pio09 Opublikowano 19 Grudnia 2012 Zgłoś Udostępnij Opublikowano 19 Grudnia 2012 A wiec juz jakis czas temu po wlaczeniu komputera zaczeła wyskakiwac plansza z napisem ze policja zablokowala kompuer .Niedawno wpadl on w moje rece i postanowilem cos z tym zrobic a ze sam nie potrfie prosze o pomoc Extras.Txt OTL.Txt Odnośnik do komentarza
picasso Opublikowano 19 Grudnia 2012 Zgłoś Udostępnij Opublikowano 19 Grudnia 2012 Był tu używany ComboFix i na ten temat: KLIK. W logu z OTL nie ma w starcie oznak infekcji "policją", jest tylko adware do czyszczenia. W związku z tym: albo ComboFix to usunął, albo log jest z innego konta niż to na którym działa infekcja. Dostarcz log C:\ComboFix.txt (nie uruchamiaj narzędzia ponownie!) + wypowiedz się wyraźnie czy konto MDK to właściwe konto. . Odnośnik do komentarza
pio09 Opublikowano 19 Grudnia 2012 Autor Zgłoś Udostępnij Opublikowano 19 Grudnia 2012 ComboFix 12-05-22.02 - MDK 2012-05-28 0:17.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.2 [GMT 2:00] Uruchomiony z: d:\moje dokumenty\Pobieranie\ComboFix.exe . - TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI - . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Dane aplikacji\TEMP c:\documents and settings\MDK\WINDOWS . . ((((((((((((((((((((((((( Pliki utworzone od 2012-04-27 do 2012-05-27 ))))))))))))))))))))))))))))))) . . 2012-05-25 18:49 . 2012-05-25 18:49 -------- d-----w- c:\program files\Pcsx2 2012-05-25 17:27 . 2012-05-25 17:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-25 17:27 . 2012-05-25 17:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-21 16:01 . 2012-05-21 16:01 -------- d-----w- C:\BOXING 2012-05-21 15:37 . 2012-05-21 15:38 -------- d-----w- c:\documents and settings\MDK\Dane aplikacji\Universal Boxing Manager 2012-05-21 14:43 . 2012-05-21 14:43 126976 ----a-w- c:\windows\lcmmfu.cpl 2012-05-21 14:43 . 2012-05-27 12:38 2161 --sha-w- c:\windows\system32\mmf.sys 2012-05-21 14:43 . 2012-05-21 14:43 48640 ----a-w- c:\windows\mmfs.dll 2012-05-21 14:43 . 2012-05-21 14:43 2560 ----a-w- c:\windows\Runservice.exe 2012-05-21 14:42 . 2012-05-21 14:42 -------- d-----w- c:\windows\Title Bout Championship Boxing 2012-05-19 17:23 . 2001-10-26 15:29 5632 ----a-w- c:\windows\system32\ptpusb.dll 2012-05-19 17:23 . 2004-08-03 22:44 159232 ----a-w- c:\windows\system32\ptpusd.dll 2012-05-19 17:23 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2012-05-19 15:28 . 2012-05-19 17:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2012-05-19 15:28 . 2012-05-19 15:28 -------- d-----w- c:\documents and settings\MDK\Dane aplikacji\OpenFM 2012-05-09 19:43 . 2012-05-09 20:01 -------- d-----w- c:\program files\New Star Soccer 3 2012-05-04 18:19 . 2012-05-04 18:19 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-05-04 18:18 . 2012-05-04 18:18 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-04 18:18 . 2012-05-04 18:18 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-05-04 17:00 . 2012-05-04 17:45 -------- d-----w- c:\program files\TheThing 2012-04-30 12:19 . 2012-04-30 12:19 -------- d-----w- c:\windows\system32\wbem\Repository . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-29 23:04 . 2012-03-29 23:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2012-03-23 11:37 . 2012-03-23 11:37 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-05-04 18:18 . 2012-02-03 11:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-04-14 . A435C5C069AFD901751AC323AD238793 . 580096 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\user32.dll [-] 2007-07-10 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll [7] 2004-08-03 . 0C81764F50F32D376E6E4B9E9F4B01A0 . 578560 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\user32.dll . [-] 2008-04-14 . C791ED9EAC5E76D9525E157B1D7A599A . 1035264 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\51fc2b55c6deef38fc801319336cdbc7\explorer.exe [-] 2007-10-17 . 16DF8A100E8966E48BA00C86F6C89972 . 974848 . . [6.00.2900.2649] . . c:\windows\explorer.exe [7] 2004-08-03 . 379098A96E6C165B659DE7E4328010EA . 1033728 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\documents and settings\MDK\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\documents and settings\MDK\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\documents and settings\MDK\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\documents and settings\MDK\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-10-17 577536] "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-02-10 241664] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start "http://www.avg.com/pl.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0ANAA4ADIANAA1ADYANAA3ADEALQBGAEwAKwA5AC0AWABPADMANgArADEA&prod=90&ver=9.0.894"" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\MDK\Menu Start\Programy\Autostart\ Dropbox.lnk - c:\documents and settings\MDK\Dane aplikacji\Dropbox\bin\Dropbox.exe [2012-2-15 24246216] OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0 . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ %I . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\MDK\\Dane aplikacji\\Dropbox\\bin\\Dropbox.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2012-03-30 691696] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-03-23 242240] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2010-12-09 70656] S2 DCService.exe;DCService.exe;c:\documents and settings\All Users\Dane aplikacji\DatacardService\DCService.exe [2010-05-08 229376] S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2012-05-21 2560] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 257696] S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [2011-10-20 14336] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2010-12-09 101504] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-12-09 117504] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a6f20f4-048b-11e0-b170-001e101fc3e9}] \Shell\AutoRun\command - H:\InstallTomTomHOME.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75e8b80e-086d-11e1-b1ef-0030056634e9}] \Shell\AutoRun\command - F:\autorun.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94159b68-2bcb-11e1-b238-0030056634e9}] \Shell\AutoRun\command - F:\autorun.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb05efd4-0385-11e0-b168-0030056634e9}] \Shell\AutoRun\command - F:\AutoRun.exe . Zawartość folderu 'Zaplanowane zadania' . 2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 17:27] . 2012-05-27 c:\windows\Tasks\User_Feed_Synchronization-{3E3DDB62-5F46-4BFF-ABE8-A124591EC708}.job - c:\windows\system32\msfeedssync.exe [2007-10-08 03:31] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.gazeta.pl/0,0.html?p=135 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 217.172.224.160 89.231.1.206 FF - ProfilePath - c:\documents and settings\MDK\Dane aplikacji\Mozilla\Firefox\Profiles\whu0pfj0.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q= . - - - - USUNIĘTO PUSTE WPISY - - - - . HKCU-Run-ALLUpdate - c:\program files\ALLPlayer\ALLUpdate.exe Notify-dimsntfy - (no file) AddRemove-Desperados 1.0 - c:\program files\Infogrames\Desperados\DESPERADOS.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer Rootkit scan 2012-05-28 00:20 Windows 5.1.2600 Dodatek Service Pack 2 NTFS . skanowanie ukrytych procesów ... . skanowanie ukrytych wpisów autostartu ... . skanowanie ukrytych plików ... . . c:\documents and settings\MDK\Dane aplikacji\Dropbox\shellext\l\4fc2a960 124 bytes . skanowanie pomyślnie ukończone ukryte pliki: 1 . ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F] "1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8, d5,42,54,3b,7e,24,3e,19,f8 "2"=hex:74,3a,ea,7a,01,1a,f6,06,21,62,93,b5,cb,23,e3,91,85,38,0e,f8,ce,56,2c, d2,a4,f2,d0,33,2d,ee,33,13 "3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8, d5,be,55,66,4e,06,ba,4c,d8,66,9a,0f,4f,39,c4,a1,1d,fa,72,08,2f,25,9c,e8,b6,\ . [HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\D26BD25DC85E777542CA969E56548E46] "1"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d, 5b,22,26,64,2f,88,eb,a4,7b "2"=hex:2e,2a,64,cc,69,b1,fa,45 "3"=hex:55,d8,c2,b8,20,4e,fe,bf,63,d8,d1,56,c3,f3,37,37,77,b5,ce,9f,6c,de,7f, 33,f3,d6,6d,8b,0b,ec,57,b6,e4,fc,b8,20,e2,f6,e5,79,a5,26,59,ca,b3,de,85,97,\ "4"=hex:cc,da,5c,6d,84,ea,ab,1e "5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55, 1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\ "6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4, 51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20 "7"=hex:9c,0f,26,c5,43,55,e2,9e,79,40,de,a7,ca,bc,f3,99,99,4d,91,38,55,4f,0b, a5,8f,9b,e5,fc,d6,5f,45,dd,f6,df,ab,53,85,3c,a2,16,6d,58,d5,44,e1,b2,db,fb,\ "8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6, f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,50,c0,20,2f,ff,27,64,21,\ "9"=hex:81,20,8f,ab,28,6a,52,9c "18"=hex:70,56,26,33,e3,20,f8,ab "10"=hex:3d,7b,8c,93,7f,aa,3a,8c "11"=hex:81,20,8f,ab,28,6a,52,9c "12"=hex:81,20,8f,ab,28,6a,52,9c "13"=hex:81,20,8f,ab,28,6a,52,9c "14"=hex:81,20,8f,ab,28,6a,52,9c "24"=hex:81,20,8f,ab,28,6a,52,9c "26"=hex:81,20,8f,ab,28,6a,52,9c "27"=hex:81,20,8f,ab,28,6a,52,9c "19"=hex:81,20,8f,ab,28,6a,52,9c "22"=hex:81,20,8f,ab,28,6a,52,9c . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- . - - - - - - - > 'winlogon.exe'(576) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3452) c:\windows\system32\SHDOCVW.dll c:\windows\system32\WININET.dll c:\documents and settings\MDK\Dane aplikacji\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Czas ukończenia: 2012-05-28 00:25:04 ComboFix-quarantined-files.txt 2012-05-27 22:24 . Przed: 2 661 560 320 bajtów wolnych Po: 3 005 124 608 bajtów wolnych . WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - 03127BFEB80D0517E83E35FCC0EBCB1A co to konta ja na tym komputerze widze tylko jedno konto LOLEK Odnośnik do komentarza
