:47:38 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010-04-02 23:07:49 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010-01-29 22:28:11 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010-01-28 13:37:02 | 002,366,416 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\Toolbar\CToolbar.exe
PRC - [2009-07-01 18:38:40 | 001,481,056 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2009-04-28 09:50:24 | 000,086,016 | ---- | M] (Nektra S.A.) -- C:\Program Files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe
PRC - [2008-03-10 00:04:52 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010-05-19 20:07:32 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exe
MOD - [2004-08-04 00:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010-04-30 17:35:35 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010-04-14 14:47:38 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010-03-24 22:48:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008-03-10 00:04:52 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010-03-26 15:59:10 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-03-26 15:59:10 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-01-29 22:28:09 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010-01-29 22:06:59 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-01-12 12:03:34 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-11-12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-03-27 02:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009-02-17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007-07-18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006-11-27 17:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-11-27 17:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-10-18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006-07-05 14:50:52 | 000,683,791 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2006-06-19 00:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-05-09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005-01-07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004-08-03 22:59:44 | 000,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004-03-12 23:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d346prt.sys -- (d346prt)
DRV - [2004-03-12 23:41:28 | 000,156,800 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d346bus.sys -- (d346bus)
DRV - [2003-08-12 13:51:00 | 000,060,255 | R--- | M] (STMicroelectronics              ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Allegro"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.pl"
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: expressivo@expressivo.com:1.0
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100415
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010-01-29 22:28:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-28 17:58:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-02 23:07:51 | 000,000,000 | ---D | M]
 
