Mam Rootkita

Mam rootkita. Niewiem zbyt odczego zacząc wiec wklejam log z Hijacka

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:57:09, on 2009-09-22

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

D:\Valve\Steam\Steam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.entretieneteds.vze.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi … t=&gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi … t=&gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi … t=&gc=1&q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\Mozilla\Firefox\Profiles\jlp20ald.default\extensions{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.77.dll

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU…\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip…{56D36CA2-EA11-46DC-B7F9-80B70544FCCD}: NameServer = 10.0.10.2 194.204.159.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Remote Procedure Call (HGM) (RPCHGM) - Unknown owner - C:\Program Files\NetMeeting\secedit.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

End of file - 6093 bytes

No wiec jeśli ktos moze to niech mi pomoze co mam zrobic …

A tak wogole to nie moge normalnie dysku otworzyc tylko musze przez “Eksploruj” i opcje folderow sa zepsute mysle ze chodzi o wpisy w rejestrze.

Tego virusa prawdopodobnie dostalem od kolegi na pendrive… :confused:

Wklej logi z OTL, GMER i System Repair Engineer

Logi wklej na wklej.to a tutaj tylko link do wklejki.

OTL logfile created on: 2009-09-22 16:02:44 - Run 2

OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,87 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 61,21% Memory free

3,72 Gb Paging File | 2,98 Gb Available in Paging File | 79,93% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 29,30 Gb Total Space | 2,84 Gb Free Space | 9,68% Space Free | Partition Type: NTFS

Drive D: | 117,19 Gb Total Space | 0,72 Gb Free Space | 0,61% Space Free | Partition Type: NTFS

Drive E: | 86,39 Gb Total Space | 4,56 Gb Free Space | 5,28% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

Drive G: | 2,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive H: | 696,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

I: Drive not present or media not loaded

Computer Name: ARCZI-3400B34F6

Current User Name: Artur

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2007-02-02 21:55:08 | 00,446,464 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2007-02-02 21:55:08 | 00,446,464 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\Ati2evxx.exe

PRC - [2009-08-17 17:58:55 | 00,018,752 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-08-17 18:07:17 | 00,138,680 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2007-01-05 16:04:00 | 00,554,616 | ---- | M] (Symantec Corporation) – C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

PRC - [2009-08-17 18:07:01 | 00,254,040 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2008-04-15 14:00:00 | 01,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Explorer.EXE

PRC - [2007-04-12 11:33:10 | 16,132,608 | R— | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\RTHDCPL.EXE

PRC - [2009-08-17 18:07:23 | 00,081,000 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2006-09-29 09:57:30 | 00,049,152 | ---- | M] (ATI Technologies Inc.) – C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

PRC - [2006-09-29 09:57:36 | 00,049,152 | ---- | M] (ATI Technologies Inc.) – C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

PRC - [2009-08-31 18:07:34 | 11,391,592 | ---- | M] (GG Network S.A.) – C:\Program Files\Nowe Gadu-Gadu\gg.exe

PRC - [2009-08-31 16:56:26 | 00,077,824 | ---- | M] () – C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

PRC - [2009-06-11 15:12:37 | 01,217,784 | ---- | M] (Valve Corporation) – D:\Valve\Steam\Steam.exe

PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\wbem\wmiprvse.exe

PRC - [2009-09-13 13:26:25 | 00,908,280 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-09-22 14:54:01 | 00,514,560 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\OTL.exe

PRC - [2009-07-15 13:07:18 | 00,238,888 | ---- | M] (Skype Technologies S.A.) – C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

========== Win32 Services (SafeList) ==========

SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe – (aspnet_state [On_Demand | Stopped])

SRV - [2009-08-17 17:58:55 | 00,018,752 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe – (aswUpdSv [Auto | Running])

SRV - [2007-02-02 21:55:08 | 00,446,464 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\Ati2evxx.exe – (Ati HotKey Poller [Auto | Running])

SRV - [2007-01-05 16:04:00 | 00,554,616 | ---- | M] (Symantec Corporation) – C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe – (Automatic LiveUpdate Scheduler [Auto | Running])

SRV - [2009-08-17 18:07:17 | 00,138,680 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashServ.exe – (avast! Antivirus [Auto | Running])

SRV - [2009-08-17 18:07:01 | 00,254,040 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe – (avast! Mail Scanner [On_Demand | Running])

SRV - [2009-08-17 18:04:21 | 00,352,920 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe – (avast! Web Scanner [On_Demand | Stopped])

SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2006-10-20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe – (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008-04-15 14:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll – (helpsvc [Auto | Running])

SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe – (IDriverT [On_Demand | Stopped])

SRV - [2006-10-30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe – (idsvc [unknown | Stopped])

SRV - [2007-01-05 16:04:00 | 02,918,008 | ---- | M] (Symantec Corporation) – C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE – (LiveUpdate [On_Demand | Stopped])

SRV - [2007-04-13 21:09:56 | 00,792,112 | ---- | M] (Nero AG) – C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe – (NBService [Disabled | Stopped])

SRV - [2006-10-30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe – (NetTcpPortSharing [Disabled | Stopped])

SRV - [2007-06-01 10:21:30 | 00,271,920 | ---- | M] (Nero AG) – C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe – (NMIndexingService [Disabled | Stopped])