picasso Opublikowano 19 Grudnia 2012 Zgłoś Udostępnij Opublikowano 19 Grudnia 2012 Ten raport z ComboFix nie wykazuje żadnych usunięć infekcji policyjnej. co to konta ja na tym komputerze widze tylko jedno konto LOLEK Wg OTL logi powstały z poziomu konta MDK: Computer Name: MDK-88CF132EB8E | User Name: MDK | Logged in as Administrator. Ścieżki na dysku też pokazują MDK. Od infekcji widać na dysku tylko poboczny folder hellomoto oraz coś jakby odpadek po Live Security Platinum: [2012-07-09 12:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Dane aplikacji\hellomoto[2012-06-16 17:15:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\529C53690000222C5EB2A6AE0CDF108C Nie ma natomiast nic w starcie. Czy problem z wyskakującą planszą policji na pewno nadal występuje? . Odnośnik do komentarza
pio09 Opublikowano 19 Grudnia 2012 Autor Zgłoś Udostępnij Opublikowano 19 Grudnia 2012 po przywróceniu systemy do poprzedniego stanu ( jak pisalem komputer wpadl mi w rece dopiero dzis) , a ten stan zapisany byl w czerwcu wszystko wydaje sie ok Odnośnik do komentarza
picasso Opublikowano 19 Grudnia 2012 Zgłoś Udostępnij Opublikowano 19 Grudnia 2012 Kiedy to przywracanie systemu się odbyło, przed zrobieniem logów OTL czy po? Jeśli po, to należy zrobić nowe raporty OTL. Jeśli natomiast przed, to zostaje jeszcze sprawa doczyszczenia systemu. . Odnośnik do komentarza
pio09 Opublikowano 19 Grudnia 2012 Autor Zgłoś Udostępnij Opublikowano 19 Grudnia 2012 logi byly zrobione zaraz po , a jesli chodzi o system windows xp profesjonal wersja 2002 Odnośnik do komentarza
picasso Opublikowano 19 Grudnia 2012 Zgłoś Udostępnij Opublikowano 19 Grudnia 2012 O wersję systemu nie pytałam, bo ją już znam i to włącznie z poziomem Service Pack. Nnagłówek raportu OTL dostarcza te informacje: Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702) Ja tylko pytałam kiedy robiłeś logi, przed Przywracaniem systemu czy po. Skoro teraz wychodzi, że po, to wyjaśnia, że nie widać w starcie infekcji, bo Przywracanie systemu ją po prostu wyeliminowało stamtąd. I mogę przejść do czyszczenia systemu z odpadków: 1. Przez Panel sterowania odinstaluj adware DAEMON Tools Toolbar. 2. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :Files C:\Documents and Settings\MDK\Dane aplikacji\hellomoto C:\Documents and Settings\All Users\Dane aplikacji\529C53690000222C5EB2A6AE0CDF108C C:\Documents and Settings\MDK\Ustawienia lokalne\Dane aplikacji\promo.exe :OTL IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = "http://www.daemon-search.com/search?q={searchTerms}" IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = "http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392" O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found O2 - BHO: (YouTube To ALLPlayer) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\PROGRA~1\ALLPLA~1\YOUTUB~1.DLL File not found O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} "http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab" (Reg Error: Key error.) O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MDK\USTAWI~1\Temp\catchme.sys -- (catchme) :Commands [emptytemp] Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Klik w Wykonaj skrypt. Zatwierdź restart systemu. 3. Uruchom AdwCleaner i zastosuj Delete. Na dysku C powstanie log z usuwania. 4. Zrób nowy log OTL z opcji Skanuj (już bez Extras). Dołącz log utworzony przez AdwCleaner. . Odnośnik do komentarza
pio09 Opublikowano 20 Grudnia 2012 Autor Zgłoś Udostępnij Opublikowano 20 Grudnia 2012 # AdwCleaner v2.101 - Log utworzony 20/12/2012 o 14:55:28 # Aktualizacja 16/12/2012 przez Xplode # System operacyjny : Microsoft Windows XP Dodatek Service Pack 2 (32 bits) # Użytkownik : MDK - MDK-88CF132EB8E # Tryb uruchomienia : Normalny # Ścieżka : C:\Documents and Settings\MDK\Pulpit\AdwCleaner.exe # Opcja [usuń] ***** [usługi] ***** ***** [Pliki / Foldery] ***** Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\InstallMate Folder Usunięto : C:\Documents and Settings\All Users\Dane aplikacji\Premium Folder Usunięto : C:\Documents and Settings\MDK\Dane aplikacji\OpenCandy Folder Usunięto : C:\Program Files\Conduit ***** [Rejestr] ***** Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Klucz Usunięto : HKCU\Software\Softonic Klucz Usunięto : HKCU\Software\SweetIM Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Klucz Usunięto : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 Klucz Usunięto : HKLM\Software\Conduit Klucz Usunięto : HKLM\Software\SweetIM Wartość Usunięto : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [Przeglądarki Internetowe] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Rejestr w porządku. ************************* AdwCleaner[s2].txt - [1606 octets] - [20/12/2012 14:55:28] ########## EOF - C:\AdwCleaner[s2].txt - [1666 octets] ########## OTL logfile created on: 2012-12-20 15:01:24 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\MDK\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 510,95 Mb Total Physical Memory | 81,60 Mb Available Physical Memory | 15,97% Memory free 815,55 Mb Paging File | 382,39 Mb Available in Paging File | 46,89% Paging File free Paging file location(s): C:\pagefile.sys 336 672 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 2,40 Gb Free Space | 12,27% Space Free | Partition Type: NTFS Drive D: | 18,75 Gb Total Space | 0,60 Gb Free Space | 3,17% Space Free | Partition Type: NTFS Drive F: | 638,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MDK-88CF132EB8E | User Name: MDK | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Processes (SafeList) ========== PRC - [2012-12-19 14:24:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MDK\Pulpit\OTL.exe PRC - [2012-05-24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\MDK\Dane aplikacji\Dropbox\bin\Dropbox.exe PRC - [2012-05-21 15:43:51 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe PRC - [2012-05-04 19:18:49 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012-02-13 09:06:56 | 003,481,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010-05-08 12:48:36 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe PRC - [2009-08-19 08:53:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009-08-19 08:52:16 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2007-10-17 20:30:07 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-10-17 19:20:32 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2007-02-10 21:07:30 | 000,241,664 | ---- | M] (A4Tech Co.,Ltd.) -- C:\Program Files\A4Tech\Mouse\Amoumain.exe PRC - [2006-01-02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe ========== Modules (No Company Name) ========== MOD - [2012-06-15 18:27:24 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db543fa1ab4445010c0828fc48fce007\System.Web.ni.dll MOD - [2012-06-15 18:12:27 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012-06-15 13:18:13 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012-06-15 13:17:31 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\023570c418eaeaee343038dbcf482923\System.Windows.Forms.ni.dll MOD - [2012-06-15 13:10:40 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7765146be2fa459c20856ff822f90d1e\System.Drawing.ni.dll MOD - [2012-06-15 12:41:19 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012-06-14 22:16:00 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012-06-14 22:14:02 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2012-06-14 22:14:00 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012-05-21 15:43:51 | 000,048,640 | ---- | M] () -- C:\WINDOWS\mmfs.dll MOD - [2012-05-21 15:43:51 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe MOD - [2012-05-04 19:18:48 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2010-05-08 12:48:36 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe MOD - [2009-08-18 14:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\ersvc.dll -- (ERSvc) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc) SRV - [2012-05-21 15:43:51 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService) SRV - [2012-05-04 19:18:49 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010-05-08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe -- (DCService.exe) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-03-30 00:04:50 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2012-03-23 12:37:20 