[2010-01-29 22:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Extensions
[2010-05-18 20:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions
[2010-04-11 00:18:01 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-05-01 14:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions\nasanightlaunch@example.com
[2010-04-11 00:24:33 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\searchplugins\winamp-search.xml
[2010-05-10 20:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2007-07-26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010-01-16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2010-04-22 20:38:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Pasek &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Pasek &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics              )
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [ExprOElauncher] C:\Program Files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe (Nektra S.A.)
O4 - HKCU..\Run: [IVONA ControlCenter] C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe (IVO Software Sp. z o.o.)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-29 21:50:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003-12-15 12:18:36 | 000,172,032 | R--- | M] (Team17 Software Ltd) - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001-03-21 18:05:38 | 000,000,051 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7d144ee6-2ac4-11df-a546-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7d144ee6-2ac4-11df-a546-806d6172696f}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2003-12-15 12:18:36 | 000,172,032 | R--- | M] (Team17 Software Ltd)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010-05-19 20:07:31 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exe
[2010-05-19 18:22:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Raaf\Recent
[2010-05-19 17:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\sfArk
[2010-05-19 17:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\SF2
[2010-05-13 17:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Sun
[2010-05-13 17:18:40 | 000,921,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Raaf\Pulpit\jxpiinstall.exe
[2010-05-11 18:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\Nowy folder (2)
[2010-05-10 20:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\IVONA
[2010-05-10 19:54:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\Expressivo Podcasts
[2010-05-10 19:54:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\Expressivo Documents
[2010-05-10 19:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\ivo
[2010-05-10 19:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Expressivo
[2010-05-10 19:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\IVONA_INST
[2010-05-10 19:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\lektury cd1
[2010-05-07 14:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\wyspagothic_www.przeklej.pl
[2010-05-07 13:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\Ancient Dome
[2010-05-07 11:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\czip17_paczka
[2010-05-06 20:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\FreeStone Group
[2010-05-06 20:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Video Card Stability Test
[2010-05-06 14:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\Modowanie
[2010-05-05 11:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\GothicSourcer V3.10
[2010-05-04 20:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\g2nkscriptspl
[2010-05-01 19:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\PROSTO
[2010-04-30 17:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Autodesk
[2010-04-30 17:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\3dsmax
[2010-04-30 17:36:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\Adlm
[2010-04-30 17:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\Autodesk
[2010-04-30 17:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010-04-30 17:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
[2010-04-30 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010-04-30 17:31:39 | 000,952,832 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javac.exe
[2010-04-30 16:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Team17
[2010-04-30 16:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\Nowy folder
[2010-04-28 20:43:45 | 000,033,792 | ---- | C] (Team H2O) -- C:\WINDOWS\System32\drivers\cledx.sys
[2010-04-28 20:38:57 | 000,016,896 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\drivers\synasUSB.sys
[2010-04-28 20:38:49 | 000,045,056 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\Synsopos.exe
[2010-04-28 20:38:48 | 000,708,608 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\SYNSOACC.dll
[2010-04-28 20:38:48 | 000,147,456 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\SynsoLChk.dll
[2010-04-28 20:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2010-04-28 20:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Steinberg
[2010-04-28 20:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010-04-28 19:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Canneverbe Limited
[2010-04-28 19:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited
[2010-04-28 19:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010-04-26 19:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\NinjaBlade
[2010-04-25 12:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010-04-24 20:17:42 | 000,077,824 | ---- | C] (Fox Magic Software) -- C:\WINDOWS\System32\fmcodec.DLL
[2010-04-24 20:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Fox Magic
[2010-04-24 13:00:59 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn0415.exe
[2010-04-23 12:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2010-04-22 20:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Malwarebytes
[2010-04-22 20:58:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-22 20:58:02 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-22 20:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-04-22 20:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-04-22 15:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\BioWare
[2010-04-22 14:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2010-03-08 17:07:54 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2010-03-08 17:07:54 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010-05-19 20:07:32 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exe
[2010-05-19 19:20:03 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-05-19 19:20:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-19 19:19:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-19 19:19:09 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Raaf\NTUSER.DAT
[2010-05-19 17:41:45 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2010-05-19 17:41:45 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2010-05-19 17:41:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2010-05-19 17:41:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2010-05-19 17:41:45 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2010-05-19 17:41:45 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2010-05-19 17:41:45 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2010-05-19 17:41:45 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2010-05-19 17:41:45 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2010-05-19 17:41:45 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2010-05-19 17:41:45 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2010-05-19 15:38:14 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-19 15:32:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-16 11:19:41 | 000,053,330 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\d55696d1aa.jpeg
[2010-05-16 11:19:24 | 000,048,830 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\d2cb70e1fd.jpeg
[2010-05-16 11:19:13 | 000,027,692 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\531050f699.jpeg
[2010-05-16 11:19:04 | 000,041,278 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\672c06401a.jpeg
[2010-05-14 20:20:46 | 004,556,346 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Oriental beat prod. Zychu.mp3
[2010-05-14 17:55:00 | 000,985,406 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Guitar Acoustic (963KB).sf2
[2010-05-14 16:55:58 | 003,160,560 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Strings Legato Korg Triton.SF2
[2010-05-13 17:18:45 | 000,921,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Raaf\Pulpit\jxpiinstall.exe
[2010-05-13 13:33:25 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2010-05-13 13:33:25 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-05-11 19:57:32 | 001,701,144 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\sa.wav
[2010-05-11 19:54:01 | 010,904,033 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Concierto de Aranjuez by JoaquĂ­n Rodrigo II-Adagio.mp3
[2010-05-10 20:11:19 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Expressivo.lnk
[2010-05-10 19:38:27 | 041,301,843 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Expressivo_1.5.1.exe
[2010-05-10 19:06:05 | 050,554,058 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\lektury_cd1.rar
[2010-05-09 20:59:33 | 002,639,182 | -H-- | M] () -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-05-09 19:41:28 | 002,945,024 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\all.max
[2010-05-09 19:17:38 | 000,438,272 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\dom.max
[2010-05-09 17:15:18 | 000,204,629 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\helmowy_jar.3ds
[2010-05-09 17:14:37 | 000,725,682 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\modellingcontest_simon4af06c78.rar
[2010-05-09 15:39:34 | 000,270,336 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\jaskinie.max
[2010-05-08 17:49:47 | 000,063,317 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\hausgroß.3ds
[2010-05-08 11:55:08 | 000,991,232 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\city.max
[2010-05-07 14:42:02 | 002,288,251 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\map.jpg
[2010-05-07 12:00:21 | 000,090,757 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\shirt_material_.JPG
[2010-05-06 20:23:24 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Video Card Stability Test.lnk
[2010-05-06 19:41:53 | 000,082,566 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\av.jpg
[2010-05-06 19:03:18 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Prezentacja - strony www.ppt
[2010-05-06 15:03:23 | 000,001,014 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\GothicSourcer V3.10.lnk
[2010-05-06 14:39:07 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gothic II.lnk
[2010-05-05 13:22:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\zSpy.INI
