Mój rootkit ;/

jedendwatrzycztery

Nowy użytkownik

Wiadomości: 7

System:

unknown
Przeglądarka:

unknown

Mój rootkit ;/

« : Luty 03, 2010, 06:14:56 »

Siema mam rootkita jak mogę go usunąć? Skanowałem programem AVG Anti-rootkit. Wykrył mi jednego rootkita, zrestartowałem kompa, teraz skanowałem znowu i ten sam rootkit nadal istnieje na kompie. Log z hijackthis

Kod:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Moje Dokumenciki\avast\aswUpdSv.exe
C:\WINDOWS\Explorer.exe
D:\Moje Dokumenciki\avast\ashServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\MOJEDO~1\avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Corel\Graphics8\programs\MFIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\system32\bgsvcgen.exe
D:\Moje Dokumenciki\hamachi\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Moje Dokumenciki\avast\ashMaiSv.exe
D:\Moje Dokumenciki\avast\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
D:\Downloads\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wyborcza.pl/0,0.html?p=015
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html lang='en'>
O1 - Hosts: <head>
O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://us.i1.yimg.com/us.yimg.com/lib/smbiz/css/geocities_84954.css">
O1 - Hosts: <style>
O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 - Hosts: .services { font-size:116%; padding-bottom:20px }
O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 - Hosts: p {margin:20px;font-size:1em;}
O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: 
O1 - Hosts: 
O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px">
O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <link type="text/css" rel="stylesheet" href="http://l.yimg.com/a/lib/uh/15/css/uh-1.0.28.css">
O1 - Hosts: <style type="text/css">
O1 - Hosts: div#headerblock div{font-family:arial;}
O1 - Hosts: </style>
O1 - Hosts: <div id="ygma"><div id="ygmaheader"><div class="bd sp"><div id="ymenu" class="ygmaclr"><div id="mepanel"><ul id="mepanel-nav"><li class="me1"><em>New User? <a class="ygmasignup" title="Sign Up" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=2/SIG=13j8rdsqp/*https://edit.yahoo.com/config/eval_register?.done=http://smallbusiness.yahoo.com%2findex.html&.src=smbiz&.intl=us">Sign Up</a></em></li><li class="me2"><a title="Sign In" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=3/SIG=13cm6p12o/*https://login.yahoo.com/config/login?.done=http://geocities.yahoo.com&.src=smbiz&.intl=us">Sign In</a></li>
O1 - Hosts: <li class="me3"><a href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=7/SIG=11hjute28/*http://help.yahoo.com/l/us/yahoo/geocities/" target="_top" title="Yahoo! Help Central">Help</a></li>
O1 - Hosts: </ul></div><div id="ygmapromo"><a style="font-weight:bold;" id="ygmaie8" href="http://us.ard.yahoo.com/SIG=15vud5jbf/M=650008.13445975.13532322.12832737/D=smallbiz/S=2023010636:HPRM2/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=0Qw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5706923/R=0/SIG=117bakia1/*http://toolbar.yahoo.com/?.cpdl=ushdl" target="_top">Get Yahoo! Toolbar<abbr title="Yahoo! Toolbar"></abbr></a>
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['0Qw4Atj8a20-']='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1';
O1 - Hosts: </script>
O1 - Hosts: <noscript><img width=1 height=1 alt="" src="http://us.bc.yahoo.com/b?P=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48&T=144j596l3%2fX%3d1252090825%2fE%3d2023010636%2fR%3dsmallbiz%2fK%3d5%2fV%3d2.1%2fW%3dH%2fY%3dYAHOO%2fF%3d1861688409%2fQ%3d-1%2fS%3d1%2fJ%3d8B68FCD8&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1"></noscript></div>
O1 - Hosts: <div id="pa"><div id="pa-wrapper"><ul id="pa2-nav" class="sp"><li class="pa1 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=8/SIG=10jmd0d5u/*http://yahoo.com/" title="Yahoo!" target="_top">Yahoo!</a></li><li class="pa2 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=9/SIG=10n3m6b64/*http://mail.yahoo.com" title="Yahoo! Mail" target="_top">Mail</a></li></ul><div id="pa-left" class="sp"></div><ul id="pa-nav" class="sp"><li class="pa3 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['zgw4Atj8a20-']='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1';
O1 - Hosts: </script>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr" style="width:898px;margin-top:1.5em">
O1 - Hosts: <Div class="ez-l2a" id="wrapper">
O1 - Hosts: <div class="ez-l2a-1 " style="width:898px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <div class="ez-wr" >
O1 - Hosts: <div class="ez-box" style="width:898px">
O1 - Hosts: <h1>Sorry, the GeoCities web site you were trying to reach is no longer available.</h1>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" id="boxyahoourls">
O1 - Hosts: <p> GeoCities has closed, but there's a lot more to explore on Yahoo!</p>
O1 - Hosts: <h2>Visit one of these popular Yahoo! sites:</h2>
O1 - Hosts: <ul class= "services">
O1 - Hosts: <li><a href="http://mail.yahoo.com">Yahoo! Mail</a></li>
O1 - Hosts: <li><a href="http://smallbusiness.yahoo.com/webhosting">Web Hosting</a></li>
O1 - Hosts: <li><a href="http://news.yahoo.com">News</a></li>
O1 - Hosts: <li><a href="http://games.yahoo.com">Games</a></li>
O1 - Hosts: <li><a href="http://sports.yahoo.com/">Sports</a> </li>
O1 - Hosts: <li><a href="http://movies.yahoo.com">Movies</a></li>
O1 - Hosts: <li><a href="http://finance.yahoo.com">Finance</a></li>
O1 - Hosts: <li><a href="http://maps.yahoo.com">Maps</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </div>
O1 - Hosts: <li class="rule"></li>
O1 - Hosts: <p>The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, <a href="http://www.archive.org/web/web.php" target="_blank">visit Archive.org</a> and enter the site's web address in the field provided.</p>
O1 - Hosts: <li class="rule"></li>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" style="text-align:center; margin-top:25px;">
O1 - Hosts: <font size="-2" face="verdana">Copyright © 2009 <a href="http://yahoo.com/">Yahoo!</a> Inc. All rights reserved.
O1 - Hosts: <ul>
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a
O1 - Hosts: ></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://smallbusiness.yahoo.com/tos/tos.php">Terms of Service
O1 - Hosts: </a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://help.yahoo.com/help/us/geo/">Help</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </font>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: </object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1264626825&f=us-w8" ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\x\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~2\Toolbar\grabber.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] ]
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\MOJEDO~1\avast\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Moje Dokumenciki\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] D:\Moje Dokumenciki\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\smss.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\programs\MFIndexer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - D:\Moje Dokumenciki\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Moje Dokumenciki\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download &all with DAP - D:\Moje Dokumenciki\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{7DDD593E-1600-424A-94AD-63A9CFAE0CC7}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{7DDD593E-1600-424A-94AD-63A9CFAE0CC7}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS4\Services\Tcpip\..\{7DDD593E-1600-424A-94AD-63A9CFAE0CC7}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ??????P
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Moje Dokumenciki\avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Moje Dokumenciki\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Moje Dokumenciki\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Moje Dokumenciki\avast\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Moje Dokumenciki\hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LO - Sysinternals - www.sysinternals.com - C:\DOCUME~1\x\USTAWI~1\Temp\LO.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

Ponadto jeżeli chcę coś odpalić w konsoli, np program do tworzenia bazy danych, czy server, który hostuję natychmiast resetuje mi się komputer.


	Zapisane

karolkuich

Moderator Globalny

Wiadomości: 5083

Służba Wywiadu

System:

unknown
Przeglądarka:

unknown

Odp: Mój rootkit ;/

« Odpowiedz #1 : Luty 03, 2010, 06:44:44 »

Cytuj

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"

Trojan.

Cytuj

O23 - Service: LO - Sysinternals - www.sysinternals.com - C:\DOCUME~1\x\USTAWI~1\Temp\LO.exe

Możliwe, że to ten domniemany rootkit, ale najpierw trzeba to sprawdzić.

Przeskanuj system DrWeb CureIt
Wyłączony rejestr może wskazywać na sality, lub podobne badziewie. Dopiero potem logi. Najpierw raport z DrWeb.