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011-12-26 02:43:16 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2011-12-26 02:43:15 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-06-01 14:07:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010-05-22 14:48:20 | 000,070,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010-03-25 10:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010-03-20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2007-10-17 19:21:54 | 000,039,040 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983) DRV - [2007-10-17 19:20:02 | 004,108,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2007-02-10 22:55:50 | 000,013,824 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt) DRV - [2007-02-10 01:04:50 | 000,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Amps2prt.sys -- (Amps2prt) DRV - [2007-01-24 16:46:48 | 000,008,704 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter) DRV - [2006-06-14 17:00:34 | 000,059,264 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) DRV - [2006-06-14 16:10:38 | 000,058,232 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2006-06-14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2006-05-03 17:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2002-07-17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}" IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://www.gazeta.pl/0,0.html?p=135" IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledAddons: YouTubetoALL@ALLPlayer.org:0.7.0 FF - prefs.js..extensions.enabledAddons: IplextoALL@ALLPlayer.org:0.7.0 FF - prefs.js..extensions.enabledAddons: SQLiteManager@mrinalkant.blogspot.com:0.7.7 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.20 FF - prefs.js..extensions.enabledAddons: osokker@bluezero:0.1.29.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: osokker@bluezero:0.1.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12 FF - prefs.js..extensions.enabledItems: IplextoALL@ALLPlayer.org:0.7.0 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-19 14:04:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-03 18:00:51 | 000,000,000 | ---D | M] [2010-12-09 12:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MDK\Dane aplikacji\Mozilla\Extensions [2012-12-20 14:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MDK\Dane aplikacji\Mozilla\Firefox\Profiles\whu0pfj0.default\extensions [2012-12-20 14:50:30 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\MDK\Dane aplikacji\Mozilla\Firefox\Profiles\whu0pfj0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012-04-10 10:31:57 | 000,010,043 | ---- | M] () (No name found) -- C:\Documents and Settings\MDK\Dane aplikacji\Mozilla\Firefox\Profiles\whu0pfj0.default\extensions\IplextoALL@ALLPlayer.org.xpi [2012-06-21 13:37:02 | 000,188,330 | ---- | M] () (No name found) -- C:\Documents and Settings\MDK\Dane aplikacji\Mozilla\Firefox\Profiles\whu0pfj0.default\extensions\osokker@bluezero.xpi [2012-05-03 18:43:51 | 000,255,318 | ---- | M] () (No name found) -- C:\Documents and Settings\MDK\Dane aplikacji\Mozilla\Firefox\Profiles\whu0pfj0.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2012-12-20 14:50:22 | 000,013,745 | ---- | M] () (No name found) -- C:\Documents and Settings\MDK\Dane aplikacji\Mozilla\Firefox\Profiles\whu0pfj0.default\extensions\YouTubetoALL@ALLPlayer.org.xpi [2012-12-20 14:37:15 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\MDK\Dane aplikacji\Mozilla\Firefox\Profiles\whu0pfj0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-04 19:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011-10-20 09:40:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-12-28 14:01:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012-05-04 19:18:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011-10-03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009-12-17 00:03:36 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012-06-23 12:45:36 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-06-23 12:45:36 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-06-23 12:45:36 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-06-23 12:45:36 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-06-23 12:45:36 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-06-23 12:45:36 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 20:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\MDK\Menu Start\Programy\Autostart\Dropbox.lnk = C:\Documents and Settings\MDK\Dane aplikacji\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Documents and Settings\MDK\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.172.224.160 89.231.1.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04462AC4-F318-42B9-B143-3B8DBD94CD61}: DhcpNameServer = 217.172.224.160 89.231.1.206 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\MDK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\MDK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-04-13 19:16:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2003-06-09 16:00:58 | 000,000,054 | R--- | M] () - F:\Autorun.inf -- [ CDFS ] O32 - AutoRun File - [2001-09-18 23:00:00 | 000,000,056 | R--- | M] () - F:\Autorun.inf- -- [ CDFS ] O33 - MountPoints2\{5a6f20f4-048b-11e0-b170-001e101fc3e9}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe O33 - MountPoints2\{75e8b80e-086d-11e1-b1ef-0030056634e9}\Shell - "" = AutoRun O33 - MountPoints2\{75e8b80e-086d-11e1-b1ef-0030056634e9}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{94159b68-2bcb-11e1-b238-0030056634e9}\Shell - "" = AutoRun O33 - MountPoints2\{94159b68-2bcb-11e1-b238-0030056634e9}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{cb05efd4-0385-11e0-b168-0030056634e9}\Shell - "" = AutoRun O33 - MountPoints2\{cb05efd4-0385-11e0-b168-0030056634e9}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 360 Days ========== [2012-12-20 14:56:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\MDK\Recent [2012-12-20 14:41:53 | 000,000,000 | ---D | C] -- C:\_OTL [2012-12-19 14:24:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MDK\Pulpit\OTL.exe [2012-12-19 14:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Championship Manager 01-02 [2012-12-19 14:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Championship Manager 01-02 [2012-12-19 14:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Lite [2012-12-19 13:45:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2012-06-24 23:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Championship Manager 01-02(2) [2012-06-24 23:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\Championship Manager 01-02(2) [2012-06-21 14:44:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2012-06-21 14:35:25 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll [2012-06-21 14:20:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak [2012-06-21 12:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Eidos Interactive [2012-06-21 12:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Pcsx2 [2012-06-21 12:06:01 | 000,000,000 | ---D | C] -- C:\OBRAZ DYSK [2012-06-21 12:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\NapiProjekt [2012-06-21 12:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Gorky 17 [2012-06-21 12:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\FestiveBar_3gEI [2012-06-21 12:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Eidos Interactive [2012-06-21 12:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Heavyweight Thunder [2012-06-21 12:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\DemonicSpeedway [2012-06-17 21:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\From Dusk Till Dawn [2012-06-17 21:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\From Dusk Till Dawn(2) [2012-06-15 19:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Dane aplikacji\Oxin's Style! [2012-06-14 21:10:54 | 000,000,000 | ---D | C] -- C:\OUT_MEDIA_FILES [2012-06-14 20:53:00 | 000,022,528 | ---- | C] (Jukka Poikolainen Software) -- C:\WINDOWS\System32\WNASPI32.DLL [2012-06-14 20:53:00 | 000,016,512 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS [2012-06-14 20:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Alt WAV MP3 WMA OGG Converter [2012-06-14 20:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Alt WAV MP3 WMA OGG Converter [2012-06-14 09:50:14 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2012-06-14 09:48:12 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys [2012-06-13 17:48:37 | 000,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys [2012-06-13 17:48:37 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll [2012-06-13 17:48:37 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll [2012-06-13 17:48:37 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll [2012-06-13 17:48:37 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll [2012-06-13 17:48:37 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll [2012-06-13 17:48:37 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll [2012-06-13 17:48:37 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll [2012-06-13 17:48:37 