Prośba o sprawdzenie loga - trojan

[RufuS*]

Znajomy prosił o pomoc. Komputer muli, instalują się jakieś badziewia itp. Widzę w logu jednego trojana, coś jeszcze?
Zamieszczam logi:

RSIT (na wklej bo msg za długa)

Kod: Zaznacz wszystko

http://wklej.org/id/134397/

i OTL

Kod: Zaznacz wszystko

OTL logfile created on: 2009-08-13 13:32:52 - Run 1
OTL by OldTimer - Version 3.0.10.6     Folder = C:\Documents and Settings\Marek Goły\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 79,29% Memory free
3,85 Gb Paging File | 3,60 Gb Available in Paging File | 93,60% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 33,40 Gb Free Space | 68,40% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 111,17 Gb Free Space | 60,40% Space Free | Partition Type: NTFS
Drive E: | 37,27 Gb Total Space | 11,27 Gb Free Space | 30,23% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAREK
Current User Name: Marek Goły
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2004-08-04 01:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009-08-13 12:38:49 | 00,010,240 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
PRC - [2007-11-14 12:54:24 | 02,131,392 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2009-08-05 20:03:05 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-08-13 13:32:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek Goły\Pulpit\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - File not found --  -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2007-10-16 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004-08-04 01:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])
SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2003-12-08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
DRV - [2003-12-08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
DRV - [2007-10-16 16:40:06 | 02,642,944 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009-08-13 12:42:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Stopped])
DRV - [2007-09-25 16:59:46 | 00,015,152 | ---- | M] () -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo [On_Demand | Stopped])
DRV - [2005-01-10 12:15:24 | 00,138,752 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2006-12-28 06:44:44 | 00,084,992 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdAud.sys -- (HdAudAddService [On_Demand | Running])
DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007-05-24 12:30:10 | 00,049,920 | ---- | M] (JMicron Technology Corp.) -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID [Boot | Running])
DRV - [2009-08-12 18:24:42 | 00,619,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
DRV - [2005-01-10 12:15:30 | 00,106,496 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2005-07-07 10:14:30 | 01,389,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2001-08-18 02:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - File not found --  -- (RfwBase9 [Disabled | Running])
DRV - File not found --  -- (rfwtdi [Disabled | Running])
DRV - [2006-12-14 10:44:06 | 00,085,120 | ---- | M] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2007-01-20 09:11:07 | 00,031,644 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2004-07-17 12:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005-04-14 17:23:28 | 00,472,960 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\snpstd3.sys -- (SNPSTD3 [On_Demand | Running])
DRV - [2009-08-01 21:51:14 | 00,721,904 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Stopped])
DRV - [2004-12-08 19:16:30 | 00,038,468 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Stopped])
DRV - [2006-10-01 22:10:42 | 00,021,048 | R--- | M] (ABIT) -- C:\WINDOWS\System32\drivers\uGuru.sys -- (UGURU [System | Running])
DRV - [2004-08-04 01:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1757981266-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1757981266-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1757981266-1229272821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1757981266-1229272821-839522115-1003\S-1-5-21-1757981266-1229272821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-08-05 20:03:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-08-08 17:39:26 | 00,000,000 | ---D | M]