[2010-05-04 20:28:29 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2010-05-04 19:43:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010-05-04 12:13:29 | 000,009,876 | ---- | M] () -- C:\Documents and Settings\Raaf\Moje dokumenty\larvy.xml
[2010-05-03 15:47:19 | 000,009,870 | ---- | M] () -- C:\Documents and Settings\Raaf\Moje dokumenty\Dwarf.xml
[2010-05-02 20:20:01 | 000,967,680 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\<img src='http://www.forum.tweaks.pl/public/style_emoticons/<#EMO_DIR#>/cool.png' class='bbc_emoticon' alt='B)' />.avi
[2010-05-01 13:34:55 | 000,000,083 | ---- | M] () -- C:\WINDOWS\WWP.INI
[2010-04-30 18:35:42 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System32\c.bat
[2010-04-30 17:35:27 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Autodesk 3ds Max 2009 32-bit.lnk
[2010-04-30 17:34:16 | 000,007,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services
[2010-04-30 16:46:25 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Worms World Party.lnk
[2010-04-30 14:59:32 | 000,000,090 | ---- | M] () -- C:\WINDOWS\WA.INI
[2010-04-29 12:52:58 | 001,604,509 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\asdsafdsfhhk.mp3
[2010-04-28 20:39:48 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Hypersonic.exe.lnk
[2010-04-28 19:51:03 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CDBurnerXP.lnk
[2010-04-28 19:44:00 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib
[2010-04-26 19:37:16 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Ninja Blade .lnk
[2010-04-25 12:10:50 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\CCleaner.lnk
[2010-04-25 11:04:31 | 000,000,779 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-04-25 10:24:47 | 001,619,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-24 21:23:21 | 000,445,735 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\aitutaki-lagoon-1440-900-4604.jpg
[2010-04-24 20:17:42 | 000,001,861 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\ScreenVirtuoso PRO.lnk
[2010-04-24 19:41:36 | 000,738,308 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 2.psd
[2010-04-24 19:35:51 | 000,077,408 | ---- | M] () -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-04-22 20:58:06 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-04-22 20:38:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010-04-22 14:29:54 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mass Effect.lnk
[2010-04-20 16:50:50 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Raaf\Moje dokumenty\Zakon joannitów..doc
[2010-04-20 16:10:56 | 000,149,504 | ---- | M] () -- C:\Documents and Settings\Raaf\Moje dokumenty\Zakon Joannitów - foliogram..doc
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010-05-16 11:19:40 | 000,053,330 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\d55696d1aa.jpeg
[2010-05-16 11:19:24 | 000,048,830 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\d2cb70e1fd.jpeg
[2010-05-16 11:19:12 | 000,027,692 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\531050f699.jpeg
[2010-05-16 11:19:04 | 000,041,278 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\672c06401a.jpeg
[2010-05-15 17:54:16 | 012,696,314 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\aaviolin(triples)x-layer.sf2
[2010-05-15 17:42:51 | 000,024,610 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\wahvoice.sf2
[2010-05-14 20:11:04 | 004,556,346 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Oriental beat prod. Zychu.mp3
[2010-05-14 17:54:53 | 000,985,406 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Guitar Acoustic (963KB).sf2
[2010-05-14 16:55:43 | 003,160,560 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Strings Legato Korg Triton.SF2
[2010-05-13 13:33:25 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2010-05-13 13:33:25 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-05-11 19:57:32 | 001,701,144 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\sa.wav
[2010-05-11 19:53:27 | 010,904,033 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Concierto de Aranjuez by JoaquĂ­n Rodrigo II-Adagio.mp3
[2010-05-10 19:54:43 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Expressivo.lnk
[2010-05-10 19:32:37 | 041,301,843 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Expressivo_1.5.1.exe
[2010-05-10 18:56:27 | 050,554,058 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\lektury_cd1.rar
[2010-05-09 19:17:21 | 000,438,272 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\dom.max
[2010-05-09 17:15:18 | 000,204,629 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\helmowy_jar.3ds
[2010-05-09 17:14:34 | 000,725,682 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\modellingcontest_simon4af06c78.rar
[2010-05-09 14:51:56 | 000,270,336 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\jaskinie.max
[2010-05-09 12:31:34 | 002,945,024 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\all.max
[2010-05-08 17:49:47 | 000,063,317 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\hausgroß.3ds
[2010-05-08 11:54:47 | 000,991,232 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\city.max
[2010-05-07 14:41:59 | 002,288,251 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\map.jpg
[2010-05-07 11:58:15 | 000,090,757 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\shirt_material_.JPG
[2010-05-06 20:23:24 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Video Card Stability Test.lnk
[2010-05-06 19:39:27 | 000,082,566 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\av.jpg
[2010-05-06 19:03:18 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Prezentacja - strony www.ppt
[2010-05-06 15:03:23 | 000,001,014 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\GothicSourcer V3.10.lnk
[2010-05-06 14:39:07 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gothic II.lnk
[2010-05-05 13:22:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\zSpy.INI
[2010-05-04 20:28:29 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-05-04 12:09:05 | 000,009,876 | ---- | C] () -- C:\Documents and Settings\Raaf\Moje dokumenty\larvy.xml
[2010-05-03 15:14:51 | 000,009,870 | ---- | C] () -- C:\Documents and Settings\Raaf\Moje dokumenty\Dwarf.xml
[2010-05-02 20:18:20 | 000,967,680 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\<img src='http://www.forum.tweaks.pl/public/style_emoticons/<#EMO_DIR#>/cool.png' class='bbc_emoticon' alt='B)' />.avi
[2010-05-01 13:34:55 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WWP.INI
[2010-04-30 18:59:27 | 022,967,808 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\unwrap agpc.avi
[2010-04-30 18:35:42 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\c.bat
[2010-04-30 17:35:27 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Autodesk 3ds Max 2009 32-bit.lnk
[2010-04-30 16:46:25 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Worms World Party.lnk
[2010-04-30 14:59:32 | 000,000,090 | ---- | C] () -- C:\WINDOWS\WA.INI
[2010-04-29 12:52:38 | 001,604,509 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\asdsafdsfhhk.mp3
[2010-04-28 20:46:40 | 000,000,471 | ---- | C] () -- C:\WINDOWS\System32\Datei4
[2010-04-28 20:46:40 | 000,000,471 | ---- | C] () -- C:\WINDOWS\System32\Datei2
[2010-04-28 20:46:40 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Datei3
[2010-04-28 20:46:40 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Datei1
[2010-04-28 20:46:40 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\Datei7
[2010-04-28 20:46:40 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\Datei5
[2010-04-28 20:46:40 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\Datei0
[2010-04-28 20:46:40 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei9
[2010-04-28 20:46:40 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei8
[2010-04-28 20:46:40 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei10
[2010-04-28 20:46:40 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\Datei6
[2010-04-28 20:38:58 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm
[2010-04-28 20:38:58 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2010-04-28 20:38:58 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm
[2010-04-28 20:37:32 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Hypersonic.exe.lnk
[2010-04-28 19:51:03 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CDBurnerXP.lnk
[2010-04-28 19:51:02 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010-04-28 19:43:19 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010-04-26 19:37:16 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Ninja Blade .lnk
[2010-04-25 12:10:50 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\CCleaner.lnk
[2010-04-24 21:23:21 | 000,445,735 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\aitutaki-lagoon-1440-900-4604.jpg
[2010-04-24 20:17:42 | 000,001,861 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\ScreenVirtuoso PRO.lnk
[2010-04-24 19:22:49 | 000,738,308 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 2.psd
[2010-04-22 20:58:06 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-04-22 14:29:54 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mass Effect.lnk
[2010-04-20 16:18:56 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Raaf\Moje dokumenty\Zakon joannitów..doc
[2010-04-20 16:05:39 | 000,149,504 | ---- | C] () -- C:\Documents and Settings\Raaf\Moje dokumenty\Zakon Joannitów - foliogram..doc
[2010-03-26 15:59:10 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010-03-26 15:59:10 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010-03-08 21:16:09 | 000,683,791 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2010-03-08 21:16:09 | 000,000,915 | R--- | C] () -- C:\WINDOWS\System32\setup.ini
[2010-03-08 21:16:09 | 000,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini
[2010-03-08 19:55:03 | 000,000,082 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2010-02-28 14:21:59 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-02-02 18:41:53 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-02-02 18:41:53 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-02-02 18:41:52 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-02-02 18:41:52 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-02-02 18:41:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010-02-02 18:41:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-02-02 18:41:50 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010-01-29 22:28:09 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2004-08-04 00:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-08-03 22:59:44 | 000,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004-07-17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004-03-15 20:28:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:9065B470F15EA765
@Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
< End of report >