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll [2012-06-13 17:48:37 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll [2012-06-13 17:48:37 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll [2012-06-13 17:48:37 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll [2012-06-13 17:48:37 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll [2012-06-13 17:48:36 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys [2012-06-13 17:48:36 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll [2012-06-13 17:48:36 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys [2012-06-13 17:48:36 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll [2012-06-13 17:48:36 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys [2012-06-13 17:48:36 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll [2012-06-13 17:48:28 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll [2012-06-13 17:48:28 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2012-06-13 17:48:28 | 000,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\http.sys [2012-06-13 17:48:28 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctfime.ime [2012-06-13 17:48:28 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmfilt.dll [2012-06-13 17:48:28 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpapi.dll [2012-06-13 17:48:26 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe [2012-06-13 17:48:16 | 001,022,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll [2012-06-13 17:48:16 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2012-06-13 17:48:16 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2012-06-13 17:48:15 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2012-06-13 17:48:15 | 002,023,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2012-06-13 17:48:14 | 001,497,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll [2012-06-13 17:48:09 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll [2012-06-13 17:48:08 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll [2012-06-13 17:48:08 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll [2012-06-13 17:48:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll [2012-06-13 17:48:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll [2012-06-13 17:48:02 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll [2012-06-13 17:48:00 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll [2012-06-13 17:47:59 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll [2012-06-13 17:47:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2012-06-13 17:47:58 | 000,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll [2012-06-13 17:47:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll [2012-06-13 17:47:56 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll [2012-06-13 17:47:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\magnify.exe [2012-06-13 17:47:54 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll [2012-06-13 17:47:54 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll [2012-06-13 17:47:54 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll [2012-06-13 17:47:54 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll [2012-06-13 17:47:53 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll [2012-06-13 17:47:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll [2012-06-13 17:47:51 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe [2012-06-13 17:47:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll [2012-06-13 17:47:49 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2012-06-13 17:47:49 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll [2012-06-13 17:47:49 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll [2012-06-13 17:47:49 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll [2012-06-13 17:47:49 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxclu.dll [2012-06-13 17:47:49 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\narrator.exe [2012-06-13 17:47:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll [2012-06-13 17:47:48 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netlogon.dll [2012-06-13 17:47:47 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oakley.dll [2012-06-13 17:47:46 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\osk.exe [2012-06-13 17:47:44 | 001,439,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.dll [2012-06-13 17:47:44 | 001,295,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quartz.dll [2012-06-13 17:47:44 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rastls.dll [2012-06-13 17:47:44 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\raschap.dll [2012-06-13 17:47:43 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll [2012-06-13 17:47:43 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll [2012-06-13 17:47:40 | 008,483,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2012-06-13 17:47:40 | 000,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll [2012-06-13 17:47:38 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2012-06-13 17:47:37 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe [2012-06-13 17:47:37 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umandlg.dll [2012-06-13 17:47:36 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdigest.dll [2012-06-13 17:47:36 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\utilman.exe [2012-06-13 17:47:35 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll [2012-06-13 17:47:33 | 001,017,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll [2012-06-13 17:47:33 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe [2012-06-13 17:47:33 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe [2012-06-13 17:47:33 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl [2012-06-13 17:47:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe [2012-06-13 17:47:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll [2012-06-13 17:47:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll [2012-06-13 17:47:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com [2012-06-13 17:47:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe [2012-06-13 17:47:32 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll [2012-06-13 17:47:32 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe [2012-06-13 17:47:32 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll [2012-06-13 17:47:32 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll [2012-06-13 17:47:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msv1_0.dll [2012-06-13 17:47:32 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll [2012-06-13 17:47:32 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe [2012-06-13 17:47:32 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll [2012-06-13 17:47:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll [2012-06-13 17:47:32 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll [2012-06-13 17:47:30 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe [2012-06-13 17:47:29 | 001,860,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys [2012-06-13 17:47:29 | 001,860,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys [2012-06-13 17:47:29 | 000,991,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll [2012-06-13 17:47:29 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll [2012-06-13 17:47:29 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll [2012-06-13 17:47:29 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll [2012-06-13 17:47:29 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll [2012-06-13 17:47:29 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll [2012-06-13 17:47:29 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe [2012-06-13 17:47:28 | 000,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys [2012-06-13 17:47:28 | 000,071,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys [2012-06-13 17:47:28 | 000,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys [2012-06-13 17:47:28 | 000,055,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys [2012-06-13 17:47:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys [2012-06-13 17:47:28 | 000,041,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys [2012-06-13 17:47:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys [2012-06-13 17:47:28 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys [2012-06-13 17:47:28 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys [2012-06-13 17:47:27 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2012-06-13 17:47:27 | 000,140,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys [2012-06-13 17:47:27 | 000,092,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksecdd.sys [2012-06-13 17:47:27 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys [2012-06-13 17:47:27 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys [2012-06-13 17:47:26 | 000,203,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys [2012-06-13 17:47:26 | 000,203,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2012-06-13 17:47:26 | 000,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys [2012-06-13 17:47:26 