[2009-07-01 10:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marek Goły\Dane aplikacji\mozilla\Extensions
[2009-07-01 10:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marek Goły\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-07-01 10:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marek Goły\Dane aplikacji\mozilla\Firefox\Profiles\z003mosg.default\extensions
[2009-08-13 00:28:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-08-05 20:03:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-07-01 10:55:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009-08-05 20:03:04 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-08-05 20:03:04 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007-04-30 16:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009-08-05 20:03:07 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003-07-15 06:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006-10-23 00:24:00 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009-06-24 14:27:26 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2009-06-24 14:27:26 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2009-06-24 14:27:26 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-06-24 14:27:26 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2009-06-24 14:27:26 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2009-06-24 14:27:26 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2009-06-24 14:27:26 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKLM..\Run: [braviax] C:\WINDOWS\System32\braviax.exe ()
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKU\.DEFAULT..\Run: [braviax]  File not found
O4 - HKU\S-1-5-18..\Run: [braviax]  File not found
O4 - HKLM..\RunOnce: [Ris]  File not found
O4 - Startup: C:\Documents and Settings\Marek Goły\Menu Start\Programy\Autostart\ikowin32.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1757981266-1229272821-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1757981266-1229272821-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1757981266-1229272821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1757981266-1229272821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-21-1757981266-1229272821-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1757981266-1229272821-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (cru629.dat) -  File not found
O20 - AppInit_DLLs: (FILES\ATI) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-30 21:05:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{61e905ca-65b3-11de-b7aa-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{61e905ca-65b3-11de-b7aa-806d6172696f}\Shell\AutoRun\command - "" = I:\Autorun.exe root.ini -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009-08-13 13:31:50 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marek Goły\Pulpit\OTL.exe
[2009-08-13 13:21:01 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Marek Goły\Pulpit\HiJackThis.exe
[2009-08-13 12:42:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009-08-13 12:33:07 | 00,019,552 | ---- | C] () -- C:\Program Files\Common Files\xejeri.sys
[2009-08-13 12:33:07 | 00,019,385 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\ebotajez.com
[2009-08-13 12:33:07 | 00,019,188 | ---- | C] () -- C:\Program Files\Common Files\xujigi.db
[2009-08-13 12:33:07 | 00,019,016 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\emekaz.exe
[2009-08-13 12:33:07 | 00,018,900 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\qygozy.db
[2009-08-13 12:33:07 | 00,017,540 | ---- | C] () -- C:\WINDOWS\xejulikury._dl
[2009-08-13 12:33:07 | 00,017,464 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\nuxok.dl
[2009-08-13 12:33:07 | 00,017,003 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\cinohuzis.bin
[2009-08-13 12:33:07 | 00,015,811 | ---- | C] () -- C:\WINDOWS\ixiwew.lib
[2009-08-13 12:33:07 | 00,015,738 | ---- | C] () -- C:\WINDOWS\System32\efewuticy.pif
[2009-08-13 12:33:07 | 00,015,148 | ---- | C] () -- C:\WINDOWS\banoripaze.bin
[2009-08-13 12:33:07 | 00,014,763 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ivixenoky._dl
[2009-08-13 12:33:07 | 00,014,199 | ---- | C] () -- C:\Program Files\Common Files\eraz.db
[2009-08-13 12:33:07 | 00,013,489 | ---- | C] () -- C:\WINDOWS\System32\uwirafozy.scr
[2009-08-13 12:33:07 | 00,012,744 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\ogurikac.exe
[2009-08-13 12:33:07 | 00,012,733 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\geruwyvo.lib
[2009-08-13 12:33:07 | 00,012,313 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\hytyn.reg
[2009-08-13 12:33:07 | 00,012,112 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\hebocides.lib
[2009-08-13 12:33:07 | 00,012,054 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\iwuratosi.db
[2009-08-13 12:33:07 | 00,012,023 | ---- | C] () -- C:\WINDOWS\osoky.dat
[2009-08-13 12:33:07 | 00,010,850 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\evefezosik.inf
[2009-08-13 12:33:07 | 00,010,697 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\bofyweqyr.vbs
[2009-08-13 12:33:07 | 00,010,152 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\pulyty.exe
[2009-08-13 12:26:40 | 00,000,029 | ---- | C] () -- C:\WINDOWS\rav.ini
[2009-08-13 12:22:04 | 00,000,132 | RHS- | C] () -- C:\rising.ini
[2009-08-13 12:22:03 | 00,000,000 | R--D | C] -- C:\RavBin
[2009-08-13 12:20:56 | 00,000,142 | ---- | C] () -- C:\WINDOWS\Ris.inf
[2009-08-13 12:20:46 | 00,000,000 | ---D | C] -- C:\Program Files\Rising
[2009-08-13 12:20:44 | 00,000,025 | ---- | C] () -- C:\WINDOWS\Ris.ini
[2009-08-13 12:20:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Rising
[2009-08-13 12:15:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
[2009-08-13 11:59:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\Ashampoo
[2009-08-13 09:36:25 | 00,019,406 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\dywymakyx.ban
[2009-08-13 09:36:25 | 00,019,314 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\vovoduri.ban
[2009-08-13 09:36:25 | 00,018,445 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\sywusumo.bin
[2009-08-13 09:36:25 | 00,018,254 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\xymeg.bin
[2009-08-13 09:36:25 | 00,018,116 | ---- | C] () -- C:\WINDOWS\yhodu.bin
[2009-08-13 09:36:25 | 00,016,897 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\xasezef.dat
[2009-08-13 09:36:25 | 00,016,421 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\qekuxisok.vbs
[2009-08-13 09:36:25 | 00,016,171 | ---- | C] () -- C:\WINDOWS\System32\abaloce.dl
[2009-08-13 09:36:25 | 00,015,921 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\upujulolo.vbs
[2009-08-13 09:36:25 | 00,015,705 | ---- | C] () -- C:\WINDOWS\System32\gyfetapury.db
[2009-08-13 09:36:25 | 00,015,279 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\qafocu.db
[2009-08-13 09:36:25 | 00,015,224 | ---- | C] () -- C:\WINDOWS\evypiqas.inf
[2009-08-13 09:36:25 | 00,014,033 | ---- | C] () -- C:\Program Files\Common Files\zupaqe.inf
[2009-08-13 09:36:25 | 00,013,970 | ---- | C] () -- C:\WINDOWS\hutisimofy.pif
[2009-08-13 09:36:25 | 00,013,306 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\oqazacus.sys
[2009-08-13 09:36:25 | 00,012,155 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\cyvocajiz.bin
[2009-08-13 09:36:25 | 00,011,976 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\ykari.exe
[2009-08-13 09:36:25 | 00,011,890 | ---- | C] () -- C:\WINDOWS\System32\gosezyvi.bat
[2009-08-13 09:36:25 | 00,011,752 | ---- | C] () -- C:\WINDOWS\System32\guges.com
[2009-08-13 09:36:25 | 00,010,082 | ---- | C] () -- C:\WINDOWS\nasewidi.ban
[2009-08-13 01:23:35 | 00,019,551 | ---- | C] () -- C:\Program Files\Common Files\ijohosiga._dl
[2009-08-13 01:23:35 | 00,018,066 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\ulahykybig.reg
[2009-08-13 01:23:35 | 00,016,646 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\jujiwaten.dll
[2009-08-13 01:23:35 | 00,015,709 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\parej._dl
[2009-08-13 01:23:35 | 00,015,466 | ---- | C] () -- C:\WINDOWS\otupova.scr
[2009-08-13 01:23:35 | 00,014,097 | ---- | C] () -- C:\WINDOWS\System32\ybuco.dl
[2009-08-13 01:23:35 | 00,013,775 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\fihidy._sy