I drugi

OTL Extras logfile created on: 2010-05-19 20:07:57 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Documents and Settings\Raaf\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 21,49 Gb Total Space | 9,87 Gb Free Space | 45,94% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 1,08 Gb Free Space | 1,84% Space Free | Partition Type: NTFS
Drive E: | 152,79 Gb Total Space | 11,16 Gb Free Space | 7,31% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 587,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: Z-5FAD1ACBAA5C4
Current User Name: Raaf
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- (Crawler.com)
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"D:\Gry\Counter-Strike\cstrike.exe" = D:\Gry\Counter-Strike\cstrike.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Gry\Counter-Strike\hlds.exe" = D:\Gry\Counter-Strike\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Gry\Steam\SteamApps\common\saints row 2\SR2_pc.exe" = D:\Gry\Steam\SteamApps\common\saints row 2\SR2_pc.exe:*:Enabled:Saints Row 2 -- ()
"D:\Gry\Mass Effect\Binaries\MassEffect.exe" = D:\Gry\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"D:\Gry\Mass Effect\MassEffectLauncher.exe" = D:\Gry\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"D:\Gry\Aspyr Media, Inc\THAW\Game\THAW.exe" = D:\Gry\Aspyr Media, Inc\THAW\Game\THAW.exe:*:Enabled:Tony Hawk's American Wasteland -- (Aspyr Media, Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit -- (Autodesk, Inc.)
"D:\Gry\JoWooD\Gothic II\_Work\Tools\zSpy\zSpy.exe" = D:\Gry\JoWooD\Gothic II\_Work\Tools\zSpy\zSpy.exe:*:Enabled:ZSPY -- ()
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036FD544-AED6-3F33-856D-A2292D0CF471}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PLK
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3293C06B-003F-4027-8380-FFD79E38167D}" = Tony Hawk's American Wasteland (TM)
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{492C171D-9815-4AC5-AC80-E240C8D89D6B}_is1" = Ninja Blade PL
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}" =             
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}" = Gothic II - Noc Kruka
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78EFD06D-7583-42F1-9E77-671D8782EB70}" = Adobe Photoshop CS3
"{7C77393F-8237-3825-A88A-AFAF3C69C072}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PLK
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82D9302E-F209-4805-B548-52087047483A}" = Python 2.4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84D04D4F-2201-4AED-BE9A-FFA62069CA19}_is1" = reFX Nexus 1.0.0
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC76BA86-7AD7-1038-7B44-CEA000000001}" = Adobe Reader 6.0.2 CE
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader  1.12
"{CBF4DADD-974D-49C8-BC83-C6F31554001E}" = Adobe Setup
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = Wiedźmin
"{F31E509D-3597-324E-83CF-0C160B2320F0}" = Microsoft .NET Framework 3.5 Language Pack - plk
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"{FD89C3D4-59A5-4BB9-A09C-F2CCF644CD8F}" = Worms World Party
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"4Front Bass Module VSTi_is1" = 4Front Bass Module 1.0 VSTi
"6A1545AE87FC8D98ACA7539CE7AA69DF2A5C7E1C" = Pakiet sterowników systemu Windows - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_678cd98c8365a5647f9a2e539d120a8" = Adobe Photoshop CS3
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"Collab" = Collab
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"CWK" = CWK (Czasowy Wyłącznik Komputera)
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"Expressivo" = Expressivo
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"FL Studio 8" = FL Studio 8
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"G2MDK" = Gothic II - Modification Development Kit
"Gadu-Gadu 10" = Gadu-Gadu 10
"GothicSourcer" = GothicSourcer 3.10
"HijackThis" = HijackThis 2.0.2
"HS2_is1" = Steinberg Hypersonic 2
"IL Download Manager" = IL Download Manager
"IVONA" = IVONA
"IVONA ControlCenter" = IVONA ControlCenter
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.6.1
"KrxImpExp for 3D Studio Max 2009 (x86)" = KrxImpExp for 3D Studio Max 2009 (x86)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 — PLK
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NapiProjekt_is1" = NapiProjekt 1.0.6.7
"Niezbędnik CD_is1" = Niezbędnik CD
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PoiZone" = PoiZone
"reFX Nexus 1.0.9_is1" = reFX Nexus 1.0.9
"ScreenVirtuoso PRO_is1" = ScreenVirtuoso PRO 4.15 Tryout
"sfArk" = sfArk
"Spyware Terminator_is1" = Spyware Terminator
"Steam App 9480" = Saints Row 2
"StmAdsl" = ADSL Modem
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"Tibia Auto" = NSIS Example2
"Tibia_is1" = Tibia
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"Video Card Stability Test" = Video Card Stability Test
"Video mp3 Extractor_is1" = Video mp3 Extractor
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = Archiwizator WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Counter-Strike 1.6: New Era" = Counter-Strike 1.6: New Era
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2010-04-01 16:49:10 | Computer Name = Z-5FAD1ACBAA5C4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd witcher.exe, wersja 1.4.5.1282, moduł powodujący
 błąd witcher.exe, wersja 1.4.5.1282, adres błędu 0x0038a22e.
 
Error - 2010-04-05 07:24:55 | Computer Name = Z-5FAD1ACBAA5C4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd drwtsn32.exe, wersja 5.1.2600.0, moduł powodujący
 błąd dbghelp.dll, wersja 5.1.2600.2180, adres błędu 0x0001295d.
 
Error - 2010-04-08 09:56:52 | Computer Name = Z-5FAD1ACBAA5C4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd fl.exe, wersja 0.0.0.0, moduł powodujący
 błąd bagpipes.sem, wersja 0.0.0.0, adres błędu 0x00005373.
 
[ System Events ]
Error - 2010-04-28 12:19:44 | Computer Name = Z-5FAD1ACBAA5C4 | Source = Cdrom | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0.
 
Error - 2010-04-28 12:19:54 | Computer Name = Z-5FAD1ACBAA5C4 | Source = Cdrom | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0.
 
Error - 2010-04-28 12:20:03 | Computer Name = Z-5FAD1ACBAA5C4 | Source = Cdrom | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0.
 
