Logi - Mnówsto trojanów

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:23:10, on 2010-02-20

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Programy\ Winamp 5.572 Full PL\winampa.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programy\Gadu-Gadu 7.7 Build 3746\gg.exe

C:\Programy\Xfire\Xfire.exe

C:\Programy\Flock 2.5.3 PL\flock.exe

C:\Programy\HijackThis 2.0.2\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll

O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 C:\WINDOWS\system\cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [WinampAgent] "C:\Programy\ Winamp 5.572 Full PL\winampa.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Programy\Gadu-Gadu 7.7 Build 3746\gg.exe" /tray

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - S-1-5-18 Startup: Xfire.lnk = C:\Programy\Xfire\Xfire.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Xfire.lnk = C:\Programy\Xfire\Xfire.exe (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Programy\Xfire\Xfire.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



--

End of file - 4108 bytes

Użytkownik byar edytował ten post 21 02 2010 - 04:43
codebox

OTL logfile created on: 2010-02-26 15:48:18 - Run 1OTL by OldTimer - Version 3.1.30.2     Folder = F:\Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 167,00 Mb Available Physical Memory | 33,00% Memory free1,00 Gb Paging File | 1,00 Gb Available in Paging File | 51,00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 25,05 Gb Total Space | 13,34 Gb Free Space | 53,24% Space Free | Partition Type: NTFSDrive D: | 5,03 Gb Total Space | 5,00 Gb Free Space | 99,44% Space Free | Partition Type: NTFSDrive E: | 72,08 Gb Total Space | 5,84 Gb Free Space | 8,10% Space Free | Partition Type: NTFSDrive F: | 195,94 Gb Total Space | 6,50 Gb Free Space | 3,32% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: WINDT_09Current User Name: SysOpLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010-02-26 15:33:17 | 000,549,888 | ---- | M] (OldTimer Tools) -- F:\OTL.exePRC - [2010-02-18 10:13:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2010-02-11 07:15:50 | 000,834,416 | ---- | M] (Opera Software) -- C:\Programy\Opera 10.50 Beta\opera.exePRC - [2010-02-11 04:16:04 | 003,207,056 | ---- | M] (Xfire Inc.) -- C:\Programy\Xfire\Xfire.exePRC - [2010-01-13 23:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Programy\ Winamp 5.572 Full PL\winampa.exePRC - [2010-01-11 22:17:44 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exePRC - [2009-12-12 15:10:47 | 001,044,992 | ---- | M] (Alexander Roshal) -- C:\Programy\WinRAR 3.91\WinRAR.exePRC - [2009-03-17 08:40:58 | 001,739,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2008-09-24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exePRC - [2008-03-20 11:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Programy\Gadu-Gadu 7.7 Build 3746\gg.exe  ========== Modules (SafeList) ========== MOD - [2010-02-26 15:33:17 | 000,549,888 | ---- | M] (OldTimer Tools) -- F:\OTL.exeMOD - [2010-02-11 04:16:12 | 000,942,480 | ---- | M] (Xfire Inc.) -- C:\Programy\Xfire\xfire_toucan_41445.dllMOD - [2008-04-14 21:51:00 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dllMOD - [2008-04-14 21:50:36 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dllMOD - [2006-12-21 13:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Programy\Gadu-Gadu 7.7 Build 3746\ggwhook.dllMOD - [2003-02-21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll  ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] --  -- (CiSvc)SRV - File not found [On_Demand | Stopped] --  -- (ALG)SRV - [2010-02-18 10:13:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)SRV - [2010-01-11 22:17:44 | 000,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)SRV - [2009-11-12 18:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)SRV - [2008-09-24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)  ========== Driver Services (SafeList) ========== DRV - [2010-02-20 13:05:07 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\rakion.sys -- (rak)DRV - [2010-01-12 05:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)DRV - [2009-07-12 13:05:11 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)DRV - [2009-07-12 12:32:34 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)DRV - [2009-07-12 12:32:32 | 000,027,165 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)DRV - [2009-06-17 17:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)DRV - [2009-06-17 17:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)DRV - [2009-06-17 17:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)DRV - [2009-03-15 11:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)DRV - [2008-04-13 21:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)DRV - [2004-08-23 09:21:12 | 000,821,760 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)DRV - [2002-10-14 06:40:32 | 000,017,616 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tj2knd5.sys -- (tj2knd5) Terayon Cable Modem (NDIS)DRV - [2002-10-14 06:40:24 | 000,069,680 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tj2kunic.sys -- (tj2kunic) Terayon Cable Modem (WDM)DRV - [2001-08-18 00:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ==========  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%sIE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - HKLM\software\mozilla\Flock 2.5.3\extensions\\Components: C:\Programy\Flock 2.5.3 PL\components [2010-01-21 02:52:03 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Flock 2.5.3\extensions\\Plugins: C:\Programy\Flock 2.5.3 PL\plugins [2010-01-21 01:07:10 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Programy\Flock 2.5.6 PL\componentsFF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Programy\Flock 2.5.6 PL\pluginsFF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programy\Mozilla Firefox 3.5.7\components [2010-02-20 06:19:27 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programy\Mozilla Firefox 3.5.7\plugins [2010-02-18 10:14:00 | 000,000,000 | ---D | M] [2010-01-21 00:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Extensions[2010-01-21 00:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}[2010-02-20 08:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\mf72k35y.default\extensions[2010-01-20 03:08:59 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\mf72k35y.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} Hosts file not foundO2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\system\cmicnfg.CPL (C-Media Corporation)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [WinampAgent] C:\Programy\ Winamp 5.572 Full PL\winampa.exe (Nullsoft, Inc.)O4 - HKCU..\Run: [Gadu-Gadu] C:\Programy\Gadu-Gadu 7.7 Build 3746\gg.exe (Gadu-Gadu S.A.)O4 - Startup: C:\Documents and Settings\SysOp\Menu Start\Programy\Autostart\Xfire.lnk = C:\Programy\Xfire\Xfire.exe (Xfire Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.39.211 212.76.39.205O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (cr1t1cal)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010-01-20 01:20:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{b1d68586-1a5c-11df-ab19-00e06fd7a039}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO33 - MountPoints2\{b1d68586-1a5c-11df-ab19-00e06fd7a039}\Shell\open\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not foundO34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-02-26 13:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\SpeedSim[2010-02-26 01:29:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SysOp\Recent[2010-02-24 12:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment[2010-02-23 20:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment[2010-02-23 20:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard[2010-02-23 20:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\MWoW_Launcher[2010-02-23 17:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\ipla[2010-02-23 17:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla[2010-02-23 17:32:54 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll[2010-02-23 17:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10[2010-02-23 17:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Gadu-Gadu 10[2010-02-23 16:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Nero[2010-02-23 16:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar[2010-02-23 16:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero[2010-02-23 16:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nero[2010-02-23 16:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Real[2010-02-22 16:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\WBGames[2010-02-21 11:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\GTA San Andreas User Files[2010-02-21 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Opera[2010-02-21 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Opera[2010-02-21 00:25:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy[2010-02-20 19:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\Savage 2 - A Tortured Soul[2010-02-20 18:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TmForever[2010-02-20 18:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\TmForever[2010-02-20 14:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\xerox[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\speechengines[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker[2010-02-20 14:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage[2010-02-20 12:54:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER[2010-02-20 12:19:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2010-02-20 12:19:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2010-02-20 12:19:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2010-02-20 12:19:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2010-02-20 12:19:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2010-02-20 12:18:59 | 000,000,000 | ---D | C] -- C:\ComboFix[2010-02-20 06:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\BitDefender[2010-02-20 06:13:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP[2010-02-20 06:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender[2010-02-20 05:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Softwin[2010-02-20 05:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Softwin[2010-02-20 05:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation[2010-02-20 05:00:45 | 010,276,768 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys[2010-02-20 05:00:45 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll[2010-02-20 05:00:44 | 014,458,880 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll[2010-02-20 05:00:44 | 002,259,560 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll[2010-02-20 05:00:43 | 011,632,640 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll[2010-02-20 05:00:43 | 004,104,192 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll[2010-02-20 05:00:43 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll[2010-02-20 05:00:43 | 001,081,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll[2010-02-20 05:00:43 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll[2010-02-20 