Komputer wolno chodzi i sie zawiesza

[HiVu]

Kod: Zaznacz wszystko

ComboFix 09-04-04.01 - HiVu 2009-04-06 20:34:54.7 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.2047.1619 [GMT 2:00]
Uruchomiony z: c:\documents and settings\HiVu\Moje dokumenty\Downloads\ComboFix.exe
FW: ActiveArmor Firewall *disabled*

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-03-06 do 2009-04-06  )))))))))))))))))))))))))))))))
.

2009-04-06 15:42 . 2009-04-06 15:42   98,304   --a------   c:\windows\system32\CmdLineExt.dll
2009-04-06 14:24 . 2009-04-06 15:14   <DIR>   d--------   c:\program files\Kolekcja Klasyki
2009-04-06 12:51 . 2009-04-06 12:51   <DIR>   d--------   C:\ProgramData
2009-04-06 12:51 . 2009-04-06 12:51   1,214   --a------   c:\windows\system32\ealregsnapshot1.reg
2009-04-06 12:41 . 2009-04-06 12:51   <DIR>   d--------   c:\program files\Electronic Arts
2009-04-02 22:35 . 2009-04-02 22:35   <DIR>   d--------   c:\documents and settings\NetworkService\Dane aplikacji\Xfire
2009-04-02 21:48 . 2009-04-05 21:30   <DIR>   d--------   c:\program files\Xfire
2009-04-02 21:48 . 2009-04-05 15:02   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\Xfire
2009-03-31 21:48 . 2009-04-04 16:15   <DIR>   d--------   c:\windows\system32\Adobe
2009-03-31 17:32 . 2009-03-31 17:32   <DIR>   d--------   c:\windows\Sun
2009-03-31 17:00 . 2009-03-31 17:00   <DIR>   d--------   c:\program files\Java
2009-03-31 17:00 . 2009-03-31 17:00   410,984   --a------   c:\windows\system32\deploytk.dll
2009-03-31 17:00 . 2009-03-31 17:00   73,728   --a------   c:\windows\system32\javacpl.cpl
2009-03-30 19:34 . 2009-03-30 19:34   <DIR>   d--------   c:\program files\Teamspeak2_RC2
2009-03-30 19:34 . 2009-03-30 19:34   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\teamspeak2
2009-03-30 19:34 . 2009-03-30 19:34   34,064   --a------   c:\windows\system32\lhacm.acm
2009-03-30 14:09 . 2009-03-30 14:10   <DIR>   d---s----   c:\program files\HLSW
2009-03-30 14:09 . 2009-03-30 14:21   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\HLSW
2009-03-29 18:24 . 2009-03-29 18:24   <DIR>   d--------   c:\windows\ServicePackFiles
2009-03-29 18:24 . 2008-04-14 22:51   294,912   -----c---   c:\windows\system32\dllcache\dlimport.exe
2009-03-29 18:22 . 2009-03-29 18:22   <DIR>   d--------   c:\windows\EHome
2009-03-29 15:44 . 2009-03-29 15:44   <DIR>   d--------   c:\windows\ERUNT
2009-03-29 15:44 . 2009-03-29 15:44   <DIR>   d--------   C:\ERDNT
2009-03-29 15:33 . 2009-03-29 15:33   <DIR>   d--------   c:\program files\HDCleaner
2009-03-29 14:46 . 2009-04-05 21:29   <DIR>   d--------   c:\program files\Odkurzacz
2009-03-29 14:42 . 2009-03-29 14:42   <DIR>   d--------   c:\program files\CCleaner
2009-03-29 13:45 . 2009-03-29 13:45   <DIR>   d--------   c:\program files\Trend Micro
2009-03-29 11:15 . 2009-03-29 11:15   <DIR>   d--------   c:\program files\AMD
2009-03-29 11:15 . 2009-03-29 11:15   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\InstallShield
2009-03-28 23:29 . 2009-03-28 23:29   <DIR>   d--------   c:\program files\Radeon Omega Drivers
2009-03-28 23:29 . 2009-03-28 23:29   <DIR>   d--------   c:\program files\MultiRes
2009-03-28 23:29 . 2009-03-28 23:29   472,576   --a------   c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-03-28 23:08 . 2009-03-28 23:08   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ATI
2009-03-28 22:52 . 2009-03-28 22:52   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\Ventrilo
2009-03-28 22:48 . 2009-03-28 22:48   <DIR>   d--------   c:\program files\Mumble
2009-03-28 22:48 . 2009-03-28 22:48   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\Mumble
2009-03-28 22:05 . 2009-04-06 19:46   <DIR>   d--------   c:\program files\mIRC
2009-03-28 22:05 . 2009-04-06 19:50   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\mIRC
2009-03-28 22:01 . 2009-03-28 22:01   <DIR>   d--------   c:\program files\Ventrilo
2009-03-28 22:01 . 2009-03-28 22:01   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2009-03-28 21:40 . 2009-03-28 23:34   <DIR>   d--------   c:\program files\ATI
2009-03-28 21:38 . 2009-03-28 21:38   <DIR>   d--------   C:\ATI
2009-03-28 17:56 . 2009-03-28 17:56   <DIR>   d--------   c:\program files\Valve
2009-03-28 17:49 . 2009-03-28 17:49   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\ATI
2009-03-28 17:48 . 2009-03-28 17:48   0   --a------   c:\windows\ativpsrm.bin
2009-03-28 17:46 . 2009-03-28 17:50   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\Nowe Gadu-Gadu
2009-03-28 17:45 . 2009-03-28 17:45   <DIR>   d--------   c:\program files\Nowe Gadu-Gadu
2009-03-28 17:43 . 2008-04-14 22:50   21,504   --a------   c:\windows\system32\hidserv.dll
2009-03-28 17:43 . 2001-08-17 23:59   3,072   --a------   c:\windows\system32\drivers\audstub.sys
2009-03-28 17:42 . 2009-03-28 17:47   <DIR>   d--------   c:\program files\Common Files\ATI Technologies
2009-03-28 17:42 . 2008-04-14 22:50   77,312   --a------   c:\windows\system32\usbui.dll
2009-03-28 17:42 . 2008-04-14 21:35   58,880   --a------   c:\windows\system32\drivers\redbook.sys
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   dr-h-----   c:\documents and settings\Default User\Ustawienia lokalne
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   d--------   c:\documents and settings\Default User\Ulubione
2009-03-28 17:40 . 2009-03-28 16:45   <DIR>   d--h-----   c:\documents and settings\Default User\Szablony
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   d--------   c:\documents and settings\Default User\Pulpit
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   d--------   c:\documents and settings\Default User\Moje dokumenty
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   dr-------   c:\documents and settings\Default User\Menu Start
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   d--------   c:\documents and settings\All Users\Ulubione
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   d--h-----   c:\documents and settings\All Users\Szablony
2009-03-28 17:40 . 2009-04-06 15:14   <DIR>   d--------   c:\documents and settings\All Users\Pulpit
2009-03-28 17:40 . 2009-03-29 18:25   <DIR>   dr-------   c:\documents and settings\All Users\Menu Start
2009-03-28 17:40 . 2009-03-28 16:46   <DIR>   dr-------   c:\documents and settings\All Users\Dokumenty
2009-03-28 17:39 . 2009-04-06 20:34   <DIR>   d--------   c:\windows\system32\CatRoot2
2009-03-28 17:39 . 2009-03-29 18:26   <DIR>   d--------   c:\windows\system32\CatRoot
2009-03-28 17:39 . 2009-03-28 17:40   <DIR>   dr-h-----   c:\documents and settings\Default User\Dane aplikacji
2009-03-28 17:39 . 2009-03-28 23:08   <DIR>   dr-h-----   c:\documents and settings\All Users\Dane aplikacji
2009-03-28 17:39 . 2004-08-04 14:00   1,014,483   --a--c---   c:\windows\system32\dllcache\SP2.CAT
2009-03-28 17:39 . 2004-08-04 14:00   808,524   --a--c---   c:\windows\system32\dllcache\NT5IIS.CAT
2009-03-28 17:39 . 2004-08-04 14:00   399,670   --a--c---   c:\windows\system32\dllcache\MAPIMIG.CAT
2009-03-28 17:39 . 2004-08-04 14:00   37,509   --a--c---   c:\windows\system32\dllcache\MW770.CAT
2009-03-28 17:39 . 2004-08-04 14:00   13,497   --a--c---   c:\windows\system32\dllcache\HPCRDP.CAT
2009-03-28 17:39 . 2004-08-04 14:00   8,599   --a--c---   c:\windows\system32\dllcache\IASNT4.CAT
2009-03-28 17:39 . 2004-08-04 14:00   7,407   --a--c---   c:\windows\system32\dllcache\OEMBIOS.CAT
2009-03-28 17:39 . 2004-08-04 14:00   7,334   --a--c---   c:\windows\system32\dllcache\wmerrenu.cat