[2009-08-13 01:23:35 | 00,013,116 | ---- | C] () -- C:\WINDOWS\ycoc.bin
[2009-08-13 01:23:35 | 00,012,751 | ---- | C] () -- C:\Program Files\Common Files\kenyvuhah.bat
[2009-08-13 01:23:35 | 00,012,723 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\wemo.lib
[2009-08-13 01:23:35 | 00,011,835 | ---- | C] () -- C:\WINDOWS\System32\yniz.lib
[2009-08-13 01:23:35 | 00,011,533 | ---- | C] () -- C:\WINDOWS\ozymulego.inf
[2009-08-13 01:23:35 | 00,011,401 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\rydasucuf._sy
[2009-08-13 01:23:35 | 00,010,967 | ---- | C] () -- C:\WINDOWS\System32\esiza.bin
[2009-08-13 01:23:35 | 00,010,719 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\barybafyl.ban
[2009-08-13 01:23:35 | 00,010,539 | ---- | C] () -- C:\WINDOWS\dafizad.bin
[2009-08-13 01:23:35 | 00,010,287 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\avacemat.dat
[2009-08-13 01:23:35 | 00,010,047 | ---- | C] () -- C:\WINDOWS\zyregu.bin
[2009-08-13 00:46:25 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Spyware Remover
[2009-08-13 00:28:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-08-12 22:01:34 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009-08-12 21:59:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\Help
[2009-08-12 21:59:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek Goły\Dane aplikacji\Help
[2009-08-12 21:55:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\AntiSpyInfo
[2009-08-12 21:49:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009-08-12 20:24:28 | 00,019,925 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\imiv.lib
[2009-08-12 20:24:28 | 00,019,298 | ---- | C] () -- C:\Program Files\Common Files\oqojetir.reg
[2009-08-12 20:24:28 | 00,018,958 | ---- | C] () -- C:\WINDOWS\ocexyhe.ban
[2009-08-12 20:24:28 | 00,018,639 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\fudy.scr
[2009-08-12 20:24:28 | 00,018,544 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\yzedezy.dl
[2009-08-12 20:24:28 | 00,017,642 | ---- | C] () -- C:\Program Files\Common Files\toraq.dl
[2009-08-12 20:24:28 | 00,016,512 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\uryb.inf
[2009-08-12 20:24:28 | 00,016,024 | ---- | C] () -- C:\WINDOWS\System32\ximupu.scr
[2009-08-12 20:24:28 | 00,015,921 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ipil.vbs
[2009-08-12 20:24:28 | 00,015,876 | ---- | C] () -- C:\WINDOWS\irugunofag.vbs
[2009-08-12 20:24:28 | 00,014,917 | ---- | C] () -- C:\Program Files\Common Files\ovyxyqy.lib
[2009-08-12 20:24:28 | 00,014,251 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\idibopa.pif
[2009-08-12 20:24:28 | 00,014,029 | ---- | C] () -- C:\WINDOWS\System32\ywycyzecal._sy
[2009-08-12 20:24:28 | 00,013,257 | ---- | C] () -- C:\WINDOWS\huwot._dl
[2009-08-12 20:24:28 | 00,013,218 | ---- | C] () -- C:\Program Files\Common Files\jywulyboj.dll
[2009-08-12 20:24:28 | 00,012,987 | ---- | C] () -- C:\WINDOWS\wyqykisum.dll
[2009-08-12 20:24:28 | 00,012,476 | ---- | C] () -- C:\WINDOWS\System32\bazan.bin
[2009-08-12 20:24:28 | 00,011,720 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ligusire.reg
[2009-08-12 20:24:28 | 00,010,243 | ---- | C] () -- C:\WINDOWS\ebolip.exe
[2009-08-12 20:19:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2009-08-12 20:07:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\avg8
[2009-08-12 18:52:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI
[2009-08-12 18:46:20 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009-08-12 18:46:16 | 00,007,167 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2009-08-12 18:46:13 | 00,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009-08-12 18:46:12 | 03,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009-08-12 18:46:10 | 03,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009-08-12 18:46:10 | 00,157,034 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009-08-12 18:45:52 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009-08-12 18:44:45 | 00,192,203 | ---- | C] () -- C:\WINDOWS\System32\wisdstr.exe
[2009-08-12 18:38:32 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009-08-12 18:27:02 | 00,010,240 | ---- | C] () -- C:\WINDOWS\braviax.exe
[2009-08-12 18:23:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009-08-12 18:21:25 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009-08-12 18:21:05 | 00,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009-08-12 18:21:05 | 00,080,384 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009-08-12 18:21:05 | 00,026,624 | ---- | C] (RICOH Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009-08-12 18:21:01 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009-08-12 18:21:01 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009-08-12 18:21:00 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009-08-12 18:20:45 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009-08-12 18:20:45 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009-08-12 18:20:39 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009-08-12 18:20:38 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009-08-12 18:20:37 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009-08-12 18:20:24 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009-08-12 18:20:18 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009-08-12 18:20:14 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009-08-12 18:20:04 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009-08-12 18:20:02 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009-08-12 18:20:01 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009-08-12 18:20:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009-08-12 18:20:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009-08-12 18:20:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009-08-12 18:20:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009-08-12 18:20:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009-08-12 18:20:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009-08-12 18:20:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009-08-12 18:20:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009-08-12 18:20:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009-08-12 18:20:00 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009-08-12 18:20:00 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009-08-12 18:20:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009-08-12 18:19:59 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009-08-12 18:19:59 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009-08-12 18:19:59 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009-08-12 18:19:59 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009-08-12 18:19:59 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009-08-12 18:19:59 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009-08-12 18:19:59 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009-08-12 18:19:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009-08-12 18:19:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009-08-12 18:19:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009-08-12 18:19:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009-08-12 18:19:58 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009-08-12 18:19:58 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009-08-12 18:19:58 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009-08-12 18:19:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009-08-12 18:19:57 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009-08-12 18:19:57 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009-08-12 18:19:57 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009-08-12 18:18:45 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009-08-12 18:18:41 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009-08-12 18:18:41 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009-08-12 18:18:41 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009-08-12 18:18:41 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009-08-12 18:18:41 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009-08-12 18:10:36 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009-08-12 18:10:36 | 00,102,826 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009-08-12 