	Zapisane

jedendwatrzycztery

Nowy użytkownik

Wiadomości: 7

System:

unknown
Przeglądarka:

unknown

Odp: Mój rootkit ;/

« Odpowiedz #2 : Luty 03, 2010, 09:40:15 »

Zeskanowałem DrWeb, usunął mi kilka jakiś tam wirusów, pod koniec zaczął usuwać zdjęcia to wyłączyłem, ale ten program do wykrywania rootkitów avg wykrywa mi wciąż coś takiego:
C:\Windows\System32\Drivers\ah0gk1rg.SYS Typ Rootkita: Hidden driver file
Usunąłem coś takiego 3 razy ale wciąz avg go wykrywa, ale pod różnymi nazwami. ;//


	Zapisane

karolkuich

Moderator Globalny

Wiadomości: 5083

Służba Wywiadu

System:

unknown
Przeglądarka:

unknown

Odp: Mój rootkit ;/

« Odpowiedz #3 : Luty 03, 2010, 10:07:44 »

Cytuj

Zeskanowałem DrWeb, usunął mi kilka jakiś tam wirusów, pod koniec zaczął usuwać zdjęcia to wyłączyłem

Pierwsze słyszę, by CureIt usuwał zdjęcia... mysli

Raportu ze skanowania nie ma , więc nie wiadomo, co zostało usunięte, a to ważne...

Dobra. Spróbujemy standardowo :

Pobierasz HostsXpert i stosujesz się do tego, co tam jest napisane. Plik hosts ma zostać wyczyszczony, bo w tej chwili są tam jakieś banialuki, tak, jakby ktoś wkleił cały kod strony internetowej , lub coś o czym nie mam pojęcia. W każdym razie ma zostać oczyszczony.

Następnie przeskanuj system MBAM . Tutaj , po wykonanym skanowaniu i przeniesieniu wykrytych plików do kwarantanny proszę o raport ze skanowania.

Na koniec wykonaj loga OTL


	Zapisane

jedendwatrzycztery

Nowy użytkownik

Wiadomości: 7

System:

unknown
Przeglądarka:

unknown

Odp: Mój rootkit ;/

« Odpowiedz #4 : Luty 05, 2010, 03:00:30 »

OTL.txt

Kod:

OTL logfile created on: 2010-02-05 14:45:47 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\x\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 469,00 Mb Available Physical Memory | 46,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 26,11 Gb Free Space | 53,47% Space Free | Partition Type: NTFS
Drive D: | 87,89 Gb Total Space | 5,45 Gb Free Space | 6,20% Space Free | Partition Type: NTFS
Drive E: | 96,16 Gb Total Space | 31,64 Gb Free Space | 32,90% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: X-1540E9EE90484
Current User Name: x
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-02-05 14:45:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\OTL.exe
PRC - [2010-01-14 19:39:21 | 000,908,248 | ---- | M] (Mozilla Corporation) -- D:\Moje Dokumenciki\Mozilla Firefox\firefox.exe
PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- D:\Moje Dokumenciki\avast\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- D:\Moje Dokumenciki\avast\ashServ.exe
PRC - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- D:\Moje Dokumenciki\avast\ashMaiSv.exe
PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- D:\Moje Dokumenciki\avast\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- D:\Moje Dokumenciki\avast\aswUpdSv.exe
PRC - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- D:\Moje Dokumenciki\hamachi\hamachi-2.exe
PRC - [2009-10-11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-09-24 14:41:58 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009-05-21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008-12-09 07:23:58 | 018,063,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008-06-06 16:52:52 | 000,292,472 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2008-06-06 16:52:52 | 000,157,304 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2008-04-04 18:03:30 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007-10-19 20:46:08 | 000,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007-10-19 20:46:08 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007-10-14 21:17:32 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007-10-14 20:38:52 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007-09-29 03:56:32 | 000,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007-06-13 14:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-02-07 23:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
PRC - [2005-10-28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005-04-30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2004-04-13 05:07:18 | 000,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2002-05-09 03:43:20 | 000,303,104 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
PRC - [1998-02-17 16:43:34 | 000,083,456 | ---- | M] (Corel Corporation) -- C:\Corel\Graphics8\programs\MFIndexer.exe

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-02-05 14:45:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\OTL.exe
MOD - [2006-08-25 16:51:13 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006-05-03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-02-03 17:56:17 | 000,424,832 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Documents and Settings\x\Ustawienia lokalne\Temp\LO.exe -- (LO)
SRV - [2010-01-30 20:40:08 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Usługa Google Update (gupdate)
SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Moje Dokumenciki\avast\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Moje Dokumenciki\avast\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Moje Dokumenciki\avast\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Moje Dokumenciki\avast\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Moje Dokumenciki\hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-06-12 00:47:00 | 002,837,916 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009-05-21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009-05-03 14:20:47 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008-07-18 13:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008-07-18 13:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008-06-06 16:52:52 | 000,292,472 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2007-11-06 21:16:54 | 000,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007-09-29 03:56:32 | 000,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007-09-28 21:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007-02-07 23:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) [Auto | Running] -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)
SRV - [2005-04-30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2005-04-03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003-07-28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wyborcza.pl/0,0.html?p=015
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Moje Dokumenciki\Mozilla Firefox\components [2010-02-02 15:44:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Moje Dokumenciki\Mozilla Firefox\plugins [2010-01-14 19:39:30 | 000,000,000 | ---D | M]

[2008-07-24 14:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Extensions
[2010-02-04 15:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\f991jhlv.default\extensions
[2009-12-17 18:24:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\f991jhlv.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

O1 HOSTS File: ([2010-02-04 16:41:45 | 000,000,698 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (SBCONVERT Class) - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\x\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] D:\Moje Dokumenciki\avast\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Moje Dokumenciki\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gadu-Gadu] D:\Moje Dokumenciki\Gadu-Gadu\gg.exe File not found
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\programs\MFIndexer.exe (Corel Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &Clean Traces - D:\Moje Dokumenciki\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - D:\Moje Dokumenciki\DAP\dapextie.htm ()
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Download &all with DAP - D:\Moje Dokumenciki\DAP\dapextie2.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 79.139.116.1 91.123.160.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (⇧粀Ề쳀P) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-02-03 17:08:10 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001-11-11 08:07:18 | 000,000,112 | ---- | M] () - C:\Autoplay.ply -- [ NTFS ]
O32 - AutoRun File - [2008-07-15 10:03:50 | 000,000,000 | ---D | M] - D:\Automap -- [ NTFS ]
O33 - MountPoints2\{0f776cf7-0819-11df-956a-00241d607cdb}\Shell - "" = AutoRun
O33 - MountPoints2\{3fcdc5b8-72d1-11de-9279-00161743130c}\Shell\AutoRun\command - "" = H:\ur0.com -- File not found
O33 - MountPoints2\{3fcdc5b8-72d1-11de-9279-00161743130c}\Shell\open\Command - "" = H:\ur0.com -- File not found
O33 - MountPoints2\{8532daa6-0b0e-11de-8f9f-00161743130c}\Shell\AutoRun\command - "" = rqb0v2ot.bat
O33 - MountPoints2\{8532daa6-0b0e-11de-8f9f-00161743130c}\Shell\explore\Command - "" = rqb0v2ot.bat
O33 - MountPoints2\{8532daa6-0b0e-11de-8f9f-00161743130c}\Shell\open\Command - "" = rqb0v2ot.bat
O33 - MountPoints2\{b8c99c90-6e16-11de-925a-00161743130c}\Shell - "" = AutoRun
O33 - MountPoints2\{ff508677-0761-11df-9566-00241d607cdb}\Shell\AutoRun\command - "" = ur0.com
O33 - MountPoints2\{ff508677-0761-11df-9566-00241d607cdb}\Shell\open\Command - "" = ur0.com
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-11-14 21:52:17 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55172488459452416)

[color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color]

File not found -- C:\MS32DLL.dll.vbs
[2010-02-05 14:45:18 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\OTL.exe
[2010-02-05 14:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
[2010-02-04 16:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Dane aplikacji\Malwarebytes
[2010-02-04 16:38:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-02-04 16:38:49 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-02-04 16:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-02-04 16:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-02-03 19:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\DoctorWeb
[2010-02-03 17:56:06 | 000,000,000 | ---D | C] -- C:\RootkitRevealer_1.7
[2010-02-03 17:19:06 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2010-02-03 17:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2010-02-03 12:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-3
[2010-02-02 17:59:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010-02-02 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-2
[2010-02-01 09:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-1
[2010-01-31 09:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-31
[2010-01-30 20:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2010-01-30 20:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2010-01-30 10:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-30
[2010-01-29 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-29
[2010-01-28 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-28
[2010-01-27 22:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok
[2010-01-27 22:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
[2010-01-27 22:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-27
[2010-01-27 14:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Moje dokumenty\Sony Ericsson
[2010-01-22 18:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
[2009-12-11 16:32:38 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Dane aplikacji\hpe12A.dll
[2008-01-17 08:55:44 | 003,703,975 | ---- | C] (IPS Przedsiębiorstwo Informatyczne ) -- C:\Program Files\pity 2007.exe
[2008-01-03 16:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-01-03 16:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-01-03 16:16:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2008-01-03 16:16:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 14 Days ==========[/color]