05:00:43 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll[2010-02-20 05:00:40 | 006,359,168 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll[2010-02-20 04:17:43 | 001,686,016 | ---- | C] (Clever Components) -- C:\WINDOWS\System32\clinetsuitex6.ocx[2010-02-20 04:17:43 | 000,427,864 | ---- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\WINDOWS\System32\XceedZip.dll[2010-02-20 04:17:42 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX[2010-02-20 04:17:42 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX[2010-02-20 04:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)[2010-02-19 22:13:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt[2010-02-18 16:13:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll[2010-02-18 16:13:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll[2010-02-18 16:13:27 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll[2010-02-18 15:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Uniblue[2010-02-18 10:14:00 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll[2010-02-18 10:14:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe[2010-02-18 10:14:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe[2010-02-18 10:14:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe[2010-02-18 10:14:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl[2010-02-18 10:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java[2010-02-18 10:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Sun[2010-02-17 13:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP[2010-02-17 13:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Regenerator[2010-02-17 13:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Downloaded Installations[2010-02-17 13:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild[2010-02-17 13:15:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer[2010-02-17 13:15:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us[2010-02-17 13:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies[2010-02-17 13:13:55 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll[2010-02-17 13:13:48 | 000,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe[2010-02-16 18:16:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\Runes of Magic[2010-02-16 06:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Asprate[2010-02-10 16:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Identities[2010-02-10 16:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Identities[2010-02-01 18:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics[2010-02-01 18:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\InstallShield[2010-01-20 03:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire[2010-01-20 01:21:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft[2010-01-20 01:21:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft[2010-01-20 01:21:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft[2010-01-20 01:21:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010-02-26 13:59:25 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\SpeedSim.lnk[2010-02-26 13:56:51 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-02-26 09:31:57 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml[2010-02-26 09:31:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-02-26 09:31:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-02-26 01:29:59 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\SysOp\NTUSER.DAT[2010-02-25 07:25:43 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI[2010-02-24 16:25:23 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Wow.lnk[2010-02-23 19:44:51 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat[2010-02-23 17:32:54 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll[2010-02-23 16:12:22 | 000,002,352 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nero StartSmart.lnk[2010-02-21 11:56:19 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\GTA Âîçđîćäĺíčĺ 4Life.lnk[2010-02-21 00:30:37 | 000,000,576 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol[2010-02-20 19:52:02 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Savage 2 - A Tortured Soul.lnk[2010-02-20 18:32:53 | 000,000,587 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TmNationsForever.lnk[2010-02-20 14:39:03 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin[2010-02-20 13:05:07 | 000,060,928 | ---- | M] () -- C:\WINDOWS\System32\rakion.sys[2010-02-20 12:33:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2010-02-20 11:55:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml[2010-02-20 11:31:32 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk[2010-02-20 06:30:32 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI[2010-02-20 06:23:25 | 000,018,224 | ---- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT[2010-02-20 06:20:46 | 000,177,664 | -H-- | M] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Keymaker.exe[2010-02-20 06:19:22 | 000,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml[2010-02-20 06:19:21 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml[2010-02-20 06:14:20 | 001,081,472 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010-02-20 06:14:20 | 000,497,318 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2010-02-20 06:14:20 | 000,438,674 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010-02-20 06:14:20 | 000,087,550 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2010-02-20 06:14:20 | 000,069,980 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010-02-20 05:50:49 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\KGB Archiver.lnk[2010-02-20 05:02:18 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\SysOp\ntuser.ini[2010-02-20 04:59:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2010-02-20 04:59:05 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat[2010-02-20 04:17:43 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Driver Genius Professional Edition.lnk[2010-02-19 22:04:12 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010-02-19 22:04:04 | 000,099,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010-02-19 01:19:38 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\PO.lnk[2010-02-18 10:14:32 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\JDownloader.lnk[2010-02-18 10:13:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll[2010-02-18 10:13:47 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe[2010-02-18 10:13:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe[2010-02-18 10:13:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe[2010-02-18 10:13:47 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl[2010-02-17 06:06:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Runes of Magic.lnk[2010-02-16 16:45:54 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\EVEREST Home Edition.lnk[2010-02-11 04:16:10 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll[2010-02-09 20:44:02 | 005,854,832 | -H-- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\IconCache.db[2010-02-08 14:08:18 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\RF Online EQG.lnk[2010-01-31 23:10:17 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Rappelz.lnk[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-02-26 13:59:25 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\SpeedSim.lnk[2010-02-25 07:25:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI[2010-02-24 16:25:23 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Wow.lnk[2010-02-23 16:12:22 | 000,002,352 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nero StartSmart.lnk[2010-02-21 11:56:19 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\GTA Âîçđîćäĺíčĺ 4Life.lnk[2010-02-21 00:29:08 | 000,000,576 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol[2010-02-20 19:52:02 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Savage 2 - A Tortured Soul.lnk[2010-02-20 18:32:53 | 000,000,587 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TmNationsForever.lnk[2010-02-20 13:05:07 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\rakion.sys[2010-02-20 12:19:12 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe[2010-02-20 12:19:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2010-02-20 12:19:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2010-02-20 12:19:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe[2010-02-20 12:19:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2010-02-20 11:54:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml[2010-02-20 11:31:32 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk[2010-02-20 06:30:32 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI[2010-02-20 06:19:22 | 000,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml[2010-02-20 06:19:21 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml[2010-02-20 05:50:49 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\KGB Archiver.lnk[2010-02-20 05:28:08 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin[2010-02-20 05:00:40 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin[2010-02-20 04:59:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2010-02-20 04:59:05 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat[2010-02-20 04:17:43 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Driver Genius Professional Edition.lnk[2010-02-19 01:19:38 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\PO.lnk[2010-02-18 10:14:32 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\JDownloader.lnk[2010-02-17 13:56:32 | 000,070,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat[2010-02-17 13:56:18 | 000,177,664 | -H-- | C] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Keymaker.exe[2010-02-16 18:16:13 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Runes of Magic.lnk[2010-02-16 16:45:54 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\EVEREST Home Edition.lnk[2010-02-11 04:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll[2010-02-08 14:08:18 | 000,000,532 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\RF Online EQG.lnk[2010-01-31 23:10:17 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Rappelz.lnk[2010-01-22 03:54:30 | 000,001,015 | ---- | C] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Current.prx[2010-01-20 13:51:34 | 000,000,270 | ---- | C] () -- C:\WINDOWS\thug2.ini[2010-01-20 10:56:01 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-01-20 03:50:05 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2010-01-20 01:49:11 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll[2010-01-20 01:38:55 | 000,002,866 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini[2010-01-20 01:38:52 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS[2005-10-14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2005-10-14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll[2005-10-14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll[2005-10-14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll[2005-10-14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll[2005-10-14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2005-10-14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1AAB2E68< End of report >