18:10:36 | 00,037,509 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009-08-12 18:10:36 | 00,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009-08-12 18:10:36 | 00,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009-08-12 18:10:36 | 00,013,497 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009-08-12 18:10:36 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009-08-12 18:10:36 | 00,008,599 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009-08-12 18:10:36 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009-08-12 18:10:36 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009-08-12 18:10:35 | 01,896,400 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009-08-12 18:10:35 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009-08-12 18:10:35 | 01,014,483 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009-08-12 18:10:35 | 00,808,524 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009-08-12 18:10:35 | 00,620,500 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009-08-12 18:10:35 | 00,399,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009-08-12 18:10:35 | 00,030,983 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009-08-09 09:15:07 | 00,001,780 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Pulpit\UEFA EURO 2008™.lnk
[2009-08-08 17:49:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek Goły\Moje dokumenty\UEFA EURO 2008
[2009-08-03 15:16:29 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009-08-02 21:36:12 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009-08-02 21:33:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009-08-02 21:29:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ConeXware
[2009-08-01 23:01:16 | 00,000,000 | ---D | C] -- C:\ATI
[2009-08-01 21:59:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek Goły\Moje dokumenty\2006 FIFA World Cup™
[2009-08-01 21:55:22 | 00,000,000 | ---D | C] -- C:\Program Files\EA SPORTS
[2009-08-01 21:53:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-08-01 21:53:17 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009-08-01 21:53:15 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009-08-01 21:49:08 | 00,721,904 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-08-01 21:49:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek Goły\Dane aplikacji\DAEMON Tools Lite
[2009-08-01 21:33:46 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Marek Goły\Pulpit\PowerISO.lnk
[2009-08-01 21:33:45 | 00,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2009-07-29 16:38:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009-07-29 10:33:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek Goły\Dane aplikacji\Moyea
[2009-07-27 14:31:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek Goły\Moje dokumenty\Downloads
[2009-07-27 14:23:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\Temp
[2009-07-27 14:23:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\Google
[2009-07-19 12:41:08 | 00,000,000 | ---D | C] -- C:\Program Files\SubEdit-Player
[2009-07-16 17:23:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009-07-15 20:34:36 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-07-09 18:51:25 | 00,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2009-07-04 20:07:53 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-07-02 22:29:13 | 00,000,135 | ---- | C] () -- C:\WINDOWS\ete40dem.ini
[2009-07-01 11:41:24 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-07-01 11:41:23 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-07-01 11:41:22 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-07-01 11:41:22 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-07-01 11:41:22 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-07-01 11:41:21 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-07-01 11:41:21 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-06-30 22:06:24 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2009-06-30 21:48:34 | 00,472,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd3.sys
[2009-06-30 21:48:34 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009-06-30 21:48:34 | 00,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009-06-30 21:48:34 | 00,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009-06-30 21:48:34 | 00,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009-06-30 21:39:53 | 00,011,604 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2009-06-30 21:37:45 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2009-06-30 21:37:45 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2009-06-30 21:29:03 | 00,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2009-06-30 21:29:03 | 00,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005-05-03 13:38:42 | 00,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2004-08-04 01:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004-08-04 00:15:10 | 00,619,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2004-07-17 12:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003-10-02 12:48:18 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002-04-11 03:41:06 | 00,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2001-07-22 03:16:20 | 00,000,497 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 03:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009-08-13 13:32:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marek Goły\Pulpit\OTL.exe
[2009-08-13 13:21:02 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Marek Goły\Pulpit\HiJackThis.exe
[2009-08-13 13:20:28 | 00,000,142 | ---- | M] () -- C:\WINDOWS\Ris.inf
[2009-08-13 13:20:09 | 00,000,025 | ---- | M] () -- C:\WINDOWS\Ris.ini
[2009-08-13 13:17:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-08-13 13:17:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-08-13 13:16:06 | 00,000,497 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-08-13 13:16:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-08-13 13:16:06 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009-08-13 12:42:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009-08-13 12:38:49 | 00,010,240 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2009-08-13 12:38:49 | 00,010,240 | ---- | M] () -- C:\WINDOWS\braviax.exe
[2009-08-13 12:33:07 | 00,019,552 | ---- | M] () -- C:\Program Files\Common Files\xejeri.sys
[2009-08-13 12:33:07 | 00,019,385 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\ebotajez.com
[2009-08-13 12:33:07 | 00,019,188 | ---- | M] () -- C:\Program Files\Common Files\xujigi.db
[2009-08-13 12:33:07 | 00,019,016 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\emekaz.exe
[2009-08-13 12:33:07 | 00,018,900 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\qygozy.db
[2009-08-13 12:33:07 | 00,017,540 | ---- | M] () -- C:\WINDOWS\xejulikury._dl
[2009-08-13 12:33:07 | 00,017,464 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\nuxok.dl
[2009-08-13 12:33:07 | 00,017,003 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\cinohuzis.bin
[2009-08-13 12:33:07 | 00,015,811 | ---- | M] () -- C:\WINDOWS\ixiwew.lib
[2009-08-13 12:33:07 | 00,015,738 | ---- | M] () -- C:\WINDOWS\System32\efewuticy.pif
[2009-08-13 12:33:07 | 00,015,148 | ---- | M] () -- C:\WINDOWS\banoripaze.bin
[2009-08-13 12:33:07 | 00,014,763 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\ivixenoky._dl
[2009-08-13 12:33:07 | 00,014,199 | ---- | M] () -- C:\Program Files\Common Files\eraz.db
[2009-08-13 12:33:07 | 00,013,489 | ---- | M] () -- C:\WINDOWS\System32\uwirafozy.scr
[2009-08-13 12:33:07 | 00,012,744 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\ogurikac.exe
[2009-08-13 12:33:07 | 00,012,733 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\geruwyvo.lib
[2009-08-13 12:33:07 | 00,012,313 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\hytyn.reg
[2009-08-13 12:33:07 | 00,012,112 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\hebocides.lib
[2009-08-13 12:33:07 | 00,012,054 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\iwuratosi.db
[2009-08-13 12:33:07 | 00,012,023 | ---- | M] () -- C:\WINDOWS\osoky.dat
[2009-08-13 12:33:07 | 00,010,850 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\evefezosik.inf
[2009-08-13 12:33:07 | 00,010,697 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\bofyweqyr.vbs