Error - 2010-04-28 12:20:12 | Computer Name = Z-5FAD1ACBAA5C4 | Source = Cdrom | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0.
 
Error - 2010-04-28 12:20:21 | Computer Name = Z-5FAD1ACBAA5C4 | Source = Cdrom | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0.
 
Error - 2010-04-28 12:20:30 | Computer Name = Z-5FAD1ACBAA5C4 | Source = Cdrom | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\CdRom0.
 
Error - 2010-04-28 14:11:32 | Computer Name = Z-5FAD1ACBAA5C4 | Source = sr | ID = 1
Description = Filtr Przywracania systemu napotkał nieoczekiwany błąd '0xC000007F'
 podczas przetwarzania pliku 'JPN-Mire.nfo' w woluminie 'HarddiskVolume2'. W rezultacie
 zostało zatrzymane monitorowanie woluminu.
 
Error - 2010-04-28 14:24:55 | Computer Name = Z-5FAD1ACBAA5C4 | Source = DCOM | ID = 10010
Description = Serwer {8BC3F05E-D86B-11D0-A075-00C04FB68820} nie zarejestrował się
 w modelu DCOM w wymaganym czasie.
 
Error - 2010-05-06 05:08:06 | Computer Name = Z-5FAD1ACBAA5C4 | Source = System Error | ID = 1003
Description = Kod błędu 1000007e, parametr 1 c0000005, parametr 2 b3f8aa1c, parametr
 3 b7693b44, parametr 4 b7693840.
 
Error - 2010-05-18 09:20:59 | Computer Name = Z-5FAD1ACBAA5C4 | Source = System Error | ID = 1003
Description = Kod błędu 1000007e, parametr 1 c0000005, parametr 2 b4024a1c, parametr
 3 b68bfb44, parametr 4 b68bf840.
 
 
< End of report >

  • 0

#4 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 19 05 2010 - 20:27

Do usunięcia jest tylko strumień ADS, podpięty pod folder WINDOWS, oraz jakiś nieznany plik.
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:9065B470F15EA765
[2010-04-30 18:35:42 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System32\c.bat

:Commands
[emptytemp]
[Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij "Run Scan".
Pokaż nowy log OTL.txt oraz raport z usuwania.
.
  • 0

#5 proquest

proquest

    Początkujący

  • 52 postów

Napisano 19 05 2010 - 20:38

log z raportu po usunieciu
All processes killed
========== OTL ==========
ADS C:\WINDOWS:9065B470F15EA765 deleted successfully.
C:\WINDOWS\system32\c.bat moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Raaf
->Temp folder emptied: 2397485 bytes
->Temporary Internet Files folder emptied: 1235330 bytes
->FireFox cache emptied: 56404743 bytes
->Flash cache emptied: 2069 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 57,00 mb
 
 
OTL by OldTimer - Version 3.2.5.0 log created on 05192010_203339

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Log po drugim skanie
OTL logfile created on: 2010-05-19 20:36:46 - Run 2
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Documents and Settings\Raaf\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 21,49 Gb Total Space | 9,92 Gb Free Space | 46,17% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 1,08 Gb Free Space | 1,84% Space Free | Partition Type: NTFS
Drive E: | 152,79 Gb Total Space | 11,16 Gb Free Space | 7,31% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 587,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: Z-5FAD1ACBAA5C4
Current User Name: Raaf
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010-05-19 20:07:32 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exe
PRC - [2010-04-30 17:35:35 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2010-04-14 14:47:38 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010-04-02 23:07:49 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010-01-29 22:28:11 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010-01-28 13:37:02 | 002,366,416 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\Toolbar\CToolbar.exe
PRC - [2009-04-28 09:50:24 | 000,086,016 | ---- | M] (Nektra S.A.) -- C:\Program Files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe
PRC - [2008-03-10 00:04:52 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010-05-19 20:07:32 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exe
MOD - [2004-08-04 00:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010-04-30 17:35:35 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010-04-14 14:47:38 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010-03-24 22:48:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-03-04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008-03-10 00:04:52 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010-03-26 15:59:10 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010-03-26 15:59:10 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-01-29 22:28:09 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010-01-29 22:06:59 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010-01-12 12:03:34 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-11-12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-03-27 02:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009-02-17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007-07-18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006-11-27 17:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-11-27 17:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-10-18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006-07-05 14:50:52 | 000,683,791 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2006-06-19 00:51:32 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-05-09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005-01-07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004-08-03 22:59:44 | 000,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004-03-12 23:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d346prt.sys -- (d346prt)
DRV - [2004-03-12 23:41:28 | 000,156,800 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d346bus.sys -- (d346bus)
DRV - [2003-08-12 13:51:00 | 000,060,255 | R--- | M] (STMicroelectronics              ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Allegro"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.pl"
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: expressivo@expressivo.com:1.0
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100415
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010-01-29 22:28:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-28 17:58:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-02 23:07:51 | 000,000,000 | ---D | M]
 
[2010-01-29 22:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Extensions
[2010-05-18 20:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions
[2010-04-11 00:18:01 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-05-01 14:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\extensions\nasanightlaunch@example.com
[2010-04-11 00:24:33 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Raaf\Dane aplikacji\Mozilla\Firefox\Profiles\nylvgvwd.default\searchplugins\winamp-search.xml
[2010-05-10 20:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-16 03:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2007-07-26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010-01-16 03:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-16 03:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-16 03:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-16 03:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 03:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
 