SRV - [2009-08-23 21:34:09 | 00,075,064 | ---- | M] () – C:\WINDOWS\System32\PnkBstrA.exe – (PnkBstrA [Disabled | Stopped])

SRV - [2009-08-24 15:20:19 | 00,189,784 | ---- | M] () – C:\WINDOWS\System32\PnkBstrB.exe – (PnkBstrB [Disabled | Stopped])

SRV - [2009-08-21 18:31:55 | 22,863,560 | RHS- | M] () – C:\Program Files\NetMeeting\secedit.exe – (RPCHGM [Auto | Stopped])

SRV - [2009-01-07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) – C:\Program Files\Spyware Doctor\pctsAuxs.exe – (sdAuxService [On_Demand | Stopped])

SRV - [2009-01-21 13:08:06 | 01,095,560 | ---- | M] (PC Tools) – C:\Program Files\Spyware Doctor\pctsSvc.exe – (sdCoreService [On_Demand | Stopped])

SRV - [2006-11-06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe – (ServiceLayer [Disabled | Stopped])

SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) – C:\Program Files\Windows Media Player\WMPNetwk.exe – (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009-08-17 18:03:21 | 00,026,944 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aavmker4.sys – (Aavmker4 [system | Running])

DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) – C:\WINDOWS\System32\DRIVERS\AmdK8.sys – (AmdK8 [system | Running])

DRV - [2006-10-18 13:12:00 | 00,012,664 | R— | M] () – C:\WINDOWS\System32\drivers\AsIO.sys – (AsIO [system | Running])

DRV - [2009-08-17 18:05:37 | 00,020,560 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys – (aswFsBlk [Auto | Running])

DRV - [2009-08-17 18:06:43 | 00,094,160 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon2.sys – (aswMon2 [Auto | Running])

DRV - [2009-08-17 18:04:29 | 00,023,152 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswRdr.sys – (aswRdr [On_Demand | Running])

DRV - [2009-08-17 18:05:52 | 00,114,768 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSP.sys – (aswSP [system | Running])

DRV - [2009-08-17 18:04:40 | 00,051,376 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswTdi.sys – (aswTdi [system | Running])

DRV - [2007-02-02 22:03:24 | 01,975,296 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\System32\DRIVERS\ati2mtag.sys – (ati2mtag [On_Demand | Running])

DRV - [2009-08-16 21:57:19 | 00,279,712 | ---- | M] () – C:\WINDOWS\System32\DRIVERS\atksgt.sys – (atksgt [Auto | Running])

DRV - [2003-12-27 20:42:12 | 00,137,216 | ---- | M] ( ) – C:\WINDOWS\system32\DRIVERS\d344bus.sys – (d344bus [boot | Running])

DRV - [2003-12-27 02:38:10 | 00,005,248 | ---- | M] ( ) – C:\WINDOWS\System32\Drivers\d344prt.sys – (d344prt [boot | Running])

DRV - [2009-08-29 17:27:50 | 00,025,280 | ---- | M] (LogMeIn, Inc.) – C:\WINDOWS\System32\DRIVERS\hamachi.sys – (hamachi [On_Demand | Stopped])

DRV - [2008-04-15 14:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) – C:\WINDOWS\System32\DRIVERS\HDAudBus.sys – (HDAudBus [On_Demand | Running])

DRV - [2007-04-23 12:12:28 | 04,402,176 | R— | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\System32\drivers\RtkHDAud.sys – (IntcAzAudAddService [On_Demand | Running])

DRV - [2009-08-16 21:57:19 | 00,025,888 | ---- | M] () – C:\WINDOWS\System32\DRIVERS\lirsgt.sys – (lirsgt [Auto | Running])

DRV - [2004-08-13 20:56:20 | 00,005,810 | R— | M] () – C:\WINDOWS\System32\DRIVERS\ASACPI.sys – (MTsensor [On_Demand | Running])

DRV - [2006-10-10 08:54:32 | 00,009,216 | ---- | M] (Nokia) – C:\WINDOWS\System32\drivers\nmwcdc.sys – (Nokia USB Generic [On_Demand | Stopped])

DRV - [2006-10-10 08:54:32 | 00,012,800 | ---- | M] (Nokia) – C:\WINDOWS\System32\drivers\nmwcdcm.sys – (Nokia USB Modem [On_Demand | Stopped])

DRV - [2006-10-10 08:54:34 | 00,138,240 | ---- | M] (Nokia) – C:\WINDOWS\System32\drivers\nmwcd.sys – (Nokia USB Phone Parent [On_Demand | Stopped])

DRV - [2006-10-10 08:54:32 | 00,012,800 | ---- | M] (Nokia) – C:\WINDOWS\System32\drivers\nmwcdcj.sys – (Nokia USB Port [On_Demand | Stopped])

DRV - [2009-04-03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) – C:\WINDOWS\system32\drivers\PCTCore.sys – (PCTCore [boot | Running])

DRV - [2004-11-25 18:32:01 | 00,054,368 | ---- | M] (Protection Technology) – C:\WINDOWS\System32\drivers\prodrv06.sys – (prodrv06 [system | Running])