[2009-08-13 12:33:07 | 00,010,152 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\pulyty.exe
[2009-08-13 12:26:41 | 00,000,029 | ---- | M] () -- C:\WINDOWS\rav.ini
[2009-08-13 12:23:26 | 00,000,132 | RHS- | M] () -- C:\rising.ini
[2009-08-13 12:00:04 | 05,858,580 | -H-- | M] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-08-13 09:36:25 | 00,019,406 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\dywymakyx.ban
[2009-08-13 09:36:25 | 00,019,314 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\vovoduri.ban
[2009-08-13 09:36:25 | 00,018,445 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\sywusumo.bin
[2009-08-13 09:36:25 | 00,018,254 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\xymeg.bin
[2009-08-13 09:36:25 | 00,018,116 | ---- | M] () -- C:\WINDOWS\yhodu.bin
[2009-08-13 09:36:25 | 00,016,897 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\xasezef.dat
[2009-08-13 09:36:25 | 00,016,421 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\qekuxisok.vbs
[2009-08-13 09:36:25 | 00,016,171 | ---- | M] () -- C:\WINDOWS\System32\abaloce.dl
[2009-08-13 09:36:25 | 00,015,921 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\upujulolo.vbs
[2009-08-13 09:36:25 | 00,015,705 | ---- | M] () -- C:\WINDOWS\System32\gyfetapury.db
[2009-08-13 09:36:25 | 00,015,279 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\qafocu.db
[2009-08-13 09:36:25 | 00,015,224 | ---- | M] () -- C:\WINDOWS\evypiqas.inf
[2009-08-13 09:36:25 | 00,014,033 | ---- | M] () -- C:\Program Files\Common Files\zupaqe.inf
[2009-08-13 09:36:25 | 00,013,970 | ---- | M] () -- C:\WINDOWS\hutisimofy.pif
[2009-08-13 09:36:25 | 00,013,306 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\oqazacus.sys
[2009-08-13 09:36:25 | 00,012,155 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\cyvocajiz.bin
[2009-08-13 09:36:25 | 00,011,976 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\ykari.exe
[2009-08-13 09:36:25 | 00,011,890 | ---- | M] () -- C:\WINDOWS\System32\gosezyvi.bat
[2009-08-13 09:36:25 | 00,011,752 | ---- | M] () -- C:\WINDOWS\System32\guges.com
[2009-08-13 09:36:25 | 00,010,082 | ---- | M] () -- C:\WINDOWS\nasewidi.ban
[2009-08-13 01:23:35 | 00,019,551 | ---- | M] () -- C:\Program Files\Common Files\ijohosiga._dl
[2009-08-13 01:23:35 | 00,018,066 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\ulahykybig.reg
[2009-08-13 01:23:35 | 00,016,646 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\jujiwaten.dll
[2009-08-13 01:23:35 | 00,015,709 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\parej._dl
[2009-08-13 01:23:35 | 00,015,466 | ---- | M] () -- C:\WINDOWS\otupova.scr
[2009-08-13 01:23:35 | 00,014,097 | ---- | M] () -- C:\WINDOWS\System32\ybuco.dl
[2009-08-13 01:23:35 | 00,013,775 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\fihidy._sy
[2009-08-13 01:23:35 | 00,013,116 | ---- | M] () -- C:\WINDOWS\ycoc.bin
[2009-08-13 01:23:35 | 00,012,751 | ---- | M] () -- C:\Program Files\Common Files\kenyvuhah.bat
[2009-08-13 01:23:35 | 00,012,723 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\wemo.lib
[2009-08-13 01:23:35 | 00,011,835 | ---- | M] () -- C:\WINDOWS\System32\yniz.lib
[2009-08-13 01:23:35 | 00,011,533 | ---- | M] () -- C:\WINDOWS\ozymulego.inf
[2009-08-13 01:23:35 | 00,011,401 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\rydasucuf._sy
[2009-08-13 01:23:35 | 00,010,967 | ---- | M] () -- C:\WINDOWS\System32\esiza.bin
[2009-08-13 01:23:35 | 00,010,719 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Dane aplikacji\barybafyl.ban
[2009-08-13 01:23:35 | 00,010,539 | ---- | M] () -- C:\WINDOWS\dafizad.bin
[2009-08-13 01:23:35 | 00,010,287 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\avacemat.dat
[2009-08-13 01:23:35 | 00,010,047 | ---- | M] () -- C:\WINDOWS\zyregu.bin
[2009-08-12 22:03:34 | 00,191,488 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-12 20:24:28 | 00,019,925 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\imiv.lib
[2009-08-12 20:24:28 | 00,019,298 | ---- | M] () -- C:\Program Files\Common Files\oqojetir.reg
[2009-08-12 20:24:28 | 00,018,958 | ---- | M] () -- C:\WINDOWS\ocexyhe.ban
[2009-08-12 20:24:28 | 00,018,639 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\fudy.scr
[2009-08-12 20:24:28 | 00,018,544 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\yzedezy.dl
[2009-08-12 20:24:28 | 00,017,642 | ---- | M] () -- C:\Program Files\Common Files\toraq.dl
[2009-08-12 20:24:28 | 00,016,512 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\uryb.inf
[2009-08-12 20:24:28 | 00,016,024 | ---- | M] () -- C:\WINDOWS\System32\ximupu.scr
[2009-08-12 20:24:28 | 00,015,921 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\ipil.vbs
[2009-08-12 20:24:28 | 00,015,876 | ---- | M] () -- C:\WINDOWS\irugunofag.vbs
[2009-08-12 20:24:28 | 00,014,917 | ---- | M] () -- C:\Program Files\Common Files\ovyxyqy.lib
[2009-08-12 20:24:28 | 00,014,251 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\idibopa.pif
[2009-08-12 20:24:28 | 00,014,029 | ---- | M] () -- C:\WINDOWS\System32\ywycyzecal._sy
[2009-08-12 20:24:28 | 00,013,257 | ---- | M] () -- C:\WINDOWS\huwot._dl
[2009-08-12 20:24:28 | 00,013,218 | ---- | M] () -- C:\Program Files\Common Files\jywulyboj.dll
[2009-08-12 20:24:28 | 00,012,987 | ---- | M] () -- C:\WINDOWS\wyqykisum.dll
[2009-08-12 20:24:28 | 00,012,476 | ---- | M] () -- C:\WINDOWS\System32\bazan.bin
[2009-08-12 20:24:28 | 00,011,720 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\ligusire.reg
[2009-08-12 20:24:28 | 00,010,243 | ---- | M] () -- C:\WINDOWS\ebolip.exe
[2009-08-12 20:10:24 | 00,984,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-08-12 20:10:24 | 00,448,348 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-08-12 20:10:24 | 00,392,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-08-12 20:10:24 | 00,074,450 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-08-12 20:10:24 | 00,058,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-08-12 18:52:55 | 00,017,464 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2009-08-12 18:46:20 | 00,192,203 | ---- | M] () -- C:\WINDOWS\System32\wisdstr.exe
[2009-08-12 18:38:34 | 00,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009-08-12 18:24:43 | 00,619,200 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2009-08-12 18:24:42 | 00,619,200 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2009-08-12 18:23:00 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-08-12 18:22:45 | 00,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-08-12 18:21:38 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009-08-12 18:19:24 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009-08-12 18:19:23 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009-08-12 18:19:23 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009-08-12 18:19:15 | 00,004,293 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009-08-12 18:18:45 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009-08-12 18:18:45 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009-08-12 18:18:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009-08-12 18:18:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009-08-12 18:18:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009-08-12 18:18:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009-08-12 18:18:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009-08-12 18:18:41 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009-08-12 18:18:00 | 00,023,016 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-08-12 18:13:27 | 00,000,584 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009-08-12 18:13:27 | 00,000,584 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009-08-10 17:50:35 | 00,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
[2009-08-08 17:48:05 | 00,001,780 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Pulpit\UEFA EURO 2008™.lnk
[2009-08-08 17:26:53 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-08-01 21:51:14 | 00,721,904 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-08-01 21:33:46 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Marek Goły\Pulpit\PowerISO.lnk
[2009-07-16 16:49:21 | 00,000,421 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[color=#E56717]========== LOP Check ==========[/color]