O1 HOSTS File: ([2010-04-22 20:38:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (Pasek &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Pasek &Crawler) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics              )
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [ExprOElauncher] C:\Program Files\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe (Nektra S.A.)
O4 - HKCU..\Run: [IVONA ControlCenter] C:\Program Files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe (IVO Software Sp. z o.o.)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-29 21:50:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003-12-15 12:18:36 | 000,172,032 | R--- | M] (Team17 Software Ltd) - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2001-03-21 18:05:38 | 000,000,051 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010-05-19 20:33:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-05-19 20:07:31 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exe
[2010-05-19 18:22:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Raaf\Recent
[2010-05-19 17:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\sfArk
[2010-05-19 17:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\SF2
[2010-05-13 17:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Sun
[2010-05-13 17:18:40 | 000,921,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Raaf\Pulpit\jxpiinstall.exe
[2010-05-11 18:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\Nowy folder (2)
[2010-05-10 20:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\IVONA
[2010-05-10 19:54:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\Expressivo Podcasts
[2010-05-10 19:54:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\Expressivo Documents
[2010-05-10 19:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\ivo
[2010-05-10 19:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Expressivo
[2010-05-10 19:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\IVONA_INST
[2010-05-10 19:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\lektury cd1
[2010-05-07 14:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\wyspagothic_www.przeklej.pl
[2010-05-07 13:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\Ancient Dome
[2010-05-07 11:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\czip17_paczka
[2010-05-06 20:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\FreeStone Group
[2010-05-06 20:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Video Card Stability Test
[2010-05-06 14:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\Modowanie
[2010-05-05 11:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\GothicSourcer V3.10
[2010-05-04 20:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\g2nkscriptspl
[2010-05-01 19:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\PROSTO
[2010-04-30 17:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Autodesk
[2010-04-30 17:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\3dsmax
[2010-04-30 17:36:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\Adlm
[2010-04-30 17:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\Autodesk
[2010-04-30 17:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010-04-30 17:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
[2010-04-30 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010-04-30 17:31:39 | 000,952,832 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javac.exe
[2010-04-30 16:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Team17
[2010-04-30 16:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Pulpit\Nowy folder
[2010-04-28 20:43:45 | 000,033,792 | ---- | C] (Team H2O) -- C:\WINDOWS\System32\drivers\cledx.sys
[2010-04-28 20:38:57 | 000,016,896 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\drivers\synasUSB.sys
[2010-04-28 20:38:49 | 000,045,056 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\Synsopos.exe
[2010-04-28 20:38:48 | 000,708,608 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\SYNSOACC.dll
[2010-04-28 20:38:48 | 000,147,456 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\SynsoLChk.dll
[2010-04-28 20:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2010-04-28 20:18:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Steinberg
[2010-04-28 20:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010-04-28 19:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Canneverbe Limited
[2010-04-28 19:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited
[2010-04-28 19:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010-04-26 19:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\NinjaBlade
[2010-04-25 12:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010-04-24 20:17:42 | 000,077,824 | ---- | C] (Fox Magic Software) -- C:\WINDOWS\System32\fmcodec.DLL
[2010-04-24 20:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\Fox Magic
[2010-04-24 13:00:59 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn0415.exe
[2010-04-23 12:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2010-04-22 20:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Dane aplikacji\Malwarebytes
[2010-04-22 20:58:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-22 20:58:02 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-22 20:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-04-22 20:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-04-22 15:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Raaf\Moje dokumenty\BioWare
[2010-04-22 14:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2010-03-08 17:07:54 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2010-03-08 17:07:54 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010-05-19 20:35:17 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-05-19 20:34:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-19 20:34:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-19 20:33:51 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Raaf\NTUSER.DAT
[2010-05-19 20:07:32 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Raaf\Pulpit\OTL.exe
[2010-05-19 17:41:45 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2010-05-19 17:41:45 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2010-05-19 17:41:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2010-05-19 17:41:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2010-05-19 17:41:45 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2010-05-19 17:41:45 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2010-05-19 17:41:45 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2010-05-19 17:41:45 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2010-05-19 17:41:45 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2010-05-19 17:41:45 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2010-05-19 17:41:45 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2010-05-19 15:38:14 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-19 15:32:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-16 11:19:41 | 000,053,330 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\d55696d1aa.jpeg
[2010-05-16 11:19:24 | 000,048,830 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\d2cb70e1fd.jpeg
[2010-05-16 11:19:13 | 000,027,692 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\531050f699.jpeg
[2010-05-16 11:19:04 | 000,041,278 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\672c06401a.jpeg
[2010-05-14 20:20:46 | 004,556,346 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Oriental beat prod. Zychu.mp3
[2010-05-14 17:55:00 | 000,985,406 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Guitar Acoustic (963KB).sf2
[2010-05-14 16:55:58 | 003,160,560 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Strings Legato Korg Triton.SF2
[2010-05-13 17:18:45 | 000,921,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Raaf\Pulpit\jxpiinstall.exe
[2010-05-13 13:33:25 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2010-05-13 13:33:25 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-05-11 19:57:32 | 001,701,144 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\sa.wav
[2010-05-11 19:54:01 | 010,904,033 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Concierto de Aranjuez by JoaquĂ­n Rodrigo II-Adagio.mp3
[2010-05-10 20:11:19 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Expressivo.lnk
[2010-05-10 19:38:27 | 041,301,843 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Expressivo_1.5.1.exe
[2010-05-10 19:06:05 | 050,554,058 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\lektury_cd1.rar
[2010-05-10 16:34:32 | 000,372,999 | ---- | M] () -- C:\Documents and Settings\Raaf\Moje dokumenty\tibiaAuto.cfg.Lord Berith.xml
[2010-05-09 20:59:33 | 002,639,182 | -H-- | M] () -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-05-09 19:41:28 | 002,945,024 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\all.max
[2010-05-09 19:17:38 | 000,438,272 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\dom.max
[2010-05-09 17:15:18 | 000,204,629 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\helmowy_jar.3ds
[2010-05-09 17:14:37 | 000,725,682 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\modellingcontest_simon4af06c78.rar
[2010-05-09 15:39:34 | 000,270,336 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\jaskinie.max
[2010-05-08 17:49:47 | 000,063,317 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\hausgroß.3ds
[2010-05-08 11:55:08 | 000,991,232 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\city.max
[2010-05-07 20:55:38 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Tibia Auto.lnk
[2010-05-07 14:42:02 | 002,288,251 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\map.jpg
[2010-05-07 12:00:21 | 000,090,757 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\shirt_material_.JPG
[2010-05-06 20:23:24 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Video Card Stability Test.lnk
[2010-05-06 19:41:53 | 000,082,566 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\av.jpg
[2010-05-06 19:03:18 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Prezentacja - strony www - Zych Rafał.ppt
[2010-05-06 15:03:23 | 000,001,014 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\GothicSourcer V3.10.lnk
[2010-05-06 14:39:07 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gothic II.lnk
[2010-05-05 13:22:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\zSpy.INI
[2010-05-04 20:28:29 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2010-05-04 19:43:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010-05-04 12:13:29 | 000,009,876 | ---- | M] () -- C:\Documents and Settings\Raaf\Moje dokumenty\larvy.xml