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys [2012-06-13 17:47:26 | 000,088,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys [2012-06-13 17:47:26 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys [2012-06-13 17:47:26 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys [2012-06-13 17:47:26 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys [2012-06-13 17:47:24 | 000,360,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys [2012-06-13 17:47:24 | 000,352,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2012-06-13 17:47:24 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys [2012-06-13 17:47:24 | 000,226,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys [2012-06-13 17:47:24 | 000,143,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys [2012-06-13 17:47:24 | 000,131,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hal.dll [2012-06-13 17:47:24 | 000,079,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys [2012-06-13 17:47:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys [2012-06-13 17:47:24 | 000,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys [2012-06-13 17:47:24 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys [2012-06-13 17:47:24 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys [2012-06-13 17:47:24 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys [2012-06-13 17:47:24 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys [2012-06-13 17:47:24 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys [2012-06-13 17:47:23 | 002,188,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe [2012-06-13 17:47:23 | 002,188,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2012-06-13 17:47:23 | 002,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe [2012-06-13 17:47:23 | 002,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2012-06-13 17:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Norton [2012-06-13 17:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NortonInstaller [2012-06-13 11:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012-06-05 16:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Pulpit\horrorpic [2012-06-04 17:54:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012-05-31 14:22:04 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [2012-05-27 23:25:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012-05-27 23:15:00 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012-05-27 22:58:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012-05-27 22:58:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012-05-27 22:58:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012-05-27 22:58:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012-05-27 22:57:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012-05-27 22:57:41 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-05-27 22:57:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MDK\Menu Start\Programy\Narzędzia administracyjne [2012-05-27 22:57:29 | 000,000,000 | R--D | C] -- D:\Moje dokumenty\Moje wideo [2012-05-27 22:57:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje wideo [2012-05-27 22:57:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moje obrazy [2012-05-25 18:27:34 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-05-25 18:27:33 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-05-21 17:01:04 | 000,000,000 | ---D | C] -- C:\BOXING [2012-05-21 16:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Dane aplikacji\Universal Boxing Manager [2012-05-21 15:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Menu Start\Programy\Out of the Park Developments [2012-05-21 15:42:23 | 000,000,000 | ---D | C] -- D:\Moje dokumenty\Out of the Park Developments [2012-05-21 15:42:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Title Bout Championship Boxing [2012-05-19 18:23:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2012-05-19 18:23:50 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2012-05-19 16:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2012-05-19 16:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Dane aplikacji\OpenFM [2012-05-09 20:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Menu Start\Programy\New Star Soccer 3 [2012-05-09 20:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\New Star Soccer 3 [2012-05-09 19:20:58 | 000,000,000 | ---D | C] -- D:\Moje dokumenty\New Star Soccer 4 [2012-05-04 19:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla [2012-05-04 19:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012-05-04 18:01:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Menu Start\Programy\The Thing [2012-05-04 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\TheThing [2012-05-03 17:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012-05-03 17:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Adobe [2012-04-30 13:09:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012-04-30 13:09:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012-04-30 13:09:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012-04-10 10:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ALLPlayer [2012-04-09 17:09:16 | 000,000,000 | ---D | C] -- D:\Moje dokumenty\FIFA 08 [2012-04-06 22:25:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2012-04-02 21:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Easy GIF Animator [2012-04-02 21:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\Easy GIF Animator [2012-03-28 16:32:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Pulpit\zagaki [2012-03-27 12:11:13 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2012-03-27 12:11:11 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2012-03-27 12:02:21 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2012-03-27 11:58:36 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys [2012-03-27 11:53:37 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys [2012-03-27 11:38:36 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys [2012-03-27 11:31:45 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe [2012-03-26 14:57:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pl [2012-03-26 14:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2012-03-25 23:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\xerox [2012-03-25 23:46:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst [2012-03-25 23:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2012-03-25 23:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting [2012-03-25 23:46:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent [2012-03-25 23:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage [2012-03-25 23:39:49 | 000,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys [2012-03-25 23:39:49 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll [2012-03-25 23:39:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll [2012-03-25 23:39:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe [2012-03-25 23:39:45 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys [2012-03-25 23:39:45 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys [2012-03-25 23:39:45 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys [2012-03-25 23:39:45 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys [2012-03-25 23:39:45 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys [2012-03-25 23:39:44 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys [2012-03-25 23:39:44 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys [2012-03-25 23:39:44 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys [2012-03-25 23:39:44 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys [2012-03-25 23:39:44 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys [2012-03-25 23:39:44 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys [2012-03-25 23:39:44 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys [2012-03-25 23:39:44 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys [2012-03-25 23:39:44 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys [2012-03-25 23:39:44 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys [2012-03-25 23:39:44 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys [2012-03-25 23:39:44 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys [2012-03-25 23:39:44 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys [2012-03-25 23:39:44 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys [2012-03-25 23:39:44 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys [2012-03-25 23:39:44 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys [2012-03-25 23:39:42 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys [2012-03-25 23:39:42 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys [2012-03-25 23:39:42 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys [2012-03-25 23:39:42 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys [2012-03-25 23:39:42 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys [2012-03-25 23:39:41 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys [2012-03-25 23:39:41 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys [2012-03-25 23:39:41 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys [2012-03-25 23:39:41 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys [2012-03-25 23:39:41 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys [2012-03-25 23:39:40 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll [2012-03-25 23:39:40 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll [2012-03-25 23:39:40 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll [2012-03-25 23:39:40 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll [2012-03-25 23:39:40 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll [2012-03-25 23:39:40 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys [2012-03-25 23:39:40 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax [2012-03-25 23:39:40 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys [2012-03-25 23:39:40 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys [2012-03-25 23:39:40 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys [2012-03-25 23:39:40 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys [2012-03-25 23:39:40 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys [2012-03-25 23:39:40 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax [2012-03-25 23:39:39 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll [2012-03-25 23:39:39 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll [2012-03-25 23:39:39 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll [2012-03-25 23:39:39 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll [2012-03-25 23:39:39 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll [2012-03-25 23:39:39 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe [2012-03-25 23:39:39 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe [2012-03-25 23:39:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax [2012-03-25 23:39:38 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe [2012-03-25 19:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2012-03-25 19:19:54 | 000,000,000 | ---D | C] -- D:\Moje dokumenty\gegl-0.0 [2012-03-25 18:16:45 | 000,000,000 | ---D | C] -- D:\Moje dokumenty\Adobe Scripts [2012-03-25 18:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Ustawienia lokalne\Dane aplikacji\Adobe [2012-03-25 17:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012-03-23 12:37:20 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2012-03-23 12:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2012-03-04 17:43:54 | 000,000,000 | R--D | C] -- D:\Moje dokumenty\Dropbox [2012-03-04 17:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Menu Start\Programy\Dropbox [2012-03-04 17:39:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Dane aplikacji\Dropbox [2012-03-04 02:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Dane aplikacji\RealWorld [2012-03-04 02:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\RealWorld [2012-03-04 02:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\RealWorld Cursor Editor [2012-02-29 15:10:17 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imagehlp.dll [2012-02-21 15:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Menu Start\Programy\IrfanView [2012-02-21 15:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView [2012-01-04 14:21:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Moja muzyka [2012-01-04 13:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger [2012-01-04 13:07:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2012-01-03 21:28:49 | 000,000,000 | ---D | C] -- C:\filmy [2011-12-30 11:17:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MDK\IECompatCache [2011-12-30 11:16:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MDK\PrivacIE [2011-12-29 19:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Infogrames [2011-12-29 18:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Menu Start\Programy\Infogrames [2011-12-29 14:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Pulpit\cmobraz plyty [2011-12-29 01:21:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2011-12-28 15:06:37 | 000,000,000 | R--D | C] -- D:\Moje dokumenty\Muzyka [2011-12-28 15:06:37 | 000,000,000 | R--D | C] -- D:\Moje dokumenty\Moje obrazy [2011-12-28 15:06:37 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2011-12-28 15:06:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\MDK\IETldCache [2011-12-28 15:03:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2011-12-28 15:02:20 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2011-12-28 14:58:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2011-12-27 11:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MDK\Ustawienia lokalne\Dane aplikacji\PCHealth [2011-12-27 03:02:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2011-12-27 03:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2011-12-27 03:02:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2011-12-27 03:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2011-12-27 03:01:44 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll [2011-12-27 03:01:44 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll [2011-12-27 03:01:43 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll [2011-12-27 03:01:43 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll [2011-12-27 03:01:43 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe [2011-12-27 03:01:43 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll ========== Files - Modified Within 360 Days ========== [2012-12-20 15:06:00 | 000,000,458 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3E3DDB62-5F46-4BFF-ABE8-A124591EC708}.job [2012-12-20 15:01:51 | 000,568,806 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-12-20 15:01:50 | 000,499,286 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-12-20 15:01:50 | 000,099,962 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-12-20 15:01:50 | 000,079,124 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-12-20 14:57:38 | 000,002,161 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys [2012-12-20 14:57:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-12-20 14:37:23 | 000,547,175 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\AdwCleaner.exe [2012-12-19 22:20:02 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Championship Manager 01-02.lnk [2012-12-19 18:41:05 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Przywracanie systemu.lnk [2012-12-19 14:24:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MDK\Pulpit\OTL.exe [2012-12-19 13:45:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-07-04 15:35:07 | 000,091,284 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Dean_Winchester_ID_by_onepbigfans.jpg [2012-07-02 13:37:44 | 000,100,253 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\bates2.gif [2012-07-02 13:36:47 | 000,030,661 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\bates 1.jpg [2012-06-30 11:31:14 | 000,112,984 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\johncarter.jpg [2012-06-29 21:25:02 | 000,035,895 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\PULP.jpg [2012-06-26 16:03:01 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Nowy Dokument sformatowany (3).rtf [2012-06-21 14:36:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012-06-21 14:10:02 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2012-06-21 14:10:02 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2012-06-21 14:07:29 | 001,428,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-06-17 18:18:24 | 000,008,267 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\franz.jpg [2012-06-17 18:18:08 | 000,007,487 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\franz.jpeg [2012-06-17 18:15:45 | 000,033,109 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\john.jpg [2012-06-17 18:14:53 | 000,131,552 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\franc.jpg [2012-06-16 23:44:11 | 000,000,965 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Skrót do hitman2.lnk [2012-06-16 23:02:01 | 000,019,480 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\john wayne.jpg [2012-06-15 15:28:19 | 000,063,218 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Obraz.jpeg [2012-06-15 14:06:07 | 000,004,302 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Nowy Dokument sformatowany.rtf [2012-06-14 20:52:59 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Alt WAV MP3 WMA OGG Converter.lnk [2012-06-13 12:00:07 | 000,001,012 | ---- | M] () -- C:\Documents and Settings\MDK\Menu Start\Programy\Autostart\Dropbox.lnk [2012-06-13 11:56:49 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Dropbox.lnk [2012-06-12 11:20:38 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-06-12 11:20:38 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-06-09 15:43:13 | 000,007,277 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\prof zapytaj.rtf [2012-06-04 17:47:06 | 000,112,392 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Horror_33.jpg [2012-06-02 15:34:33 | 000,067,954 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\zagada.JPG [2012-06-02 