Użytkownik byar edytował ten post 26 02 2010 - 16:28

:Folders
I:\RECYCLER
C:\RECYCLER

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-20 01:20:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O33 - MountPoints2\{b1d68586-1a5c-11df-ab19-00e06fd7a039}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found
O33 - MountPoints2\{b1d68586-1a5c-11df-ab19-00e06fd7a039}\Shell\open\command - "" = I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe -- File not found

Error: Unable to interpret <:Folders> in the current context!Error: Unable to interpret <I:\RECYCLER> in the current context!Error: Unable to interpret <C:\RECYCLER> in the current context!========== OTL ==========HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!C:\AUTOEXEC.BAT moved successfully.Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1d68586-1a5c-11df-ab19-00e06fd7a039}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1d68586-1a5c-11df-ab19-00e06fd7a039}\ not found.File I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1d68586-1a5c-11df-ab19-00e06fd7a039}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1d68586-1a5c-11df-ab19-00e06fd7a039}\ not found.File I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe not found. OTL by OldTimer - Version 3.1.30.2 log created on 02262010_173821

TL logfile created on: 2010-02-26 17:42:47 - Run 3OTL by OldTimer - Version 3.1.30.2     Folder = F:\Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 254,00 Mb Available Physical Memory | 50,00% Memory free1,00 Gb Paging File | 1,00 Gb Available in Paging File | 62,00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 25,05 Gb Total Space | 12,94 Gb Free Space | 51,67% Space Free | Partition Type: NTFSDrive D: | 5,03 Gb Total Space | 5,00 Gb Free Space | 99,44% Space Free | Partition Type: NTFSDrive E: | 72,08 Gb Total Space | 5,84 Gb Free Space | 8,10% Space Free | Partition Type: NTFSDrive F: | 195,94 Gb Total Space | 6,20 Gb Free Space | 3,16% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: WINDT_09Current User Name: SysOpLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010-02-26 16:15:26 | 001,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exePRC - [2010-02-26 15:33:17 | 000,549,888 | ---- | M] (OldTimer Tools) -- F:\OTL.exePRC - [2010-02-18 10:13:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2010-02-11 07:15:50 | 000,834,416 | ---- | M] (Opera Software) -- C:\Programy\Opera 10.50 Beta\opera.exePRC - [2010-02-11 04:16:04 | 003,207,056 | ---- | M] (Xfire Inc.) -- C:\Programy\Xfire\Xfire.exePRC - [2010-01-13 23:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Programy\ Winamp 5.572 Full PL\winampa.exePRC - [2010-01-11 22:17:44 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exePRC - [2009-03-17 08:40:58 | 001,739,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2008-09-24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exePRC - [2008-03-20 11:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Programy\Gadu-Gadu 7.7 Build 3746\gg.exe  ========== Modules (SafeList) ========== MOD - [2010-02-26 15:33:17 | 000,549,888 | ---- | M] (OldTimer Tools) -- F:\OTL.exeMOD - [2010-02-11 04:16:12 | 000,942,480 | ---- | M] (Xfire Inc.) -- C:\Programy\Xfire\xfire_toucan_41445.dllMOD - [2008-04-14 21:51:00 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dllMOD - [2006-12-21 13:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Programy\Gadu-Gadu 7.7 Build 3746\ggwhook.dllMOD - [2003-02-21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll  ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] --  -- (CiSvc)SRV - File not found [On_Demand | Stopped] --  -- (ALG)SRV - [2010-02-18 10:13:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)SRV - [2010-01-11 22:17:44 | 000,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)SRV - [2009-11-12 18:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)SRV - [2008-09-24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)  ========== Driver Services (SafeList) ========== DRV - [2010-02-20 13:05:07 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\rakion.sys -- (rak)DRV - [2010-01-12 05:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)DRV - [2009-07-12 13:05:11 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)DRV - [2009-07-12 12:32:34 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)DRV - [2009-07-12 12:32:32 | 000,027,165 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)DRV - [2009-06-17 17:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)DRV - [2009-06-17 17:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)DRV - [2009-06-17 17:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)DRV - [2009-03-15 11:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)DRV - [2008-04-13 21:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)DRV - [2004-08-23 09:21:12 | 000,821,760 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)DRV - [2002-10-14 06:40:32 | 000,017,616 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tj2knd5.sys -- (tj2knd5) Terayon Cable Modem (NDIS)DRV - [2002-10-14 06:40:24 | 000,069,680 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tj2kunic.sys -- (tj2kunic) Terayon Cable Modem (WDM)DRV - [2001-08-18 00:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ==========  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2009787IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%sIE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)IE - HKCU\..\URLSearchHook: {d6902984-559d-4d30-83ba-6315d7c84cd1} - C:\Program Files\softonicen\tbsoft.dll (Conduit Ltd.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - HKLM\software\mozilla\Flock 2.5.3\extensions\\Components: C:\Programy\Flock 2.5.3 PL\components [2010-01-21 02:52:03 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Flock 2.5.3\extensions\\Plugins: C:\Programy\Flock 2.5.3 PL\plugins [2010-01-21 01:07:10 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Programy\Flock 2.5.6 PL\componentsFF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Programy\Flock 2.5.6 PL\pluginsFF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programy\Mozilla Firefox 3.5.7\components [2010-02-20 06:19:27 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programy\Mozilla Firefox 3.5.7\plugins [2010-02-18 10:14:00 | 000,000,000 | ---D | M] [2010-01-21 00:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Extensions[2010-01-21 00:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}[2010-02-26 16:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\mf72k35y.default\extensions[2010-01-20 03:08:59 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\mf72k35y.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}[2010-02-26 16:14:51 | 000,000,000 | ---D | M] (softonicen Toolbar) -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\mf72k35y.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1} Hosts file not foundO2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)O2 - BHO: (softonicen Toolbar) - {d6902984-559d-4d30-83ba-6315d7c84cd1} - C:\Program Files\softonicen\tbsoft.dll (Conduit Ltd.)O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (softonicen Toolbar) - {d6902984-559d-4d30-83ba-6315d7c84cd1} - C:\Program Files\softonicen\tbsoft.dll (Conduit Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\system\cmicnfg.CPL (C-Media Corporation)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [WinampAgent] C:\Programy\ Winamp 5.572 Full PL\winampa.exe (Nullsoft, Inc.)O4 - HKCU..