DRV - [2004-11-25 18:36:06 | 00,077,248 | ---- | M] (Protection Technology) – C:\WINDOWS\System32\drivers\prohlp02.sys – (prohlp02 [boot | Running])

DRV - [2003-09-06 14:22:08 | 00,006,944 | ---- | M] (Protection Technology) – C:\WINDOWS\System32\drivers\prosync1.sys – (prosync1 [boot | Running])

DRV - [2008-04-15 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) – C:\WINDOWS\System32\DRIVERS\ptilink.sys – (Ptilink [On_Demand | Running])

DRV - [2006-08-25 05:47:00 | 00,036,528 | ---- | M] (Sonic Solutions) – C:\WINDOWS\System32\Drivers\PxHelp20.sys – (PxHelp20 [boot | Running])

DRV - [2006-08-15 07:09:48 | 00,083,200 | R— | M] (Realtek Semiconductor Corporation ) – C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys – (RTLE8023xp [On_Demand | Running])

DRV - [2008-04-15 14:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) – C:\WINDOWS\System32\DRIVERS\secdrv.sys – (Secdrv [On_Demand | Stopped])

DRV - [2003-12-01 17:20:52 | 00,004,832 | ---- | M] (Protection Technology) – C:\WINDOWS\System32\drivers\sfhlp01.sys – (sfhlp01 [boot | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl … ar=msnhome

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi … t=&gc=1&q=

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl … r=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi … t=&gc=1&q=

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.entretieneteds.vze.com

IE - URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…browser.startup.homepage: “http://www.google.pl/firefox

FF - prefs.js…extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.10

FF - prefs.js…extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.77

FF - prefs.js…extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789

FF - prefs.js…extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\Components: C:\Program Files\Mozilla Firefox\components [2009-09-19 10:11:30 | 00,000,000 | —D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-13 13:26:30 | 00,000,000 | —D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009-08-13 18:55:15 | 00,000,000 | —D | M] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\mozilla\Extensions

[2009-08-13 18:55:15 | 00,000,000 | —D | M] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-09-22 15:02:47 | 00,000,000 | —D | M] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\mozilla\Firefox\Profiles\jlp20ald.default\extensions

[2009-08-14 18:35:11 | 00,000,000 | —D | M] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\mozilla\Firefox\Profiles\jlp20ald.default\extensions{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2009-08-14 19:25:41 | 00,000,000 | —D | M] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\mozilla\Firefox\Profiles\jlp20ald.default\extensions{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

[2009-09-22 15:46:21 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions

[2009-09-13 13:26:30 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-08-31 08:52:35 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}

[2009-09-13 13:26:23 | 00,023,544 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-09-13 13:26:23 | 00,137,208 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009-07-17 10:40:12 | 00,704,512 | ---- | M] (BitComet) – C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2009-09-13 13:26:27 | 00,065,016 | ---- | M] (mozilla.org) – C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006-01-28 02:57:22 | 00,139,305 | ---- | M] (RealNetworks, Inc.) – C:\Program Files\mozilla firefox\plugins\nppl3260.dll

[2006-01-28 02:56:18 | 00,081,967 | ---- | M] (RealNetworks, Inc.) – C:\Program Files\mozilla firefox\plugins\nprpjplug.dll

[2009-07-31 00:44:16 | 00,002,767 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2009-07-31 00:44:16 | 00,001,406 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2009-07-31 01:45:26 | 00,002,371 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009-07-31 00:44:16 | 00,000,917 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2009-07-31 00:44:16 | 00,000,858 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2009-07-31 00:44:16 | 00,001,183 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2009-07-31 00:44:16 | 00,001,683 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)

O3 - HKLM…\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM…\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\Mozilla\Firefox\Profiles\jlp20ald.default\extensions{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.77.dll ()

O3 - HKCU…\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O4 - HKLM…\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM…\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM…\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKCU…\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - HKCU…\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O9 - Extra ‘Tools’ menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra ‘Tools’ menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)

O15 - HKLM…Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/aut … s-i586.cab (Java Plug-in 1.4.2_04)

O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut … s-i586.cab (Java Plug-in 1.4.2_04)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-05-05 19:49:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O32 - AutoRun File - [2009-09-14 18:49:02 | 00,000,051 | RHS- | M] () - C:\autorun.inf – [NTFS]

O32 - AutoRun File - [2009-09-14 18:49:07 | 00,000,051 | RHS- | M] () - D:\autorun.inf – [NTFS]

O32 - AutoRun File - [2009-09-14 18:49:20 | 00,000,051 | RHS- | M] () - E:\autorun.inf – [NTFS]

O32 - AutoRun File - [2006-09-07 01:15:28 | 00,741,376 | R— | M] (Electronic Arts Inc.) - G:\AutoRun.exe – [CDFS]

O32 - AutoRun File - [2006-09-07 01:15:28 | 00,741,376 | R— | M] (Electronic Arts Inc.) - G:\AutoRun.exe – [CDFS]

O32 - AutoRun File - [2006-09-07 01:28:54 | 00,000,136 | R— | M] () - G:\autorun.inf – [CDFS]

O32 - AutoRun File - [2006-08-23 20:58:18 | 00,593,920 | R— | M] (Electronic Arts Inc.) - G:\AutoRunGUI.dll – [CDFS]