[2009-06-30 22:27:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji
[2009-08-13 12:33:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji
[2009-08-13 00:57:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AntiSpyInfo
[2009-08-12 18:52:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI
[2009-08-02 21:29:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ConeXware
[2009-08-01 21:53:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-07-01 10:45:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESTsoft
[2009-08-13 12:15:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft
[2009-08-13 12:21:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Rising
[2009-08-13 00:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-06-30 22:27:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji
[2009-06-30 21:07:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji
[2009-08-13 12:33:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Marek Goły\Dane aplikacji
[2009-06-30 21:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marek Goły\Dane aplikacji\ATI
[2009-07-01 11:48:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marek Goły\Dane aplikacji\Broad Intelligence
[2009-08-01 21:54:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marek Goły\Dane aplikacji\DAEMON Tools Lite
[2009-07-01 10:45:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marek Goły\Dane aplikacji\ESTsoft
[2009-07-01 10:41:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marek Goły\Dane aplikacji\Gadu-Gadu
[2009-07-29 10:33:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marek Goły\Dane aplikacji\Moyea
[2009-08-13 09:53:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marek Goły\Dane aplikacji\uTorrent
[2009-06-30 21:07:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji
[2009-07-16 17:23:41 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Sylwia\Dane aplikacji
[2009-07-04 10:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sylwia\Dane aplikacji\ESTsoft
[2009-07-02 18:11:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sylwia\Dane aplikacji\Gadu-Gadu
[2009-08-12 20:09:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Sylwia\Dane aplikacji\uTorrent
[2001-07-22 03:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009-08-13 13:17:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
< End of report >