\Run: [Gadu-Gadu] C:\Programy\Gadu-Gadu 7.7 Build 3746\gg.exe (Gadu-Gadu S.A.)O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)O4 - Startup: C:\Documents and Settings\SysOp\Menu Start\Programy\Autostart\Xfire.lnk = C:\Programy\Xfire\Xfire.exe (Xfire Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.39.211 212.76.39.205O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (cr1t1cal)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not foundO32 - HKLM CDRom: AutoRun - 1O35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-02-26 17:35:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SysOp\Recent[2010-02-26 16:22:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive[2010-02-26 16:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE[2010-02-26 16:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Steam[2010-02-26 16:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\softonicen[2010-02-26 16:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\softonicen[2010-02-26 13:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\SpeedSim[2010-02-24 12:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment[2010-02-23 20:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment[2010-02-23 20:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard[2010-02-23 20:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\MWoW_Launcher[2010-02-23 17:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\ipla[2010-02-23 17:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla[2010-02-23 17:32:54 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll[2010-02-23 17:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10[2010-02-23 17:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Gadu-Gadu 10[2010-02-23 16:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Nero[2010-02-23 16:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar[2010-02-23 16:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero[2010-02-23 16:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nero[2010-02-23 16:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Real[2010-02-22 16:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\WBGames[2010-02-21 11:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\GTA San Andreas User Files[2010-02-21 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Opera[2010-02-21 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Opera[2010-02-21 00:25:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy[2010-02-20 19:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\Savage 2 - A Tortured Soul[2010-02-20 18:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TmForever[2010-02-20 18:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\TmForever[2010-02-20 14:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\xerox[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\speechengines[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker[2010-02-20 14:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage[2010-02-20 12:54:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER[2010-02-20 12:19:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2010-02-20 12:19:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2010-02-20 12:19:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2010-02-20 12:19:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2010-02-20 12:19:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2010-02-20 12:18:59 | 000,000,000 | ---D | C] -- C:\ComboFix[2010-02-20 06:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\BitDefender[2010-02-20 06:13:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP[2010-02-20 06:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender[2010-02-20 05:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Softwin[2010-02-20 05:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Softwin[2010-02-20 05:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation[2010-02-20 05:00:45 | 010,276,768 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys[2010-02-20 05:00:45 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll[2010-02-20 05:00:44 | 014,458,880 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll[2010-02-20 05:00:44 | 002,259,560 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll[2010-02-20 05:00:43 | 011,632,640 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll[2010-02-20 05:00:43 | 004,104,192 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll[2010-02-20 05:00:43 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll[2010-02-20 05:00:43 | 001,081,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll[2010-02-20 05:00:43 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll[2010-02-20 05:00:43 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll[2010-02-20 05:00:40 | 006,359,168 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll[2010-02-20 04:17:43 | 001,686,016 | ---- | C] (Clever Components) -- C:\WINDOWS\System32\clinetsuitex6.ocx[2010-02-20 04:17:43 | 000,427,864 | ---- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\WINDOWS\System32\XceedZip.dll[2010-02-20 04:17:42 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX[2010-02-20 04:17:42 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX[2010-02-20 04:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)[2010-02-19 22:13:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt[2010-02-18 16:13:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll[2010-02-18 16:13:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll[2010-02-18 16:13:27 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll[2010-02-18 15:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Uniblue[2010-02-18 10:14:00 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll[2010-02-18 10:14:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe[2010-02-18 10:14:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe[2010-02-18 10:14:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe[2010-02-18 10:14:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl[2010-02-18 10:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java[2010-02-18 10:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Sun[2010-02-17 13:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP[2010-02-17 13:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Regenerator[2010-02-17 13:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Downloaded Installations[2010-02-17 13:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild[2010-02-17 13:15:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer[2010-02-17 13:15:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us[2010-02-17 13:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies[2010-02-17 13:13:55 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll[2010-02-17 13:13:48 | 000,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe[2010-02-16 18:16:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\Runes of Magic[2010-02-16 06:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Asprate[2010-02-10 16:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Identities[2010-02-10 16:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Identities[2010-02-01 18:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics[2010-02-01 18:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\InstallShield[2010-01-20 03:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire[2010-01-20 01:21:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft[2010-01-20 01:21:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft[2010-01-20 01:21:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft[2010-01-20 01:21:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010-02-26 17:21:18 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml[2010-02-26 17:21:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-02-26 17:21:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-02-26 16:29:43 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\SysOp\NTUSER.DAT[2010-02-26 16:15:08 | 000,001,872 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk[2010-02-26 16:14:47 | 002,483,200 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Softonicen.exe[2010-02-26 16:14:22 | 001,598,976 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\SteamInstall.msi[2010-02-26 13:59:25 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\SpeedSim.lnk[2010-02-26 13:56:51 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-02-25 07:25:43 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI[2010-02-24 