2009-03-28 17:38 . 2009-03-29 18:29   <DIR>   d--h-----   c:\documents and settings\Default User
2009-03-28 17:38 . 2009-03-28 16:48   <DIR>   d--------   c:\documents and settings\All Users
2009-03-28 17:38 . 2009-03-28 16:51   <DIR>   d--------   C:\Documents and Settings
2009-03-28 17:38 . 2008-05-21 01:53   93,696   -ra------   c:\windows\system32\drivers\AtiHdmi.sys
2009-03-28 17:37 . 2009-03-28 21:40   <DIR>   d--------   c:\program files\ATI Technologies
2009-03-28 17:37 . 2008-07-04 04:48   3,107,788   -ra------   c:\windows\system32\ativvaxx.dat
2009-03-28 17:37 . 2008-07-04 04:48   3,107,788   -ra------   c:\windows\system32\ativva5x.dat
2009-03-28 17:37 . 2008-07-04 04:48   887,724   -ra------   c:\windows\system32\ativva6x.dat
2009-03-28 17:37 . 2009-02-25 16:15   593,920   ---------   c:\windows\system32\ati2sgag.exe
2009-03-28 17:37 . 2009-02-25 23:42   442,368   --a------   c:\windows\system32\ATIDEMGX.dll
2009-03-28 17:37 . 2009-02-25 23:09   307,200   --a------   c:\windows\system32\atiiiexx.dll
2009-03-28 17:37 . 2009-01-26 19:55   182,995   --a------   c:\windows\system32\atiicdxx.dat
2009-03-28 17:37 . 2008-12-29 21:35   15,485   --a------   c:\windows\atiogl.xml
2009-03-28 17:37 . 2007-08-31 15:20   7,167   -ra------   c:\windows\system32\atifglpf.xml
2009-03-28 17:33 . 2008-04-14 00:15   172,416   --a------   c:\windows\system32\drivers\kmixer.sys
2009-03-28 17:33 . 2008-04-13 22:09   142,592   --a------   c:\windows\system32\drivers\aec.sys
2009-03-28 17:33 . 2008-04-14 00:47   83,072   --a------   c:\windows\system32\drivers\wdmaud.sys
2009-03-28 17:33 . 2008-04-14 00:45   60,800   --a------   c:\windows\system32\drivers\sysaudio.sys
2009-03-28 17:33 . 2008-04-14 00:15   56,576   --a------   c:\windows\system32\drivers\swmidi.sys
2009-03-28 17:33 . 2008-04-14 00:15   52,864   --a------   c:\windows\system32\drivers\dmusic.sys
2009-03-28 17:33 . 2008-04-14 00:09   7,552   --a------   c:\windows\system32\drivers\mskssrv.sys
2009-03-28 17:33 . 2008-04-14 00:15   6,272   --a------   c:\windows\system32\drivers\splitter.sys
2009-03-28 17:33 . 2008-04-14 00:09   5,376   --a------   c:\windows\system32\drivers\mspclock.sys
2009-03-28 17:33 . 2008-04-14 00:09   4,992   --a------   c:\windows\system32\drivers\mspqm.sys
2009-03-28 17:33 . 2008-04-14 00:15   2,944   --a------   c:\windows\system32\drivers\drmkaud.sys
2009-03-28 17:32 . 2009-03-28 17:32   <DIR>   d--------   c:\program files\Analog Devices
2009-03-28 17:32 . 2006-03-17 11:18   392,960   -ra------   c:\windows\system32\drivers\senfilt.sys
2009-03-28 17:32 . 2007-01-16 03:09   293,888   -ra------   c:\windows\system32\drivers\ADIHdAud.sys
2009-03-28 17:32 . 2008-04-14 00:49   146,048   --a------   c:\windows\system32\drivers\portcls.sys
2009-03-28 17:32 . 2008-04-14 22:51   129,536   --a------   c:\windows\system32\ksproxy.ax
2009-03-28 17:32 . 2006-08-07 00:57   93,952   -ra------   c:\windows\system32\drivers\aeaudio.sys
2009-03-28 17:32 . 2003-08-19 12:36   65,536   --a--c---   c:\windows\system32\dllcache\a3d.dll
2009-03-28 17:32 . 2003-08-19 12:36   65,536   -ra------   c:\windows\system32\a3d.dll
2009-03-28 17:32 . 2008-04-14 00:15   60,160   --a------   c:\windows\system32\drivers\drmk.sys
2009-03-28 17:32 . 2006-06-30 09:00   28,160   -ra------   c:\windows\system32\PostProc.dll
2009-03-28 17:32 . 2007-08-10 20:53   26,488   --a------   c:\windows\system32\spupdsvc.exe
2009-03-28 17:32 . 2008-04-14 22:50   4,096   --a------   c:\windows\system32\ksuser.dll
2009-03-28 17:24 . 2009-04-05 21:26   <DIR>   d----c---   c:\windows\system32\DRVSTORE
2009-03-28 17:24 . 2009-03-28 17:24   <DIR>   d--------   c:\program files\DIFX
2009-03-28 17:24 . 2006-06-19 00:51   43,520   --a------   c:\windows\system32\drivers\AmdK8.sys
2009-03-28 17:16 . 2009-04-06 15:14   <DIR>   d--h-----   c:\program files\InstallShield Installation Information
2009-03-28 17:15 . 2009-03-28 17:15   1,024   --a------   C:\.rnd
2009-03-28 17:14 . 2009-03-28 17:14   22   --a------   c:\windows\FileName
2009-03-28 17:13 . 2009-03-28 17:13   <DIR>   d--------   c:\program files\NVIDIA Corporation
2009-03-28 17:12 . 2009-03-28 17:12   <DIR>   d--------   c:\windows\ASUSInstAll
2009-03-28 17:12 . 2006-08-29 17:29   446,464   --a------   c:\windows\system32\CapabilityTable.exe
2009-03-28 17:12 . 2006-08-07 08:07   208,896   ---------   c:\windows\system32\nvuide.exe
2009-03-28 17:12 . 2006-06-01 09:32   1,570   ---------   c:\windows\system32\nvide.nvu
2009-03-28 17:11 . 2006-08-14 08:51   363,008   -ra------   c:\windows\system32\idecoiins.dll
2009-03-28 17:11 . 2006-08-14 08:51   363,008   -ra------   c:\windows\system32\idecoi.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 14:52   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-03-28 14:49   ---------   d-----w   c:\program files\microsoft frontpage
2009-03-28 14:47   ---------   d-----w   c:\program files\Usługi online
2009-03-20 22:26   41,808   ----a-w   c:\windows\system32\xfcodec.dll
2009-03-19 15:08   499,712   ----a-w   c:\windows\system32\msvcp71.dll
2009-03-19 15:08   348,160   ----a-w   c:\windows\system32\msvcr71.dll
2009-02-25 22:58   3,565,568   ----a-w   c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 21:41   325,120   ----a-w   c:\windows\system32\ati2dvag.dll
2009-02-25 21:30   204,800   ----a-w   c:\windows\system32\atipdlxx.dll
2009-02-25 21:30   11,841,536   ----a-w   c:\windows\system32\atioglxx.dll
2009-02-25 21:29   43,520   ----a-w   c:\windows\system32\ati2edxx.dll
2009-02-25 21:29   26,112   ----a-w   c:\windows\system32\Ati2mdxx.exe
2009-02-25 21:29   155,648   ----a-w   c:\windows\system32\Oemdspif.dll
2009-02-25 21:29   155,648   ----a-w   c:\windows\system32\ati2evxx.dll
2009-02-25 21:27   602,112   ----a-w   c:\windows\system32\ati2evxx.exe
2009-02-25 21:26   53,248   ----a-w   c:\windows\system32\ATIDDC.DLL
2009-02-25 21:16   3,817,984   ----a-w   c:\windows\system32\ati3duag.dll
2009-02-25 20:59   2,670,080   ----a-w   c:\windows\system32\ativvaxx.dll
2009-02-25 20:44   49,664   ----a-w   c:\windows\system32\amdpcom32.dll
2009-02-25 20:40   475,136   ----a-w   c:\windows\system32\atikvmag.dll
2009-02-25 20:38   17,408   ----a-w   c:\windows\system32\atitvo32.dll
2009-02-25 20:38   126,976   ----a-w   c:\windows\system32\atiadlxx.dll
2009-02-25 20:37   53,248   ----a-w   c:\windows\system32\drivers\ati2erec.dll
2009-02-25 20:35   290,816   ----a-w   c:\windows\system32\atiok3x2.dll
2009-02-25 20:32   626,688   ----a-w   c:\windows\system32\ati2cqag.dll
2009-02-25 20:32   45,056   ----a-w   c:\windows\system32\aticalrt.dll
2009-02-25 20:32   45,056   ----a-w   c:\windows\system32\aticalcl.dll
2009-02-25 20:30   3,227,648   ----a-w   c:\windows\system32\aticaldd.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-03-29 1410296]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 849280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-03-28 17:36 133104 c:\documents and settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-31 17:04 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\doluse\\counter-strike\\hl.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-03-28 93696]
R4 ps6ajfae;Anno 1503 Zlota Edycja Synchronization Driver (ps6ajfae);c:\windows\system32\drivers\ps6ajfae.sys --> c:\windows\system32\drivers\ps6ajfae.sys [?]
S3 gsplittm;gsplittm;\??\c:\docume~1\HiVu\USTAWI~1\Temp\gsplittm.sys --> c:\docume~1\HiVu\USTAWI~1\Temp\gsplittm.sys [?]