[2010-02-05 14:45:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\OTL.exe
[2010-02-05 14:45:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-02-05 14:34:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010-02-05 14:32:56 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-02-05 14:32:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-05 14:32:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-05 14:31:23 | 012,320,768 | -H-- | M] () -- C:\Documents and Settings\x\NTUSER.DAT
[2010-02-05 14:31:17 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\x\ntuser.ini
[2010-02-05 00:51:07 | 002,640,664 | -H-- | M] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-04 16:41:45 | 000,000,698 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-02-04 08:55:58 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Ulead32.INI
[2010-02-04 04:42:21 | 000,310,272 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\projsyst.doc
[2010-02-04 01:58:37 | 000,200,704 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\UCHWAŁY WALNEGO.doc
[2010-02-04 01:37:59 | 000,097,280 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\LISTA OBECNOŚCI NA WALNYM na 28 stycznia 2008.doc
[2010-02-04 01:35:12 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\LISTA WPŁAT SKŁADEK CZŁONKOWSKICH 2009.doc
[2010-02-04 00:43:45 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\PLAN PRACY Stowarzyszenia na 2009 rok.doc
[2010-02-04 00:32:33 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\SPRAWOZDANIE MERYTORYCZNE 2009 - II.doc
[2010-02-03 22:01:30 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\SPRAWOZDANIE MEERYTORYCZNE 2009.doc
[2010-02-03 18:53:18 | 002,119,372 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\gegra.jpg
[2010-02-03 18:10:53 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010-02-03 18:10:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010-02-03 17:56:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\LYWDR
[2010-02-03 17:19:06 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG Anti-Rootkit Free.lnk
[2010-02-03 17:18:34 | 000,423,736 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\avgarkt-setup-1.1.0.42.exe
[2010-02-03 17:08:10 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2010-02-03 16:34:42 | 000,012,407 | ---- | M] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
[2010-02-02 13:11:22 | 000,000,052 | ---- | M] () -- C:\WINDOWS\Pex.INI
[2010-01-31 20:03:05 | 000,000,041 | ---- | M] () -- C:\WINDOWS\System32\MSCANDC.INI
[2010-01-30 17:10:22 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010-01-30 16:10:55 | 000,726,016 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\obrazy nr5.doc
[2010-01-30 11:52:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-29 17:45:50 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Obraz 4.doc
[2010-01-29 17:44:32 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Obraz 3.doc
[2010-01-29 17:43:58 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Obraz 2.doc
[2010-01-29 17:32:40 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Obrazy.doc
[2010-01-29 15:41:54 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-28 23:10:18 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Ulotki na 1 %.doc
[2010-01-28 23:01:03 | 001,003,520 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\ZESTAWIENIE DOKUMENTOW - AKTYWNA INTEGRACJA I.doc
[2010-01-28 22:39:33 | 001,001,472 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Opis Faktur II transza.doc
[2010-01-28 22:07:54 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\LISTA OBECNOŚCI RODZICÓW UCZNIÓW ZW i PPP Nr 1 W CHEŁMIE.doc
[2010-01-28 22:03:06 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\LISTA OBECNOŚCI NAUCZYCIELI.doc
[2010-01-28 21:49:43 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\OCENA OPISOWA.doc
[2010-01-27 23:55:17 | 000,540,672 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\zaproszonko.pub
[2010-01-27 20:24:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\de_aztec0000(1).bmp
[2010-01-27 20:23:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\de_aztec0000.bmp
[2010-01-26 23:07:01 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\BROSZURA STOWARZYSZENIA.doc
[2010-01-26 08:35:38 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\SPRAWOZDANIE AKTYWNA I STRONA.doc
[2010-01-25 00:41:31 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\ANKIETA1.doc
[2010-01-25 00:38:53 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\osiagniecia.doc
[2010-01-25 00:27:13 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\klasyfikacja.doc
[2010-01-24 22:51:21 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\karta_inf_pracy_naucz.doc
[2010-01-24 20:41:24 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\kola_zainteresowan.doc
[2010-01-24 20:14:43 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\podstawa_programowa_i_godzina_dodatk.doc
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-02-04 04:42:21 | 000,310,272 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\projsyst.doc
[2010-02-03 22:21:32 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\SPRAWOZDANIE MERYTORYCZNE 2009 - II.doc
[2010-02-03 19:54:30 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\SPRAWOZDANIE MEERYTORYCZNE 2009.doc
[2010-02-03 18:53:09 | 002,119,372 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\gegra.jpg
[2010-02-03 18:10:53 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010-02-03 18:10:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010-02-03 17:56:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\LYWDR
[2010-02-03 17:19:06 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AVG Anti-Rootkit Free.lnk
[2010-02-03 17:18:32 | 000,423,736 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\avgarkt-setup-1.1.0.42.exe
[2010-02-03 16:34:42 | 000,012,407 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
[2010-02-03 14:45:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\BronFoldNetDomList.txt
[2010-01-30 20:40:14 | 000,001,036 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-01-30 20:40:14 | 000,001,032 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-01-30 20:32:55 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\sknc.dll
[2010-01-29 17:54:14 | 000,726,016 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\obrazy nr5.doc
[2010-01-29 17:45:50 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\Obraz 4.doc
[2010-01-29 17:44:32 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\Obraz 3.doc
[2010-01-29 17:43:58 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\Obraz 2.doc
[2010-01-29 17:32:39 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\Obrazy.doc
[2010-01-29 16:05:33 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010-01-28 23:10:17 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\Ulotki na 1 %.doc
[2010-01-28 22:03:06 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\LISTA OBECNOŚCI NAUCZYCIELI.doc
[2010-01-27 22:19:28 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Kosong.Bron.Tok.txt
[2010-01-27 22:13:52 | 000,012,407 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\ListHost12.txt
[2010-01-27 20:24:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\de_aztec0000(1).bmp
[2010-01-27 20:23:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\de_aztec0000.bmp
[2010-01-26 16:31:16 | 000,540,672 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\zaproszonko.pub
[2010-01-25 00:57:41 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\BROSZURA STOWARZYSZENIA.doc
[2010-01-24 15:13:15 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\karta_inf_pracy_naucz.doc
[2010-01-24 15:13:08 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\podstawa_programowa_i_godzina_dodatk.doc
[2010-01-24 15:13:01 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\kola_zainteresowan.doc
[2009-12-17 22:02:37 | 000,010,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\Hmonitor.sys
[2009-12-10 13:36:24 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\winlogon.exe
[2009-11-12 22:30:47 | 000,001,339 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2009-09-04 19:04:01 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-09-04 19:03:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-09-04 19:03:59 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-09-04 19:03:59 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-09-04 19:03:58 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-09-04 19:03:58 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-08-28 16:41:58 | 000,000,019 | ---- | C] () -- C:\WINDOWS\cie12.ini
[2009-07-11 09:35:34 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\x\Dane aplikacji\ceville_console_history.txt
[2009-07-03 22:20:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2009-07-03 22:18:47 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009-06-29 12:53:07 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\x\Dane aplikacji\Smiley.ico
[2009-06-16 13:10:38 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2009-06-16 13:10:38 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2009-05-26 20:38:12 | 000,000,795 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2009-02-28 17:15:48 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2009-02-28 17:15:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\animation2.dll
[2009-02-28 17:14:58 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2009-02-28 17:14:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll
[2009-02-28 17:14:49 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\drumpad.dll
[2009-02-28 17:14:48 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
[2009-02-08 11:26:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2008-08-03 21:10:28 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-06-08 10:39:08 | 000,005,732 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2008-06-08 10:39:06 | 000,129,024 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008-04-30 13:55:16 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-04-13 11:35:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008-04-13 10:13:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2008-02-27 15:09:52 | 001,867,776 | ---- | C] () -- C:\WINDOWS\System32\python24.dll
[2008-02-17 23:09:19 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\x\Dane aplikacji\configsys
[2008-02-17 17:01:51 | 000,000,423 | ---- | C] () -- C:\WINDOWS\kingpong1.INI
[2008-02-02 17:01:19 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008-02-02 17:00:21 | 000,000,123 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008-01-17 09:06:21 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2008-01-17 08:49:22 | 001,280,201 | ---- | C] () -- C:\Program Files\win rar 371 pl.exe
[2008-01-13 17:54:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008-01-13 17:22:35 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008-01-13 17:19:21 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2008-01-13 17:15:57 | 000,000,492 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008-01-13 17:02:57 | 000,000,436 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2008-01-13 17:01:43 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\MSCANDC.INI
[2008-01-13 16:48:34 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2008-01-13 16:48:34 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2008-01-04 18:00:49 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2008-01-04 00:24:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-01-03 23:33:11 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2008-01-03 23:14:00 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-01-03 21:39:02 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004-01-02 00:28:29 | 000,000,100 | ---- | C] () -- C:\WINDOWS\forevermopt.INI
[2004-01-02 00:28:13 | 000,000,317 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2004-01-01 23:05:12 | 000,092,400 | ---- | C] () -- C:\WINDOWS\ktkm7.dll
[2004-01-01 23:05:12 | 000,058,192 | ---- | C] () -- C:\WINDOWS\ktkm6.dll
[2004-01-01 23:05:12 | 000,055,186 | ---- | C] () -- C:\WINDOWS\ktkm5.dll
[2004-01-01 23:05:12 | 000,030,166 | ---- | C] () -- C:\WINDOWS\ktkm9.dll
[2004-01-01 23:05:12 | 000,023,364 | ---- | C] () -- C:\WINDOWS\ktkm8.dll
[2004-01-01 23:05:12 | 000,022,926 | ---- | C] () -- C:\WINDOWS\ktkm4.dll
[2004-01-01 23:05:11 | 000,268,621 | ---- | C] () -- C:\WINDOWS\ktkm33.dll
[2004-01-01 23:05:11 | 000,098,442 | ---- | C] () -- C:\WINDOWS\ktkm35.dll
[2004-01-01 23:05:11 | 000,082,542 | ---- | C] () -- C:\WINDOWS\ktkm37.dll
[2004-01-01 23:05:11 | 000,020,926 | ---- | C] () -- C:\WINDOWS\ktkm36.dll
[2004-01-01 23:05:11 | 000,010,240 | ---- | C] () -- C:\WINDOWS\ktkm34.dll
[2004-01-01 23:05:10 | 000,326,441 | ---- | C] () -- C:\WINDOWS\ktkm32.dll
[2004-01-01 23:05:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\ktkm29.dll
[2004-01-01 23:05:10 | 000,128,042 | ---- | C] () -- C:\WINDOWS\ktkm30.dll
[2004-01-01 23:05:10 | 000,116,841 | ---- | C] () -- C:\WINDOWS\ktkm26.dll
[2004-01-01 23:05:10 | 000,100,786 | ---- | C] () -- C:\WINDOWS\ktkm28.dll
[2004-01-01 23:05:10 | 000,081,427 | ---- | C] () -- C:\WINDOWS\ktkm31.dll
[2004-01-01 23:05:10 | 000,065,092 | ---- | C] () -- C:\WINDOWS\ktkm27.dll
[2004-01-01 23:05:10 | 000,022,657 | ---- | C] () -- C:\WINDOWS\ktkm3.dll
[2004-01-01 23:05:09 | 000,538,410 | ---- | C] () -- C:\WINDOWS\ktkm20.dll
[2004-01-01 23:05:09 | 000,524,537 | ---- | C] () -- C:\WINDOWS\ktkm18.dll
[2004-01-01 23:05:09 | 000,370,880 | ---- | C] () -- C:\WINDOWS\ktkm22.dll
[2004-01-01 23:05:09 | 000,126,720 | ---- | C] () -- C:\WINDOWS\ktkm23.dll
[2004-01-01 23:05:09 | 000,070,888 | ---- | C] () -- C:\WINDOWS\ktkm19.dll
[2004-01-01 23:05:09 | 000,066,908 | ---- | C] () -- C:\WINDOWS\ktkm17.dll
[2004-01-01 23:05:09 | 000,064,070 | ---- | C] () -- C:\WINDOWS\ktkm21.dll
[2004-01-01 23:05:09 | 000,056,992 | ---- | C] () -- C:\WINDOWS\ktkm24.dll
[2004-01-01 23:05:09 | 000,049,094 | ---- | C] () -- C:\WINDOWS\ktkm25.dll
[2004-01-01 23:05:09 | 000,020,974 | ---- | C] () -- C:\WINDOWS\ktkm2.dll
[2004-01-01 23:05:08 | 000,803,601 | ---- | C] () -- C:\WINDOWS\ktkm16.dll
[2004-01-01 23:05:08 | 000,524,164 | ---- | C] () -- C:\WINDOWS\ktkm12.dll
[2004-01-01 23:05:08 | 000,307,617 | ---- | C] () -- C:\WINDOWS\ktkm15.dll
[2004-01-01 23:05:08 | 000,209,936 | ---- | C] () -- C:\WINDOWS\ktkm14.dll
[2004-01-01 23:05:08 | 000,099,867 | ---- | C] () -- C:\WINDOWS\ktkm13.dll
[2004-01-01 23:05:08 | 000,096,166 | ---- | C] () -- C:\WINDOWS\ktkm1.dll
[2004-01-01 23:05:08 | 000,062,631 | ---- | C] () -- C:\WINDOWS\ktkm11.dll
[2004-01-01 23:05:08 | 000,058,015 | ---- | C] () -- C:\WINDOWS\ktkm10.dll
[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997-06-14 01:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2008-02-01 18:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Age of Empires 3
[2009-08-10 17:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
[2009-06-13 17:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-01-19 21:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2009-10-25 11:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI
[2009-11-25 17:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2008-12-19 18:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
[2009-02-09 11:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PMB Files
[2009-06-29 13:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit
[2009-07-07 10:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-09-27 09:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited
[2009-06-20 12:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Total Gameplay
[2009-07-16 14:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
[2008-09-04 18:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\UltiDev
[2009-03-15 07:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Anvil Studio
[2009-08-02 11:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Braid
[2009-07-03 22:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\ConvertTemp
[2009-06-13 17:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\DAEMON Tools
[2009-06-13 17:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\DAEMON Tools Lite
[2008-05-24 20:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\eSkiMoS R2
[2009-01-31 15:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\FSW2
[2008-01-03 21:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Gadu-Gadu
[2009-02-17 22:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\GanymedeNet
[2009-12-29 13:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\gtk-2.0
[2008-02-09 17:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\InterVideo
[2010-01-19 21:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\ipla
[2009-12-24 19:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Leadertech
[2008-02-08 21:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\MargonemMapki
[2009-05-25 21:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\mojosoft
[2009-11-16 18:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Mount&Blade
[2009-04-08 21:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Nowe Gadu-Gadu
[2008-01-13 18:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\OLYMPUS
[2009-11-16 14:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\OpenFM
[2008-12-22 12:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Opera
[2009-12-24 15:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\runic games
[2009-07-03 22:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Samsung
[2008-03-18 18:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Soldat
[2009-07-03 22:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Temporary
[2010-01-13 19:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Tibia
[2008-11-07 21:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\TibiaTestserver
[2009-07-03 22:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\TransRender
[2009-10-03 15:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\uTorrent
[2009-05-08 17:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Wypas
[2009-02-07 09:40:01 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\NSSstub.job
[2010-02-05 14:34:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2005-06-13 07:26:14 | 002,438,144 | ---- | M] (Willow Software) -- C:\astudio.exe
[2003-10-29 13:59:04 | 000,043,520 | ---- | M] (Willow Software) -- C:\asUpgr.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2004-08-03 23:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2004-08-03 23:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004-08-03 23:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll
[2008-04-14 18:20:31 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\eventlog.dll