16:25:23 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Wow.lnk[2010-02-23 19:44:51 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat[2010-02-23 17:32:54 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll[2010-02-23 16:12:22 | 000,002,352 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nero StartSmart.lnk[2010-02-21 11:56:19 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\GTA Âîçđîćäĺíčĺ 4Life.lnk[2010-02-21 00:30:37 | 000,000,576 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol[2010-02-20 19:52:02 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Savage 2 - A Tortured Soul.lnk[2010-02-20 18:32:53 | 000,000,587 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TmNationsForever.lnk[2010-02-20 14:39:03 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin[2010-02-20 13:05:07 | 000,060,928 | ---- | M] () -- C:\WINDOWS\System32\rakion.sys[2010-02-20 12:33:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2010-02-20 11:55:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml[2010-02-20 11:31:32 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk[2010-02-20 06:30:32 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI[2010-02-20 06:23:25 | 000,018,224 | ---- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT[2010-02-20 06:20:46 | 000,177,664 | -H-- | M] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Keymaker.exe[2010-02-20 06:19:22 | 000,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml[2010-02-20 06:19:21 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml[2010-02-20 06:14:20 | 001,081,472 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010-02-20 06:14:20 | 000,497,318 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2010-02-20 06:14:20 | 000,438,674 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010-02-20 06:14:20 | 000,087,550 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2010-02-20 06:14:20 | 000,069,980 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010-02-20 05:50:49 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\KGB Archiver.lnk[2010-02-20 05:02:18 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\SysOp\ntuser.ini[2010-02-20 04:59:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2010-02-20 04:59:05 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat[2010-02-20 04:17:43 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Driver Genius Professional Edition.lnk[2010-02-19 22:04:12 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010-02-19 22:04:04 | 000,099,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010-02-19 01:19:38 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\PO.lnk[2010-02-18 10:14:32 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\JDownloader.lnk[2010-02-18 10:13:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll[2010-02-18 10:13:47 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe[2010-02-18 10:13:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe[2010-02-18 10:13:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe[2010-02-18 10:13:47 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl[2010-02-17 06:06:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Runes of Magic.lnk[2010-02-16 16:45:54 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\EVEREST Home Edition.lnk[2010-02-11 04:16:10 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll[2010-02-09 20:44:02 | 005,854,832 | -H-- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\IconCache.db[2010-02-08 14:08:18 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\RF Online EQG.lnk[2010-01-31 23:10:17 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Rappelz.lnk[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-02-26 16:15:08 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk[2010-02-26 16:14:07 | 002,483,200 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Softonicen.exe[2010-02-26 16:14:07 | 001,598,976 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\SteamInstall.msi[2010-02-26 13:59:25 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\SpeedSim.lnk[2010-02-25 07:25:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI[2010-02-24 16:25:23 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Wow.lnk[2010-02-23 16:12:22 | 000,002,352 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nero StartSmart.lnk[2010-02-21 11:56:19 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\GTA Âîçđîćäĺíčĺ 4Life.lnk[2010-02-21 00:29:08 | 000,000,576 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol[2010-02-20 19:52:02 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Savage 2 - A Tortured Soul.lnk[2010-02-20 18:32:53 | 000,000,587 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TmNationsForever.lnk[2010-02-20 13:05:07 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\rakion.sys[2010-02-20 12:19:12 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe[2010-02-20 12:19:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2010-02-20 12:19:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2010-02-20 12:19:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe[2010-02-20 12:19:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2010-02-20 11:54:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml[2010-02-20 11:31:32 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk[2010-02-20 06:30:32 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI[2010-02-20 06:19:22 | 000,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml[2010-02-20 06:19:21 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml[2010-02-20 05:50:49 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\KGB Archiver.lnk[2010-02-20 05:28:08 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin[2010-02-20 05:00:40 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin[2010-02-20 04:59:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2010-02-20 04:59:05 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat[2010-02-20 04:17:43 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Driver Genius Professional Edition.lnk[2010-02-19 01:19:38 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\PO.lnk[2010-02-18 10:14:32 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\JDownloader.lnk[2010-02-17 13:56:32 | 000,070,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat[2010-02-17 13:56:18 | 000,177,664 | -H-- | C] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Keymaker.exe[2010-02-16 18:16:13 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Runes of Magic.lnk[2010-02-16 16:45:54 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\EVEREST Home Edition.lnk[2010-02-11 04:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll[2010-02-08 14:08:18 | 000,000,532 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\RF Online EQG.lnk[2010-01-31 23:10:17 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Rappelz.lnk[2010-01-22 03:54:30 | 000,001,015 | ---- | C] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Current.prx[2010-01-20 13:51:34 | 000,000,270 | ---- | C] () -- C:\WINDOWS\thug2.ini[2010-01-20 10:56:01 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-01-20 03:50:05 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2010-01-20 01:49:11 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll[2010-01-20 01:38:55 | 000,002,866 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini[2010-01-20 01:38:52 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS[2008-10-28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat[2005-10-14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2005-10-14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll[2005-10-14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll[2005-10-14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll[2005-10-14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll[2005-10-14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2005-10-14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1AAB2E68< End of report >