[wojtas]

zastosuj combofixa ;P

[RufuS*]

Przeskanować i to wszystko?

[MichuPower]

Przeskanować i to wszystko?

Przeskanuj i podaj log

[RufuS*]

Z tego co wyczytałem to nie jest to bezpieczne narzędzie. Swoista droga na skróty, która usuwa nawet to, co dobre. Po co TO skoro i tak nakazuje się go używać.

Generalnie nie znam się na analizie logów, tyle co samemu można znaleźć w Google na temat różnych trojanów/wirusów. Znalazłem info o braviax.exe, ale podejrzewam, że to nie wszystko. Dlatego tu napisałem. Liczyłem, że ludzie tutaj znają się na rzeczy... czyżbym się pomylił?

Log z CF, bo kumpel już go zrobił, zanim zdążyłem mu to odradzić... no offence guys

Kod: Zaznacz wszystko

ComboFix 09-08-10.06 - Marek Goły 2009-08-13 14:35.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.48.1045.18.2046.1686 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Marek Goły\Pulpit\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\braviax.exe
c:\windows\system32\braviax.exe
c:\windows\system32\Data
c:\windows\system32\wisdstr.exe

Zainfekowana kopia c:\windows\system32\drivers\ntfs.sys została znaleziona. Problem naprawiono
Plik odzyskano z - c:\system volume information\_restore{4A3B0CA2-5BFB-46B5-BE18-230AFEFD608C}\RP1\A0000004.sys

Zainfekowana kopia c:\windows\system32\drivers\beep.sys została znaleziona. Problem naprawiono
Plik odzyskano z - c:\system volume information\_restore{4A3B0CA2-5BFB-46B5-BE18-230AFEFD608C}\RP1\A0000002.sys

.
(((((((((((((((((((((((((   Pliki utworzone od 2009-07-13 do 2009-08-13  )))))))))))))))))))))))))))))))
.