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2004-08-03 23:44:08 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=8BE1BEBB1447EFFAF5F2135DC098431E -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004-08-03 23:44:08 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=8BE1BEBB1447EFFAF5F2135DC098431E -- C:\WINDOWS\system32\netlogon.dll
[2008-04-14 18:20:40 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=9858AD0A3FCD83C3B100EDD5852DE540 -- C:\WINDOWS\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\netlogon.dll
[2009-02-06 19:47:24 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B771DCBE0449C9F0F290092DEC48E698 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009-02-06 19:47:24 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B771DCBE0449C9F0F290092DEC48E698 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[color=#A23BEC]< MD5 for: NVATA.SYS >[/color]
[2006-10-18 15:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\Documents and Settings\x\Ustawienia lokalne\Temp\pft1A~tmp\IDE\Win2K\sata_ide\nvata.sys
[2006-10-18 15:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\Documents and Settings\x\Ustawienia lokalne\Temp\pft1A~tmp\IDE\WinXP\sata_ide\nvata.sys
[2006-10-18 15:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys

[color=#A23BEC]< MD5 for: NVATABUS.SYS >[/color]
[2006-10-18 15:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\Documents and Settings\x\Ustawienia lokalne\Temp\pft1A~tmp\IDE\Win2K\sataraid\nvatabus.sys
[2006-10-18 15:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\Documents and Settings\x\Ustawienia lokalne\Temp\pft1A~tmp\IDE\WinXP\sataraid\nvatabus.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2004-08-03 23:44:10 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=3609496AE18FF399920C494270C526F9 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004-08-03 23:44:10 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=3609496AE18FF399920C494270C526F9 -- C:\WINDOWS\system32\scecli.dll
[2008-04-14 18:20:45 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=3F74B6B4E2721272A117D25990141F73 -- C:\WINDOWS\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2009-06-13 16:56:58 | 000,721,904 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\drivers\sptd.sys

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2008-01-03 17:05:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008-01-03 17:05:57 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008-01-03 17:05:57 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مهندسة
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A9662AE0
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0F8F5844
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13
< End of report >

Link do "Extras OTL":
>http://wklejto.pl/56633
.
.


	Zapisane

ordynat

Moderator Globalny

Wiadomości: 1345

System:

unknown
Przeglądarka:

unknown

Odp: Mój rootkit ;/

« Odpowiedz #5 : Luty 05, 2010, 03:27:45 »

Cytuj

avg wykrywa mi wciąż coś takiego

Fałszywy alarm - to sterownik o losowej nazwie tworzony przez któryś z Twoich programów, na 99% to "Daemon Tools".
Masz za to infekcję BRONTOK.
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

Cytuj

:OTL
[2009-12-10 13:36:24 | 000,042,667 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\winlogon.exe
[2009-12-11 16:32:38 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Dane aplikacji\hpe12A.dll
[2010-02-02 00:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-2
[2010-02-01 09:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-1
[2010-01-31 09:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-31
[2010-01-30 10:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-30
[2010-01-29 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-29
[2010-01-28 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-28
[2010-01-27 22:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok
[2010-01-27 22:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
[2010-01-27 22:13:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-27
[2010-02-03 12:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-3
O33 - MountPoints2\{3fcdc5b8-72d1-11de-9279-00161743130c}\Shell\AutoRun\command - "" = H:\ur0.com -- File not found
O33 - MountPoints2\{3fcdc5b8-72d1-11de-9279-00161743130c}\Shell\open\Command - "" = H:\ur0.com -- File not found
O33 - MountPoints2\{8532daa6-0b0e-11de-8f9f-00161743130c}\Shell\AutoRun\command - "" = rqb0v2ot.bat
O33 - MountPoints2\{8532daa6-0b0e-11de-8f9f-00161743130c}\Shell\explore\Command - "" = rqb0v2ot.bat
O33 - MountPoints2\{8532daa6-0b0e-11de-8f9f-00161743130c}\Shell\open\Command - "" = rqb0v2ot.bat
O33 - MountPoints2\{b8c99c90-6e16-11de-925a-00161743130c}\Shell - "" = AutoRun
O33 - MountPoints2\{ff508677-0761-11df-9566-00241d607cdb}\Shell\AutoRun\command - "" = ur0.com
O33 - MountPoints2\{ff508677-0761-11df-9566-00241d607cdb}\Shell\open\Command - "" = ur0.com
O20 - AppInit_DLLs: (⇧粀Ề쳀P) - File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O4 - HKCU..\Run: [Gadu-Gadu] D:\Moje Dokumenciki\Gadu-Gadu\gg.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [GEST] File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)

:Files
C:\Program Files\AskSBar
C:\WINDOWS\eksplorasi.exe

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

:Commands
[emptytemp]
[resethosts]
[Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem kliknij "Run Scan".
Pokaż nowy log OTL.txt oraz log z usuwania.

Cytuj

C:\WINDOWS\System32\sknc.dll
[2004-01-01 23:05:12 | 000,092,400 | ---- | C] () -- C:\WINDOWS\ktkm7.dll
[2004-01-01 23:05:12 | 000,058,192 | ---- | C] () -- C:\WINDOWS\ktkm6.dll
[2004-01-01 23:05:12 | 000,055,186 | ---- | C] () -- C:\WINDOWS\ktkm5.dll
[2004-01-01 23:05:12 | 000,030,166 | ---- | C] () -- C:\WINDOWS\ktkm9.dll
[2004-01-01 23:05:12 | 000,023,364 | ---- | C] () -- C:\WINDOWS\ktkm8.dll
[2004-01-01 23:05:12 | 000,022,926 | ---- | C] () -- C:\WINDOWS\ktkm4.dll
[2004-01-01 23:05:11 | 000,268,621 | ---- | C] () -- C:\WINDOWS\ktkm33.dll
[2004-01-01 23:05:11 | 000,098,442 | ---- | C] () -- C:\WINDOWS\ktkm35.dll
[2004-01-01 23:05:11 | 000,082,542 | ---- | C] () -- C:\WINDOWS\ktkm37.dll
[2004-01-01 23:05:11 | 000,020,926 | ---- | C] () -- C:\WINDOWS\ktkm36.dll
[2004-01-01 23:05:11 | 000,010,240 | ---- | C] () -- C:\WINDOWS\ktkm34.dll
[2004-01-01 23:05:10 | 000,326,441 | ---- | C] () -- C:\WINDOWS\ktkm32.dll
[2004-01-01 23:05:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\ktkm29.dll
[2004-01-01 23:05:10 | 000,128,042 | ---- | C] () -- C:\WINDOWS\ktkm30.dll
[2004-01-01 23:05:10 | 000,116,841 | ---- | C] () -- C:\WINDOWS\ktkm26.dll
[2004-01-01 23:05:10 | 000,100,786 | ---- | C] () -- C:\WINDOWS\ktkm28.dll
[2004-01-01 23:05:10 | 000,081,427 | ---- | C] () -- C:\WINDOWS\ktkm31.dll
[2004-01-01 23:05:10 | 000,065,092 | ---- | C] () -- C:\WINDOWS\ktkm27.dll
[2004-01-01 23:05:10 | 000,022,657 | ---- | C] () -- C:\WINDOWS\ktkm3.dll
[2004-01-01 23:05:09 | 000,538,410 | ---- | C] () -- C:\WINDOWS\ktkm20.dll
[2004-01-01 23:05:09 | 000,524,537 | ---- | C] () -- C:\WINDOWS\ktkm18.dll
[2004-01-01 23:05:09 | 000,370,880 | ---- | C] () -- C:\WINDOWS\ktkm22.dll
[2004-01-01 23:05:09 | 000,126,720 | ---- | C] () -- C:\WINDOWS\ktkm23.dll
[2004-01-01 23:05:09 | 000,070,888 | ---- | C] () -- C:\WINDOWS\ktkm19.dll
[2004-01-01 23:05:09 | 000,066,908 | ---- | C] () -- C:\WINDOWS\ktkm17.dll
[2004-01-01 23:05:09 | 000,064,070 | ---- | C] () -- C:\WINDOWS\ktkm21.dll
[2004-01-01 23:05:09 | 000,056,992 | ---- | C] () -- C:\WINDOWS\ktkm24.dll
[2004-01-01 23:05:09 | 000,049,094 | ---- | C] () -- C:\WINDOWS\ktkm25.dll
[2004-01-01 23:05:09 | 000,020,974 | ---- | C] () -- C:\WINDOWS\ktkm2.dll
[2004-01-01 23:05:08 | 000,803,601 | ---- | C] () -- C:\WINDOWS\ktkm16.dll
[2004-01-01 23:05:08 | 000,524,164 | ---- | C] () -- C:\WINDOWS\ktkm12.dll
[2004-01-01 23:05:08 | 000,307,617 | ---- | C] () -- C:\WINDOWS\ktkm15.dll
[2004-01-01 23:05:08 | 000,209,936 | ---- | C] () -- C:\WINDOWS\ktkm14.dll
[2004-01-01 23:05:08 | 000,099,867 | ---- | C] () -- C:\WINDOWS\ktkm13.dll
[2004-01-01 23:05:08 | 000,096,166 | ---- | C] () -- C:\WINDOWS\ktkm1.dll
[2004-01-01 23:05:08 | 000,062,631 | ---- | C] () -- C:\WINDOWS\ktkm11.dll
[2004-01-01 23:05:08 | 000,058,015 | ---- | C] () -- C:\WINDOWS\ktkm10.dll

Sprawdź ten pierwszy, oraz któryś z pozostałych, na --> JOTTI/ albo na VIRUSTOTAL.
.


	Zapisane

jedendwatrzycztery

Nowy użytkownik

Wiadomości: 7

System:

unknown
Przeglądarka:

unknown

Odp: Mój rootkit ;/

« Odpowiedz #6 : Luty 05, 2010, 07:11:48 »

Kod:

OTL logfile created on: 2010-02-05 18:53:07 - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\x\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 515,00 Mb Available Physical Memory | 50,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 28,09 Gb Free Space | 57,53% Space Free | Partition Type: NTFS
Drive D: | 87,89 Gb Total Space | 5,43 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
Drive E: | 96,16 Gb Total Space | 31,64 Gb Free Space | 32,90% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: X-1540E9EE90484
Current User Name: x
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-02-05 14:45:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\OTL.exe
PRC - [2010-01-30 20:40:08 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009-11-25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- D:\Moje Dokumenciki\avast\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- D:\Moje Dokumenciki\avast\ashServ.exe
PRC - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- D:\Moje Dokumenciki\avast\ashMaiSv.exe
PRC - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- D:\Moje Dokumenciki\avast\ashWebSv.exe
PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- D:\Moje Dokumenciki\avast\aswUpdSv.exe
PRC - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) -- D:\Moje Dokumenciki\hamachi\hamachi-2.exe
PRC - [2009-10-11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-09-24 14:41:58 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009-05-21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008-12-09 07:23:58 | 018,063,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008-06-06 16:52:52 | 000,292,472 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2008-06-06 16:52:52 | 000,157,304 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2008-04-04 18:03:30 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008-01-11 21:16:00 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007-10-19 20:46:08 | 000,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007-10-19 20:46:08 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007-10-14 21:17:32 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007-10-14 20:38:52 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007-09-29 03:56:32 | 000,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007-06-13 14:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-02-07 23:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
PRC - [2005-10-28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005-04-30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2004-04-13 05:07:18 | 000,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2002-05-09 03:43:20 | 000,303,104 | ---- | M] () -- C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
PRC - [1998-02-17 16:43:34 | 000,083,456 | ---- | M] (Corel Corporation) -- C:\Corel\Graphics8\programs\MFIndexer.exe

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-02-05 14:45:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\OTL.exe
MOD - [2006-08-25 16:51:13 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006-05-03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (LO)
SRV - [2010-01-30 20:40:08 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Usługa Google Update (gupdate)
SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Moje Dokumenciki\avast\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Moje Dokumenciki\avast\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Moje Dokumenciki\avast\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Moje Dokumenciki\avast\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-10-29 12:27:54 | 001,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Moje Dokumenciki\hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-06-12 00:47:00 | 002,837,916 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009-05-21 20:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009-05-03 14:20:47 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008-07-18 13:13:20 | 000,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008-07-18 13:13:20 | 000,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008-06-06 16:52:52 | 000,292,472 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2007-11-06 21:16:54 | 000,139,264 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007-09-29 03:56:32 | 000,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007-09-28 21:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007-02-07 23:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) [Auto | Running] -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)
SRV - [2005-04-30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2005-04-03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003-07-28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-11-06 12:11:46 | 000,010,536 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Hmonitor.sys -- (hmonitor)
DRV - [2009-09-23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-08-24 13:06:09 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009-06-13 16:56:58 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-12-11 10:24:20 | 004,959,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-11-20 20:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008-06-06 16:52:52 | 000,035,584 | ---- | M] (SpeedBit Ltd.) [Kernel | Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\sbbotdi.sys -- (sbbotdi)
DRV - [2008-05-16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008-05-16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008-05-16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008-05-16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008-05-16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008-05-16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008-05-16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008-01-09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007-11-13 11:25:55 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-10-30 10:25:55 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007-10-30 10:25:54 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007-10-30 10:25:53 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2007-09-29 04:05:59 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007-01-31 14:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007-01-18 13:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006-11-27 15:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-11-27 15:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-10-18 15:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006-07-24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006-07-01 22:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-08-30 16:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005-08-30 16:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005-08-30 16:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005-05-11 00:33:12 | 000,032,256 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005-01-07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2003-04-18 23:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl)
DRV - [2003-03-02 16:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl)
DRV - [2002-10-01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002-09-28 23:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wyborcza.pl/0,0.html?p=015
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Moje Dokumenciki\Mozilla Firefox\components [2010-02-02 15:44:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Moje Dokumenciki\Mozilla Firefox\plugins [2010-01-14 19:39:30 | 000,000,000 | ---D | M]

[2008-07-24 14:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Extensions
[2010-02-05 17:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\f991jhlv.default\extensions
[2009-12-17 18:24:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\x\Dane aplikacji\Mozilla\Firefox\Profiles\f991jhlv.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

O1 HOSTS File: ([2010-02-05 18:41:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (SBCONVERT Class) - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\x\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] D:\Moje Dokumenciki\avast\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Moje Dokumenciki\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\programs\MFIndexer.exe (Corel Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - D:\Moje Dokumenciki\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - D:\Moje Dokumenciki\DAP\dapextie.htm ()
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Download &all with DAP - D:\Moje Dokumenciki\DAP\dapextie2.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 79.139.116.1 91.123.160.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-02-03 17:08:10 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001-11-11 08:07:18 | 000,000,112 | ---- | M] () - C:\Autoplay.ply -- [ NTFS ]
O32 - AutoRun File - [2008-07-15 10:03:50 | 000,000,000 | ---D | M] - D:\Automap -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-02-05 18:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
[2010-02-05 18:36:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-02-05 14:45:18 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\OTL.exe
[2010-02-04 16:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Dane aplikacji\Malwarebytes
[2010-02-04 16:38:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-02-04 16:38:49 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-02-04 16:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-02-04 16:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-02-03 19:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\DoctorWeb
[2010-02-03 17:56:06 | 000,000,000 | ---D | C] -- C:\RootkitRevealer_1.7
[2010-02-03 17:19:06 | 000,003,968 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\AvgArCln.sys
[2010-02-03 17:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\GRISOFT
[2010-02-02 17:59:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010-01-30 20:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2010-01-30 20:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2010-01-27 14:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Moje dokumenty\Sony Ericsson
[2010-01-22 18:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi
[2010-01-21 17:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Moje dokumenty\Deluxe Ski Jump 3
[2010-01-11 19:23:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\x\Pulpit\SpiderMan 3
[2010-01-08 15:21:45 | 001,117,184 | ---- | C] (Cybersports Ltd) -- C:\Documents and Settings\x\Pulpit\FSDownloader.exe
[2008-01-17 08:55:44 | 003,703,975 | ---- | C] (IPS Przedsiębiorstwo Informatyczne ) -- C:\Program Files\pity 2007.exe
[2008-01-03 16:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-01-03 16:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-01-03 16:16:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2008-01-03 16:16:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-02-05 18:49:42 | 012,320,768 | -H-- | M] () -- C:\Documents and Settings\x\NTUSER.DAT
[2010-02-05 18:48:04 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010-02-05 18:46:09 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-02-05 18:46:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-05 18:45:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-05 18:45:01 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-02-05 18:44:57 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\x\ntuser.ini
[2010-02-05 18:41:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010-02-05 14:45:22 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\x\Pulpit\OTL.exe
[2010-02-05 00:51:07 | 002,640,664 | -H-- | M] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-04 08:55:58 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Ulead32.INI
[2010-02-04 04:42:21 | 000,310,272 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\projsyst.doc
[2010-02-04 01:58:37 | 000,200,704 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\UCHWAŁY WALNEGO.doc
[2010-02-04 01:37:59 | 000,097,280 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\LISTA OBECNOŚCI NA WALNYM na 28 stycznia 2008.doc
[2010-02-04 01:35:12 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\LISTA WPŁAT SKŁADEK CZŁONKOWSKICH 2009.doc
[2010-02-04 00:43:45 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\PLAN PRACY Stowarzyszenia na 2009 rok.doc
[2010-02-04 00:32:33 | 000,105,472 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\SPRAWOZDANIE MERYTORYCZNE 2009 - II.doc
[2010-02-03 22:01:30 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\SPRAWOZDANIE MEERYTORYCZNE 2009.doc
[2010-02-03 18:53:18 | 002,119,372 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\gegra.jpg
[2010-02-03 18:10:53 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010-02-03 18:10:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010-02-03 17:56:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\LYWDR
[2010-02-03 17:19:06 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AVG Anti-Rootkit Free.lnk
[2010-02-03 17:18:34 | 000,423,736 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\avgarkt-setup-1.1.0.42.exe
[2010-02-03 17:08:10 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2010-02-03 16:34:42 | 000,012,407 | ---- | M] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
[2010-02-02 13:11:22 | 000,000,052 | ---- | M] () -- C:\WINDOWS\Pex.INI
[2010-01-31 20:03:05 | 000,000,041 | ---- | M] () -- C:\WINDOWS\System32\MSCANDC.INI
[2010-01-30 17:10:22 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010-01-30 16:10:55 | 000,726,016 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\obrazy nr5.doc
[2010-01-30 11:52:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-29 17:45:50 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Obraz 4.doc
[2010-01-29 17:44:32 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Obraz 3.doc
[2010-01-29 17:43:58 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Obraz 2.doc
[2010-01-29 17:32:40 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Obrazy.doc
[2010-01-29 15:41:54 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-28 23:10:18 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Ulotki na 1 %.doc
[2010-01-28 23:01:03 | 001,003,520 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\ZESTAWIENIE DOKUMENTOW - AKTYWNA INTEGRACJA I.doc
[2010-01-28 22:39:33 | 001,001,472 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Opis Faktur II transza.doc
[2010-01-28 22:07:54 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\LISTA OBECNOŚCI RODZICÓW UCZNIÓW ZW i PPP Nr 1 W CHEŁMIE.doc
[2010-01-28 22:03:06 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\LISTA OBECNOŚCI NAUCZYCIELI.doc
[2010-01-28 21:49:43 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\OCENA OPISOWA.doc
[2010-01-27 23:55:17 | 000,540,672 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\zaproszonko.pub
[2010-01-27 20:24:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\de_aztec0000(1).bmp
[2010-01-27 20:23:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\de_aztec0000.bmp
[2010-01-26 23:07:01 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\BROSZURA STOWARZYSZENIA.doc
[2010-01-26 08:35:38 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\SPRAWOZDANIE AKTYWNA I STRONA.doc
[2010-01-25 00:41:31 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\ANKIETA1.doc
[2010-01-25 00:38:53 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\osiagniecia.doc
[2010-01-25 00:27:13 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\klasyfikacja.doc
[2010-01-24 22:51:21 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\karta_inf_pracy_naucz.doc
[2010-01-24 20:41:24 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\kola_zainteresowan.doc
[2010-01-24 20:14:43 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\podstawa_programowa_i_godzina_dodatk.doc
[2010-01-18 23:35:22 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\[050406]_Ma_gorzata_B_czewska_-_Diagnoza_pedagogiczna_i_k.doc
[2010-01-18 22:46:03 | 000,240,640 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Plan wynikowy Z MUZYKI KL. iv - vi.doc
[2010-01-18 22:44:16 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Przykładowy plan wynikowy dla przedmiotu MUZYKA w gimnazjum.doc
[2010-01-18 22:26:30 | 000,160,768 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\Strzelczyk.doc
[2010-01-17 22:49:53 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\LISTA OBECNOŚCI NA ZEBRANIU.doc
[2010-01-17 22:47:18 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\OCENY Z ZACHOWANIA KLASY VI.doc
[2010-01-17 21:18:06 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\KARTA MIERZENIA POSTĘPU USPOŁECZNIENIA SIĘ DZIECKA OD 7 DO 14 LAT WG UKŁADU PROF.doc
[2010-01-14 10:05:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-01-13 16:57:27 | 000,001,531 | ---- | M] () -- C:\Documents and Settings\x\.recently-used.xbel
[2010-01-12 22:30:34 | 000,102,686 | ---- | M] () -- C:\Documents and Settings\x\Pulpit\faktura1.bmp
[2010-01-10 20:55:50 | 000,617,969 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\zasady_przygotowania_realizacji_i_rozliczania_projektow_systemowych_osrodkow_pomocy_spolecznej_powiatowych_centrow_pomocy_rodzinie_oraz_regionalnego_osrodka_polityki_spolecznej_w_ramach_po_kl.pdf
[2010-01-10 20:27:29 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\DYPLOM UCZESTNICTWA.doc
[2010-01-10 19:29:07 | 000,361,984 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\SPRAWOZDANIE CZĘŚCIOWE ALKOHOL 2009.doc
[2010-01-10 18:30:52 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\PROPOZYCJA OSÓB UCZESTNICZĄCYCH W PROJEKCIE W 20010 ROKU.doc
[2010-01-08 15:21:53 | 001,117,184 | ---- | M] (Cybersports Ltd) -- C:\Documents and Settings\x\Pulpit\FSDownloader.exe
[2010-01-07 23:24:00 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\x\Moje dokumenty\LISTA OSÓB KORZYSTAJĄCYCH Z MASAŻU REHABILITACYJNEGO.doc
[2010-01-07 20:04:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-02-04 04:42:21 | 000,310,272 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\projsyst.doc
[2010-02-03 22:21:32 | 000,105,472 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\SPRAWOZDANIE MERYTORYCZNE 2009 - II.doc
[2010-02-03 19:54:30 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\SPRAWOZDANIE MEERYTORYCZNE 2009.doc
[2010-02-03 18:53:09 | 002,119,372 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\gegra.jpg
[2010-02-03 18:10:53 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010-02-03 18:10:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010-02-03 17:56:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\LYWDR
[2010-02-03 17:19:06 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AVG Anti-Rootkit Free.lnk
[2010-02-03 17:18:32 | 000,423,736 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\avgarkt-setup-1.1.0.42.exe
[2010-02-03 16:34:42 | 000,012,407 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Bron.tok.A12.em.bin
[2010-02-03 14:45:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\BronFoldNetDomList.txt
[2010-01-30 20:40:14 | 000,001,036 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-01-30 20:40:14 | 000,001,032 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-01-30 20:32:55 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\sknc.dll
[2010-01-29 17:54:14 | 000,726,016 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\obrazy nr5.doc
[2010-01-29 17:45:50 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\Obraz 4.doc
[2010-01-29 17:44:32 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\Obraz 3.doc
[2010-01-29 17:43:58 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\Obraz 2.doc
[2010-01-29 17:32:39 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\Obrazy.doc
[2010-01-29 16:05:33 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010-01-28 23:10:17 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\Ulotki na 1 %.doc
[2010-01-28 22:03:06 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\LISTA OBECNOŚCI NAUCZYCIELI.doc
[2010-01-27 22:19:28 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\Kosong.Bron.Tok.txt
[2010-01-27 22:13:52 | 000,012,407 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\ListHost12.txt
[2010-01-27 20:24:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\de_aztec0000(1).bmp
[2010-01-27 20:23:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\de_aztec0000.bmp
[2010-01-26 16:31:16 | 000,540,672 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\zaproszonko.pub
[2010-01-25 00:57:41 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\BROSZURA STOWARZYSZENIA.doc
[2010-01-24 15:13:15 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\karta_inf_pracy_naucz.doc
[2010-01-24 15:13:08 | 000,086,016 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\podstawa_programowa_i_godzina_dodatk.doc
[2010-01-24 15:13:01 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\kola_zainteresowan.doc
[2010-01-18 23:35:21 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\[050406]_Ma_gorzata_B_czewska_-_Diagnoza_pedagogiczna_i_k.doc
[2010-01-18 22:46:02 | 000,240,640 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\Plan wynikowy Z MUZYKI KL. iv - vi.doc
[2010-01-18 22:44:15 | 000,137,216 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\Przykładowy plan wynikowy dla przedmiotu MUZYKA w gimnazjum.doc
[2010-01-18 22:26:30 | 000,160,768 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\Strzelczyk.doc
[2010-01-17 22:47:17 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\OCENY Z ZACHOWANIA KLASY VI.doc
[2010-01-17 21:58:58 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\ANKIETA1.doc
[2010-01-17 21:18:06 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\KARTA MIERZENIA POSTĘPU USPOŁECZNIENIA SIĘ DZIECKA OD 7 DO 14 LAT WG UKŁADU PROF.doc
[2010-01-13 16:57:27 | 000,001,531 | ---- | C] () -- C:\Documents and Settings\x\.recently-used.xbel
[2010-01-12 22:30:28 | 000,102,686 | ---- | C] () -- C:\Documents and Settings\x\Pulpit\faktura1.bmp
[2010-01-10 20:55:50 | 000,617,969 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\zasady_przygotowania_realizacji_i_rozliczania_projektow_systemowych_osrodkow_pomocy_spolecznej_powiatowych_centrow_pomocy_rodzinie_oraz_regionalnego_osrodka_polityki_spolecznej_w_ramach_po_kl.pdf
[2010-01-10 18:28:41 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\SPRAWOZDANIE AKTYWNA I STRONA.doc
[2010-01-08 14:43:20 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\x\Moje dokumenty\PROPOZYCJA OSÓB UCZESTNICZĄCYCH W PROJEKCIE W 20010 ROKU.doc
[2009-12-17 22:02:37 | 000,010,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\Hmonitor.sys
[2009-11-12 22:30:47 | 000,001,339 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2009-09-04 19:04:01 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-09-04 19:03:59 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-09-04 19:03:59 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-09-04 19:03:59 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-09-04 19:03:58 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-09-04 19:03:58 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-08-28 16:41:58 | 000,000,019 | ---- | C] () -- C:\WINDOWS\cie12.ini
[2009-07-11 09:35:34 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\x\Dane aplikacji\ceville_console_history.txt
[2009-07-03 22:20:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2009-07-03 22:18:47 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009-06-29 12:53:07 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\x\Dane aplikacji\Smiley.ico
[2009-06-16 13:10:38 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2009-06-16 13:10:38 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2009-05-26 20:38:12 | 000,000,795 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2009-02-28 17:15:48 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2009-02-28 17:15:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\animation2.dll
[2009-02-28 17:14:58 | 000,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2009-02-28 17:14:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll
[2009-02-28 17:14:49 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\drumpad.dll
[2009-02-28 17:14:48 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
[2009-02-08 11:26:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\msexcr.ini
[2008-08-03 21:10:28 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-06-08 10:39:08 | 000,005,732 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2008-06-08 10:39:06 | 000,129,024 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008-04-30 13:55:16 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-04-28 11:11:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-04-13 11:35:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008-04-13 10:13:11 | 000,001,104 | ---- | C] () -- C:\WINDOWS\bestplayer.ini
[2008-02-27 15:09:52 | 001,867,776 | ---- | C] () -- C:\WINDOWS\System32\python24.dll
[2008-02-17 23:09:19 | 000,000,255 | ---- | C] () -- C:\Documents and Settings\x\Dane aplikacji\configsys
[2008-02-17 17:01:51 | 000,000,423 | ---- | C] () -- C:\WINDOWS\kingpong1.INI
[2008-02-02 17:01:19 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008-02-02 17:00:21 | 000,000,123 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008-01-17 09:06:21 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2008-01-17 08:49:22 | 001,280,201 | ---- | C] () -- C:\Program Files\win rar 371 pl.exe
[2008-01-13 17:54:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008-01-13 17:22:35 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008-01-13 17:19:21 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2008-01-13 17:15:57 | 000,000,492 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008-01-13 17:02:57 | 000,000,436 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2008-01-13 17:01:43 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\MSCANDC.INI
[2008-01-13 16:48:34 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2008-01-13 16:48:34 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2008-01-04 18:00:49 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wa.INI
[2008-01-04 00:24:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-01-03 23:33:11 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2008-01-03 23:14:00 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-01-03 21:39:02 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\x\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004-01-02 00:28:29 | 000,000,100 | ---- | C] () -- C:\WINDOWS\forevermopt.INI
[2004-01-02 00:28:13 | 000,000,317 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2004-01-01 23:05:12 | 000,092,400 | ---- | C] () -- C:\WINDOWS\ktkm7.dll
[2004-01-01 23:05:12 | 000,058,192 | ---- | C] () -- C:\WINDOWS\ktkm6.dll
[2004-01-01 23:05:12 | 000,055,186 | ---- | C] () -- C:\WINDOWS\ktkm5.dll
[2004-01-01 23:05:12 | 000,030,166 | ---- | C] () -- C:\WINDOWS\ktkm9.dll
[2004-01-01 23:05:12 | 000,023,364 | ---- | C] () -- C:\WINDOWS\ktkm8.dll
[2004-01-01 23:05:12 | 000,022,926 | ---- | C] () -- C:\WINDOWS\ktkm4.dll
[2004-01-01 23:05:11 | 000,268,621 | ---- | C] () -- C:\WINDOWS\ktkm33.dll
[2004-01-01 23:05:11 | 000,098,442 | ---- | C] () -- C:\WINDOWS\ktkm35.dll
[2004-01-01 23:05:11 | 000,082,542 | ---- | C] () -- C:\WINDOWS\ktkm37.dll
[2004-01-01 23:05:11 | 000,020,926 | ---- | C] () -- C:\WINDOWS\ktkm36.dll
[2004-01-01 23:05:11 | 000,010,240 | ---- | C] () -- C:\WINDOWS\ktkm34.dll
[2004-01-01 23:05:10 | 000,326,441 | ---- | C] () -- C:\WINDOWS\ktkm32.dll
[2004-01-01 23:05:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\ktkm29.dll
[2004-01-01 23:05:10 | 000,128,042 | ---- | C] () -- C:\WINDOWS\ktkm30.dll
[2004-01-01 23:05:10 | 000,116,841 | ---- | C] () -- C:\WINDOWS\ktkm26.dll
[2004-01-01 23:05:10 | 000,100,786 | ---- | C] () -- C:\WINDOWS\ktkm28.dll
[2004-01-01 23:05:10 | 000,081,427 | ---- | C] () -- C:\WINDOWS\ktkm31.dll
[2004-01-01 23:05:10 | 000,065,092 | ---- | C] () -- C:\WINDOWS\ktkm27.dll
[2004-01-01 23:05:10 | 000,022,657 | ---- | C] () -- C:\WINDOWS\ktkm3.dll
[2004-01-01 23:05:09 | 000,538,410 | ---- | C] () -- C:\WINDOWS\ktkm20.dll
[2004-01-01 23:05:09 | 000,524,537 | ---- | C] () -- C:\WINDOWS\ktkm18.dll
[2004-01-01 23:05:09 | 000,370,880 | ---- | C] () -- C:\WINDOWS\ktkm22.dll
[2004-01-01 23:05:09 | 000,126,720 | ---- | C] () -- C:\WINDOWS\ktkm23.dll
[2004-01-01 23:05:09 | 000,070,888 | ---- | C] () -- C:\WINDOWS\ktkm19.dll
[2004-01-01 23:05:09 | 000,066,908 | ---- | C] () -- C:\WINDOWS\ktkm17.dll
[2004-01-01 23:05:09 | 000,064,070 | ---- | C] () -- C:\WINDOWS\ktkm21.dll
[2004-01-01 23:05:09 | 000,056,992 | ---- | C] () -- C:\WINDOWS\ktkm24.dll
[2004-01-01 23:05:09 | 000,049,094 | ---- | C] () -- C:\WINDOWS\ktkm25.dll
[2004-01-01 23:05:09 | 000,020,974 | ---- | C] () -- C:\WINDOWS\ktkm2.dll
[2004-01-01 23:05:08 | 000,803,601 | ---- | C] () -- C:\WINDOWS\ktkm16.dll
[2004-01-01 23:05:08 | 000,524,164 | ---- | C] () -- C:\WINDOWS\ktkm12.dll
[2004-01-01 23:05:08 | 000,307,617 | ---- | C] () -- C:\WINDOWS\ktkm15.dll
[2004-01-01 23:05:08 | 000,209,936 | ---- | C] () -- C:\WINDOWS\ktkm14.dll
[2004-01-01 23:05:08 | 000,099,867 | ---- | C] () -- C:\WINDOWS\ktkm13.dll
[2004-01-01 23:05:08 | 000,096,166 | ---- | C] () -- C:\WINDOWS\ktkm1.dll
[2004-01-01 23:05:08 | 000,062,631 | ---- | C] () -- C:\WINDOWS\ktkm11.dll
[2004-01-01 23:05:08 | 000,058,015 | ---- | C] () -- C:\WINDOWS\ktkm10.dll
[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997-06-14 01:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:مهندسة
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A9662AE0
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:0F8F5844
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E41EAF13
< End of report >