Użytkownik byar edytował ten post 26 02 2010 - 18:22

:Files
C:\RECYCLER
I:\RECYCLER
C:\WINDOWS\SWXCACLS.exe
C:\WINDOWS\SWREG.exe
C:\WINDOWS\SWSC.exe
C:\WINDOWS\NIRCMD.exe

:OTL
O32 - HKLM CDRom: AutoRun - 1

:Commands
[emptytemp]
[reboot]

All processes killed========== FILES ==========C:\RECYCLER\S-1-5-21-1343024091-117609710-1606980848-1001 folder moved successfully.C:\RECYCLER folder moved successfully.File\Folder I:\RECYCLER not found.C:\WINDOWS\SWXCACLS.exe moved successfully.C:\WINDOWS\SWREG.exe moved successfully.C:\WINDOWS\SWSC.exe moved successfully.C:\WINDOWS\NIRCMD.exe moved successfully.========== OTL ==========HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: SysOp->Temp folder emptied: 35943 bytes->Temporary Internet Files folder emptied: 4409465 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 36888312 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 2596 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 0 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 39,00 mb  OTL by OldTimer - Version 3.1.30.2 log created on 02262010_183317Files\Folders moved on Reboot...Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.44Wersja bazy definicji: 3796Windows 5.1.2600 Dodatek Service Pack 3Internet Explorer 8.0.6001.187022010-02-26 18:28:38mbam-log-2010-02-26 (18-28-38).txtTyp skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|)Przeskanowane obiekty: 212621Upłynęło: 32 minute(s), 11 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 3Zainfekowane wartości rejestru: 0Zainfekowane pliki rejestru: 1Zainfekowane foldery: 0Zainfekowane pliki: 2Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.Zainfekowane wartości rejestru:(Nie wykryto groźnych plików)Zainfekowane pliki rejestru:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Zainfekowane foldery:(Nie wykryto groźnych plików)Zainfekowane pliki:C:\System Volume Information\_restore{AABAC765-027E-4AF7-9B81-9F0BD2CF7AFB}\RP46\A0033836.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.F:\System Volume Information\_restore{AABAC765-027E-4AF7-9B81-9F0BD2CF7AFB}\RP46\A0033678.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.44Wersja bazy definicji: 3796Windows 5.1.2600 Dodatek Service Pack 3Internet Explorer 8.0.6001.187022010-02-26 18:44:00mbam-log-2010-02-26 (18-44-00).txtTyp skanowania: Szybkie skanowaniePrzeskanowane obiekty: 106821Upłynęło: 5 minute(s), 10 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 0Zainfekowane wartości rejestru: 0Zainfekowane pliki rejestru: 0Zainfekowane foldery: 0Zainfekowane pliki: 0Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:(Nie wykryto groźnych plików)Zainfekowane wartości rejestru:(Nie wykryto groźnych plików)Zainfekowane pliki rejestru:(Nie wykryto groźnych plików)Zainfekowane foldery:(Nie wykryto groźnych plików)Zainfekowane pliki:(Nie wykryto groźnych plików)