O32 - AutoRun File - [2002-10-30 18:12:10 | 00,000,058 | R— | M] () - H:\AUTORUN.INF – [CDFS]

O33 - MountPoints2{04c37f7e-7dd2-11de-812a-b80feeac9b84}\Shell\AutoRun\command - “” = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe – File not found

O33 - MountPoints2{04c37f7e-7dd2-11de-812a-b80feeac9b84}\Shell\open\command - “” = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe – File not found

O33 - MountPoints2{04c37f7f-7dd2-11de-812a-b80feeac9b84}\Shell\AutoRun\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe – File not found

O33 - MountPoints2{04c37f7f-7dd2-11de-812a-b80feeac9b84}\Shell\open\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe – File not found

O33 - MountPoints2{7710ba2a-80dd-11de-813e-96f0296ae4b2}\Shell\AutoRun\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe – File not found

O33 - MountPoints2{7710ba2a-80dd-11de-813e-96f0296ae4b2}\Shell\open\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe – File not found

O33 - MountPoints2{86ab4cc0-84d4-11de-8163-b29c692cbd34}\Shell\AutoRun\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe – File not found

O33 - MountPoints2{86ab4cc0-84d4-11de-8163-b29c692cbd34}\Shell\open\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe – File not found

O33 - MountPoints2{8e81e608-a14d-11de-8236-001e8c802c9f}\Shell\AutoRun\command - “” = K:\ph.exe – File not found

O33 - MountPoints2{8e81e608-a14d-11de-8236-001e8c802c9f}\Shell\open\Command - “” = K:\ph.exe – File not found

O33 - MountPoints2{98e41008-3bae-11de-bf20-f71561c122b3}\Shell\AutoRun\command - “” = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe – File not found

O33 - MountPoints2{98e41008-3bae-11de-bf20-f71561c122b3}\Shell\open\command - “” = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe – File not found

O33 - MountPoints2{cb2cf424-3efd-11de-bf35-fa22a7b077b3}\Shell\AutoRun\command - “” = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe – File not found

O33 - MountPoints2{cb2cf424-3efd-11de-bf35-fa22a7b077b3}\Shell\open\command - “” = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe – File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32*.tmp files]

[3 C:\WINDOWS*.tmp files]

[2009-09-22 16:03:13 | 00,000,000 | —D | C] – C:\WINDOWS\LastGood

[2009-09-22 16:02:54 | 03,429,788 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\kasowanie.wmv

[2009-09-22 14:59:27 | 02,836,128 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\kasowanie0.rar

[2009-09-22 14:58:59 | 00,000,000 | —D | C] – C:_OTL

[2009-09-22 14:54:21 | 00,280,419 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\gmer.zip

[2009-09-22 14:53:56 | 00,514,560 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\OTL.exe

[2009-09-21 15:50:08 | 27,898,810 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\cs16patch_full_v31(DobrePliki.pl).exe

[2009-09-21 14:21:53 | 00,000,060 | ---- | C] () – C:\WINDOWS\wcx_ftp.ini

[2009-09-21 13:54:10 | 00,000,548 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Total Commander.lnk

[2009-09-21 13:54:09 | 00,000,629 | ---- | C] () – C:\WINDOWS\wincmd.ini

[2009-09-21 13:54:09 | 00,000,545 | ---- | C] () – C:\WINDOWS\UC.PIF

[2009-09-21 13:54:09 | 00,000,545 | ---- | C] () – C:\WINDOWS\RAR.PIF

[2009-09-21 13:54:09 | 00,000,545 | ---- | C] () – C:\WINDOWS\PKZIP.PIF

[2009-09-21 13:54:09 | 00,000,545 | ---- | C] () – C:\WINDOWS\PKUNZIP.PIF

[2009-09-21 13:54:09 | 00,000,545 | ---- | C] () – C:\WINDOWS\NOCLOSE.PIF

[2009-09-21 13:54:09 | 00,000,545 | ---- | C] () – C:\WINDOWS\LHA.PIF

[2009-09-21 13:54:09 | 00,000,545 | ---- | C] () – C:\WINDOWS\ARJ.PIF

[2009-09-21 13:54:09 | 00,000,000 | —D | C] – C:\totalcmd

[2009-09-20 09:25:20 | 00,000,585 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Skrót do main.lnk

[2009-09-19 17:10:51 | 00,000,293 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Skrót do Dysk lokalny ©.lnk

[2009-09-19 09:45:15 | 00,028,528 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\skill

[2009-09-19 08:24:36 | 00,000,000 | —D | C] – C:\Program Files\Asprate

[2009-09-19 08:23:49 | 00,001,838 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk

[2009-09-19 08:22:17 | 00,000,428 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Tibia.lnk

[2009-09-18 20:49:08 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\ESET

[2009-09-18 20:20:43 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\nonameSzablon

[2009-09-18 20:12:04 | 00,216,593 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\nonameSzablon.zip

[2009-09-18 20:00:56 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\gtk-2.0

[2009-09-18 20:00:18 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\To i owo

[2009-09-17 18:20:51 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2009-09-17 18:20:50 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\OpenFM

[2009-09-17 18:20:20 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Ustawienia lokalne\Dane aplikacji\cache

[2009-09-17 18:19:50 | 00,000,688 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk

[2009-09-17 18:19:30 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\Nowe Gadu-Gadu

[2009-09-17 18:19:23 | 00,000,000 | —D | C] – C:\Program Files\Nowe Gadu-Gadu

[2009-09-17 07:20:31 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\gegl-0.0

[2009-09-17 07:20:25 | 00,000,794 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\GIMP 2.lnk

[2009-09-17 07:20:00 | 00,000,000 | —D | C] – C:\Program Files\GIMP-2.0

[2009-09-17 07:15:03 | 16,871,432 | ---- | C] ( ) – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\gimp-2.6.7-i686-setup.exe

[2009-09-14 18:43:18 | 00,000,051 | RHS- | C] () – C:\autorun.inf

[2009-09-13 16:13:19 | 02,986,038 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\heh.bmp

[2009-09-13 13:57:41 | 00,000,714 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\OrionOTS.lnk

[2009-09-13 10:29:10 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\Tibia

[2009-09-13 10:29:04 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Orion_8.42_RPG_normal

[2009-09-13 10:26:50 | 21,633,455 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Orion_8.42_RPG_normal.zip

[2009-09-12 09:02:10 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Puzzle - Wlatcy Moch

[2009-09-12 07:18:56 | 00,000,768 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Media Player Classic.lnk

[2009-09-11 23:21:25 | 00,079,200 | -H-- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\Porn Thunder - Pornthunder.com - Daily free galleries!aa.htm

[2009-09-11 23:21:25 | 00,000,000 | -H-D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\Porn Thunder - Pornthunder.com - Daily free galleries!aa_pliki

[2009-09-11 23:21:20 | 00,076,395 | -H-- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\Sex Planeta - Sexplaneta.pl - Codziennie darmowe zdjęcia i filmy!aaa.htm

[2009-09-11 23:21:20 | 00,000,000 | -H-D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\Sex Planeta - Sexplaneta.pl - Codziennie darmowe zdjęcia i filmy!aaa_pliki

[2009-09-11 23:20:33 | 00,079,985 | -H-- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\Porn Thunder - Pornthunder.com - Daily free galleries!1231231.htm

[2009-09-11 23:20:33 | 00,000,000 | -H-D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\Porn Thunder - Pornthunder.com - Daily free galleries!1231231_pliki

[2009-09-11 23:20:19 | 00,000,000 | -H-D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\Porn Thunder - Pornthunder.com - Daily free galleries!333_pliki

[2009-09-11 23:20:18 | 00,079,357 | -H-- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\Porn Thunder - Pornthunder.com - Daily free galleries!333.htm

[2009-09-11 19:04:36 | 01,985,614 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Puzzle_-_Wlatcy_Moch.rar

[2009-09-09 20:06:18 | 00,015,173 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Killaz.m3u

[2009-09-09 18:34:57 | 00,002,129 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\01 09 09 mix.m3u

[2009-09-09 17:56:29 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\PokEmon

[2009-09-08 17:33:10 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\ipla

[2009-09-08 17:33:10 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\ipla

[2009-09-08 17:33:02 | 00,000,626 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\ipla.lnk

[2009-09-08 17:32:58 | 00,000,000 | —D | C] – C:\Program Files\ipla

[2009-09-08 17:32:55 | 01,700,352 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\gdiplus.dll

[2009-09-07 20:40:21 | 00,537,797 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\warlords.zip

[2009-09-06 20:20:46 | 00,140,800 | ---- | C] (The Duck Corporation) – C:\WINDOWS\System32\tm20dec.ax

[2009-09-06 18:02:53 | 05,433,444 | ---- | C] () – C:\zdjecia.rar

[2009-09-06 12:24:52 | 01,846,957 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\SDC10022.JPG

[2009-09-06 12:24:52 | 01,826,166 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\SDC10021.JPG

[2009-09-06 12:24:52 | 01,809,294 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\SDC10020.JPG

[2009-09-05 13:23:32 | 01,053,535 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\diablo_pl_v1.7pro_edycja_battlenet.rar

[2009-09-04 17:31:12 | 00,000,000 | —D | C] – C:\WINDOWS\System32\Adobe

[2009-09-01 13:04:50 | 00,000,596 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Media System.lnk

[2009-09-01 11:19:15 | 02,359,350 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\bez tytułu3.bmp

[2009-08-31 13:26:22 | 02,359,350 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\bez tytułu2.bmp

[2009-08-31 10:01:21 | 02,359,350 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\bez tytułu.bmp

[2009-08-31 08:55:48 | 00,000,056 | -H-- | C] () – C:\WINDOWS\System32\ezsidmv.dat

[2009-08-31 08:55:48 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\skypePM

[2009-08-31 08:52:44 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\Skype

[2009-08-31 08:52:16 | 00,002,267 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Skype.lnk

[2009-08-31 08:52:15 | 00,000,000 | —D | C] – C:\Program Files\Common Files\Skype

[2009-08-31 08:52:13 | 00,000,000 | R–D | C] – C:\Program Files\Skype

[2009-08-31 08:52:10 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Skype

[2009-08-31 08:41:25 | 12,563,853 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\David Guetta - Sexy Bitch (Club Version Edit).mp3

[2009-08-31 08:40:11 | 00,002,593 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\30 08 2009 Mix.m3u