To ten log po wszystkim. Głównie chodzi mi o to, żeby wirus nie "abortował" moich działań w konsoli (jak włączam program do tworzenia bazy danych XAMPP albo uruchamiam server, który hostuję, wszystko się "abortuje" i konsola się zamyka. To musi być rootkit, a proces daemona to raczej nie jest, bo daemon nie jest włączony u mnie.


	Zapisane

ordynat

Moderator Globalny

Wiadomości: 1345

System:

unknown
Przeglądarka:

unknown

Odp: Mój rootkit ;/

« Odpowiedz #7 : Luty 05, 2010, 07:43:38 »

Nie napisałeś nic o wynikach sprawdzania na JOTTI/VIRUSTOTAL.

Cytuj

daemon nie jest włączony u mnie

Sam popatrz:
Autostart:

Cytuj

O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Moje Dokumenciki\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

Sterownik:

Cytuj

DRV - [2009-06-13 16:56:58 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

.
Nie wiem, czy NERO też nie powoduje podobnego działania "rootkitowego" - teraz nie sprawdzę, bo miałem NERO, ale powodował tak liczne problemy, że przy najbliższej okazji pozbyłem się go z dysku.
.


	Zapisane

jedendwatrzycztery

Nowy użytkownik

Wiadomości: 7

System:

unknown
Przeglądarka:

unknown

Odp: Mój rootkit ;/

« Odpowiedz #8 : Luty 05, 2010, 08:32:44 »

Miałem sprawdzić dwa z tych plików
C:\Windows\ktkmm~~? Sprawdziłem dwa z nich i nic nie znalazło.


	Zapisane

ordynat

Moderator Globalny

Wiadomości: 1345

System:

unknown
Przeglądarka:

unknown

Odp: Mój rootkit ;/

« Odpowiedz #9 : Luty 05, 2010, 08:48:50 »

Aha, to je zostawiamy w spokoju.

Jeśli pojawi się plik tego rzekomego Rootkita, to też go sprawdź na JOTTI/VIRUSTOTAL.

Ale wg mnie, to nie jest Rootkit.

.
EDIT:
W tym temacie >KLIK doskonale widać, takie podobne "Rootkity".
Podczas pierwszego skanu GMERem nazwa pliku : angk4v79.SYS
Po restarcie i ponownym skanie GMERem ta nazwa zmieniła się na: abd1qirc.SYS
GMER nawet tego nie oznaczył jako Rootkit!
W logu OTL występują te same, co u Ciebie:
1) Daemon Tools
2) sptd.sys
3) NERO
Zgodnie z zaleceniem (>KLIK) przed szukaniem Rootkitów powinny być usunięte z komputera wszelkie programy emulujące napędy, w tym przede wszystkim Daemon Tools i sterownik "sptd.sys".
W tym przypadku Użytkownik nie zastosował się do tego zalecenia, w rezultacie pojawiły się w logu te pliki, zmieniające nazwę po każdym restarcie.
.


	Zapisane

Strony: [1]

Drukuj

« poprzedni następny »