[2010-05-03 15:47:19 | 000,009,870 | ---- | M] () -- C:\Documents and Settings\Raaf\Moje dokumenty\Dwarf.xml
[2010-05-02 20:20:01 | 000,967,680 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\<img src='http://www.forum.tweaks.pl/public/style_emoticons/<#EMO_DIR#>/cool.png' class='bbc_emoticon' alt='B)' />.avi
[2010-05-01 13:34:55 | 000,000,083 | ---- | M] () -- C:\WINDOWS\WWP.INI
[2010-04-30 17:35:27 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Autodesk 3ds Max 2009 32-bit.lnk
[2010-04-30 17:34:16 | 000,007,408 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services
[2010-04-30 16:46:25 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Worms World Party.lnk
[2010-04-30 14:59:32 | 000,000,090 | ---- | M] () -- C:\WINDOWS\WA.INI
[2010-04-29 12:52:58 | 001,604,509 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\asdsafdsfhhk.mp3
[2010-04-28 20:39:48 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Hypersonic.exe.lnk
[2010-04-28 19:51:03 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CDBurnerXP.lnk
[2010-04-28 19:44:00 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib
[2010-04-26 19:37:16 | 000,000,541 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Ninja Blade .lnk
[2010-04-25 12:10:50 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\CCleaner.lnk
[2010-04-25 11:04:31 | 000,000,779 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-04-25 10:24:47 | 001,619,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-24 21:23:21 | 000,445,735 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\aitutaki-lagoon-1440-900-4604.jpg
[2010-04-24 20:17:42 | 000,001,861 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\ScreenVirtuoso PRO.lnk
[2010-04-24 19:41:36 | 000,738,308 | ---- | M] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 2.psd
[2010-04-24 19:35:51 | 000,077,408 | ---- | M] () -- C:\Documents and Settings\Raaf\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-04-22 20:58:06 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-04-22 20:38:04 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010-04-22 14:29:54 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mass Effect.lnk
[2010-04-20 16:50:50 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Raaf\Moje dokumenty\Zakon joannitów..doc
[2010-04-20 16:10:56 | 000,149,504 | ---- | M] () -- C:\Documents and Settings\Raaf\Moje dokumenty\Zakon Joannitów - foliogram..doc
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010-05-16 11:19:40 | 000,053,330 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\d55696d1aa.jpeg
[2010-05-16 11:19:24 | 000,048,830 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\d2cb70e1fd.jpeg
[2010-05-16 11:19:12 | 000,027,692 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\531050f699.jpeg
[2010-05-16 11:19:04 | 000,041,278 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\672c06401a.jpeg
[2010-05-15 17:54:16 | 012,696,314 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\aaviolin(triples)x-layer.sf2
[2010-05-15 17:42:51 | 000,024,610 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\wahvoice.sf2
[2010-05-14 20:11:04 | 004,556,346 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Oriental beat prod. Zychu.mp3
[2010-05-14 17:54:53 | 000,985,406 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Guitar Acoustic (963KB).sf2
[2010-05-14 16:55:43 | 003,160,560 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Strings Legato Korg Triton.SF2
[2010-05-13 13:33:25 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2010-05-13 13:33:25 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-05-11 19:57:32 | 001,701,144 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\sa.wav
[2010-05-11 19:53:27 | 010,904,033 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Concierto de Aranjuez by JoaquĂ­n Rodrigo II-Adagio.mp3
[2010-05-10 19:54:43 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Expressivo.lnk
[2010-05-10 19:32:37 | 041,301,843 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Expressivo_1.5.1.exe
[2010-05-10 18:56:27 | 050,554,058 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\lektury_cd1.rar
[2010-05-09 19:17:21 | 000,438,272 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\dom.max
[2010-05-09 17:15:18 | 000,204,629 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\helmowy_jar.3ds
[2010-05-09 17:14:34 | 000,725,682 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\modellingcontest_simon4af06c78.rar
[2010-05-09 14:51:56 | 000,270,336 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\jaskinie.max
[2010-05-09 12:31:34 | 002,945,024 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\all.max
[2010-05-08 17:49:47 | 000,063,317 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\hausgroß.3ds
[2010-05-08 11:54:47 | 000,991,232 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\city.max
[2010-05-07 14:41:59 | 002,288,251 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\map.jpg
[2010-05-07 11:58:15 | 000,090,757 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\shirt_material_.JPG
[2010-05-06 20:23:24 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Video Card Stability Test.lnk
[2010-05-06 19:39:27 | 000,082,566 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\av.jpg
[2010-05-06 19:03:18 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Prezentacja - strony www - Zych Rafał.ppt
[2010-05-06 15:03:23 | 000,001,014 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\GothicSourcer V3.10.lnk
[2010-05-06 14:39:07 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gothic II.lnk
[2010-05-05 13:22:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\zSpy.INI
[2010-05-04 20:28:29 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-05-04 12:09:05 | 000,009,876 | ---- | C] () -- C:\Documents and Settings\Raaf\Moje dokumenty\larvy.xml
[2010-05-03 15:14:51 | 000,009,870 | ---- | C] () -- C:\Documents and Settings\Raaf\Moje dokumenty\Dwarf.xml
[2010-05-02 20:18:20 | 000,967,680 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\<img src='http://www.forum.tweaks.pl/public/style_emoticons/<#EMO_DIR#>/cool.png' class='bbc_emoticon' alt='B)' />.avi
[2010-05-01 13:34:55 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WWP.INI
[2010-04-30 18:59:27 | 022,967,808 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\unwrap agpc.avi
[2010-04-30 17:35:27 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Autodesk 3ds Max 2009 32-bit.lnk
[2010-04-30 16:46:25 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Worms World Party.lnk
[2010-04-30 14:59:32 | 000,000,090 | ---- | C] () -- C:\WINDOWS\WA.INI
[2010-04-29 12:52:38 | 001,604,509 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\asdsafdsfhhk.mp3
[2010-04-28 20:46:40 | 000,000,471 | ---- | C] () -- C:\WINDOWS\System32\Datei4
[2010-04-28 20:46:40 | 000,000,471 | ---- | C] () -- C:\WINDOWS\System32\Datei2
[2010-04-28 20:46:40 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Datei3
[2010-04-28 20:46:40 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Datei1
[2010-04-28 20:46:40 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\Datei7
[2010-04-28 20:46:40 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\Datei5
[2010-04-28 20:46:40 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\Datei0
[2010-04-28 20:46:40 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei9
[2010-04-28 20:46:40 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei8
[2010-04-28 20:46:40 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei10
[2010-04-28 20:46:40 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\Datei6
[2010-04-28 20:38:58 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm
[2010-04-28 20:38:58 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2010-04-28 20:38:58 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm
[2010-04-28 20:37:32 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Hypersonic.exe.lnk
[2010-04-28 19:51:03 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CDBurnerXP.lnk
[2010-04-28 19:51:02 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010-04-28 19:43:19 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2010-04-26 19:37:16 | 000,000,541 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Ninja Blade .lnk
[2010-04-25 12:10:50 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\CCleaner.lnk
[2010-04-24 21:23:21 | 000,445,735 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\aitutaki-lagoon-1440-900-4604.jpg
[2010-04-24 20:17:42 | 000,001,861 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\ScreenVirtuoso PRO.lnk
[2010-04-24 19:22:49 | 000,738,308 | ---- | C] () -- C:\Documents and Settings\Raaf\Pulpit\Bez nazwy 2.psd
[2010-04-22 20:58:06 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-04-22 14:29:54 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mass Effect.lnk
[2010-04-20 16:18:56 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Raaf\Moje dokumenty\Zakon joannitów..doc
[2010-04-20 16:05:39 | 000,149,504 | ---- | C] () -- C:\Documents and Settings\Raaf\Moje dokumenty\Zakon Joannitów - foliogram..doc
[2010-03-26 15:59:10 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010-03-26 15:59:10 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010-03-08 21:16:09 | 000,683,791 | R--- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2010-03-08 21:16:09 | 000,000,915 | R--- | C] () -- C:\WINDOWS\System32\setup.ini
[2010-03-08 21:16:09 | 000,000,161 | R--- | C] () -- C:\WINDOWS\DSLSetup.ini
[2010-03-08 19:55:03 | 000,000,082 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2010-02-28 14:21:59 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010-02-02 18:41:53 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-02-02 18:41:53 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010-02-02 18:41:52 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010-02-02 18:41:52 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010-02-02 18:41:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010-02-02 18:41:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010-02-02 18:41:50 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010-01-29 22:28:09 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2004-08-04 00:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-08-03 22:59:44 | 000,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004-07-17 11:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004-03-15 20:28:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6BE50C2B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF
< End of report >