[2009-08-30 20:49:52 | 00,000,523 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\LastChaosPoland.lnk

[2009-08-29 17:28:10 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\Hamachi

[2009-08-29 17:27:50 | 00,025,280 | ---- | C] (LogMeIn, Inc.) – C:\WINDOWS\System32\drivers\hamachi.sys

[2009-08-29 17:27:50 | 00,000,632 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\hamachi.lnk

[2009-08-29 17:27:50 | 00,000,000 | —D | C] – C:\Program Files\Hamachi

[2009-08-28 22:57:57 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\FIFA 09

[2009-08-28 22:45:42 | 01,846,632 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\D3DCompiler_41.dll

[2009-08-28 22:45:42 | 00,453,456 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx10_41.dll

[2009-08-28 22:45:41 | 04,178,264 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\D3DX9_41.dll

[2009-08-28 22:45:41 | 00,517,448 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\XAudio2_4.dll

[2009-08-28 22:45:41 | 00,069,448 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\XAPOFX1_3.dll

[2009-08-28 22:45:40 | 00,235,352 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine3_4.dll

[2009-08-28 22:45:40 | 00,022,360 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\X3DAudio1_6.dll

[2009-08-28 22:45:39 | 04,379,984 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\D3DX9_40.dll

[2009-08-28 22:45:39 | 02,036,576 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\D3DCompiler_40.dll

[2009-08-28 22:45:39 | 00,452,440 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx10_40.dll

[2009-08-28 22:45:38 | 00,514,384 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\XAudio2_3.dll

[2009-08-28 22:45:38 | 00,235,856 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine3_3.dll

[2009-08-28 22:45:38 | 00,070,992 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\XAPOFX1_2.dll

[2009-08-28 22:45:37 | 00,509,448 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\XAudio2_2.dll

[2009-08-28 22:45:37 | 00,068,616 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\XAPOFX1_1.dll

[2009-08-28 22:45:37 | 00,023,376 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\X3DAudio1_5.dll

[2009-08-28 22:45:36 | 01,493,528 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\D3DCompiler_39.dll

[2009-08-28 22:45:36 | 00,467,984 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx10_39.dll

[2009-08-28 22:45:36 | 00,238,088 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine3_2.dll

[2009-08-28 22:45:35 | 03,851,784 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\D3DX9_39.dll

[2009-08-28 22:45:35 | 00,507,400 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\XAudio2_1.dll

[2009-08-28 22:45:35 | 00,065,032 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\XAPOFX1_0.dll

[2009-08-28 22:45:34 | 00,238,088 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine3_1.dll

[2009-08-28 22:45:34 | 00,025,608 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\X3DAudio1_4.dll

[2009-08-28 22:45:33 | 00,479,752 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\XAudio2_0.dll

[2009-08-28 22:45:33 | 00,238,088 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine3_0.dll

[2009-08-28 22:45:32 | 01,420,824 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\D3DCompiler_37.dll

[2009-08-28 22:45:32 | 00,462,864 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx10_37.dll

[2009-08-28 22:45:32 | 00,025,608 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\X3DAudio1_3.dll

[2009-08-28 22:45:31 | 03,786,760 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\D3DX9_37.dll

[2009-08-28 22:45:31 | 00,267,272 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine2_10.dll

[2009-08-28 22:45:30 | 01,374,232 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\D3DCompiler_36.dll

[2009-08-28 22:45:30 | 00,444,776 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx10_36.dll

[2009-08-28 22:45:29 | 03,734,536 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_36.dll

[2009-08-28 22:45:27 | 00,267,112 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine2_9.dll

[2009-08-26 14:40:15 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\pliki

[2009-08-25 18:01:06 | 00,000,622 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Dedicated Server.lnk

[2009-08-25 12:13:04 | 00,000,359 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Counter-Strike 1.6 Non Steam.lnk

[2009-08-25 01:06:21 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files

[2009-08-24 17:05:02 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Google

[2009-08-24 16:58:23 | 00,002,236 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Hemp gru.m3u

[2009-08-24 15:50:41 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\Google

[2009-08-24 15:49:25 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Ustawienia lokalne\Dane aplikacji\Google

[2009-08-24 10:18:45 | 00,189,784 | ---- | C] () – C:\WINDOWS\System32\PnkBstrB.xtr

[2009-08-23 21:19:45 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Ustawienia lokalne\Dane aplikacji\PunkBuster

[2009-08-23 21:00:32 | 00,000,000 | —D | C] – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Dane aplikacji\id Software

[2009-08-23 21:00:17 | 02,373,712 | ---- | C] () – C:\WINDOWS\System32\pbsvc.exe

[2009-08-23 21:00:14 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\id Software

[2009-08-23 16:23:48 | 00,000,797 | ---- | C] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\SubEdit-Player.lnk

[2009-08-16 21:57:19 | 00,279,712 | ---- | C] () – C:\WINDOWS\System32\drivers\atksgt.sys

[2009-08-16 21:57:19 | 00,025,888 | ---- | C] () – C:\WINDOWS\System32\drivers\lirsgt.sys