15:29:26 | 000,022,054 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\4.jpg [2012-06-02 15:28:51 | 000,015,866 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\3.jpg [2012-06-02 15:28:08 | 000,011,718 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\2.jpg [2012-06-02 15:27:31 | 000,014,185 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\1.jpg [2012-06-02 14:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll [2012-06-02 14:19:38 | 000,024,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2012-06-02 14:19:38 | 000,015,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2012-06-02 14:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll [2012-06-02 14:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll [2012-05-31 14:22:04 | 000,602,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll [2012-05-26 13:07:11 | 000,019,328 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Nowy Dokument sformatowany (2).rtf [2012-05-25 19:51:36 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\pcsx2 0.9.6.lnk [2012-05-25 19:48:27 | 003,969,536 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\PCSX2_0.9.6_setup.msi [2012-05-22 14:41:17 | 001,020,505 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\mamtaksamo.gif [2012-05-21 15:43:54 | 000,126,976 | ---- | M] () -- C:\WINDOWS\lcmmfu.cpl [2012-05-21 15:43:51 | 000,048,640 | ---- | M] () -- C:\WINDOWS\mmfs.dll [2012-05-21 15:43:51 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe [2012-05-19 19:35:13 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Boxsport Manager.lnk [2012-05-16 16:09:43 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll [2012-05-16 15:52:14 | 000,041,638 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\zolta kartka.jpg [2012-05-15 11:50:36 | 000,012,941 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\images.jpg [2012-05-15 11:48:44 | 000,011,291 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\images.jpeg [2012-05-15 11:48:35 | 000,091,820 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\this-is-spam.jpeg [2012-05-15 11:48:23 | 000,062,667 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\sparta_32671.jpg [2012-05-11 19:14:14 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2012-05-11 15:44:14 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll [2012-05-11 15:44:14 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll [2012-05-11 15:44:14 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll [2012-05-11 15:44:14 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll [2012-05-11 15:44:14 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll [2012-05-11 15:44:14 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll [2012-05-11 15:44:14 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll [2012-05-11 15:44:13 | 006,007,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2012-05-11 15:44:13 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2012-05-11 15:44:13 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl [2012-05-11 15:44:13 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl [2012-05-11 15:44:13 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll [2012-05-11 15:44:13 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2012-05-11 15:44:13 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2012-05-11 15:44:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll [2012-05-11 15:44:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2012-05-11 15:44:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll [2012-05-11 15:44:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll [2012-05-11 15:44:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll [2012-05-11 15:44:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll [2012-05-11 15:44:12 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2012-05-11 15:44:12 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll [2012-05-11 15:44:12 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll [2012-05-11 15:44:12 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll [2012-05-11 15:44:12 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll [2012-05-11 12:39:29 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec [2012-05-11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe [2012-05-11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe [2012-05-09 20:43:45 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\New Star Soccer 3.lnk [2012-05-09 20:26:17 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash [2012-05-04 18:45:56 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\THETHING (2).lnk [2012-05-03 18:00:53 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk [2012-05-02 14:47:12 | 000,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys [2012-04-30 20:20:34 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2012-04-10 10:12:28 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\YouTube to ALLPlayer.lnk [2012-04-09 13:58:18 | 000,000,055 | ---- | M] () -- C:\WINDOWS\wininit.ini [2012-04-08 09:50:23 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\MDK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-04-08 09:12:20 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\zuzel.pif [2012-04-02 21:34:04 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Easy GIF Animator.lnk [2012-03-30 00:04:54 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2012-03-26 00:19:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2012-03-25 20:35:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MDK\.gtk-bookmarks [2012-03-25 19:54:06 | 000,347,314 | ---- | M] () -- C:\Documents and Settings\MDK\.fonts.cache-1 [2012-03-23 12:37:20 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2012-03-08 20:43:42 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\CMScout.lnk [2012-03-05 20:59:42 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\RealWorld Cursor Editor.lnk [2012-02-29 15:10:17 | 000,148,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imagehlp.dll [2012-02-23 15:55:48 | 301,906,301 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Kobieta w czerni 2012. PLSUBBED. DVDSCR. XviD-BiDA.rmvb [2012-02-21 15:43:12 | 000,001,571 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\IrfanView Thumbnails.lnk [2012-02-21 15:43:12 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\IrfanView.lnk [2012-02-19 21:59:02 | 267,442,344 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Kronika - Chronicle (2012) PL. SUBBED. TS. XviD-MORS.rmvb [2012-02-18 17:23:46 | 411,973,472 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\Duże Dzieci - Grown Ups (2010) PL.DVDRip.XviD-Evolution.SG.rmvb [2012-01-11 20:07:12 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\iacenc.dll [2012-01-11 20:07:12 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012-01-04 13:00:15 | 000,251,152 | RHS- | M] () -- C:\ntldr [2011-12-29 23:04:42 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-12-29 19:37:22 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\game.lnk [2011-12-29 13:51:48 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\MDK\Pulpit\gta_sa.lnk ========== Files Created - No Company Name ========== [2012-12-20 14:38:09 | 000,547,175 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\AdwCleaner.exe [2012-12-19 22:20:02 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Championship Manager 01-02.lnk [2012-07-04 15:34:55 | 000,091,284 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Dean_Winchester_ID_by_onepbigfans.jpg [2012-07-02 13:37:43 | 000,100,253 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\bates2.gif [2012-07-02 13:36:33 | 000,030,661 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\bates 1.jpg [2012-06-30 11:30:59 | 000,112,984 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\johncarter.jpg [2012-06-29 21:24:50 | 000,035,895 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\PULP.jpg [2012-06-26 15:48:55 | 000,002,533 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Nowy Dokument sformatowany (3).rtf [2012-06-17 18:18:24 | 000,008,267 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\franz.jpg [2012-06-17 18:18:07 | 000,007,487 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\franz.jpeg [2012-06-17 18:15:44 | 000,033,109 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\john.jpg [2012-06-17 18:14:52 | 000,131,552 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\franc.jpg [2012-06-16 23:44:11 | 000,000,965 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Skrót do hitman2.lnk [2012-06-16 23:01:57 | 000,019,480 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\john wayne.jpg [2012-06-15 15:29:14 | 000,063,218 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Obraz.jpeg [2012-06-14 20:52:59 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Alt WAV MP3 WMA OGG Converter.lnk [2012-06-13 17:47:26 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2012-06-13 12:00:07 | 000,001,012 | ---- | C] () -- C:\Documents and Settings\MDK\Menu Start\Programy\Autostart\Dropbox.lnk [2012-06-04 19:49:35 | 000,007,277 