OTL logfile created on: 2010-02-26 18:49:36 - Run 4OTL by OldTimer - Version 3.1.30.2     Folder = F:\Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 222,00 Mb Available Physical Memory | 43,00% Memory free1,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 25,05 Gb Total Space | 12,99 Gb Free Space | 51,88% Space Free | Partition Type: NTFSDrive D: | 5,03 Gb Total Space | 5,00 Gb Free Space | 99,44% Space Free | Partition Type: NTFSDrive E: | 72,08 Gb Total Space | 5,84 Gb Free Space | 8,10% Space Free | Partition Type: NTFSDrive F: | 195,94 Gb Total Space | 6,18 Gb Free Space | 3,15% Space Free | Partition Type: NTFSG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: WINDT_09Current User Name: SysOpLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2010-02-26 16:15:26 | 001,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exePRC - [2010-02-26 15:33:17 | 000,549,888 | ---- | M] (OldTimer Tools) -- F:\OTL.exePRC - [2010-02-18 10:13:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2010-02-11 07:15:50 | 000,834,416 | ---- | M] (Opera Software) -- C:\Programy\Opera 10.50 Beta\opera.exePRC - [2010-02-11 04:16:04 | 003,207,056 | ---- | M] (Xfire Inc.) -- C:\Programy\Xfire\Xfire.exePRC - [2010-01-13 23:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Programy\ Winamp 5.572 Full PL\winampa.exePRC - [2010-01-11 22:17:44 | 000,154,216 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exePRC - [2009-03-17 08:40:58 | 001,739,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2008-09-24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exePRC - [2008-03-20 11:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Programy\Gadu-Gadu 7.7 Build 3746\gg.exe  ========== Modules (SafeList) ========== MOD - [2010-02-26 15:33:17 | 000,549,888 | ---- | M] (OldTimer Tools) -- F:\OTL.exeMOD - [2010-02-11 04:16:12 | 000,942,480 | ---- | M] (Xfire Inc.) -- C:\Programy\Xfire\xfire_toucan_41445.dllMOD - [2008-04-14 21:51:00 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dllMOD - [2006-12-21 13:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Programy\Gadu-Gadu 7.7 Build 3746\ggwhook.dllMOD - [2003-02-21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll  ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] --  -- (CiSvc)SRV - File not found [On_Demand | Stopped] --  -- (ALG)SRV - [2010-02-18 10:13:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)SRV - [2010-01-11 22:17:44 | 000,154,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)SRV - [2009-11-12 18:08:00 | 003,403,420 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)SRV - [2008-09-24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)  ========== Driver Services (SafeList) ========== DRV - [2010-02-20 13:05:07 | 000,060,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\rakion.sys -- (rak)DRV - [2010-01-12 05:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)DRV - [2009-07-12 13:05:11 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)DRV - [2009-07-12 12:32:34 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)DRV - [2009-07-12 12:32:32 | 000,027,165 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS)DRV - [2009-06-17 17:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)DRV - [2009-06-17 17:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)DRV - [2009-06-17 17:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)DRV - [2009-03-15 11:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)DRV - [2008-04-13 21:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)DRV - [2004-08-23 09:21:12 | 000,821,760 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)DRV - [2002-10-14 06:40:32 | 000,017,616 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tj2knd5.sys -- (tj2knd5) Terayon Cable Modem (NDIS)DRV - [2002-10-14 06:40:24 | 000,069,680 | R--- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tj2kunic.sys -- (tj2kunic) Terayon Cable Modem (WDM)DRV - [2001-08-18 00:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ==========  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2009787IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%sIE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)IE - HKCU\..\URLSearchHook: {d6902984-559d-4d30-83ba-6315d7c84cd1} - C:\Program Files\softonicen\tbsoft.dll (Conduit Ltd.)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - HKLM\software\mozilla\Flock 2.5.3\extensions\\Components: C:\Programy\Flock 2.5.3 PL\components [2010-01-21 02:52:03 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Flock 2.5.3\extensions\\Plugins: C:\Programy\Flock 2.5.3 PL\plugins [2010-01-21 01:07:10 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Programy\Flock 2.5.6 PL\componentsFF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Programy\Flock 2.5.6 PL\pluginsFF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programy\Mozilla Firefox 3.5.7\components [2010-02-20 06:19:27 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programy\Mozilla Firefox 3.5.7\plugins [2010-02-18 10:14:00 | 000,000,000 | ---D | M] [2010-01-21 00:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Extensions[2010-01-21 00:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}[2010-02-26 16:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\mf72k35y.default\extensions[2010-01-20 03:08:59 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\mf72k35y.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}[2010-02-26 16:14:51 | 000,000,000 | ---D | M] (softonicen Toolbar) -- C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\mf72k35y.default\extensions\{d6902984-559d-4d30-83ba-6315d7c84cd1} Hosts file not foundO2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)O2 - BHO: (softonicen Toolbar) - {d6902984-559d-4d30-83ba-6315d7c84cd1} - C:\Program Files\softonicen\tbsoft.dll (Conduit Ltd.)O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (softonicen Toolbar) - {d6902984-559d-4d30-83ba-6315d7c84cd1} - C:\Program Files\softonicen\tbsoft.dll (Conduit Ltd.)O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\system\cmicnfg.CPL (C-Media Corporation)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [WinampAgent] C:\Programy\ Winamp 5.572 Full PL\winampa.exe (Nullsoft, Inc.)O4 - HKCU..\Run: [Gadu-Gadu] C:\Programy\Gadu-Gadu 7.7 Build 3746\gg.exe (Gadu-Gadu S.A.)O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)O4 - Startup: C:\Documents and Settings\SysOp\Menu Start\Programy\Autostart\Xfire.lnk = C:\Programy\Xfire\Xfire.exe (Xfire Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.39.211 212.76.39.205O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (cr1t1cal)O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not foundO32 - HKLM CDRom: AutoRun - 1O35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-02-26 18:33:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER[2010-02-26 17:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Malwarebytes[2010-02-26 17:50:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010-02-26 17:50:04 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010-02-26 17:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes[2010-02-26 17:35:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SysOp\Recent[2010-02-26 16:22:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive[2010-02-26 16:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE[2010-02-26 16:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Steam[2010-02-26 16:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\softonicen[2010-02-26 16:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\softonicen[2010-02-26 13:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\SpeedSim[2010-02-24 12:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment[2010-02-23 20:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment[2010-02-23 20:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard[2010-02-23 20:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\MWoW_Launcher[2010-02-23 17:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\ipla[2010-02-23 17:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla[2010-02-23 17:32:54 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll[2010-02-23 17:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10[2010-02-23 17:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Gadu-Gadu 10[2010-02-23 16:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Nero[2010-02-23 16:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar[2010-02-23 16:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero[2010-02-23 16:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nero[2010-02-23 16:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Real[2010-02-22 16:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\WBGames[2010-02-21 11:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\GTA San Andreas User Files[2010-02-21 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Opera[2010-02-21 01:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Opera[2010-02-21 00:25:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy[2010-02-20 19:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\Savage 2 - A Tortured Soul[2010-02-20 18:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TmForever[2010-02-20 18:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\TmForever[2010-02-20 14:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\xerox[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\speechengines[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone[2010-02-20 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker[2010-02-20 14:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage[2010-02-20 12:19:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2010-02-20 12:18:59 | 000,000,000 | ---D | C] -- C:\ComboFix[2010-02-20 06:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\BitDefender[2010-02-20 06:13:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP[2010-02-20 06:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender[2010-02-20 05:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Softwin[2010-02-20 05:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Softwin[2010-02-20 05:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation[2010-02-20 05:00:45 | 010,276,768 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys[2010-02-20 05:00:45 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll[2010-02-20 05:00:44 | 014,458,880 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll[2010-02-20 05:00:44 | 002,259,560 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll[2010-02-20 05:00:43 | 011,632,640 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll[2010-02-20 05:00:43 | 004,104,192 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll[2010-02-20 05:00:43 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll[2010-02-20 05:00:43 | 001,081,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll[2010-02-20 05:00:43 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll[2010-02-20 05:00:43 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll[2010-02-20 05:00:40 | 006,359,168 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll[2010-02-20 04:17:43 | 001,686,016 | ---- | C] (Clever Components) -- C:\WINDOWS\System32\clinetsuitex6.ocx[2010-02-20 04:17:43 | 000,427,864 | ---- | C] (Xceed Software Inc        (450) 442-2626        support@xceedsoft.com        