--- Inne Usługi/Sterowniki w Pamięci ---

*Deregistered* - pe3ajfae
.
Zawartość folderu 'Zaplanowane zadania'

2009-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-299502267-725345543-1004.job
- c:\documents and settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-03-28 17:36]
.
.
------- Skan uzupełniający -------
.
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 20:35:32
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-04-06 20:36:02
ComboFix-quarantined-files.txt  2009-04-06 18:36:00

Przed: 92 502 446 080 bajtów wolnych
Po: 92,494,704,640 bajtów wolnych

234


Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:15, on 2009-04-06
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Documents and Settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 5398 bytes

Już mnie szlak trafia , cały czas coś się zawiesza zainstalowałem antywirusa + IS było źle odinstalowałem ( wtedy to już nic prawie nie chodziło )jeszcze gorzej....

[wojtas]

Otworz notatnik i wklej w nim to:

File::
c:\docume~1\HiVu\USTAWI~1\Temp\gsplittm.sys

Driver::
gsplittm

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Autor postu otrzymał pochwałę

[HiVu]

Kod: Zaznacz wszystko

ComboFix 09-04-04.01 - HiVu 2009-04-06 20:54:06.8 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.2047.1505 [GMT 2:00]
Uruchomiony z: c:\documents and settings\HiVu\Moje dokumenty\Downloads\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\HiVu\Pulpit\CFScript.txt
FW: ActiveArmor Firewall *disabled*
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

FILE ::
c:\docume~1\HiVu\USTAWI~1\Temp\gsplittm.sys
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GSPLITTM
-------\Service_gsplittm


(((((((((((((((((((((((((   Pliki utworzone od 2009-03-06 do 2009-04-06  )))))))))))))))))))))))))))))))
.

2009-04-06 15:42 . 2009-04-06 15:42   98,304   --a------   c:\windows\system32\CmdLineExt.dll
2009-04-06 14:24 . 2009-04-06 15:14   <DIR>   d--------   c:\program files\Kolekcja Klasyki
2009-04-06 12:51 . 2009-04-06 12:51   <DIR>   d--------   C:\ProgramData
2009-04-06 12:51 . 2009-04-06 12:51   1,214   --a------   c:\windows\system32\ealregsnapshot1.reg
2009-04-06 12:41 . 2009-04-06 12:51   <DIR>   d--------   c:\program files\Electronic Arts
2009-04-02 22:35 . 2009-04-02 22:35   <DIR>   d--------   c:\documents and settings\NetworkService\Dane aplikacji\Xfire
2009-04-02 21:48 . 2009-04-05 21:30   <DIR>   d--------   c:\program files\Xfire
2009-04-02 21:48 . 2009-04-05 15:02   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\Xfire
2009-03-31 21:48 . 2009-04-04 16:15   <DIR>   d--------   c:\windows\system32\Adobe
2009-03-31 17:32 . 2009-03-31 17:32   <DIR>   d--------   c:\windows\Sun
2009-03-31 17:00 . 2009-03-31 17:00   <DIR>   d--------   c:\program files\Java
2009-03-31 17:00 . 2009-03-31 17:00   410,984   --a------   c:\windows\system32\deploytk.dll
2009-03-31 17:00 . 2009-03-31 17:00   73,728   --a------   c:\windows\system32\javacpl.cpl
2009-03-30 19:34 . 2009-03-30 19:34   <DIR>   d--------   c:\program files\Teamspeak2_RC2
2009-03-30 19:34 . 2009-03-30 19:34   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\teamspeak2
2009-03-30 19:34 . 2009-03-30 19:34   34,064   --a------   c:\windows\system32\lhacm.acm
2009-03-30 14:09 . 2009-03-30 14:10   <DIR>   d---s----   c:\program files\HLSW
2009-03-30 14:09 . 2009-03-30 14:21   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\HLSW
2009-03-29 18:24 . 2009-03-29 18:24   <DIR>   d--------   c:\windows\ServicePackFiles
2009-03-29 18:24 . 2008-04-14 22:51   294,912   -----c---   c:\windows\system32\dllcache\dlimport.exe
2009-03-29 18:22 . 2009-03-29 18:22   <DIR>   d--------   c:\windows\EHome
2009-03-29 15:44 . 2009-03-29 15:44   <DIR>   d--------   c:\windows\ERUNT
2009-03-29 15:44 . 2009-03-29 15:44   <DIR>   d--------   C:\ERDNT
2009-03-29 15:33 . 2009-03-29 15:33   <DIR>   d--------   c:\program files\HDCleaner
2009-03-29 14:46 . 2009-04-05 21:29   <DIR>   d--------   c:\program files\Odkurzacz
2009-03-29 14:42 . 2009-03-29 14:42   <DIR>   d--------   c:\program files\CCleaner
2009-03-29 13:45 . 2009-03-29 13:45   <DIR>   d--------   c:\program files\Trend Micro
2009-03-29 11:15 . 2009-03-29 11:15   <DIR>   d--------   c:\program files\AMD
2009-03-29 11:15 . 2009-03-29 11:15   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\InstallShield
2009-03-28 23:29 . 2009-03-28 23:29   <DIR>   d--------   c:\program files\Radeon Omega Drivers
2009-03-28 23:29 . 2009-03-28 23:29   <DIR>   d--------   c:\program files\MultiRes
2009-03-28 23:29 . 2009-03-28 23:29   472,576   --a------   c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-03-28 23:08 . 2009-03-28 23:08   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\ATI
2009-03-28 22:52 . 2009-03-28 22:52   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\Ventrilo
2009-03-28 22:48 . 2009-03-28 22:48   <DIR>   d--------   c:\program files\Mumble
2009-03-28 22:48 . 2009-03-28 22:48   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\Mumble
2009-03-28 22:05 . 2009-04-06 19:46   <DIR>   d--------   c:\program files\mIRC
2009-03-28 22:05 . 2009-04-06 19:50   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\mIRC
2009-03-28 22:01 . 2009-03-28 22:01   <DIR>   d--------   c:\program files\Ventrilo
2009-03-28 22:01 . 2009-03-28 22:01   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2009-03-28 21:40 . 2009-03-28 23:34   <DIR>   d--------   c:\program files\ATI
2009-03-28 21:38 . 2009-03-28 21:38   <DIR>   d--------   C:\ATI
2009-03-28 17:56 . 2009-03-28 17:56   <DIR>   d--------   c:\program files\Valve
2009-03-28 17:49 . 2009-03-28 17:49   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\ATI
2009-03-28 17:48 . 2009-03-28 17:48   0   --a------   c:\windows\ativpsrm.bin
2009-03-28 17:46 . 2009-03-28 17:50   <DIR>   d--------   c:\documents and settings\HiVu\Dane aplikacji\Nowe Gadu-Gadu
2009-03-28 17:45 . 2009-03-28 17:45   <DIR>   d--------   c:\program files\Nowe Gadu-Gadu
2009-03-28 17:43 . 2008-04-14 22:50   21,504   --a------   c:\windows\system32\hidserv.dll
2009-03-28 17:43 . 2001-08-17 23:59   3,072   --a------   c:\windows\system32\drivers\audstub.sys
2009-03-28 17:42 . 2009-03-28 17:47   <DIR>   d--------   c:\program files\Common Files\ATI Technologies
2009-03-28 17:42 . 2008-04-14 22:50   77,312   --a------   c:\windows\system32\usbui.dll
2009-03-28 17:42 . 2008-04-14 21:35   58,880   --a------   c:\windows\system32\drivers\redbook.sys
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   dr-h-----   c:\documents and settings\Default User\Ustawienia lokalne
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   d--------   c:\documents and settings\Default User\Ulubione
2009-03-28 17:40 . 2009-03-28 16:45   <DIR>   d--h-----   c:\documents and settings\Default User\Szablony
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   d--------   c:\documents and settings\Default User\Pulpit
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   d--------   c:\documents and settings\Default User\Moje dokumenty
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   dr-------   c:\documents and settings\Default User\Menu Start
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   d--------   c:\documents and settings\All Users\Ulubione
2009-03-28 17:40 . 2009-03-28 17:40   <DIR>   d--h-----   c:\documents and settings\All Users\Szablony
2009-03-28 17:40 . 2009-04-06 15:14   <DIR>   d--------   c:\documents and settings\All Users\Pulpit
2009-03-28 17:40 . 2009-03-29 18:25   <DIR>   dr-------   c:\documents and settings\All Users\Menu Start
2009-03-28 17:40 . 2009-03-28 16:46   <DIR>   dr-------   c:\documents and settings\All Users\Dokumenty
2009-03-28 17:39 . 2009-04-06 20:54   <DIR>   d--------   c:\windows\system32\CatRoot2
2009-03-28 17:39 . 2009-03-29 18:26   <DIR>   d--------   c:\windows\system32\CatRoot
2009-03-28 17:39 . 2009-03-28 17:40   <DIR>   dr-h-----   c:\documents and settings\Default User\Dane aplikacji
2009-03-28 17:39 . 2009-03-28 23:08   <DIR>   dr-h-----   c:\documents and settings\All Users\Dane aplikacji
2009-03-28 17:39 . 2004-08-04 14:00   1,014,483   --a--c---   c:\windows\system32\dllcache\SP2.CAT
2009-03-28 17:39 . 2004-08-04 14:00   808,524   --a--c---   c:\windows\system32\dllcache\NT5IIS.CAT
2009-03-28 17:39 . 2004-08-04 14:00   399,670   --a--c---   c:\windows\system32\dllcache\MAPIMIG.CAT
2009-03-28 17:39 . 2004-08-04 14:00   37,509   --a--c---   c:\windows\system32\dllcache\MW770.CAT
2009-03-28 17:39 . 2004-08-04 14:00   13,497   --a--c---   c:\windows\system32\dllcache\HPCRDP.CAT
2009-03-28 17:39 . 2004-08-04 14:00   8,599   --a--c---   c:\windows\system32\dllcache\IASNT4.CAT
2009-03-28 17:39 . 2004-08-04 14:00   7,407   --a--c---   c:\windows\system32\dllcache\OEMBIOS.CAT
2009-03-28 17:39 . 2004-08-04 14:00   7,334   --a--c---   c:\windows\system32\dllcache\wmerrenu.cat
2009-03-28 17:38 . 2009-03-29 18:29   <DIR>   d--h-----   c:\documents and settings\Default User
2009-03-28 17:38 . 2009-03-28 16:48   <DIR>   d--------   c:\documents and settings\All Users
2009-03-28 17:38 . 2009-03-28 16:51   <DIR>   d--------   C:\Documents and Settings
2009-03-28 17:38 . 2008-05-21 01:53   93,696   -ra------   c:\windows\system32\drivers\AtiHdmi.sys
2009-03-28 17:37 . 2009-03-28 21:40   <DIR>   d--------   c:\program files\ATI Technologies
2009-03-28 17:37 . 2008-07-04 04:48   3,107,788   -ra------   c:\windows\system32\ativvaxx.dat
2009-03-28 17:37 . 2008-07-04 04:48   3,107,788   -ra------   c:\windows\system32\ativva5x.dat
2009-03-28 17:37 . 2008-07-04 04:48   887,724   -ra------   c:\windows\system32\ativva6x.dat
2009-03-28 17:37 . 2009-02-25 16:15   593,920   ---------   c:\windows\system32\ati2sgag.exe
2009-03-28 17:37 . 2009-02-25 23:42   442,368   --a------   c:\windows\system32\ATIDEMGX.dll
2009-03-28 17:37 . 2009-02-25 23:09   307,200   --a------   c:\windows\system32\atiiiexx.dll
2009-03-28 17:37 . 2009-01-26 19:55   182,995   --a------   c:\windows\system32\atiicdxx.dat
2009-03-28 17:37 . 2008-12-29 21:35   15,485   --a------   c:\windows\atiogl.xml
2009-03-28 17:37 . 2007-08-31 15:20   7,167   -ra------   c:\windows\system32\atifglpf.xml
2009-03-28 17:33 . 2008-04-14 00:15   172,416   --a------   c:\windows\system32\drivers\kmixer.sys
2009-03-28 17:33 . 2008-04-13 22:09   142,592   --a------   c:\windows\system32\drivers\aec.sys
2009-03-28 17:33 . 2008-04-14 00:47   83,072   --a------   c:\windows\system32\drivers\wdmaud.sys
2009-03-28 17:33 . 2008-04-14 00:45   60,800   --a------   c:\windows\system32\drivers\sysaudio.sys
2009-03-28 17:33 . 2008-04-14 00:15   56,576   --a------   c:\windows\system32\drivers\swmidi.sys
2009-03-28 17:33 . 2008-04-14 00:15   52,864   --a------   c:\windows\system32\drivers\dmusic.sys
2009-03-28 17:33 . 2008-04-14 00:09   7,552   --a------   c:\windows\system32\drivers\mskssrv.sys
2009-03-28 17:33 . 2008-04-14 00:15   6,272   --a------   c:\windows\system32\drivers\splitter.sys
2009-03-28 17:33 . 2008-04-14 00:09   5,376   --a------   c:\windows\system32\drivers\mspclock.sys
2009-03-28 17:33 . 2008-04-14 00:09   4,992   --a------   c:\windows\system32\drivers\mspqm.sys
2009-03-28 17:33 . 2008-04-14 00:15   2,944   --a------   c:\windows\system32\drivers\drmkaud.sys
2009-03-28 17:32 . 2009-03-28 17:32   <DIR>   d--------   c:\program files\Analog Devices
2009-03-28 17:32 . 2006-03-17 11:18   392,960   -ra------   c:\windows\system32\drivers\senfilt.sys
2009-03-28 17:32 . 2007-01-16 03:09   293,888   -ra------   c:\windows\system32\drivers\ADIHdAud.sys
2009-03-28 17:32 . 2008-04-14 00:49   146,048   --a------   c:\windows\system32\drivers\portcls.sys
2009-03-28 17:32 . 2008-04-14 22:51   129,536   --a------   c:\windows\system32\ksproxy.ax
2009-03-28 17:32 . 2006-08-07 00:57   93,952   -ra------   c:\windows\system32\drivers\aeaudio.sys
2009-03-28 17:32 . 2003-08-19 12:36   65,536   --a--c---   c:\windows\system32\dllcache\a3d.dll
2009-03-28 17:32 . 2003-08-19 12:36   65,536   -ra------   c:\windows\system32\a3d.dll
2009-03-28 17:32 . 2008-04-14 00:15   60,160   --a------   c:\windows\system32\drivers\drmk.sys
2009-03-28 17:32 . 2006-06-30 09:00   28,160   -ra------   c:\windows\system32\PostProc.dll
2009-03-28 17:32 . 2007-08-10 20:53   26,488   --a------   c:\windows\system32\spupdsvc.exe
2009-03-28 17:32 . 2008-04-14 22:50   4,096   --a------   c:\windows\system32\ksuser.dll
2009-03-28 17:24 . 2009-04-05 21:26   <DIR>   d----c---   c:\windows\system32\DRVSTORE
2009-03-28 17:24 . 2009-03-28 17:24   <DIR>   d--------   c:\program files\DIFX
2009-03-28 17:24 . 2006-06-19 00:51   43,520   --a------   c:\windows\system32\drivers\AmdK8.sys
2009-03-28 17:16 . 2009-04-06 15:14   <DIR>   d--h-----   c:\program files\InstallShield Installation Information
2009-03-28 17:15 . 2009-03-28 17:15   1,024   --a------   C:\.rnd
2009-03-28 17:14 . 2009-03-28 17:14   22   --a------   c:\windows\FileName
2009-03-28 17:13 . 2009-03-28 17:13   <DIR>   d--------   c:\program files\NVIDIA Corporation
2009-03-28 17:12 . 2009-03-28 17:12   <DIR>   d--------   c:\windows\ASUSInstAll
2009-03-28 17:12 . 2006-08-29 17:29   446,464   --a------   c:\windows\system32\CapabilityTable.exe
2009-03-28 17:12 . 2006-08-07 08:07   208,896   ---------   c:\windows\system32\nvuide.exe
2009-03-28 17:12 . 2006-06-01 09:32   1,570   ---------   c:\windows\system32\nvide.nvu
2009-03-28 17:11 . 2006-08-14 08:51   363,008   -ra------   c:\windows\system32\idecoiins.dll
2009-03-28 17:11 . 2006-08-14 08:51   363,008   -ra------   c:\windows\system32\idecoi.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 14:52   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-03-28 14:49   ---------   d-----w   c:\program files\microsoft frontpage
2009-03-28 14:47   ---------   d-----w   c:\program files\Usługi online
2009-02-25 22:58   3,565,568   ----a-w   c:\windows\system32\drivers\ati2mtag.sys
2009-02-25 20:37   53,248   ----a-w   c:\windows\system32\drivers\ati2erec.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-04-06_20.35.43,90   )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28   163,328   ----a-w   c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-04-06 18:55:58   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_704.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-03-29 1410296]
"Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 849280]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-03-28 17:36 133104 c:\documents and settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-31 17:04 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\doluse\\counter-strike\\hl.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-03-28 93696]
.
Zawartość folderu 'Zaplanowane zadania'

2009-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-299502267-725345543-1004.job
- c:\documents and settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-03-28 17:36]
.
.
------- Skan uzupełniający -------
.
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 20:56:01
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2009-04-06 20:57:01 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-04-06 18:56:59
ComboFix2.txt  2009-04-06 18:36:03

Przed: 92 477 657 088 bajtów wolnych
Po: 92,420,902,912 bajtów wolnych

240


[wojtas]

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[HiVu]

Zrobiłem jak kazałeś... nic nie wykryło .Temat znów powrócił w postaci wysokich pingów na serwerach... nagle mocno podskoczyły.. z 30 do 80 pingując wp.pl mam 60-70

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:03, on 2009-04-15
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\HiVu\Pulpit\GammaAdjuster.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 5158 bytes


Kod: Zaznacz wszystko

Logfile of random's system information tool 1.06 (written by random/random)
Run by HiVu at 2009-04-15 19:20:30
Microsoft Windows XP Home Edition Dodatek Service Pack 3
System drive C: has 78 GB (78%) free of 100 GB
Total RAM: 2047 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:30, on 2009-04-15
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\HiVu\Pulpit\GammaAdjuster.exe
C:\Documents and Settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HiVu\Moje dokumenty\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HiVu.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 5424 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-299502267-725345543-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-31 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-31 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 849280]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-02-27 9339496]
"Steam"=c:\program files\valve\steam\steam.exe [2009-03-29 1410296]
"Odkurzacz-MCD"=C:\Program Files\Odkurzacz\odk_mcd.exe [2008-08-16 264704]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\HiVu\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-03-28 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-31 148888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Valve\Steam\SteamApps\doluse\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\doluse\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\PFPortChecker\PFPortChecker.exe"="C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded."
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\Valve\Steam\SteamApps\doluse\counter-strike source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\doluse\counter-strike source\hl2.exe:*:Enabled:hl2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit -
.js - open -
.vbs - edit -
.vbs - open -

======List of files/folders created in the last 3 months======

2009-04-15 19:20:30 ----D---- C:\rsit
2009-04-14 20:02:53 ----D---- C:\!FixIEDef
2009-04-14 20:02:10 ----A---- C:\ComboFix.txt
2009-04-12 20:15:17 ----A---- C:\WINDOWS\WORDPAD.INI
2009-04-12 14:31:01 ----D---- C:\Program Files\Tibia
2009-04-12 11:49:01 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\Tibia
2009-04-10 21:07:37 ----HD---- C:\Program Files\Zero G Registry
2009-04-10 21:07:37 ----D---- C:\Program Files\Sports Interactive
2009-04-10 21:07:00 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\Sports Interactive
2009-04-10 19:05:50 ----D---- C:\Program Files\EA SPORTS
2009-04-10 19:02:03 ----D---- C:\WINDOWS\RegisteredPackages
2009-04-10 19:01:52 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-04-10 19:01:49 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-04-08 22:17:27 ----D---- C:\Program Files\PFPortChecker
2009-04-08 12:43:29 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
2009-04-07 14:27:26 ----D---- C:\Program Files\Headshot Player
2009-04-06 20:34:37 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-06 15:42:45 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-04-06 14:24:37 ----D---- C:\Program Files\Kolekcja Klasyki
2009-04-06 12:51:14 ----D---- C:\ProgramData
2009-04-06 12:41:01 ----D---- C:\Program Files\Electronic Arts
2009-04-06 10:11:46 ----D---- C:\Qoobox
2009-04-05 21:18:02 ----D---- C:\WINDOWS\pss
2009-04-02 21:48:17 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\Xfire
2009-04-02 21:48:15 ----D---- C:\Program Files\Xfire
2009-03-31 21:48:54 ----D---- C:\WINDOWS\system32\Adobe
2009-03-31 17:32:51 ----D---- C:\WINDOWS\Sun
2009-03-31 17:00:46 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-31 17:00:46 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-31 17:00:46 ----A---- C:\WINDOWS\system32\java.exe
2009-03-31 17:00:46 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-31 17:00:42 ----D---- C:\Program Files\Java
2009-03-31 16:58:48 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\Sun
2009-03-30 19:34:54 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\teamspeak2
2009-03-30 19:34:49 ----D---- C:\Program Files\Teamspeak2_RC2
2009-03-30 14:09:59 ----SD---- C:\Program Files\HLSW
2009-03-30 14:09:59 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\HLSW
2009-03-29 18:28:38 ----D---- C:\WINDOWS\Prefetch
2009-03-29 18:25:34 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-03-29 18:25:34 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\credssp.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\azroles.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-03-29 18:25:29 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\slserv.exe
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\slgen.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\setupn.exe
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\qutil.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\qagent.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\onex.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\napstat.exe
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\mssha.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-03-29 18:25:28 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-03-29 18:25:27 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-03-29 18:25:27 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-03-29 18:25:27 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-03-29 18:25:27 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-03-29 18:25:27 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-03-29 18:25:27 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-03-29 18:25:27 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-03-29 18:25:27 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-03-29 18:25:27 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-03-29 18:25:27 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-03-29 18:25:27 ----N---- C:\WINDOWS\slrundll.exe
2009-03-29 18:25:27 ----D---- C:\WINDOWS\system32\pl-pl
2009-03-29 18:25:27 ----D---- C:\WINDOWS\system32\pl
2009-03-29 18:25:27 ----D---- C:\WINDOWS\system32\bits
2009-03-29 18:25:27 ----D---- C:\WINDOWS\l2schemas
2009-03-29 18:24:37 ----D---- C:\WINDOWS\ServicePackFiles
2009-03-29 18:23:56 ----D---- C:\WINDOWS\network diagnostic
2009-03-29 18:22:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-03-29 18:22:56 ----D---- C:\WINDOWS\EHome
2009-03-29 15:52:55 ----D---- C:\WINDOWS\temp
2009-03-29 15:51:43 ----A---- C:\WINDOWS\zip.exe
2009-03-29 15:51:43 ----A---- C:\WINDOWS\VFIND.exe
2009-03-29 15:51:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-29 15:51:43 ----A---- C:\WINDOWS\SWSC.exe
2009-03-29 15:51:43 ----A---- C:\WINDOWS\SWREG.exe
2009-03-29 15:51:43 ----A---- C:\WINDOWS\sed.exe
2009-03-29 15:51:43 ----A---- C:\WINDOWS\grep.exe
2009-03-29 15:44:43 ----D---- C:\ERDNT
2009-03-29 15:44:42 ----D---- C:\WINDOWS\ERUNT
2009-03-29 15:44:42 ----D---- C:\WINDOWS\ERDNT
2009-03-29 15:33:11 ----D---- C:\Program Files\HDCleaner
2009-03-29 14:46:04 ----D---- C:\Program Files\Odkurzacz
2009-03-29 14:42:21 ----D---- C:\Program Files\CCleaner
2009-03-29 13:45:46 ----D---- C:\Program Files\Trend Micro
2009-03-29 11:15:34 ----D---- C:\Program Files\AMD
2009-03-29 11:15:26 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\InstallShield
2009-03-28 23:29:37 ----D---- C:\Program Files\MultiRes
2009-03-28 23:29:27 ----D---- C:\Program Files\Radeon Omega Drivers
2009-03-28 23:29:27 ----A---- C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-03-28 23:08:54 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\ATI
2009-03-28 22:52:20 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\Ventrilo
2009-03-28 22:48:34 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\Mumble
2009-03-28 22:48:26 ----D---- C:\Program Files\Mumble
2009-03-28 22:05:45 ----D---- C:\Program Files\mIRC
2009-03-28 22:05:45 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\mIRC
2009-03-28 22:01:15 ----D---- C:\Program Files\Ventrilo
2009-03-28 22:01:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-28 21:40:34 ----D---- C:\Program Files\ATI
2009-03-28 21:38:02 ----D---- C:\ATI
2009-03-28 18:25:03 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\Macromedia
2009-03-28 18:25:03 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\Adobe
2009-03-28 17:56:50 ----D---- C:\Program Files\Valve
2009-03-28 17:55:25 ----D---- C:\Program Files\WinRAR
2009-03-28 17:51:29 ----SHD---- C:\Config.Msi
2009-03-28 17:49:04 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\ATI
2009-03-28 17:46:00 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\Nowe Gadu-Gadu
2009-03-28 17:45:18 ----D---- C:\Program Files\Nowe Gadu-Gadu
2009-03-28 17:44:40 ----A---- C:\WINDOWS\system32\h323log.txt
2009-03-28 17:43:26 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-03-28 17:42:12 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-03-28 17:42:11 ----A---- C:\WINDOWS\system32\usbui.dll
2009-03-28 17:41:23 ----SHD---- C:\WINDOWS\Installer
2009-03-28 17:41:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-28 17:41:22 ----D---- C:\Program Files\Common Files\ODBC
2009-03-28 17:41:22 ----A---- C:\WINDOWS\ODBCINST.INI
2009-03-28 17:41:20 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-03-28 17:41:19 ----RD---- C:\Program Files
2009-03-28 17:41:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-28 17:41:19 ----D---- C:\Program Files\Common Files
2009-03-28 17:41:17 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-03-28 17:41:17 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-03-28 17:41:17 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-03-28 17:41:15 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-03-28 17:41:15 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-03-28 17:41:15 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-03-28 17:41:15 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-03-28 17:41:15 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-03-28 17:41:15 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-03-28 17:41:15 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-03-28 17:41:15 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-03-28 17:41:15 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-03-28 17:41:15 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-03-28 17:41:15 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-03-28 17:41:15 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-03-28 17:41:14 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-03-28 17:41:14 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-03-28 17:41:14 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-03-28 17:41:14 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-03-28 17:41:14 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-03-28 17:41:14 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-03-28 17:41:13 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-03-28 17:41:12 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-03-28 17:41:12 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-03-28 17:41:12 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-03-28 17:41:12 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-03-28 17:41:12 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-03-28 17:41:10 ----A---- C:\WINDOWS\system32\kbdsl1.dll
2009-03-28 17:41:10 ----A---- C:\WINDOWS\system32\kbdsl.dll
2009-03-28 17:41:10 ----A---- C:\WINDOWS\system32\kbdro.dll
2009-03-28 17:41:10 ----A---- C:\WINDOWS\system32\kbdhu1.dll
2009-03-28 17:41:10 ----A---- C:\WINDOWS\system32\kbdhu.dll
2009-03-28 17:41:10 ----A---- C:\WINDOWS\system32\kbdcz2.dll
2009-03-28 17:41:10 ----A---- C:\WINDOWS\system32\kbdcz1.dll
2009-03-28 17:41:10 ----A---- C:\WINDOWS\system32\kbdcz.dll
2009-03-28 17:41:10 ----A---- C:\WINDOWS\system32\kbdcr.dll
2009-03-28 17:41:10 ----A---- C:\WINDOWS\system32\KBDAL.DLL
2009-03-28 17:41:09 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-03-28 17:41:09 ----A---- C:\WINDOWS\system32\kbdycl.dll
2009-03-28 17:41:09 ----A---- C:\WINDOWS\system32\irclass.dll
2009-03-28 17:41:09 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-03-28 17:41:09 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-03-28 17:41:08 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-03-28 17:41:07 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-03-28 17:41:07 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-03-28 17:41:06 ----A---- C:\WINDOWS\system32\batt.dll
2009-03-28 17:41:06 ----A---- C:\WINDOWS\notepad.exe
2009-03-28 17:41:03 ----A---- C:\WINDOWS\system32\storprop.dll
2009-03-28 17:40:56 ----ASH---- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
2009-03-28 17:40:41 ----RSD---- C:\WINDOWS\assembly
2009-03-28 17:40:19 ----D---- C:\WINDOWS\Microsoft.NET
2009-03-28 17:39:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-28 17:39:08 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-28 17:39:04 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-03-28 17:39:03 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft
2009-03-28 17:38:56 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-03-28 17:38:43 ----D---- C:\Documents and Settings
2009-03-28 17:38:42 ----SHD---- C:\System Volume Information
2009-03-28 17:37:58 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-03-28 17:37:53 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-03-28 17:37:51 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-03-28 17:37:20 ----D---- C:\Program Files\ATI Technologies
2009-03-28 17:32:59 ----RA---- C:\WINDOWS\system32\PostProc.dll
2009-03-28 17:32:59 ----RA---- C:\WINDOWS\system32\a3d.dll
2009-03-28 17:32:57 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-03-28 17:32:51 ----D---- C:\Program Files\Analog Devices
2009-03-28 17:32:08 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-03-28 17:32:08 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-03-28 17:24:44 ----D---- C:\Program Files\DIFX
2009-03-28 17:24:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-28 17:16:09 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-28 17:13:46 ----D---- C:\Program Files\NVIDIA Corporation
2009-03-28 17:12:53 ----D---- C:\WINDOWS\ASUSInstAll
2009-03-28 17:12:23 ----A---- C:\WINDOWS\system32\CapabilityTable.exe
2009-03-28 17:12:04 ----N---- C:\WINDOWS\system32\nvuide.exe
2009-03-28 17:11:32 ----RA---- C:\WINDOWS\system32\NVCOI.DLL
2009-03-28 17:11:32 ----RA---- C:\WINDOWS\system32\idecoiins.dll
2009-03-28 17:11:32 ----RA---- C:\WINDOWS\system32\idecoi.dll
2009-03-28 17:11:17 ----RA---- C:\WINDOWS\system32\fdco1ins.dll
2009-03-28 17:11:17 ----RA---- C:\WINDOWS\system32\fdco1.dll
2009-03-28 17:11:11 ----A---- C:\WINDOWS\system32\nvunrm.exe
2009-03-28 17:10:39 ----D---- C:\WINDOWS\NV31522900.TMP
2009-03-28 17:10:38 ----RA---- C:\WINDOWS\system32\nvconrm.dll
2009-03-28 17:10:38 ----RA---- C:\WINDOWS\system32\bdco1ins.dll
2009-03-28 17:10:38 ----RA---- C:\WINDOWS\system32\bdco1.dll
2009-03-28 17:10:23 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-03-28 17:09:50 ----RA---- C:\WINDOWS\system32\raidmgmt.ini
2009-03-28 17:09:49 ----RA---- C:\WINDOWS\system32\AsusSetup.ini
2009-03-28 17:09:49 ----RA---- C:\WINDOWS\system32\AsusSetup.exe
2009-03-28 17:09:44 ----D---- C:\Program Files\Common Files\InstallShield
2009-03-28 17:09:22 ----A---- C:\WINDOWS\Ascd_log.ini
2009-03-28 17:09:11 ----A---- C:\WINDOWS\Ascd_tmp.ini
2009-03-28 17:08:58 ----A---- C:\WINDOWS\AS_Debug.txt
2009-03-28 17:07:19 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-03-28 17:07:00 ----D---- C:\Program Files\Microsoft Works
2009-03-28 17:06:52 ----D---- C:\Program Files\Common Files\DESIGNER
2009-03-28 17:04:46 ----D---- C:\WINDOWS\SHELLNEW
2009-03-28 17:04:33 ----D---- C:\Program Files\Microsoft Office
2009-03-28 17:04:33 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2009-03-28 17:04:10 ----RHD---- C:\MSOCache
2009-03-28 17:00:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-28 17:00:44 ----D---- C:\Program Files\Microsoft IntelliPoint
2009-03-28 16:52:44 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-03-28 16:51:53 ----D---- C:\Documents and Settings\HiVu\Dane aplikacji\Identities
2009-03-28 16:51:52 ----HD---- C:\Program Files\Uninstall Information
2009-03-28 16:51:42 ----SD---- C:\Documents and Settings\HiVu\Dane aplikacji\Microsoft
2009-03-28 16:51:42 ----ASH---- C:\Documents and Settings\HiVu\Dane aplikacji\desktop.ini
2009-03-28 16:51:12 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-28 16:51:10 ----SD---- C:\WINDOWS\system32\Microsoft
2009-03-28 16:51:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-28 16:49:00 ----D---- C:\WINDOWS\system32\xircom
2009-03-28 16:49:00 ----D---- C:\Program Files\xerox
2009-03-28 16:49:00 ----D---- C:\Program Files\microsoft frontpage
2009-03-28 16:48:47 ----A---- C:\WINDOWS\control.ini
2009-03-28 16:48:47 ----A---- C:\AUTOEXEC.BAT
2009-03-28 16:48:36 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-03-28 16:48:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-28 16:48:03 ----RD---- C:\WINDOWS\Offline Web Pages
2009-03-28 16:48:03 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-03-28 16:47:59 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-03-28 16:47:56 ----HD---- C:\Program Files\WindowsUpdate
2009-03-28 16:47:53 ----D---- C:\Program Files\Usługi online
2009-03-28 16:47:42 ----D---- C:\WINDOWS\system32\DirectX
2009-03-28 16:47:26 ----A---- C:\WINDOWS\system32\atrace.dll
2009-03-28 16:47:23 ----A---- C:\WINDOWS\system32\desktop.ini
2009-03-28 16:47:23 ----A---- C:\WINDOWS\desktop.ini
2009-03-28 16:47:18 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-03-28 16:47:16 ----D---- C:\Program Files\Common Files\Services
2009-03-28 16:47:16 ----A---- C:\WINDOWS\system32\acctres.dll
2009-03-28 16:47:14 ----SD---- C:\WINDOWS\Tasks
2009-03-28 16:47:14 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-03-28 16:47:13 ----D---- C:\Program Files\Common Files\MSSoap
2009-03-28 16:47:10 ----D---- C:\WINDOWS\srchasst
2009-03-28 16:47:09 ----D---- C:\WINDOWS\system32\Macromed
2009-03-28 16:47:07 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-03-28 16:47:07 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-03-28 16:47:07 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-03-28 16:47:07 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-03-28 16:47:06 ----A---- C:\WINDOWS\system32\wups.dll
2009-03-28 16:47:06 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-03-28 16:47:06 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-03-28 16:47:06 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-03-28 16:47:06 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-03-28 16:47:06 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-03-28 16:47:06 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-03-28 16:47:06 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-03-28 16:47:06 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-03-28 16:47:03 ----D---- C:\Program Files\Movie Maker
2009-03-28 16:46:59 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-03-28 16:46:59 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-03-28 16:46:59 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-03-28 16:46:59 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-03-28 16:46:56 ----D---- C:\WINDOWS\system32\Restore
2009-03-28 16:46:56 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-03-28 16:46:56 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-03-28 16:46:56 ----A---- C:\WINDOWS\system32\srclient.dll
2009-03-28 16:46:56 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-03-28 16:46:56 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-03-28 16:46:55 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-03-28 16:46:55 ----A---- C:\WINDOWS\system32\msconf.dll
2009-03-28 16:46:55 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-03-28 16:46:55 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-03-28 16:46:55 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-03-28 16:46:55 ----A---- C:\WINDOWS\system32\ils.dll
2009-03-28 16:46:52 ----D---- C:\Program Files\NetMeeting
2009-03-28 16:46:52 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-03-28 16:46:52 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-03-28 16:46:51 ----A---- C:\WINDOWS\system32\inetres.dll
2009-03-28 16:46:51 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-03-28 16:46:50 ----D---- C:\Program Files\Outlook Express
2009-03-28 16:46:50 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-03-28 16:46:50 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-03-28 16:46:50 ----A---- C:\WINDOWS\system32\mstask.dll
2009-03-28 16:46:49 ----A---- C:\WINDOWS\system32\isign32.dll
2009-03-28 16:46:49 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-03-28 16:46:49 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-03-28 16:46:49 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-03-28 16:46:44 ----D---- C:\Program Files\Internet Explorer
2009-03-28 16:46:44 ----D---- C:\Program Files\Common Files\System
2009-03-28 16:46:34 ----D---- C:\Program Files\ComPlus Applications
2009-03-28 16:46:32 ----A---- C:\WINDOWS\vbaddin.ini
2009-03-28 16:46:32 ----A---- C:\WINDOWS\vb.ini
2009-03-28 16:46:28 ----D---- C:\WINDOWS\Registration
2009-03-28 16:46:07 ----D---- C:\Program Files\Windows Media Player
2009-03-28 16:46:03 ----D---- C:\Program Files\Messenger
2009-03-28 16:46:00 ----D---- C:\Program Files\MSN Gaming Zone
2009-03-28 16:46:00 ----A---- C:\WINDOWS\system32\write.exe
2009-03-28 16:45:54 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-03-28 16:45:54 ----A---- C:\WINDOWS\system32\hticons.dll
2009-03-28 16:45:53 ----A---- C:\WINDOWS\system32\winchat.exe
2009-03-28 16:45:53 ----A---- C:\WINDOWS\system32\avwav.dll
2009-03-28 16:45:53 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-03-28 16:45:53 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-03-28 16:45:48 ----A---- C:\WINDOWS\system32\getuname.dll
2009-03-28 16:45:47 ----A---- C:\WINDOWS\system32\winmine.exe
2009-03-28 16:45:47 ----A---- C:\WINDOWS\system32\sol.exe
2009-03-28 16:45:47 ----A---- C:\WINDOWS\system32\charmap.exe
2009-03-28 16:45:47 ----A---- C:\WINDOWS\system32\calc.exe