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\prof zapytaj.rtf [2012-06-04 17:47:01 | 000,112,392 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Horror_33.jpg [2012-06-02 15:31:23 | 000,067,954 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\zagada.JPG [2012-06-02 15:29:25 | 000,022,054 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\4.jpg [2012-06-02 15:28:50 | 000,015,866 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\3.jpg [2012-06-02 15:28:07 | 000,011,718 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\2.jpg [2012-06-02 15:27:20 | 000,014,185 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\1.jpg [2012-05-27 23:15:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2012-05-27 23:15:03 | 000,262,400 | RHS- | C] () -- C:\cmldr [2012-05-27 22:58:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012-05-27 22:58:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012-05-27 22:58:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012-05-27 22:58:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012-05-27 22:58:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012-05-25 19:51:36 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\pcsx2 0.9.6.lnk [2012-05-25 19:47:12 | 003,969,536 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\PCSX2_0.9.6_setup.msi [2012-05-22 14:41:01 | 001,020,505 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\mamtaksamo.gif [2012-05-21 15:43:54 | 000,126,976 | ---- | C] () -- C:\WINDOWS\lcmmfu.cpl [2012-05-21 15:43:53 | 000,002,161 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys [2012-05-21 15:43:51 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll [2012-05-21 15:43:51 | 000,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe [2012-05-19 19:35:13 | 000,001,005 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Boxsport Manager.lnk [2012-05-16 17:53:27 | 267,442,344 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Kronika - Chronicle (2012) PL. SUBBED. TS. XviD-MORS.rmvb [2012-05-16 17:52:50 | 301,906,301 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Kobieta w czerni 2012. PLSUBBED. DVDSCR. XviD-BiDA.rmvb [2012-05-16 15:52:13 | 000,041,638 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\zolta kartka.jpg [2012-05-15 11:50:36 | 000,012,941 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\images.jpg [2012-05-15 11:48:43 | 000,011,291 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\images.jpeg [2012-05-15 11:48:34 | 000,091,820 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\this-is-spam.jpeg [2012-05-15 11:48:17 | 000,062,667 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\sparta_32671.jpg [2012-05-09 20:43:45 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\New Star Soccer 3.lnk [2012-05-09 19:21:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash [2012-05-04 18:45:56 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\THETHING (2).lnk [2012-05-03 18:00:53 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader X.lnk [2012-05-03 18:00:52 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader X.lnk [2012-04-30 20:20:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2012-04-10 10:12:28 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\YouTube to ALLPlayer.lnk [2012-04-10 10:11:46 | 000,797,184 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.ax [2012-04-10 09:38:32 | 000,026,238 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\config.dat [2012-04-09 13:58:18 | 000,000,055 | ---- | C] () -- C:\WINDOWS\wininit.ini [2012-04-08 09:12:20 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\zuzel.pif [2012-04-08 09:04:44 | 000,108,846 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Kopia RTM.EXE [2012-04-08 09:04:44 | 000,036,608 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Kopia ED.EXE [2012-04-08 08:44:11 | 000,108,846 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\RTM.EXE [2012-04-08 08:44:11 | 000,036,608 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\ED.EXE [2012-04-02 21:34:04 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Easy GIF Animator.lnk [2012-03-27 11:38:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012-03-27 11:38:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2012-03-25 23:39:43 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2012-03-25 23:39:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2012-03-25 19:54:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MDK\.gtk-bookmarks [2012-03-25 19:54:06 | 000,347,314 | ---- | C] () -- C:\Documents and Settings\MDK\.fonts.cache-1 [2012-03-25 17:34:48 | 000,019,328 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Nowy Dokument sformatowany (2).rtf [2012-03-23 12:37:52 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk [2012-03-09 21:02:57 | 000,004,302 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Nowy Dokument sformatowany.rtf [2012-03-08 20:43:42 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\CMScout.lnk [2012-03-04 17:43:54 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Dropbox.lnk [2012-03-04 02:56:30 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\RealWorld Cursor Editor.lnk [2012-02-26 08:34:48 | 411,973,472 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\Duże Dzieci - Grown Ups (2010) PL.DVDRip.XviD-Evolution.SG.rmvb [2012-02-21 15:43:12 | 000,001,571 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\IrfanView Thumbnails.lnk [2012-02-21 15:43:12 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\IrfanView.lnk [2011-12-30 11:17:34 | 000,000,458 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3E3DDB62-5F46-4BFF-ABE8-A124591EC708}.job [2011-12-29 19:25:22 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\MDK\Pulpit\game.lnk [2011-12-26 02:55:59 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2011-12-26 02:43:16 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2011-12-26 02:43:15 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2011-12-26 01:21:33 | 000,004,456 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-12-26 00:55:29 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\MDK\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2011-11-14 19:42:52 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\MDK\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-10-22 11:11:17 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011-10-22 11:11:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011-10-22 11:11:15 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll ========== ZeroAccess Check ========== [2011-12-26 02:00:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2007-07-13 23:54:36 | 001,777,664 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 11:03:55 | 000,473,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2004-08-04 03:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Odnośnik do komentarza
picasso Opublikowano 21 Grudnia 2012 Zgłoś Udostępnij Opublikowano 21 Grudnia 2012 Logi proszę umieszczaj jako załączniki. Zadania wykonane. Zakończ temat: 1. Drobna poprawka. Zamknij Firefox. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :OTL FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=" :Reg [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" Klik w Wykonaj skrypt. Tym razem nie będzie restartu. 2. Odinstaluj w prawidłowy sposób ComboFix. Pobierz narzędzie ponownie (KLIK) i umieść na Pulpicie. Start > Uruchom > wklej komendę: "C:\Documents and Settings\MDK\Pulpit\ComboFix.exe" /uninstall Gdy komenda ukończy działanie, posprzątaj pozostałe elementy: w AdwCleaner uruchom Odinstaluj, w OTL uruchom Sprzątanie, przez SHIFT+DEL skasuj folder C:\WINDOWS\ERDNT. 3. Zaktualizuj Windows i wyliczone poniżej programy: KLIK. Wg raportu XP nieaktualizowany (i odcięty od pobierania aktualizacji, tylko XP SP3 ma wsparcie) oraz posiadasz wersje: Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation ========= HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 29"{9E35B051-C7EE-47CB-BA43-9A7FFD4E61DE}" = OpenOffice.org 3.1"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.6"Mozilla Firefox 12.0 (x86 pl)" = Mozilla Firefox 12.0 (x86 pl) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () W podsumowaniu: odinstaluj wszystkie wyliczone tu Adobe / Java i zastąp najnowszymi wersjami, zaktualizuj Firefox i OpenOffice.org, wykonaj pełną aktualizację XP (SP3 + reszta łat). PS. Widzę też zainstalowane GG10. Polecam alternatywne programy z obsługą sieci Gadu: WTW, Kaddu, Miranda, AQQ. Opisy: KLIK. . Odnośnik do komentarza
pio09 Opublikowano 21 Grudnia 2012 Autor Zgłoś Udostępnij Opublikowano 21 Grudnia 2012 jeszcze male pytankoco do punktu 3 rozumiem ze mam pobrac Windows Update Agent 7.4.7600.226 ? Odnośnik do komentarza
picasso Opublikowano 7 Stycznia 2013 Zgłoś Udostępnij Opublikowano 7 Stycznia 2013 Tak, aktualizacja agenta jest tu istotna (źródłowo tylko XP SP2). Odnośnik do komentarza
pio09 Opublikowano 20 Stycznia 2013 Autor Zgłoś Udostępnij Opublikowano 20 Stycznia 2013 dzieki bardzo za pomoc Odnośnik do komentarza
Rekomendowane odpowiedzi