[2009-08-15 10:03:36 | 00,000,402 | ---- | C] () – C:\WINDOWS\SIERRA.INI

[2009-08-14 23:58:42 | 00,022,108 | ---- | C] () – C:\WINDOWS\Ascd_tmp.ini

[2009-07-30 13:25:06 | 00,024,576 | R— | C] () – C:\WINDOWS\System32\AsIO.dll

[2009-07-30 13:25:06 | 00,012,664 | R— | C] () – C:\WINDOWS\System32\drivers\AsIO.sys

[2009-07-30 13:25:04 | 00,012,096 | ---- | C] () – C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009-07-30 13:25:04 | 00,010,304 | ---- | C] () – C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009-07-30 12:45:16 | 00,000,077 | ---- | C] () – C:\WINDOWS\WININIT.INI

[2009-07-20 21:23:32 | 00,000,160 | ---- | C] () – C:\WINDOWS\mafosav.INI

[2009-07-19 16:24:11 | 00,138,944 | ---- | C] () – C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009-07-19 16:23:00 | 00,000,294 | ---- | C] () – C:\WINDOWS\game.ini

[2009-07-06 19:18:22 | 00,043,520 | ---- | C] () – C:\WINDOWS\System32\CmdLineExt03.dll

[2009-06-16 16:09:38 | 00,000,069 | ---- | C] () – C:\WINDOWS\NeroDigital.ini

[2009-05-29 15:18:55 | 00,000,265 | ---- | C] () – C:\WINDOWS\JSBuilder.INI

[2009-05-20 15:44:03 | 00,000,144 | ---- | C] () – C:\WINDOWS\Eudcedit.ini

[2009-05-18 14:27:34 | 00,001,236 | ---- | C] () – C:\WINDOWS\bestplayer.ini

[2009-05-06 16:21:11 | 00,354,816 | ---- | C] () – C:\WINDOWS\System32\psisdecd.dll

[2009-05-05 20:12:22 | 00,137,216 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\d344bus.sys

[2009-05-05 20:12:22 | 00,005,248 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\d344prt.sys

[2009-05-05 19:54:03 | 00,022,436 | ---- | C] () – C:\WINDOWS\Ascd_log.ini

[2009-05-05 19:53:58 | 00,005,810 | R— | C] () – C:\WINDOWS\System32\drivers\ASACPI.sys

[2009-05-05 19:53:42 | 00,012,536 | ---- | C] () – C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008-04-15 14:00:00 | 00,000,808 | ---- | C] () – C:\WINDOWS\win.ini

[2008-04-15 14:00:00 | 00,000,227 | ---- | C] () – C:\WINDOWS\system.ini

[2007-11-26 21:56:28 | 00,151,415 | ---- | C] () – C:\WINDOWS\System32\xlive.dll.cat

[2005-12-07 11:31:00 | 00,202,752 | R— | C] () – C:\WINDOWS\System32\CddbCdda.dll

[2005-08-30 00:00:00 | 00,781,312 | ---- | C] () – C:\WINDOWS\System32\RGSS102J.dll

[2005-08-30 00:00:00 | 00,778,752 | ---- | C] () – C:\WINDOWS\System32\RGSS102E.dll

[2005-08-30 00:00:00 | 00,771,584 | ---- | C] () – C:\WINDOWS\System32\RGSS100J.dll

[2003-12-27 20:43:24 | 00,068,608 | ---- | C] () – C:\WINDOWS\daemon.dll

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32*.tmp files]

[3 C:\WINDOWS*.tmp files]

[2009-09-22 16:03:14 | 00,000,069 | ---- | M] () – C:\WINDOWS\NeroDigital.ini

[2009-09-22 14:59:42 | 02,836,128 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\kasowanie0.rar

[2009-09-22 14:54:22 | 00,280,419 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\gmer.zip

[2009-09-22 14:54:01 | 00,514,560 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\OTL.exe

[2009-09-22 14:52:05 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT

[2009-09-22 14:51:57 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2009-09-22 14:51:54 | 20,116,80768 | -HS- | M] () – C:\hiberfil.sys

[2009-09-21 20:44:06 | 03,186,560 | -H-- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-09-21 15:54:36 | 27,898,810 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\cs16patch_full_v31(DobrePliki.pl).exe

[2009-09-21 14:24:08 | 00,000,629 | ---- | M] () – C:\WINDOWS\wincmd.ini

[2009-09-21 14:21:56 | 00,000,060 | ---- | M] () – C:\WINDOWS\wcx_ftp.ini

[2009-09-21 13:54:10 | 00,000,548 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Total Commander.lnk

[2009-09-21 13:53:41 | 00,009,611 | ---- | M] () – C:\WINDOWS\unins000.dat

[2009-09-20 09:25:20 | 00,000,585 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Skrót do main.lnk

[2009-09-19 17:12:01 | 00,000,808 | ---- | M] () – C:\WINDOWS\win.ini

[2009-09-19 17:12:01 | 00,000,227 | ---- | M] () – C:\WINDOWS\system.ini

[2009-09-19 17:12:01 | 00,000,223 | RHS- | M] () – C:\boot.ini

[2009-09-19 17:10:51 | 00,000,293 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Skrót do Dysk lokalny ©.lnk

[2009-09-19 09:45:15 | 00,028,528 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\skill

[2009-09-19 08:47:32 | 00,000,420 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Tasker.lnk

[2009-09-19 08:24:37 | 00,001,838 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk

[2009-09-19 08:22:17 | 00,000,428 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Tibia.lnk

[2009-09-18 20:12:04 | 00,216,593 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\nonameSzablon.zip

[2009-09-17 18:19:50 | 00,000,688 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk

[2009-09-17 07:20:25 | 00,000,794 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\GIMP 2.lnk

[2009-09-17 07:16:35 | 16,871,432 | ---- | M] ( ) – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\gimp-2.6.7-i686-setup.exe

[2009-09-14 18:49:02 | 00,000,051 | RHS- | M] () – C:\autorun.inf

[2009-09-13 20:43:03 | 00,015,480 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-09-13 19:32:57 | 00,108,600 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2009-09-13 16:13:19 | 02,986,038 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\heh.bmp

[2009-09-13 13:57:41 | 00,000,714 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\OrionOTS.lnk

[2009-09-13 10:28:50 | 21,633,455 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Orion_8.42_RPG_normal.zip

[2009-09-12 20:41:18 | 00,002,267 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Skype.lnk

[2009-09-12 07:18:56 | 00,000,768 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Media Player Classic.lnk

[2009-09-12 07:09:49 | 00,013,646 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2009-09-11 23:21:28 | 00,079,200 | -H-- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\Porn Thunder - Pornthunder.com - Daily free galleries!aa.htm

[2009-09-11 23:21:21 | 00,076,395 | -H-- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\Sex Planeta - Sexplaneta.pl - Codziennie darmowe zdjęcia i filmy!aaa.htm

[2009-09-11 23:20:36 | 00,079,985 | -H-- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\Porn Thunder - Pornthunder.com - Daily free galleries!1231231.htm

[2009-09-11 23:20:26 | 00,079,357 | -H-- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Moje dokumenty\Porn Thunder - Pornthunder.com - Daily free galleries!333.htm

[2009-09-11 22:12:01 | 00,484,978 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat

[2009-09-11 22:12:01 | 00,427,728 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat

[2009-09-11 22:12:01 | 00,082,230 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat

[2009-09-11 22:12:01 | 00,066,512 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat

[2009-09-11 22:12:00 | 01,074,524 | ---- | M] () – C:\WINDOWS\System32\PerfStringBackup.INI

[2009-09-11 19:04:51 | 01,985,614 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Puzzle_-_Wlatcy_Moch.rar

[2009-09-09 20:06:18 | 00,015,173 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Killaz.m3u

[2009-09-09 18:34:57 | 00,002,129 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\01 09 09 mix.m3u

[2009-09-08 17:33:02 | 00,000,626 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\ipla.lnk

[2009-09-08 17:32:55 | 01,700,352 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\gdiplus.dll

[2009-09-07 20:40:22 | 00,537,797 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\warlords.zip

[2009-09-07 15:46:29 | 00,080,896 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-09-06 18:02:55 | 05,433,444 | ---- | M] () – C:\zdjecia.rar

[2009-09-05 13:23:38 | 01,053,535 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\diablo_pl_v1.7pro_edycja_battlenet.rar

[2009-09-01 13:04:50 | 00,000,596 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Media System.lnk

[2009-09-01 11:19:15 | 02,359,350 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\bez tytułu3.bmp

[2009-08-31 13:26:23 | 02,359,350 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\bez tytułu2.bmp

[2009-08-31 10:01:22 | 02,359,350 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\bez tytułu.bmp

[2009-08-31 08:55:48 | 00,000,056 | -H-- | M] () – C:\WINDOWS\System32\ezsidmv.dat

[2009-08-31 08:40:11 | 00,002,593 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\30 08 2009 Mix.m3u

[2009-08-30 20:49:52 | 00,000,523 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\LastChaosPoland.lnk

[2009-08-29 17:27:50 | 00,025,280 | ---- | M] (LogMeIn, Inc.) – C:\WINDOWS\System32\drivers\hamachi.sys

[2009-08-29 17:27:50 | 00,000,632 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\hamachi.lnk

[2009-08-25 18:01:06 | 00,000,622 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Dedicated Server.lnk

[2009-08-25 12:13:04 | 00,000,359 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Counter-Strike 1.6 Non Steam.lnk

[2009-08-24 16:58:23 | 00,002,236 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\Hemp gru.m3u

[2009-08-24 15:20:34 | 00,138,944 | ---- | M] () – C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009-08-24 15:20:19 | 00,189,784 | ---- | M] () – C:\WINDOWS\System32\PnkBstrB.xtr

[2009-08-24 15:20:19 | 00,189,784 | ---- | M] () – C:\WINDOWS\System32\PnkBstrB.exe

[2009-08-23 21:34:09 | 00,075,064 | ---- | M] () – C:\WINDOWS\System32\PnkBstrA.exe

[2009-08-23 21:00:17 | 02,373,712 | ---- | M] () – C:\WINDOWS\System32\pbsvc.exe

[2009-08-23 16:23:48 | 00,000,797 | ---- | M] () – C:\Documents and Settings\Artur.ARCZI-3400B34F6\Pulpit\SubEdit-Player.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2

< End of report >

To z OTL

arczi15 ,

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów na forum - przeczytaj i zastosuj się do Tematu

Wklej logi jak należy i doklej pozostałe.