  • 0

#6 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 19 05 2010 - 20:45

[2010-04-28 20:46:40 | 000,000,471 | ---- | C] () -- C:\WINDOWS\System32\Datei4
[2010-04-28 20:46:40 | 000,000,471 | ---- | C] () -- C:\WINDOWS\System32\Datei2
[2010-04-28 20:46:40 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Datei3
[2010-04-28 20:46:40 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Datei1
[2010-04-28 20:46:40 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\Datei7
[2010-04-28 20:46:40 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\Datei5
[2010-04-28 20:46:40 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\Datei0
[2010-04-28 20:46:40 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei9
[2010-04-28 20:46:40 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei8
[2010-04-28 20:46:40 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei10
[2010-04-28 20:46:40 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\Datei6

Usunięte.
W nowym logu raczej czysto.
Nie wiem tylko, co to za obiekty, te powyższe?
Jeśli to foldery, to zajrzyj do któregoś z nich i zobacz, co w nim jest.
Jeśli zaś to pliki, na któryś z nich najedź myszką, i zobacz, co tam napisane, jaka Firma, itp.
.
Napisz tu o tym
.

Użytkownik ordynat edytował ten post 19 05 2010 - 20:45

  • 0

#7 proquest

proquest

    Początkujący

  • 52 postów

Napisano 19 05 2010 - 21:11

Są to pliki, nie piszę nic, tylko, żę to plik
  • 0

#8 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 19 05 2010 - 21:26

Jeśli je znasz, to zostawiamy je w spokoju.
Jeśli nie znasz, to sprawdzisz je na -> JOTTI/ albo na VIRUSTOTAL. albo na VIRSCAN
  • 0

#9 proquest

proquest

    Początkujący

  • 52 postów

Napisano 19 05 2010 - 21:41

Nic nie znaleziono, a mogę je usunąć? Czy zostawić?
  • 0

#10 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 19 05 2010 - 21:51

Zostaw. Może to któregoś z Twoich programów - choć nie bardzo widzę, by któryś pasował do tego.

W OTL kliknij na przycisk "CleanUp" - to go usunie razem z jego Kwarantanną.
.

  • 0




Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych