Podejrzewam infekcje keylogerem poniewaz ktos juz 2 razy okradl mi konto w pewnej grze (nie jest to tibia) wklejam logi z HijackThis v2.0.2 oraz z OTL v3.1.20.1

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:28:00, on 2009-12-30

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Gigabyte\Gigabyte GN-WPEAG Wireless PCI Adapter\GNConfig.exe

C:\Program Files\A4Tech\Keyboard\Ikeymain.exe

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\FREEDO~1\fdm.exe

C:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [ACU] “C:\Program Files\Gigabyte\Gigabyte GN-WPEAG Wireless PCI Adapter\GNConfig.exe” -nogui

O4 - HKLM…\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe

O4 - HKLM…\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM…\Run: [GNConfig] “C:\Program Files\Gigabyte\Gigabyte GN-WPEAG Wireless PCI Adapter\GNConfig.exe” -nogui

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Nowe Gadu-Gadu] “C:\Program Files\Nowe Gadu-Gadu\gg.exe”

O4 - HKCU…\Run: [cdoosoft] C:\DOCUME~1\WINDOW~1\USTAWI~1\Temp\herss.exe

O4 - HKCU…\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU…\Run: [AdobeUpdater] “C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe”

O4 - HKCU…\Run: [bitTorrent DNA] “C:\Program Files\DNA\btdna.exe”

O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-20…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE

O8 - Extra context menu item: Download with Star Downloader - D:\Program Files\Star Downloader\sdie.htm

O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip…{19F80743-4312-42AD-A6F7-82870D3D36A0}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CCS\Services\Tcpip…{97747BE5-8E2E-45F0-AA1D-1749EE252A4C}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS1\Services\Tcpip…{19F80743-4312-42AD-A6F7-82870D3D36A0}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS2\Services\Tcpip…{19F80743-4312-42AD-A6F7-82870D3D36A0}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Gigabyte Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

–

End of file - 7887 bytes

---

OTL logfile created on: 2009-12-30 14:42:22 - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Downloads\Software

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,00 Mb Total Physical Memory | 81,00 Mb Available Physical Memory | 16,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 74,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 14,65 Gb Total Space | 6,03 Gb Free Space | 41,18% Space Free | Partition Type: NTFS

Drive D: | 59,90 Gb Total Space | 16,95 Gb Free Space | 28,29% Space Free | Partition Type: NTFS

Drive E: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: XXX-15C4C638482

Current User Name: Windows Xp

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-12-30 14:36:17 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Downloads\Software\OTL.exe

PRC - [2009-12-28 23:31:07 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009-12-28 23:31:07 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009-12-17 12:21:24 | 00,908,248 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-12-02 13:38:39 | 00,323,392 | ---- | M] (BitTorrent, Inc.) – C:\Program Files\DNA\btdna.exe

PRC - [2009-11-24 00:45:33 | 02,923,192 | ---- | M] () – C:\Program Files\Pando Networks\Media Booster\PMB.exe

PRC - [2009-10-01 16:03:14 | 03,968,112 | ---- | M] (Emsi Software GmbH) – C:\Program Files\a-squared Free\a2free.exe

PRC - [2009-10-01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) – C:\Program Files\a-squared Free\a2service.exe

PRC - [2009-09-27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\system32\nvsvc32.exe

PRC - [2009-01-31 02:45:14 | 03,399,727 | ---- | M] (FreeDownloadManager.ORG) – C:\Program Files\Free Download Manager\fdm.exe

PRC - [2008-04-14 23:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2007-12-25 09:59:02 | 00,241,664 | ---- | M] (A4Tech Co.,Ltd.) – C:\Program Files\A4Tech\Mouse\Amoumain.exe

PRC - [2007-06-28 14:36:16 | 00,401,720 | ---- | M] (Trend Micro Inc.) – C:\Downloads\HijackThis.exe

PRC - [2007-06-25 08:32:24 | 00,065,536 | ---- | M] (A4Tech Co.,Ltd.) – C:\Program Files\A4Tech\Keyboard\Ikeymain.exe

PRC - [2006-08-02 22:12:00 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\soundman.exe

PRC - [2004-10-19 14:40:46 | 00,315,392 | ---- | M] (GIGA-BYTE TECHNOLOGY CO., LTD.) – C:\Program Files\Gigabyte\Gigabyte GN-WPEAG Wireless PCI Adapter\GNConfig.exe

PRC - [2004-07-23 11:17:16 | 00,036,864 | ---- | M] () – C:\WINDOWS\system32\acs.exe

========== Modules (SafeList) ==========

MOD - [2009-12-30 14:36:17 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Downloads\Software\OTL.exe

MOD - [2009-12-30 13:08:47 | 00,081,920 | RHS- | M] () – C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Temp\cvasds0.dll

MOD - [2007-02-10 14:51:40 | 00,036,864 | ---- | M] (A4Tech Co.,Ltd.) – C:\WINDOWS\system32\Amhooker.dll

========== Win32 Services (SafeList) ==========

SRV - [2009-12-28 23:31:07 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] – C:\Program Files\Java\jre6\bin\jqs.exe – (JavaQuickStarterService)

SRV - [2009-11-17 02:12:00 | 03,596,060 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] – C:\WINDOWS\System32\GameMon.des – (npggsvc)

SRV - [2009-10-01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] – C:\Program Files\a-squared Free\a2service.exe – (a2free)

SRV - [2009-09-27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) [Auto | Running] – C:\WINDOWS\system32\nvsvc32.exe – (nvsvc)

SRV - [2007-06-15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe – (ServiceLayer)

SRV - [2004-07-23 11:17:16 | 00,036,864 | ---- | M] () [Auto | Running] – C:\WINDOWS\system32\acs.exe – (ACS)

========== Driver Services (SafeList) ==========

DRV - [2009-12-21 05:21:04 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\sptd.sys – (sptd)

DRV - [2009-12-08 10:51:34 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\AegisP.sys – (AegisP) AEGIS Protocol (IEEE 802.1x)

DRV - [2009-11-24 19:40:17 | 00,271,360 | ---- | M] () [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\atksgt.sys – (atksgt)

DRV - [2009-11-24 19:40:17 | 00,018,048 | ---- | M] () [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\lirsgt.sys – (lirsgt)

DRV - [2009-11-18 13:48:44 | 00,033,824 | ---- | M] () [Kernel | System | Running] – C:\WINDOWS\system32\drivers\oreans32.sys – (oreans32)

DRV - [2009-11-18 12:59:47 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\mdc8021x.sys – (MDC8021X) AEGIS Protocol (IEEE 802.1x)

DRV - [2009-09-27 16:12:22 | 07,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\nv4_mini.sys – (nv)

DRV - [2009-07-27 03:43:18 | 00,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\scdemu.sys – (SCDEmu)

DRV - [2008-04-13 23:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\secdrv.sys – (Secdrv)

DRV - [2008-04-13 23:05:40 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RTL8139.sys – (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)

DRV - [2007-12-25 10:08:38 | 00,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Amusbprt.sys – (Amusbprt)

DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\PxHelp20.sys – (PxHelp20)

DRV - [2007-02-22 11:15:56 | 00,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmwcd.sys – (nmwcd)

DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmwcdcm.sys – (nmwcdcm)

DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmwcdcj.sys – (nmwcdcj)

DRV - [2007-02-22 11:15:14 | 00,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmwcdc.sys – (nmwcdc)

DRV - [2007-01-24 10:46:50 | 00,008,704 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\Amfilter.sys – (Amfilter)

DRV - [2006-08-18 06:52:00 | 04,017,536 | R— | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\alcxwdm.sys – (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2006-03-08 17:28:00 | 00,255,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\rt73.sys – (RT73)

DRV - [2004-07-23 11:12:28 | 00,392,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ar5211.sys – (AR5211)

DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ptilink.sys – (Ptilink)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…browser.search.selectedEngine: “DAEMON Search”

FF - prefs.js…browser.startup.homepage: “http://www.wp.pl/”

FF - prefs.js…extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - prefs.js…extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7

FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\Components: C:\Program Files\Mozilla Firefox\components [2009-12-27 21:46:07 | 00,000,000 | —D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-28 23:31:17 | 00,000,000 | —D | M]

[2009-11-18 14:57:38 | 00,000,000 | —D | M] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Mozilla\Extensions

[2009-12-29 23:19:35 | 00,000,000 | —D | M] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Mozilla\Firefox\Profiles\zepfn86z.default\extensions

[2009-11-18 15:41:04 | 00,000,000 | —D | M] (Stylish) – C:\Documents and Settings\Windows Xp\Dane aplikacji\Mozilla\Firefox\Profiles\zepfn86z.default\extensions{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2009-12-21 05:21:49 | 00,002,055 | ---- | M] () – C:\Documents and Settings\Windows Xp\Dane aplikacji\Mozilla\Firefox\Profiles\zepfn86z.default\searchplugins\daemon-search.xml

[2009-12-29 23:19:35 | 00,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions

[2009-08-31 13:11:18 | 00,873,976 | ---- | M] (Ganymede Technologies) – C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll

[2009-11-24 00:44:33 | 00,238,776 | ---- | M] (Pando Networks) – C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

[2009-07-17 20:21:00 | 03,883,424 | ---- | M] () – C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

[2009-11-03 02:54:10 | 00,002,767 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2009-11-03 02:54:10 | 00,001,406 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2009-11-03 02:54:10 | 00,000,917 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2009-11-03 02:54:10 | 00,000,858 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2009-11-03 02:54:10 | 00,001,183 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2009-11-03 02:54:10 | 00,001,683 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: () - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\Program Files\Star Downloader\SDIEInt.dll ()

O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O3 - HKCU…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()

O4 - HKLM…\Run: [ACU] C:\Program Files\Gigabyte\Gigabyte GN-WPEAG Wireless PCI Adapter\GNConfig.exe (GIGA-BYTE TECHNOLOGY CO., LTD.)