www.xceedsoft.com) -- C:\WINDOWS\System32\XceedZip.dll[2010-02-20 04:17:42 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX[2010-02-20 04:17:42 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX[2010-02-20 04:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)[2010-02-19 22:13:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt[2010-02-18 16:13:28 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll[2010-02-18 16:13:28 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll[2010-02-18 16:13:27 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll[2010-02-18 15:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Uniblue[2010-02-18 10:14:00 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll[2010-02-18 10:14:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe[2010-02-18 10:14:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe[2010-02-18 10:14:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe[2010-02-18 10:14:00 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl[2010-02-18 10:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java[2010-02-18 10:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Sun[2010-02-17 13:42:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP[2010-02-17 13:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Regenerator[2010-02-17 13:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Downloaded Installations[2010-02-17 13:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild[2010-02-17 13:15:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer[2010-02-17 13:15:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us[2010-02-17 13:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies[2010-02-17 13:13:55 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll[2010-02-17 13:13:48 | 000,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe[2010-02-16 18:16:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SysOp\Moje dokumenty\Runes of Magic[2010-02-16 06:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Asprate[2010-02-10 16:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Identities[2010-02-10 16:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\Identities[2010-02-01 18:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics[2010-02-01 18:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Dane aplikacji\InstallShield[2010-01-20 03:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire[2010-01-20 01:21:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft[2010-01-20 01:21:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft[2010-01-20 01:21:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft[2010-01-20 01:21:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft ========== Files - Modified Within 30 Days ========== [2010-02-26 18:34:24 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml[2010-02-26 18:34:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2010-02-26 18:34:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010-02-26 18:33:34 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\SysOp\NTUSER.DAT[2010-02-26 17:50:09 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk[2010-02-26 16:15:08 | 000,001,872 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk[2010-02-26 13:59:25 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\SpeedSim.lnk[2010-02-26 13:56:51 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-02-25 07:25:43 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI[2010-02-24 16:25:23 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Wow.lnk[2010-02-23 19:44:51 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat[2010-02-23 17:32:54 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll[2010-02-23 16:12:22 | 000,002,352 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nero StartSmart.lnk[2010-02-21 11:56:19 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\GTA Âîçđîćäĺíčĺ 4Life.lnk[2010-02-21 00:30:37 | 000,000,576 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol[2010-02-20 19:52:02 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Savage 2 - A Tortured Soul.lnk[2010-02-20 18:32:53 | 000,000,587 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TmNationsForever.lnk[2010-02-20 14:39:03 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin[2010-02-20 13:05:07 | 000,060,928 | ---- | M] () -- C:\WINDOWS\System32\rakion.sys[2010-02-20 12:33:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2010-02-20 11:55:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml[2010-02-20 11:31:32 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk[2010-02-20 06:30:32 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI[2010-02-20 06:23:25 | 000,018,224 | ---- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT[2010-02-20 06:20:46 | 000,177,664 | -H-- | M] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Keymaker.exe[2010-02-20 06:19:22 | 000,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml[2010-02-20 06:19:21 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml[2010-02-20 06:14:20 | 001,081,472 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2010-02-20 06:14:20 | 000,497,318 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat[2010-02-20 06:14:20 | 000,438,674 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010-02-20 06:14:20 | 000,087,550 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat[2010-02-20 06:14:20 | 000,069,980 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010-02-20 05:50:49 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\KGB Archiver.lnk[2010-02-20 05:02:18 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\SysOp\ntuser.ini[2010-02-20 04:59:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat[2010-02-20 04:59:05 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat[2010-02-20 04:17:43 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Driver Genius Professional Edition.lnk[2010-02-19 22:04:12 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010-02-19 22:04:04 | 000,099,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010-02-19 01:19:38 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\PO.lnk[2010-02-18 10:14:32 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\JDownloader.lnk[2010-02-18 10:13:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll[2010-02-18 10:13:47 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe[2010-02-18 10:13:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe[2010-02-18 10:13:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe[2010-02-18 10:13:47 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl[2010-02-17 06:06:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Runes of Magic.lnk[2010-02-16 16:45:54 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\EVEREST Home Edition.lnk[2010-02-11 04:16:10 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll[2010-02-09 20:44:02 | 005,854,832 | -H-- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\IconCache.db[2010-02-08 14:08:18 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\RF Online EQG.lnk[2010-01-31 23:10:17 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Rappelz.lnk ========== Files Created - No Company Name ========== [2010-02-26 17:50:09 | 000,000,655 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk[2010-02-26 16:15:08 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk[2010-02-26 13:59:25 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\SpeedSim.lnk[2010-02-25 07:25:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI[2010-02-24 16:25:23 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Wow.lnk[2010-02-23 16:12:22 | 000,002,352 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nero StartSmart.lnk[2010-02-21 11:56:19 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\GTA Âîçđîćäĺíčĺ 4Life.lnk[2010-02-21 00:29:08 | 000,000,576 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol[2010-02-20 19:52:02 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Savage 2 - A Tortured Soul.lnk[2010-02-20 18:32:53 | 000,000,587 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TmNationsForever.lnk[2010-02-20 13:05:07 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\rakion.sys[2010-02-20 12:19:12 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe[2010-02-20 12:19:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2010-02-20 12:19:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2010-02-20 12:19:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe[2010-02-20 12:19:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2010-02-20 11:54:01 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml[2010-02-20 11:31:32 | 000,001,583 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk[2010-02-20 06:30:32 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI[2010-02-20 06:19:22 | 000,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml[2010-02-20 06:19:21 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml[2010-02-20 05:50:49 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\KGB Archiver.lnk[2010-02-20 05:28:08 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin[2010-02-20 05:00:40 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin[2010-02-20 04:59:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat[2010-02-20 04:59:05 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat[2010-02-20 04:17:43 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Driver Genius Professional Edition.lnk[2010-02-19 01:19:38 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\PO.lnk[2010-02-18 10:14:32 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\JDownloader.lnk[2010-02-17 13:56:32 | 000,070,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat[2010-02-17 13:56:18 | 000,177,664 | -H-- | C] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Keymaker.exe[2010-02-16 18:16:13 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Runes of Magic.lnk[2010-02-16 16:45:54 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\EVEREST Home Edition.lnk[2010-02-11 04:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll[2010-02-08 14:08:18 | 000,000,532 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\RF Online EQG.lnk[2010-01-31 23:10:17 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Rappelz.lnk[2010-01-22 03:54:30 | 000,001,015 | ---- | C] () -- C:\Documents and Settings\SysOp\Dane aplikacji\Current.prx[2010-01-20 13:51:34 | 000,000,270 | ---- | C] () -- C:\WINDOWS\thug2.ini[2010-01-20 10:56:01 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2010-01-20 03:50:05 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2010-01-20 01:49:11 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll[2010-01-20 01:38:55 | 000,002,866 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini[2010-01-20 01:38:52 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS[2008-10-28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat[2005-10-14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2005-10-14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll[2005-10-14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll[2005-10-14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll[2005-10-14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll[2005-10-14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2005-10-14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1AAB2E68< End of report >