2009-03-28 16:45:46 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-03-28 16:45:46 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-03-28 16:45:46 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-03-28 16:45:46 ----A---- C:\WINDOWS\system32\tskill.exe
2009-03-28 16:45:46 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-03-28 16:45:46 ----A---- C:\WINDOWS\system32\tscon.exe
2009-03-28 16:45:46 ----A---- C:\WINDOWS\system32\shadow.exe
2009-03-28 16:45:46 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-03-28 16:45:46 ----A---- C:\WINDOWS\system32\reset.exe
2009-03-28 16:45:46 ----A---- C:\WINDOWS\system32\regini.exe
2009-03-28 16:45:46 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-03-28 16:45:46 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-03-28 16:45:46 ----A---- C:\WINDOWS\system32\freecell.exe
2009-03-28 16:45:45 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-03-28 16:45:45 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-03-28 16:45:45 ----A---- C:\WINDOWS\system32\msg.exe
2009-03-28 16:45:45 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-03-28 16:45:45 ----A---- C:\WINDOWS\system32\logoff.exe
2009-03-28 16:45:45 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-03-28 16:45:44 ----A---- C:\WINDOWS\system32\stclient.dll
2009-03-28 16:45:44 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-03-28 16:45:44 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-03-28 16:45:44 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-03-28 16:45:44 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-03-28 16:45:44 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-03-28 16:45:44 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-03-28 16:45:44 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-03-28 16:45:40 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-03-28 16:45:39 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-03-28 16:45:39 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-03-28 16:45:39 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-03-28 16:45:39 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-03-28 16:45:38 ----D---- C:\Program Files\Windows NT
2009-03-28 16:45:38 ----A---- C:\WINDOWS\system32\spider.exe
2009-03-28 16:45:38 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-03-28 16:45:38 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-03-28 16:45:37 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-03-28 16:45:37 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-03-28 16:45:37 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-03-28 16:45:37 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-03-28 16:45:37 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-03-28 16:45:37 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-03-28 16:45:37 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-03-28 16:45:37 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-03-28 16:45:37 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-03-28 16:45:36 ----D---- C:\WINDOWS\system32\MsDtc
2009-03-28 16:45:36 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-03-28 16:45:36 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-03-28 16:45:36 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-03-28 16:45:36 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-03-28 16:45:36 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-03-28 16:45:36 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-03-28 16:45:36 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-03-28 16:45:36 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-03-28 16:45:36 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-03-28 16:45:36 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-03-28 16:45:35 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-03-28 16:45:35 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-03-28 16:45:35 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-03-28 16:45:35 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-03-28 16:45:34 ----D---- C:\WINDOWS\system32\Com
2009-03-28 16:45:34 ----A---- C:\WINDOWS\system32\colbact.dll
2009-03-28 16:45:34 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-03-28 16:45:34 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-03-28 16:45:34 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-03-28 16:45:34 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-03-28 16:45:33 ----A---- C:\WINDOWS\system32\comuid.dll
2009-03-28 16:45:33 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-03-28 16:45:33 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-03-28 16:45:29 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-03-28 16:45:29 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-03-28 16:45:29 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-03-28 16:45:29 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-03-28 14:37:25 ----RSH---- C:\boot.ini
2009-03-28 14:32:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-28 14:32:23 ----RSD---- C:\WINDOWS\Fonts
2009-03-28 14:32:23 ----RD---- C:\WINDOWS\Web
2009-03-28 14:32:23 ----HD---- C:\WINDOWS\inf
2009-03-28 14:32:23 ----D---- C:\WINDOWS\WinSxS
2009-03-28 14:32:23 ----D---- C:\WINDOWS\twain_32
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\wins
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\wbem
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\usmt
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\spool
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\ShellExt
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\Setup
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\ras
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\oobe
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\npp
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\mui
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\inetsrv
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\IME
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\icsxml
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\ias
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\export
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\drivers
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\dhcp
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\config
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\3com_dmi
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\3076
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\2052
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\1054
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\1045
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\1042
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\1041
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\1037
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\1033
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\1031
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\1028
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32\1025
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system32
2009-03-28 14:32:23 ----D---- C:\WINDOWS\system
2009-03-28 14:32:23 ----D---- C:\WINDOWS\security
2009-03-28 14:32:23 ----D---- C:\WINDOWS\Resources
2009-03-28 14:32:23 ----D---- C:\WINDOWS\repair
2009-03-28 14:32:23 ----D---- C:\WINDOWS\Provisioning
2009-03-28 14:32:23 ----D---- C:\WINDOWS\PeerNet
2009-03-28 14:32:23 ----D---- C:\WINDOWS\pchealth
2009-03-28 14:32:23 ----D---- C:\WINDOWS\mui
2009-03-28 14:32:23 ----D---- C:\WINDOWS\msapps
2009-03-28 14:32:23 ----D---- C:\WINDOWS\msagent
2009-03-28 14:32:23 ----D---- C:\WINDOWS\Media
2009-03-28 14:32:23 ----D---- C:\WINDOWS\java
2009-03-28 14:32:23 ----D---- C:\WINDOWS\ime
2009-03-28 14:32:23 ----D---- C:\WINDOWS\Help
2009-03-28 14:32:23 ----D---- C:\WINDOWS\Driver Cache
2009-03-28 14:32:23 ----D---- C:\WINDOWS\Debug
2009-03-28 14:32:23 ----D---- C:\WINDOWS\Cursors
2009-03-28 14:32:23 ----D---- C:\WINDOWS\Connection Wizard
2009-03-28 14:32:23 ----D---- C:\WINDOWS\Config
2009-03-28 14:32:23 ----D---- C:\WINDOWS\AppPatch
2009-03-28 14:32:23 ----D---- C:\WINDOWS\addins
2009-03-28 14:32:23 ----D---- C:\WINDOWS
2009-03-21 00:26:16 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-03-19 17:08:50 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-03-19 17:08:50 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-02-25 23:30:15 ----A---- C:\WINDOWS\system32\atioglxx.dll
2009-02-25 22:32:59 ----A---- C:\WINDOWS\system32\aticalrt.dll
2009-02-25 22:32:53 ----A---- C:\WINDOWS\system32\aticalcl.dll
2009-02-25 22:30:01 ----A---- C:\WINDOWS\system32\aticaldd.dll

======List of files/folders modified in the last 3 months======

2009-04-14 20:01:43 ----A---- C:\WINDOWS\system.ini
2009-04-05 21:18:24 ----A---- C:\WINDOWS\win.ini
2009-02-25 23:41:10 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-02-25 23:30:02 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-02-25 23:29:49 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-02-25 23:29:41 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-02-25 23:29:32 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-02-25 23:29:15 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-02-25 23:27:41 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-02-25 23:26:17 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-02-25 23:16:45 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-02-25 22:59:31 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-02-25 22:44:29 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2009-02-25 22:40:20 ----A---- C:\WINDOWS\system32\atikvmag.dll
2009-02-25 22:38:47 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2009-02-25 22:38:37 ----A---- C:\WINDOWS\system32\atitvo32.dll
2009-02-25 22:35:08 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2009-02-25 22:32:05 ----A---- C:\WINDOWS\system32\ati2cqag.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 43520]
R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-26 3565568]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-08 21760]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 catchme;catchme; \??\C:\DOCUME~1\HiVu\USTAWI~1\Temp\catchme.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-31 152984]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------


[wojtas]

wg. mnie jest ok./