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM…\Run: [GNConfig] C:\Program Files\Gigabyte\Gigabyte GN-WPEAG Wireless PCI Adapter\GNConfig.exe (GIGA-BYTE TECHNOLOGY CO., LTD.)

O4 - HKLM…\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe (A4Tech Co.,Ltd.)

O4 - HKLM…\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM…\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM…\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)

O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM…\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM…\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)

O4 - HKCU…\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found

O4 - HKCU…\Run: [bitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU…\Run: [cdoosoft] C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Temp\herss.exe ()

O4 - HKCU…\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU…\Run: [fsm] File not found

O4 - HKCU…\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)

O4 - HKCU…\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Download with Star Downloader - D:\Program Files\Star Downloader\sdie.htm ()

O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Pobierz w Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()

O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-11-17 14:39:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O32 - AutoRun File - [2009-12-30 14:42:26 | 00,000,055 | RHS- | M] () - C:\autorun.inf – [NTFS]

O32 - AutoRun File - [2009-12-30 14:42:26 | 00,000,055 | RHS- | M] () - D:\autorun.inf – [NTFS]

O33 - MountPoints2{046306d0-d383-11de-95cd-806d6172696f}\Shell\AutoRun\command - “” = C:\3exi.exe – [2009-12-29 19:51:33 | 00,103,936 | RHS- | M] ()

O33 - MountPoints2{046306d0-d383-11de-95cd-806d6172696f}\Shell\open\Command - “” = C:\3exi.exe – [2009-12-29 19:51:33 | 00,103,936 | RHS- | M] ()

O33 - MountPoints2{046306d1-d383-11de-95cd-806d6172696f}\Shell\AutoRun\command - “” = D:\3exi.exe – [2009-12-29 19:51:33 | 00,103,936 | RHS- | M] ()

O33 - MountPoints2{046306d1-d383-11de-95cd-806d6172696f}\Shell\open\Command - “” = D:\3exi.exe – [2009-12-29 19:51:33 | 00,103,936 | RHS- | M] ()

O33 - MountPoints2{dfea2c5e-d6b7-11de-b0e2-00148588a664}\Shell\AutoRun\command - “” = I:\q93fi6kf.exe – File not found

O33 - MountPoints2{dfea2c5e-d6b7-11de-b0e2-00148588a664}\Shell\open\Command - “” = I:\q93fi6kf.exe – File not found

O33 - MountPoints2{ec45d190-d542-11de-b0dc-00148588a664}\Shell\AutoRun\command - “” = H:\t8g.exe – File not found

O33 - MountPoints2{ec45d190-d542-11de-b0dc-00148588a664}\Shell\open\Command - “” = H:\t8g.exe – File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] – “%1” %*

O35 - exefile [open] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2009-12-30 01:05:37 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Media Player Classic

[2009-12-29 22:54:29 | 00,000,000 | —D | C] – C:\Program Files\Lavalys

[2009-12-28 23:33:07 | 00,000,000 | —D | C] – C:\WINDOWS\Sun

[2009-12-28 23:31:17 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\deploytk.dll

[2009-12-28 23:31:17 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javaws.exe

[2009-12-28 23:31:17 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javaw.exe

[2009-12-28 23:31:17 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\java.exe

[2009-12-28 23:31:17 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javacpl.cpl

[2009-12-28 23:31:01 | 00,000,000 | —D | C] – C:\Program Files\Java

[2009-12-28 23:17:21 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Sun

[2009-12-27 22:50:22 | 00,000,000 | —D | C] – C:\WINDOWS\System32\Lang

[2009-12-27 14:29:44 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Moje dokumenty\Filmy

[2009-12-22 02:15:19 | 00,000,000 | —D | C] – C:\My Music

[2009-12-21 05:22:40 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Moje dokumenty\NFS Most Wanted

[2009-12-21 05:21:49 | 00,000,000 | —D | C] – C:\Program Files\DAEMON Tools Toolbar

[2009-12-21 05:20:50 | 00,000,000 | —D | C] – C:\Program Files\DAEMON Tools Lite

[2009-12-21 05:20:43 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\DAEMON Tools Lite

[2009-12-21 05:20:41 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2009-12-21 04:39:56 | 02,297,552 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_26.dll

[2009-12-21 04:39:45 | 00,000,000 | —D | C] – C:\WINDOWS\RegisteredPackages

[2009-12-21 04:39:17 | 00,018,688 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wstcodec.sys

[2009-12-21 04:39:17 | 00,014,976 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\streamip.sys

[2009-12-21 04:39:16 | 00,083,968 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\nabtsfec.sys

[2009-12-21 04:39:16 | 00,052,096 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\drivers\msdv.sys

[2009-12-21 04:39:16 | 00,052,096 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\msdv.sys

[2009-12-21 04:39:16 | 00,039,424 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ksxbar.ax

[2009-12-21 04:39:16 | 00,039,424 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ksxbar.ax

[2009-12-21 04:39:16 | 00,015,104 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\drivers\mpe.sys

[2009-12-21 04:39:16 | 00,015,104 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mpe.sys

[2009-12-21 04:39:16 | 00,010,880 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\slip.sys

[2009-12-21 04:39:16 | 00,010,112 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ndisip.sys

[2009-12-21 04:39:15 | 00,285,696 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kstvtune.ax

[2009-12-21 04:39:15 | 00,285,696 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\kstvtune.ax

[2009-12-21 04:39:15 | 00,226,304 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kswdmcap.ax

[2009-12-21 04:39:15 | 00,226,304 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\kswdmcap.ax

[2009-12-21 04:39:15 | 00,016,896 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\bdaplgin.ax

[2009-12-21 04:39:15 | 00,016,896 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\bdaplgin.ax

[2009-12-21 04:39:15 | 00,016,384 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ccdecode.sys

[2009-12-21 04:39:15 | 00,014,848 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ipsink.ax

[2009-12-21 04:39:15 | 00,014,848 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ipsink.ax

[2009-12-21 04:39:15 | 00,011,392 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\drivers\bdasup.sys

[2009-12-21 04:39:15 | 00,011,392 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\bdasup.sys

[2009-12-21 04:39:15 | 00,005,504 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mstee.sys

[2009-12-21 04:39:14 | 00,012,288 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ksolay.ax

[2009-12-21 04:39:13 | 00,046,592 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dxdllreg.exe

[2009-12-21 04:39:12 | 00,031,744 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\pid.dll

[2009-12-19 12:50:35 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Dane aplikacji\Identities

[2009-12-19 12:50:11 | 00,000,000 | —D | C] – C:\Downloads

[2009-12-19 12:48:22 | 00,000,000 | —D | C] – C:\Program Files\Software Informer

[2009-12-19 12:48:22 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Software Informer

[2009-12-19 12:48:22 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Free Download Manager

[2009-12-19 12:48:19 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\FreeDownloadManager.ORG

[2009-12-19 12:48:18 | 00,000,000 | —D | C] – C:\Program Files\Free Download Manager

[2009-12-16 12:50:50 | 00,000,000 | R–D | C] – C:\Documents and Settings\Windows Xp\Moje dokumenty\Moje wideo

[2009-12-16 12:50:48 | 00,000,000 | R–D | C] – C:\Documents and Settings\Windows Xp\Moje dokumenty\Moja muzyka

[2009-12-16 12:50:48 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Moje dokumenty\RCT3

[2009-12-16 12:50:48 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Atari

[2009-12-16 12:40:45 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\InstallShield

[2009-12-13 16:10:28 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Pulpit\buty

[2009-12-13 15:41:54 | 00,025,856 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\usbprint.sys

[2009-12-13 00:55:07 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Pulpit\szkoła

[2009-12-08 13:24:21 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Moje dokumenty\AnyBizSoft PDF to PowerPoint(Christmas Version)

[2009-12-08 12:47:25 | 00,000,000 | —D | C] – C:\Program Files\Microsoft Visual Studio

[2009-12-08 12:47:23 | 00,000,000 | —D | C] – C:\Program Files\Common Files\Designer

[2009-12-08 12:46:56 | 00,000,000 | —D | C] – C:\WINDOWS\System32\Viewers

[2009-12-08 12:46:28 | 00,000,000 | —D | C] – C:\WINDOWS\ShellNew

[2009-12-08 12:45:59 | 00,000,000 | —D | C] – C:\Program Files\Przeglądarka migawek

[2009-12-08 12:45:09 | 00,000,000 | —D | C] – C:\WINDOWS\Twain32

[2009-12-08 12:45:09 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Microsoft Web Folders

[2009-12-08 12:45:09 | 00,000,000 | —D | C] – C:\Program Files\Microsoft Office

[2009-12-08 10:52:38 | 00,000,000 | —D | C] – C:\WINDOWS\System32\ReinstallBackups

[2009-12-08 10:51:53 | 00,255,232 | ---- | C] (Ralink Technology, Corp.) – C:\WINDOWS\System32\drivers\rt73.sys

[2009-12-08 10:51:53 | 00,245,376 | ---- | C] (Ralink Technology Inc.) – C:\WINDOWS\System32\drivers\rt2500usb.SYS

[2009-12-08 10:51:34 | 00,020,747 | ---- | C] (Meetinghouse Data Communications) – C:\WINDOWS\System32\drivers\AegisP.sys

[2009-12-08 10:51:09 | 00,000,000 | —D | C] – C:\Program Files\RALINK

[2009-12-03 11:47:02 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2009-12-03 11:41:59 | 00,364,912 | ---- | C] (WEBZEN) – C:\WINDOWS\System32\CMStarterCore.exe

[2009-12-03 11:41:59 | 00,053,616 | ---- | C] (WEBZEN) – C:\WINDOWS\System32\CMStarter_Kor.dll

[2009-12-03 11:41:59 | 00,053,616 | ---- | C] (WEBZEN) – C:\WINDOWS\System32\CMStarter_Eng.dll

[2009-12-03 11:41:59 | 00,000,000 | —D | C] – C:\Program Files\WEBZEN

[2009-12-02 23:10:28 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\GanymedeNet

[2009-12-02 20:51:31 | 00,000,000 | —D | C] – C:\Download

[2009-12-02 14:03:09 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\GetRightToGo

[2009-12-02 13:38:17 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Dane aplikacji\DNA

[2009-12-02 13:38:16 | 00,000,000 | —D | C] – C:\Program Files\DNA

[2009-12-02 13:38:16 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\DNA

[2009-12-02 13:38:15 | 00,000,000 | —D | C] – C:\Program Files\GamersFirst

[2009-12-02 12:35:18 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Pulpit\the sims 1

[2009-11-30 15:55:35 | 01,064,960 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_dox.dll

[2009-11-30 15:55:35 | 00,811,008 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15.dll

[2009-11-30 15:55:35 | 00,757,760 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_doc.dll

[2009-11-30 15:55:35 | 00,655,360 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_pdf.dll

[2009-11-30 15:55:35 | 00,643,072 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_htm.dll

[2009-11-30 15:55:35 | 00,577,536 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_rtf.dll

[2009-11-30 15:55:35 | 00,425,984 | ---- | C] (SoftInterface.COM) – C:\WINDOWS\System32\PDFConverterX.ocx

[2009-11-30 15:55:35 | 00,364,544 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx4ole15.ocx

[2009-11-30 15:55:35 | 00,360,448 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_css.dll

[2009-11-30 15:55:35 | 00,327,680 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_obj.dll

[2009-11-30 15:55:35 | 00,253,952 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_png.flt

[2009-11-30 15:55:35 | 00,237,568 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_tls.dll

[2009-11-30 15:55:35 | 00,200,704 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_jpg.flt

[2009-11-30 15:55:35 | 00,131,072 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_ic.dll

[2009-11-30 15:55:35 | 00,126,976 | ---- | C] (BCL Technologies) – C:\WINDOWS\System32\beconv.dll

[2009-11-30 15:55:35 | 00,106,496 | ---- | C] (Skogen) – C:\WINDOWS\System32\SeeThroughPicture.ocx

[2009-11-30 15:55:35 | 00,073,728 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_tif.flt

[2009-11-30 15:55:35 | 00,065,536 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_wnd.dll

[2009-11-30 15:55:35 | 00,061,440 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_bmp.flt

[2009-11-30 15:55:35 | 00,057,344 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_gif.flt

[2009-11-30 15:55:35 | 00,053,248 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_wmf.flt

[2009-11-30 15:55:35 | 00,000,000 | —D | C] – C:\WINDOWS\System32\Resource

[2009-11-30 15:55:34 | 00,244,416 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\Msflxgrd.ocx

[2009-11-30 15:55:33 | 00,000,000 | —D | C] – C:\Program Files\Softinterface, Inc

[2009-11-17 14:43:32 | 00,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-11-17 14:43:32 | 00,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[2009-11-17 14:42:54 | 00,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-11-17 14:42:54 | 00,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[1999-05-17 13:58:52 | 00,099,840 | ---- | C] (Symantec Corp.) – C:\Program Files\Common Files\IRAABOUT.DLL

[1998-12-09 02:53:54 | 00,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) – C:\Program Files\Common Files\IRAREG.DLL

[1998-12-09 02:53:54 | 00,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) – C:\Program Files\Common Files\IRAMDMTR.DLL

[1998-12-09 02:53:54 | 00,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) – C:\Program Files\Common Files\IRALPTTR.DLL

[1998-12-09 02:53:54 | 00,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) – C:\Program Files\Common Files\IRAWEBTR.DLL

[1998-12-09 02:53:54 | 00,017,920 | ---- | C] (Symantec Corp.) – C:\Program Files\Common Files\IRASRIAL.DLL

[3 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files - Modified Within 30 Days ==========

[2009-12-30 14:44:07 | 00,000,055 | RHS- | M] () – C:\autorun.inf

[2009-12-30 13:08:46 | 00,253,748 | ---- | M] () – C:\WINDOWS\System32\NvApps.xml

[2009-12-30 13:08:42 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT

[2009-12-30 13:08:40 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2009-12-30 01:58:55 | 03,932,160 | -H-- | M] () – C:\Documents and Settings\Windows Xp\NTUSER.DAT

[2009-12-30 01:58:09 | 04,279,552 | -H-- | M] () – C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-12-30 01:05:41 | 00,000,069 | ---- | M] () – C:\WINDOWS\NeroDigital.ini

[2009-12-29 19:51:33 | 00,103,936 | RHS- | M] () – C:\3exi.exe

[2009-12-29 13:27:28 | 00,098,816 | RHS- | M] () – C:\wisf1.exe

[2009-12-29 13:26:13 | 00,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2009-12-28 23:56:08 | 00,000,005 | ---- | M] () – C:\WINDOWS\System32\SySCon.dat

[2009-12-28 23:31:06 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javaws.exe

[2009-12-28 23:31:06 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javaw.exe

[2009-12-28 23:31:06 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\java.exe

[2009-12-28 23:31:06 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javacpl.cpl

[2009-12-28 23:31:05 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\deploytk.dll

[2009-12-28 17:10:20 | 00,397,221 | ---- | M] () – C:\Documents and Settings\Windows Xp\Pulpit\PRoBot.rar

[2009-12-28 11:49:27 | 00,106,496 | RHS- | M] () – C:\imghyva6.exe

[2009-12-27 22:50:24 | 00,940,794 | ---- | M] () – C:\WINDOWS\System32\LoopyMusic.wav

[2009-12-27 22:50:24 | 00,146,650 | ---- | M] () – C:\WINDOWS\System32\BuzzingBee.wav

[2009-12-23 17:33:43 | 00,114,414 | RHS- | M] () – C:\u16sqrqn.exe

[2009-12-22 11:28:33 | 00,020,728 | ---- | M] () – C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-12-22 11:27:56 | 00,121,316 | RHS- | M] () – C:\nymdik.exe

[2009-12-21 05:21:05 | 00,001,613 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk

[2009-12-21 05:21:04 | 00,691,696 | ---- | M] () – C:\WINDOWS\System32\drivers\sptd.sys

[2009-12-21 04:53:23 | 00,000,880 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Need for Speed™ Most Wanted.lnk

[2009-12-21 04:42:10 | 00,120,315 | RHS- | M] () – C:\nx.exe

[2009-12-19 12:48:21 | 00,000,664 | ---- | M] () – C:\Documents and Settings\Windows Xp\Pulpit\Free Download Manager.lnk

[2009-12-19 01:07:40 | 00,120,299 | RHS- | M] () – C:\yu3.exe

[2009-12-17 12:16:51 | 00,119,627 | RHS- | M] () – C:\t8g.exe

[2009-12-16 13:55:38 | 00,000,599 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Jagged Alliance 2 Wildfire.lnk

[2009-12-16 12:50:27 | 00,000,857 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Rollercoaster Tycoon 3 ZE.lnk

[2009-12-15 13:26:51 | 00,120,677 | RHS- | M] () – C:\k0maw.exe

[2009-12-13 14:37:55 | 00,189,081 | ---- | M] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\840368894.jpg

[2009-12-13 14:21:40 | 00,166,978 | ---- | M] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\841293467.jpg

[2009-12-13 14:21:31 | 00,092,246 | ---- | M] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\843505780.jpg

[2009-12-13 00:11:38 | 00,145,150 | ---- | M] () – C:\Documents and Settings\Windows Xp\Pulpit\Zdjęcie0055.jpg

[2009-12-13 00:10:00 | 00,133,419 | ---- | M] () – C:\Documents and Settings\Windows Xp\Pulpit\Zdjęcie0053.jpg

[2009-12-10 02:27:46 | 00,119,009 | RHS- | M] () – C:\nqdymj.exe

[2009-12-10 02:26:52 | 00,120,544 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2009-12-10 01:38:05 | 00,121,127 | ---- | M] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\karramba.jpg

[2009-12-10 00:15:28 | 00,178,516 | ---- | M] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\bookmarks.html

[2009-12-08 19:40:52 | 00,000,049 | ---- | M] () – C:\WINDOWS\SW_Win2146X32.DLL

[2009-12-08 13:38:53 | 00,000,043 | ---- | M] () – C:\WINDOWS\gswin32.ini

[2009-12-08 12:48:28 | 00,000,427 | ---- | M] () – C:\WINDOWS\ODBC.INI

[2009-12-08 12:48:28 | 00,000,063 | ---- | M] () – C:\WINDOWS\mdm.ini

[2009-12-08 12:48:23 | 00,000,000 | ---- | M] () – C:\WINDOWS\NSREX.INI

[2009-12-08 12:48:00 | 00,000,638 | ---- | M] () – C:\WINDOWS\win.ini

[2009-12-08 12:47:54 | 00,001,745 | ---- | M] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

[2009-12-08 12:47:54 | 00,000,928 | ---- | M] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Symantec Fax Starter Edition Port.lnk

[2009-12-08 10:53:38 | 00,763,990 | ---- | M] () – C:\WINDOWS\System32\PerfStringBackup.INI

[2009-12-08 10:53:38 | 00,355,486 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat

[2009-12-08 10:53:38 | 00,311,604 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat

[2009-12-08 10:53:38 | 00,049,492 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat

[2009-12-08 10:53:38 | 00,039,992 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat

[2009-12-08 10:52:43 | 00,001,621 | ---- | M] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk

[2009-12-08 10:51:34 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) – C:\WINDOWS\System32\drivers\AegisP.sys

[2009-12-06 17:40:30 | 00,115,347 | RHS- | M] () – C:\2id9.exe

[2009-12-06 13:36:47 | 00,115,688 | RHS- | M] () – C:\k8jc.exe

[2009-12-05 14:34:03 | 00,117,714 | ---- | M] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\2.12.jpg

[2009-12-03 15:52:09 | 00,113,792 | RHS- | M] () – C:\mbvd.exe

[2009-12-03 11:29:51 | 00,000,180 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Soul of the Ultimate Nation.url

[2009-12-02 23:10:28 | 00,000,004 | ---- | M] () – C:\WINDOWS\System32\proc20744962.bin

[2009-12-02 14:01:04 | 00,000,023 | ---- | M] () – C:\WINDOWS\BlendSettings.ini

[2009-12-01 19:32:05 | 00,004,608 | ---- | M] () – C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-12-01 19:31:34 | 00,115,905 | RHS- | M] () – C:\mbdm.exe

[3 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files Created - No Company Name ==========

[2009-12-29 19:51:59 | 00,103,936 | RHS- | C] () – C:\3exi.exe

[2009-12-29 13:27:54 | 00,098,816 | RHS- | C] () – C:\wisf1.exe

[2009-12-28 17:09:56 | 00,397,221 | ---- | C] () – C:\Documents and Settings\Windows Xp\Pulpit\PRoBot.rar

[2009-12-28 11:49:53 | 00,106,496 | RHS- | C] () – C:\imghyva6.exe

[2009-12-27 22:50:24 | 00,940,794 | ---- | C] () – C:\WINDOWS\System32\LoopyMusic.wav

[2009-12-27 22:50:24 | 00,146,650 | ---- | C] () – C:\WINDOWS\System32\BuzzingBee.wav

[2009-12-23 17:34:09 | 00,114,414 | RHS- | C] () – C:\u16sqrqn.exe

[2009-12-22 11:28:22 | 00,121,316 | RHS- | C] () – C:\nymdik.exe

[2009-12-21 05:21:05 | 00,001,613 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk

[2009-12-21 05:21:03 | 00,691,696 | ---- | C] () – C:\WINDOWS\System32\drivers\sptd.sys

[2009-12-21 04:53:23 | 00,000,880 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Need for Speed™ Most Wanted.lnk

[2009-12-21 04:39:16 | 00,354,816 | ---- | C] () – C:\WINDOWS\System32\psisdecd.dll

[2009-12-21 04:39:16 | 00,354,816 | ---- | C] () – C:\WINDOWS\System32\dllcache\psisdecd.dll

[2009-12-21 04:39:16 | 00,052,224 | ---- | C] () – C:\WINDOWS\System32\msdvbnp.ax

[2009-12-21 04:39:16 | 00,052,224 | ---- | C] () – C:\WINDOWS\System32\dllcache\msdvbnp.ax

[2009-12-21 04:39:16 | 00,030,208 | ---- | C] () – C:\WINDOWS\System32\psisrndr.ax

[2009-12-21 04:39:16 | 00,030,208 | ---- | C] () – C:\WINDOWS\System32\dllcache\psisrndr.ax

[2009-12-19 19:47:10 | 00,120,315 | RHS- | C] () – C:\nx.exe

[2009-12-19 12:48:21 | 00,000,664 | ---- | C] () – C:\Documents and Settings\Windows Xp\Pulpit\Free Download Manager.lnk

[2009-12-19 01:08:06 | 00,120,299 | RHS- | C] () – C:\yu3.exe

[2009-12-17 12:17:18 | 00,119,627 | RHS- | C] () – C:\t8g.exe

[2009-12-16 13:55:38 | 00,000,599 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Jagged Alliance 2 Wildfire.lnk

[2009-12-16 12:50:27 | 00,000,857 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Rollercoaster Tycoon 3 ZE.lnk

[2009-12-15 16:45:29 | 00,145,150 | ---- | C] () – C:\Documents and Settings\Windows Xp\Pulpit\Zdjęcie0055.jpg

[2009-12-15 16:45:29 | 00,133,419 | ---- | C] () – C:\Documents and Settings\Windows Xp\Pulpit\Zdjęcie0053.jpg

[2009-12-15 13:27:18 | 00,120,677 | RHS- | C] () – C:\k0maw.exe

[2009-12-13 14:37:55 | 00,189,081 | ---- | C] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\840368894.jpg

[2009-12-13 14:21:39 | 00,166,978 | ---- | C] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\841293467.jpg

[2009-12-13 14:21:30 | 00,092,246 | ---- | C] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\843505780.jpg

[2009-12-10 02:28:14 | 00,119,009 | RHS- | C] () – C:\nqdymj.exe

[2009-12-10 01:38:04 | 00,121,127 | ---- | C] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\karramba.jpg

[2009-12-10 00:15:28 | 00,178,516 | ---- | C] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\bookmarks.html

[2009-12-08 13:35:06 | 00,000,043 | ---- | C] () – C:\WINDOWS\gswin32.ini

[2009-12-08 12:48:28 | 00,000,427 | ---- | C] () – C:\WINDOWS\ODBC.INI

[2009-12-08 12:48:28 | 00,000,063 | ---- | C] () – C:\WINDOWS\mdm.ini

[2009-12-08 12:48:23 | 00,000,000 | ---- | C] () – C:\WINDOWS\NSREX.INI

[2009-12-08 12:47:54 | 00,001,745 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

[2009-12-08 12:47:54 | 00,000,928 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Symantec Fax Starter Edition Port.lnk

[2009-12-08 10:52:43 | 00,001,621 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk

[2009-12-08 10:51:53 | 00,290,918 | ---- | C] () – C:\WINDOWS\System32\Install7x.dll

[2009-12-08 10:51:53 | 00,002,048 | ---- | C] () – C:\WINDOWS\System32\drivers\rt73.bin

[2009-12-08 10:51:53 | 00,000,138 | ---- | C] () – C:\WINDOWS\filespec7x

[2009-12-06 16:39:27 | 00,115,347 | RHS- | C] () – C:\2id9.exe

[2009-12-05 14:34:02 | 00,117,714 | ---- | C] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\2.12.jpg

[2009-12-04 18:50:30 | 00,115,688 | RHS- | C] () – C:\k8jc.exe

[2009-12-03 13:31:03 | 00,113,792 | RHS- | C] () – C:\mbvd.exe

[2009-12-03 11:29:51 | 00,000,180 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Soul of the Ultimate Nation.url

[2009-12-02 23:10:28 | 00,000,004 | ---- | C] () – C:\WINDOWS\System32\proc20744962.bin

[2009-11-30 22:58:37 | 00,115,905 | RHS- | C] () – C:\mbdm.exe

[2009-11-30 15:55:46 | 00,000,049 | ---- | C] () – C:\WINDOWS\SW_Win2146X32.DLL

[2009-11-30 15:55:35 | 01,720,320 | ---- | C] () – C:\WINDOWS\System32\beconvlib.dll

[2009-11-30 15:55:35 | 00,282,624 | ---- | C] () – C:\WINDOWS\System32\bprgcomm.dll

[2009-11-30 15:55:35 | 00,274,432 | ---- | C] () – C:\WINDOWS\System32\WordConverterX2.ocx

[2009-11-30 15:55:35 | 00,221,184 | ---- | C] () – C:\WINDOWS\System32\SII_PDF.dll

[2009-11-30 15:55:35 | 00,131,072 | ---- | C] () – C:\WINDOWS\System32\CSVSpecialProcessing.dll

[2009-11-30 15:55:35 | 00,102,400 | ---- | C] () – C:\WINDOWS\System32\SARzilla.dll

[2009-11-30 15:55:35 | 00,098,304 | ---- | C] () – C:\WINDOWS\System32\DVM.dll

[2009-11-30 15:55:35 | 00,053,248 | ---- | C] () – C:\WINDOWS\System32\RegisterExe.exe

[2009-11-30 15:55:35 | 00,000,530 | ---- | C] () – C:\WINDOWS\System32\tx15_ic.ini

[2009-11-25 18:33:12 | 00,004,608 | ---- | C] () – C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-11-24 21:14:45 | 00,000,023 | ---- | C] () – C:\WINDOWS\BlendSettings.ini

[2009-11-24 19:40:17 | 00,271,360 | ---- | C] () – C:\WINDOWS\System32\drivers\atksgt.sys

[2009-11-24 19:40:17 | 00,018,048 | ---- | C] () – C:\WINDOWS\System32\drivers\lirsgt.sys

[2009-11-18 19:02:19 | 00,043,520 | ---- | C] () – C:\WINDOWS\System32\CmdLineExt03.dll

[2009-11-18 19:01:34 | 00,003,082 | ---- | C] () – C:\WINDOWS\System32\affv11300p5now.sys

[2009-11-18 13:48:44 | 00,033,824 | ---- | C] () – C:\WINDOWS\System32\drivers\oreans32.sys

[2009-11-18 13:27:15 | 00,000,069 | ---- | C] () – C:\WINDOWS\NeroDigital.ini

[2009-11-18 09:52:59 | 00,164,352 | ---- | C] () – C:\WINDOWS\System32\unrar.dll

[2009-11-18 09:52:57 | 03,596,288 | ---- | C] () – C:\WINDOWS\System32\qt-dx331.dll

[2009-11-18 09:52:57 | 00,755,027 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll

[2009-11-18 09:52:57 | 00,159,839 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll

[2009-11-18 09:52:56 | 00,007,680 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll

[2009-11-18 09:52:56 | 00,000,547 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009-11-17 15:15:15 | 00,000,164 | ---- | C] () – C:\WINDOWS\avrack.ini

[2009-11-17 15:15:03 | 00,143,360 | ---- | C] () – C:\WINDOWS\System32\RtlCPAPI.dll

[2007-03-29 23:00:40 | 00,203,264 | R— | C] () – C:\WINDOWS\System32\CddbCdda.dll

[2003-08-07 14:01:52 | 00,237,568 | ---- | C] () – C:\WINDOWS\System32\lame_enc.dll

[1999-01-22 18:46:58 | 00,065,536 | ---- | C] () – C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D06A4C76

< End of report >

prosze o pomoc z gory dziekuje

Daj logi z OTL.

Wiele infekcji potrafi się ukryć przed hijack.

I logi wklejaj TU

dalem loga z OTL jest pod kreska

On już wstawił log OTL.

W białe dolne okno Custom Scans/Fixes w OTL wklej:

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania oraz nowy log robiony opcją Run Scan.

Zawartość logów wklejasz na wklej.org, wklej.to lub nopaste.pl, a w poście dajesz link.

A rzeczywiście nie zauważyłem podziału

Na poczatku był hijack a że nie dał na serw tylko tu myślałem że cały z hijacka.

All processes killed

========== PROCESSES ==========

No active process named Explorer.EXE was found!

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page| /E : value set successfully!

Prefs.js: “DAEMON Search” removed from browser.search.selectedEngine

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.

C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.

C:\autorun.inf moved successfully.

D:\autorun.inf moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{046306d0-d383-11de-95cd-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{046306d0-d383-11de-95cd-806d6172696f}\ not found.

C:\3exi.exe moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{046306d0-d383-11de-95cd-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{046306d0-d383-11de-95cd-806d6172696f}\ not found.

File C:\3exi.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{046306d1-d383-11de-95cd-806d6172696f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{046306d1-d383-11de-95cd-806d6172696f}\ not found.

D:\3exi.exe moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{046306d1-d383-11de-95cd-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{046306d1-d383-11de-95cd-806d6172696f}\ not found.

File D:\3exi.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{dfea2c5e-d6b7-11de-b0e2-00148588a664}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{dfea2c5e-d6b7-11de-b0e2-00148588a664}\ not found.

File I:\q93fi6kf.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{dfea2c5e-d6b7-11de-b0e2-00148588a664}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{dfea2c5e-d6b7-11de-b0e2-00148588a664}\ not found.

File I:\q93fi6kf.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{ec45d190-d542-11de-b0dc-00148588a664}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{ec45d190-d542-11de-b0dc-00148588a664}\ not found.

File H:\t8g.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{ec45d190-d542-11de-b0dc-00148588a664}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{ec45d190-d542-11de-b0dc-00148588a664}\ not found.

File H:\t8g.exe not found.

========== FILES ==========

File\Folder C:\3exi.exe not found.

C:\wisf1.exe moved successfully.

C:\imghyva6.exe moved successfully.

C:\u16sqrqn.exe moved successfully.

C:\nymdik.exe moved successfully.

C:\nx.exe moved successfully.

C:\yu3.exe moved successfully.

C:\t8g.exe moved successfully.

C:\k0maw.exe moved successfully.

C:\nqdymj.exe moved successfully.

C:\2id9.exe moved successfully.

C:\k8jc.exe moved successfully.

C:\mbvd.exe moved successfully.

C:\mbdm.exe moved successfully.

File\Folder D:\3exi.exe not found.

D:\wisf1.exe moved successfully.

D:\imghyva6.exe moved successfully.

D:\u16sqrqn.exe moved successfully.

D:\nymdik.exe moved successfully.

D:\nx.exe moved successfully.

D:\yu3.exe moved successfully.

D:\t8g.exe moved successfully.

D:\k0maw.exe moved successfully.

D:\nqdymj.exe moved successfully.

D:\2id9.exe moved successfully.

D:\k8jc.exe moved successfully.

D:\mbvd.exe moved successfully.

D:\mbdm.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Nowy folder

User: Windows Xp

->Temp folder emptied: 113780740 bytes

->Temporary Internet Files folder emptied: 61629917 bytes

->Java cache emptied: 14498353 bytes

->FireFox cache emptied: 93457538 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2352022 bytes

%systemroot%\System32 .tmp files removed: 2596 bytes

Windows Temp folder emptied: 37859814 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 309,00 mb

OTL by OldTimer - Version 3.1.20.1 log created on 12302009_153448

Files\Folders moved on Reboot…

C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Temp\cvasds0.dll moved successfully.

Registry entries deleted on Reboot…

NOWY LOG Z OTL

OTL logfile created on: 2009-12-30 15:37:43 - Run 2

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Downloads\Software

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,00 Mb Total Physical Memory | 300,00 Mb Available Physical Memory | 59,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 14,65 Gb Total Space | 6,33 Gb Free Space | 43,22% Space Free | Partition Type: NTFS

Drive D: | 59,90 Gb Total Space | 16,95 Gb Free Space | 28,29% Space Free | Partition Type: NTFS

Drive E: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: XXX-15C4C638482

Current User Name: Windows Xp

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-12-30 14:36:17 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Downloads\Software\OTL.exe

PRC - [2009-12-28 23:31:07 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009-12-28 23:31:07 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009-12-02 13:38:39 | 00,323,392 | ---- | M] (BitTorrent, Inc.) – C:\Program Files\DNA\btdna.exe

PRC - [2009-11-24 00:45:33 | 02,923,192 | ---- | M] () – C:\Program Files\Pando Networks\Media Booster\PMB.exe

PRC - [2009-10-01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) – C:\Program Files\a-squared Free\a2service.exe

PRC - [2009-09-27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\system32\nvsvc32.exe

PRC - [2008-04-14 23:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2008-01-11 22:16:00 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) – C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

PRC - [2007-12-25 09:59:02 | 00,241,664 | ---- | M] (A4Tech Co.,Ltd.) – C:\Program Files\A4Tech\Mouse\Amoumain.exe

PRC - [2007-06-25 08:32:24 | 00,065,536 | ---- | M] (A4Tech Co.,Ltd.) – C:\Program Files\A4Tech\Keyboard\Ikeymain.exe

PRC - [2006-08-02 22:12:00 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\soundman.exe

PRC - [2004-10-19 14:40:46 | 00,315,392 | ---- | M] (GIGA-BYTE TECHNOLOGY CO., LTD.) – C:\Program Files\Gigabyte\Gigabyte GN-WPEAG Wireless PCI Adapter\GNConfig.exe

PRC - [2004-07-23 11:17:16 | 00,036,864 | ---- | M] () – C:\WINDOWS\system32\acs.exe

========== Modules (SafeList) ==========

MOD - [2009-12-30 14:36:17 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Downloads\Software\OTL.exe

MOD - [2007-02-10 14:51:40 | 00,036,864 | ---- | M] (A4Tech Co.,Ltd.) – C:\WINDOWS\system32\Amhooker.dll

========== Win32 Services (SafeList) ==========

SRV - [2009-12-28 23:31:07 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] – C:\Program Files\Java\jre6\bin\jqs.exe – (JavaQuickStarterService)

SRV - [2009-11-17 02:12:00 | 03,596,060 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] – C:\WINDOWS\System32\GameMon.des – (npggsvc)

SRV - [2009-10-01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] – C:\Program Files\a-squared Free\a2service.exe – (a2free)

SRV - [2009-09-27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) [Auto | Running] – C:\WINDOWS\system32\nvsvc32.exe – (nvsvc)

SRV - [2007-06-15 16:55:00 | 00,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe – (ServiceLayer)

SRV - [2004-07-23 11:17:16 | 00,036,864 | ---- | M] () [Auto | Running] – C:\WINDOWS\system32\acs.exe – (ACS)

========== Driver Services (SafeList) ==========

DRV - [2009-12-21 05:21:04 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\sptd.sys – (sptd)

DRV - [2009-12-08 10:51:34 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\AegisP.sys – (AegisP) AEGIS Protocol (IEEE 802.1x)

DRV - [2009-11-24 19:40:17 | 00,271,360 | ---- | M] () [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\atksgt.sys – (atksgt)

DRV - [2009-11-24 19:40:17 | 00,018,048 | ---- | M] () [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\lirsgt.sys – (lirsgt)

DRV - [2009-11-18 13:48:44 | 00,033,824 | ---- | M] () [Kernel | System | Running] – C:\WINDOWS\system32\drivers\oreans32.sys – (oreans32)

DRV - [2009-11-18 12:59:47 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\mdc8021x.sys – (MDC8021X) AEGIS Protocol (IEEE 802.1x)

DRV - [2009-09-27 16:12:22 | 07,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\nv4_mini.sys – (nv)

DRV - [2009-07-27 03:43:18 | 00,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\scdemu.sys – (SCDEmu)

DRV - [2008-04-13 23:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\secdrv.sys – (Secdrv)

DRV - [2008-04-13 23:05:40 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RTL8139.sys – (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)

DRV - [2007-12-25 10:08:38 | 00,014,336 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Amusbprt.sys – (Amusbprt)

DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\PxHelp20.sys – (PxHelp20)

DRV - [2007-02-22 11:15:56 | 00,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmwcd.sys – (nmwcd)

DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmwcdcm.sys – (nmwcdcm)

DRV - [2007-02-22 11:15:14 | 00,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmwcdcj.sys – (nmwcdcj)

DRV - [2007-02-22 11:15:14 | 00,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmwcdc.sys – (nmwcdc)

DRV - [2007-01-24 10:46:50 | 00,008,704 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\Amfilter.sys – (Amfilter)

DRV - [2006-08-18 06:52:00 | 04,017,536 | R— | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\alcxwdm.sys – (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2006-03-08 17:28:00 | 00,255,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\rt73.sys – (RT73)

DRV - [2004-07-23 11:12:28 | 00,392,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ar5211.sys – (AR5211)

DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ptilink.sys – (Ptilink)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…browser.search.selectedEngine: “”

FF - prefs.js…browser.startup.homepage: “http://www.wp.pl/”

FF - prefs.js…extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - prefs.js…extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7

FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\Components: C:\Program Files\Mozilla Firefox\components [2009-12-27 21:46:07 | 00,000,000 | —D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-28 23:31:17 | 00,000,000 | —D | M]

[2009-11-18 14:57:38 | 00,000,000 | —D | M] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Mozilla\Extensions

[2009-12-29 23:19:35 | 00,000,000 | —D | M] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Mozilla\Firefox\Profiles\zepfn86z.default\extensions

[2009-11-18 15:41:04 | 00,000,000 | —D | M] (Stylish) – C:\Documents and Settings\Windows Xp\Dane aplikacji\Mozilla\Firefox\Profiles\zepfn86z.default\extensions{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2009-12-21 05:21:49 | 00,002,055 | ---- | M] () – C:\Documents and Settings\Windows Xp\Dane aplikacji\Mozilla\Firefox\Profiles\zepfn86z.default\searchplugins\daemon-search.xml

[2009-12-29 23:19:35 | 00,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions

[2009-08-31 13:11:18 | 00,873,976 | ---- | M] (Ganymede Technologies) – C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll

[2009-11-24 00:44:33 | 00,238,776 | ---- | M] (Pando Networks) – C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

[2009-07-17 20:21:00 | 03,883,424 | ---- | M] () – C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

[2009-11-03 02:54:10 | 00,002,767 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2009-11-03 02:54:10 | 00,001,406 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2009-11-03 02:54:10 | 00,000,917 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2009-11-03 02:54:10 | 00,000,858 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2009-11-03 02:54:10 | 00,001,183 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2009-11-03 02:54:10 | 00,001,683 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O2 - BHO: () - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\Program Files\Star Downloader\SDIEInt.dll ()

O4 - HKLM…\Run: [ACU] C:\Program Files\Gigabyte\Gigabyte GN-WPEAG Wireless PCI Adapter\GNConfig.exe (GIGA-BYTE TECHNOLOGY CO., LTD.)

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM…\Run: [GNConfig] C:\Program Files\Gigabyte\Gigabyte GN-WPEAG Wireless PCI Adapter\GNConfig.exe (GIGA-BYTE TECHNOLOGY CO., LTD.)

O4 - HKLM…\Run: [iKeyWorks] C:\Program Files\A4Tech\Keyboard\Ikeymain.exe (A4Tech Co.,Ltd.)

O4 - HKLM…\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM…\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM…\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)

O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM…\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM…\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe (A4Tech Co.,Ltd.)

O4 - HKCU…\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe File not found

O4 - HKCU…\Run: [bitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU…\Run: [cdoosoft] C:\DOCUME~1\WINDOW~1\USTAWI~1\Temp\herss.exe File not found

O4 - HKCU…\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU…\Run: [fsm] File not found

O4 - HKCU…\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)

O4 - HKCU…\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Download with Star Downloader - D:\Program Files\Star Downloader\sdie.htm ()

O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Pobierz w Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()

O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-11-17 14:39:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] – “%1” %*

O35 - exefile [open] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2009-12-30 15:34:48 | 00,000,000 | —D | C] – C:_OTL

[2009-12-30 01:05:37 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Media Player Classic

[2009-12-29 22:54:29 | 00,000,000 | —D | C] – C:\Program Files\Lavalys

[2009-12-28 23:33:07 | 00,000,000 | —D | C] – C:\WINDOWS\Sun

[2009-12-28 23:31:17 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\deploytk.dll

[2009-12-28 23:31:17 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javaws.exe

[2009-12-28 23:31:17 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javaw.exe

[2009-12-28 23:31:17 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\java.exe

[2009-12-28 23:31:17 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javacpl.cpl

[2009-12-28 23:31:01 | 00,000,000 | —D | C] – C:\Program Files\Java

[2009-12-28 23:17:21 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Sun

[2009-12-27 22:50:22 | 00,000,000 | —D | C] – C:\WINDOWS\System32\Lang

[2009-12-27 14:29:44 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Moje dokumenty\Filmy

[2009-12-22 02:15:19 | 00,000,000 | —D | C] – C:\My Music

[2009-12-21 05:22:40 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Moje dokumenty\NFS Most Wanted

[2009-12-21 05:21:49 | 00,000,000 | —D | C] – C:\Program Files\DAEMON Tools Toolbar

[2009-12-21 05:20:50 | 00,000,000 | —D | C] – C:\Program Files\DAEMON Tools Lite

[2009-12-21 05:20:43 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\DAEMON Tools Lite

[2009-12-21 05:20:41 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2009-12-21 04:39:56 | 02,297,552 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx9_26.dll

[2009-12-21 04:39:45 | 00,000,000 | —D | C] – C:\WINDOWS\RegisteredPackages

[2009-12-21 04:39:17 | 00,018,688 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wstcodec.sys

[2009-12-21 04:39:17 | 00,014,976 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\streamip.sys

[2009-12-21 04:39:16 | 00,083,968 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\nabtsfec.sys

[2009-12-21 04:39:16 | 00,052,096 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\drivers\msdv.sys

[2009-12-21 04:39:16 | 00,052,096 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\msdv.sys

[2009-12-21 04:39:16 | 00,039,424 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ksxbar.ax

[2009-12-21 04:39:16 | 00,039,424 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ksxbar.ax

[2009-12-21 04:39:16 | 00,015,104 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\drivers\mpe.sys

[2009-12-21 04:39:16 | 00,015,104 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mpe.sys

[2009-12-21 04:39:16 | 00,010,880 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\slip.sys

[2009-12-21 04:39:16 | 00,010,112 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ndisip.sys

[2009-12-21 04:39:15 | 00,285,696 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kstvtune.ax

[2009-12-21 04:39:15 | 00,285,696 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\kstvtune.ax

[2009-12-21 04:39:15 | 00,226,304 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kswdmcap.ax

[2009-12-21 04:39:15 | 00,226,304 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\kswdmcap.ax

[2009-12-21 04:39:15 | 00,016,896 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\bdaplgin.ax

[2009-12-21 04:39:15 | 00,016,896 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\bdaplgin.ax

[2009-12-21 04:39:15 | 00,016,384 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ccdecode.sys

[2009-12-21 04:39:15 | 00,014,848 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ipsink.ax

[2009-12-21 04:39:15 | 00,014,848 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ipsink.ax

[2009-12-21 04:39:15 | 00,011,392 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\drivers\bdasup.sys

[2009-12-21 04:39:15 | 00,011,392 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\bdasup.sys

[2009-12-21 04:39:15 | 00,005,504 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mstee.sys

[2009-12-21 04:39:14 | 00,012,288 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ksolay.ax

[2009-12-21 04:39:13 | 00,046,592 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dxdllreg.exe

[2009-12-21 04:39:12 | 00,031,744 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\pid.dll

[2009-12-19 12:50:35 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Dane aplikacji\Identities

[2009-12-19 12:50:11 | 00,000,000 | —D | C] – C:\Downloads

[2009-12-19 12:48:22 | 00,000,000 | —D | C] – C:\Program Files\Software Informer

[2009-12-19 12:48:22 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Software Informer

[2009-12-19 12:48:22 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Free Download Manager

[2009-12-19 12:48:19 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\FreeDownloadManager.ORG

[2009-12-19 12:48:18 | 00,000,000 | —D | C] – C:\Program Files\Free Download Manager

[2009-12-16 12:50:50 | 00,000,000 | R–D | C] – C:\Documents and Settings\Windows Xp\Moje dokumenty\Moje wideo

[2009-12-16 12:50:48 | 00,000,000 | R–D | C] – C:\Documents and Settings\Windows Xp\Moje dokumenty\Moja muzyka

[2009-12-16 12:50:48 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Moje dokumenty\RCT3

[2009-12-16 12:50:48 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Atari

[2009-12-16 12:40:45 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\InstallShield

[2009-12-13 16:10:28 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Pulpit\buty

[2009-12-13 15:41:54 | 00,025,856 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\usbprint.sys

[2009-12-13 00:55:07 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Pulpit\szkoła

[2009-12-08 13:24:21 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Moje dokumenty\AnyBizSoft PDF to PowerPoint(Christmas Version)

[2009-12-08 12:47:25 | 00,000,000 | —D | C] – C:\Program Files\Microsoft Visual Studio

[2009-12-08 12:47:23 | 00,000,000 | —D | C] – C:\Program Files\Common Files\Designer

[2009-12-08 12:46:56 | 00,000,000 | —D | C] – C:\WINDOWS\System32\Viewers

[2009-12-08 12:46:28 | 00,000,000 | —D | C] – C:\WINDOWS\ShellNew

[2009-12-08 12:45:59 | 00,000,000 | —D | C] – C:\Program Files\Przeglądarka migawek

[2009-12-08 12:45:09 | 00,000,000 | —D | C] – C:\WINDOWS\Twain32

[2009-12-08 12:45:09 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\Microsoft Web Folders

[2009-12-08 12:45:09 | 00,000,000 | —D | C] – C:\Program Files\Microsoft Office

[2009-12-08 10:52:38 | 00,000,000 | —D | C] – C:\WINDOWS\System32\ReinstallBackups

[2009-12-08 10:51:53 | 00,255,232 | ---- | C] (Ralink Technology, Corp.) – C:\WINDOWS\System32\drivers\rt73.sys

[2009-12-08 10:51:53 | 00,245,376 | ---- | C] (Ralink Technology Inc.) – C:\WINDOWS\System32\drivers\rt2500usb.SYS

[2009-12-08 10:51:34 | 00,020,747 | ---- | C] (Meetinghouse Data Communications) – C:\WINDOWS\System32\drivers\AegisP.sys

[2009-12-08 10:51:09 | 00,000,000 | —D | C] – C:\Program Files\RALINK

[2009-12-03 11:47:02 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2009-12-03 11:41:59 | 00,364,912 | ---- | C] (WEBZEN) – C:\WINDOWS\System32\CMStarterCore.exe

[2009-12-03 11:41:59 | 00,053,616 | ---- | C] (WEBZEN) – C:\WINDOWS\System32\CMStarter_Kor.dll

[2009-12-03 11:41:59 | 00,053,616 | ---- | C] (WEBZEN) – C:\WINDOWS\System32\CMStarter_Eng.dll

[2009-12-03 11:41:59 | 00,000,000 | —D | C] – C:\Program Files\WEBZEN

[2009-12-02 23:10:28 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\GanymedeNet

[2009-12-02 20:51:31 | 00,000,000 | —D | C] – C:\Download

[2009-12-02 14:03:09 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\GetRightToGo

[2009-12-02 13:38:17 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Dane aplikacji\DNA

[2009-12-02 13:38:16 | 00,000,000 | —D | C] – C:\Program Files\DNA

[2009-12-02 13:38:16 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Dane aplikacji\DNA

[2009-12-02 13:38:15 | 00,000,000 | —D | C] – C:\Program Files\GamersFirst

[2009-12-02 12:35:18 | 00,000,000 | —D | C] – C:\Documents and Settings\Windows Xp\Pulpit\the sims 1

[2009-11-30 15:55:35 | 01,064,960 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_dox.dll

[2009-11-30 15:55:35 | 00,811,008 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15.dll

[2009-11-30 15:55:35 | 00,757,760 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_doc.dll

[2009-11-30 15:55:35 | 00,655,360 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_pdf.dll

[2009-11-30 15:55:35 | 00,643,072 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_htm.dll

[2009-11-30 15:55:35 | 00,577,536 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_rtf.dll

[2009-11-30 15:55:35 | 00,425,984 | ---- | C] (SoftInterface.COM) – C:\WINDOWS\System32\PDFConverterX.ocx

[2009-11-30 15:55:35 | 00,364,544 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx4ole15.ocx

[2009-11-30 15:55:35 | 00,360,448 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_css.dll

[2009-11-30 15:55:35 | 00,327,680 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_obj.dll

[2009-11-30 15:55:35 | 00,253,952 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_png.flt

[2009-11-30 15:55:35 | 00,237,568 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_tls.dll

[2009-11-30 15:55:35 | 00,200,704 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_jpg.flt

[2009-11-30 15:55:35 | 00,131,072 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_ic.dll

[2009-11-30 15:55:35 | 00,126,976 | ---- | C] (BCL Technologies) – C:\WINDOWS\System32\beconv.dll

[2009-11-30 15:55:35 | 00,106,496 | ---- | C] (Skogen) – C:\WINDOWS\System32\SeeThroughPicture.ocx

[2009-11-30 15:55:35 | 00,073,728 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_tif.flt

[2009-11-30 15:55:35 | 00,065,536 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_wnd.dll

[2009-11-30 15:55:35 | 00,061,440 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_bmp.flt

[2009-11-30 15:55:35 | 00,057,344 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_gif.flt

[2009-11-30 15:55:35 | 00,053,248 | ---- | C] (The Imaging Source Europe GmbH) – C:\WINDOWS\System32\tx15_wmf.flt

[2009-11-30 15:55:35 | 00,000,000 | —D | C] – C:\WINDOWS\System32\Resource

[2009-11-30 15:55:34 | 00,244,416 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\Msflxgrd.ocx

[2009-11-30 15:55:33 | 00,000,000 | —D | C] – C:\Program Files\Softinterface, Inc

[2009-11-17 14:43:32 | 00,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-11-17 14:43:32 | 00,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[2009-11-17 14:42:54 | 00,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-11-17 14:42:54 | 00,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[1999-05-17 13:58:52 | 00,099,840 | ---- | C] (Symantec Corp.) – C:\Program Files\Common Files\IRAABOUT.DLL

[1998-12-09 02:53:54 | 00,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) – C:\Program Files\Common Files\IRAREG.DLL

[1998-12-09 02:53:54 | 00,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) – C:\Program Files\Common Files\IRAMDMTR.DLL

[1998-12-09 02:53:54 | 00,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) – C:\Program Files\Common Files\IRALPTTR.DLL

[1998-12-09 02:53:54 | 00,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) – C:\Program Files\Common Files\IRAWEBTR.DLL

[1998-12-09 02:53:54 | 00,017,920 | ---- | C] (Symantec Corp.) – C:\Program Files\Common Files\IRASRIAL.DLL

========== Files - Modified Within 30 Days ==========

[2009-12-30 15:37:01 | 00,253,748 | ---- | M] () – C:\WINDOWS\System32\NvApps.xml

[2009-12-30 15:36:56 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT

[2009-12-30 15:36:55 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2009-12-30 15:36:03 | 03,932,160 | -H-- | M] () – C:\Documents and Settings\Windows Xp\NTUSER.DAT

[2009-12-30 01:58:09 | 04,279,552 | -H-- | M] () – C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-12-30 01:05:41 | 00,000,069 | ---- | M] () – C:\WINDOWS\NeroDigital.ini

[2009-12-29 13:26:13 | 00,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2009-12-28 23:56:08 | 00,000,005 | ---- | M] () – C:\WINDOWS\System32\SySCon.dat

[2009-12-28 23:31:06 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javaws.exe

[2009-12-28 23:31:06 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javaw.exe

[2009-12-28 23:31:06 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\java.exe

[2009-12-28 23:31:06 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javacpl.cpl

[2009-12-28 23:31:05 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\deploytk.dll

[2009-12-28 17:10:20 | 00,397,221 | ---- | M] () – C:\Documents and Settings\Windows Xp\Pulpit\PRoBot.rar

[2009-12-27 22:50:24 | 00,940,794 | ---- | M] () – C:\WINDOWS\System32\LoopyMusic.wav

[2009-12-27 22:50:24 | 00,146,650 | ---- | M] () – C:\WINDOWS\System32\BuzzingBee.wav

[2009-12-22 11:28:33 | 00,020,728 | ---- | M] () – C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-12-21 05:21:05 | 00,001,613 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk

[2009-12-21 05:21:04 | 00,691,696 | ---- | M] () – C:\WINDOWS\System32\drivers\sptd.sys

[2009-12-21 04:53:23 | 00,000,880 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Need for Speed™ Most Wanted.lnk

[2009-12-19 12:48:21 | 00,000,664 | ---- | M] () – C:\Documents and Settings\Windows Xp\Pulpit\Free Download Manager.lnk

[2009-12-16 13:55:38 | 00,000,599 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Jagged Alliance 2 Wildfire.lnk

[2009-12-16 12:50:27 | 00,000,857 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Rollercoaster Tycoon 3 ZE.lnk

[2009-12-13 14:37:55 | 00,189,081 | ---- | M] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\840368894.jpg

[2009-12-13 14:21:40 | 00,166,978 | ---- | M] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\841293467.jpg

[2009-12-13 14:21:31 | 00,092,246 | ---- | M] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\843505780.jpg

[2009-12-13 00:11:38 | 00,145,150 | ---- | M] () – C:\Documents and Settings\Windows Xp\Pulpit\Zdjęcie0055.jpg

[2009-12-13 00:10:00 | 00,133,419 | ---- | M] () – C:\Documents and Settings\Windows Xp\Pulpit\Zdjęcie0053.jpg

[2009-12-10 02:26:52 | 00,120,544 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT

[2009-12-10 01:38:05 | 00,121,127 | ---- | M] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\karramba.jpg

[2009-12-10 00:15:28 | 00,178,516 | ---- | M] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\bookmarks.html

[2009-12-08 19:40:52 | 00,000,049 | ---- | M] () – C:\WINDOWS\SW_Win2146X32.DLL

[2009-12-08 13:38:53 | 00,000,043 | ---- | M] () – C:\WINDOWS\gswin32.ini

[2009-12-08 12:48:28 | 00,000,427 | ---- | M] () – C:\WINDOWS\ODBC.INI

[2009-12-08 12:48:28 | 00,000,063 | ---- | M] () – C:\WINDOWS\mdm.ini

[2009-12-08 12:48:23 | 00,000,000 | ---- | M] () – C:\WINDOWS\NSREX.INI

[2009-12-08 12:48:00 | 00,000,638 | ---- | M] () – C:\WINDOWS\win.ini

[2009-12-08 12:47:54 | 00,001,745 | ---- | M] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

[2009-12-08 12:47:54 | 00,000,928 | ---- | M] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Symantec Fax Starter Edition Port.lnk

[2009-12-08 10:53:38 | 00,763,990 | ---- | M] () – C:\WINDOWS\System32\PerfStringBackup.INI

[2009-12-08 10:53:38 | 00,355,486 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat

[2009-12-08 10:53:38 | 00,311,604 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat

[2009-12-08 10:53:38 | 00,049,492 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat

[2009-12-08 10:53:38 | 00,039,992 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat

[2009-12-08 10:52:43 | 00,001,621 | ---- | M] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk

[2009-12-08 10:51:34 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) – C:\WINDOWS\System32\drivers\AegisP.sys

[2009-12-05 14:34:03 | 00,117,714 | ---- | M] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\2.12.jpg

[2009-12-03 11:29:51 | 00,000,180 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Soul of the Ultimate Nation.url

[2009-12-02 23:10:28 | 00,000,004 | ---- | M] () – C:\WINDOWS\System32\proc20744962.bin

[2009-12-02 14:01:04 | 00,000,023 | ---- | M] () – C:\WINDOWS\BlendSettings.ini

[2009-12-01 19:32:05 | 00,004,608 | ---- | M] () – C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2009-12-28 17:09:56 | 00,397,221 | ---- | C] () – C:\Documents and Settings\Windows Xp\Pulpit\PRoBot.rar

[2009-12-27 22:50:24 | 00,940,794 | ---- | C] () – C:\WINDOWS\System32\LoopyMusic.wav

[2009-12-27 22:50:24 | 00,146,650 | ---- | C] () – C:\WINDOWS\System32\BuzzingBee.wav

[2009-12-21 05:21:05 | 00,001,613 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk

[2009-12-21 05:21:03 | 00,691,696 | ---- | C] () – C:\WINDOWS\System32\drivers\sptd.sys

[2009-12-21 04:53:23 | 00,000,880 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Need for Speed™ Most Wanted.lnk

[2009-12-21 04:39:16 | 00,354,816 | ---- | C] () – C:\WINDOWS\System32\psisdecd.dll

[2009-12-21 04:39:16 | 00,354,816 | ---- | C] () – C:\WINDOWS\System32\dllcache\psisdecd.dll

[2009-12-21 04:39:16 | 00,052,224 | ---- | C] () – C:\WINDOWS\System32\msdvbnp.ax

[2009-12-21 04:39:16 | 00,052,224 | ---- | C] () – C:\WINDOWS\System32\dllcache\msdvbnp.ax

[2009-12-21 04:39:16 | 00,030,208 | ---- | C] () – C:\WINDOWS\System32\psisrndr.ax

[2009-12-21 04:39:16 | 00,030,208 | ---- | C] () – C:\WINDOWS\System32\dllcache\psisrndr.ax

[2009-12-19 12:48:21 | 00,000,664 | ---- | C] () – C:\Documents and Settings\Windows Xp\Pulpit\Free Download Manager.lnk

[2009-12-16 13:55:38 | 00,000,599 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Jagged Alliance 2 Wildfire.lnk

[2009-12-16 12:50:27 | 00,000,857 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Rollercoaster Tycoon 3 ZE.lnk

[2009-12-15 16:45:29 | 00,145,150 | ---- | C] () – C:\Documents and Settings\Windows Xp\Pulpit\Zdjęcie0055.jpg

[2009-12-15 16:45:29 | 00,133,419 | ---- | C] () – C:\Documents and Settings\Windows Xp\Pulpit\Zdjęcie0053.jpg

[2009-12-13 14:37:55 | 00,189,081 | ---- | C] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\840368894.jpg

[2009-12-13 14:21:39 | 00,166,978 | ---- | C] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\841293467.jpg

[2009-12-13 14:21:30 | 00,092,246 | ---- | C] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\843505780.jpg

[2009-12-10 01:38:04 | 00,121,127 | ---- | C] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\karramba.jpg

[2009-12-10 00:15:28 | 00,178,516 | ---- | C] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\bookmarks.html

[2009-12-08 13:35:06 | 00,000,043 | ---- | C] () – C:\WINDOWS\gswin32.ini

[2009-12-08 12:48:28 | 00,000,427 | ---- | C] () – C:\WINDOWS\ODBC.INI

[2009-12-08 12:48:28 | 00,000,063 | ---- | C] () – C:\WINDOWS\mdm.ini

[2009-12-08 12:48:23 | 00,000,000 | ---- | C] () – C:\WINDOWS\NSREX.INI

[2009-12-08 12:47:54 | 00,001,745 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk

[2009-12-08 12:47:54 | 00,000,928 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Symantec Fax Starter Edition Port.lnk

[2009-12-08 10:52:43 | 00,001,621 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk

[2009-12-08 10:51:53 | 00,290,918 | ---- | C] () – C:\WINDOWS\System32\Install7x.dll

[2009-12-08 10:51:53 | 00,002,048 | ---- | C] () – C:\WINDOWS\System32\drivers\rt73.bin

[2009-12-08 10:51:53 | 00,000,138 | ---- | C] () – C:\WINDOWS\filespec7x

[2009-12-05 14:34:02 | 00,117,714 | ---- | C] () – C:\Documents and Settings\Windows Xp\Moje dokumenty\2.12.jpg

[2009-12-03 11:29:51 | 00,000,180 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Soul of the Ultimate Nation.url

[2009-12-02 23:10:28 | 00,000,004 | ---- | C] () – C:\WINDOWS\System32\proc20744962.bin

[2009-11-30 15:55:46 | 00,000,049 | ---- | C] () – C:\WINDOWS\SW_Win2146X32.DLL

[2009-11-30 15:55:35 | 01,720,320 | ---- | C] () – C:\WINDOWS\System32\beconvlib.dll

[2009-11-30 15:55:35 | 00,282,624 | ---- | C] () – C:\WINDOWS\System32\bprgcomm.dll

[2009-11-30 15:55:35 | 00,274,432 | ---- | C] () – C:\WINDOWS\System32\WordConverterX2.ocx

[2009-11-30 15:55:35 | 00,221,184 | ---- | C] () – C:\WINDOWS\System32\SII_PDF.dll

[2009-11-30 15:55:35 | 00,131,072 | ---- | C] () – C:\WINDOWS\System32\CSVSpecialProcessing.dll

[2009-11-30 15:55:35 | 00,102,400 | ---- | C] () – C:\WINDOWS\System32\SARzilla.dll

[2009-11-30 15:55:35 | 00,098,304 | ---- | C] () – C:\WINDOWS\System32\DVM.dll

[2009-11-30 15:55:35 | 00,053,248 | ---- | C] () – C:\WINDOWS\System32\RegisterExe.exe

[2009-11-30 15:55:35 | 00,000,530 | ---- | C] () – C:\WINDOWS\System32\tx15_ic.ini

[2009-11-25 18:33:12 | 00,004,608 | ---- | C] () – C:\Documents and Settings\Windows Xp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-11-24 21:14:45 | 00,000,023 | ---- | C] () – C:\WINDOWS\BlendSettings.ini

[2009-11-24 19:40:17 | 00,271,360 | ---- | C] () – C:\WINDOWS\System32\drivers\atksgt.sys

[2009-11-24 19:40:17 | 00,018,048 | ---- | C] () – C:\WINDOWS\System32\drivers\lirsgt.sys

[2009-11-18 19:02:19 | 00,043,520 | ---- | C] () – C:\WINDOWS\System32\CmdLineExt03.dll

[2009-11-18 19:01:34 | 00,003,082 | ---- | C] () – C:\WINDOWS\System32\affv11300p5now.sys

[2009-11-18 13:48:44 | 00,033,824 | ---- | C] () – C:\WINDOWS\System32\drivers\oreans32.sys

[2009-11-18 13:27:15 | 00,000,069 | ---- | C] () – C:\WINDOWS\NeroDigital.ini

[2009-11-18 09:52:59 | 00,164,352 | ---- | C] () – C:\WINDOWS\System32\unrar.dll

[2009-11-18 09:52:57 | 03,596,288 | ---- | C] () – C:\WINDOWS\System32\qt-dx331.dll

[2009-11-18 09:52:57 | 00,755,027 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll

[2009-11-18 09:52:57 | 00,159,839 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll

[2009-11-18 09:52:56 | 00,007,680 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll

[2009-11-18 09:52:56 | 00,000,547 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009-11-17 15:15:15 | 00,000,164 | ---- | C] () – C:\WINDOWS\avrack.ini

[2009-11-17 15:15:03 | 00,143,360 | ---- | C] () – C:\WINDOWS\System32\RtlCPAPI.dll

[2007-03-29 23:00:40 | 00,203,264 | R— | C] () – C:\WINDOWS\System32\CddbCdda.dll

[2003-08-07 14:01:52 | 00,237,568 | ---- | C] () – C:\WINDOWS\System32\lame_enc.dll

[1999-01-22 18:46:58 | 00,065,536 | ---- | C] () – C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:D06A4C76

< End of report >

Nie wklejaj logów na forum, tylko na wklej.org, wklej.to lub nopaste.pl, a w poście dajesz link.

Log wygląda na czysty.

W OTL kliknij CleanUp.

Wykonaj pełny skan Malwarebytes’ Anti-Malware - znalezione obiekty usuń.

Gdy będą wirusy pokaż raport po usuwaniu.

Wyczyść rejestr i dysk CCleaner oraz wyłącz nim zbędniki z autostartu (Narzędzia -> Autostart).