2009-08-13 10:15 . 2009-08-13 10:15   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Grisoft
2009-08-13 07:36 . 2009-08-13 07:36   18116   ----a-w-   c:\windows\yhodu.bin
2009-08-13 07:36 . 2009-08-13 07:36   13970   ----a-w-   c:\windows\hutisimofy.pif
2009-08-13 07:36 . 2009-08-13 07:36   11890   ----a-w-   c:\windows\system32\gosezyvi.bat
2009-08-13 07:36 . 2009-08-13 07:36   11752   ----a-w-   c:\windows\system32\guges.com
2009-08-12 23:23 . 2009-08-12 23:23   16646   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\jujiwaten.dll
2009-08-12 23:23 . 2009-08-12 23:23   15466   ----a-w-   c:\windows\otupova.scr
2009-08-12 23:23 . 2009-08-12 23:23   13116   ----a-w-   c:\windows\ycoc.bin
2009-08-12 23:23 . 2009-08-12 23:23   12751   ----a-w-   c:\program files\Common Files\kenyvuhah.bat
2009-08-12 23:23 . 2009-08-12 23:23   10967   ----a-w-   c:\windows\system32\esiza.bin
2009-08-12 23:23 . 2009-08-12 23:23   10539   ----a-w-   c:\windows\dafizad.bin
2009-08-12 23:23 . 2009-08-12 23:23   10047   ----a-w-   c:\windows\zyregu.bin
2009-08-12 22:46 . 2009-08-12 22:50   --------   d-----w-   c:\program files\Advanced Spyware Remover
2009-08-12 22:28 . 2009-08-12 22:36   --------   d---a-w-   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-08-12 19:49 . 2009-08-12 19:54   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-08-12 18:24 . 2009-08-12 18:24   19298   ----a-w-   c:\program files\Common Files\oqojetir.reg
2009-08-12 18:24 . 2009-08-12 18:24   16024   ----a-w-   c:\windows\system32\ximupu.scr
2009-08-12 18:24 . 2009-08-12 18:24   15876   ----a-w-   c:\windows\irugunofag.vbs
2009-08-12 18:24 . 2009-08-12 18:24   14251   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\idibopa.pif
2009-08-12 18:24 . 2009-08-12 18:24   13218   ----a-w-   c:\program files\Common Files\jywulyboj.dll
2009-08-12 18:24 . 2009-08-12 18:24   12987   ----a-w-   c:\windows\wyqykisum.dll
2009-08-12 18:24 . 2009-08-12 18:24   12476   ----a-w-   c:\windows\system32\bazan.bin
2009-08-12 18:24 . 2009-08-12 18:24   10243   ----a-w-   c:\windows\ebolip.exe
2009-08-12 18:19 . 2009-08-12 19:54   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-08-12 18:07 . 2009-08-13 10:09   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\avg8
2009-08-12 16:52 . 2009-08-12 16:52   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\ATI
2009-08-12 16:46 . 2007-10-16 19:05   593920   ------w-   c:\windows\system32\ati2sgag.exe
2009-08-12 16:46 . 2007-10-16 13:56   307200   ----a-r-   c:\windows\system32\atiiiexx.dll
2009-08-12 16:46 . 2007-10-16 14:05   364544   ----a-r-   c:\windows\system32\ATIDEMGX.dll
2009-08-12 16:46 . 2007-10-16 13:33   887724   ----a-r-   c:\windows\system32\ativva6x.dat
2009-08-12 16:46 . 2007-10-16 13:33   3107788   ----a-r-   c:\windows\system32\ativva5x.dat
2009-08-12 16:46 . 2007-10-16 13:33   3107788   ----a-r-   c:\windows\system32\ativvaxx.dat
2009-08-12 16:46 . 2007-09-14 01:03   157034   ----a-r-   c:\windows\system32\atiicdxx.dat
2009-08-12 16:45 . 2009-08-12 16:50   --------   d-----w-   c:\program files\ATI Technologies
2009-08-12 16:20 . 2004-08-03 21:31   15360   -c--a-w-   c:\windows\system32\dllcache\padrs804.dll
2009-08-12 16:19 . 2001-10-26 20:29   45568   -c--a-w-   c:\windows\system32\dllcache\browscap.dll
2009-08-12 16:10 . 2001-10-26 20:29   24661   -c--a-w-   c:\windows\system32\dllcache\spxcoins.dll
2009-08-12 16:10 . 2001-10-26 20:29   24661   ----a-w-   c:\windows\system32\spxcoins.dll
2009-08-12 16:10 . 2001-10-26 20:29   13312   -c--a-w-   c:\windows\system32\dllcache\irclass.dll
2009-08-12 16:10 . 2001-10-26 20:29   13312   ----a-w-   c:\windows\system32\irclass.dll
2009-08-03 13:16 . 2009-08-13 07:53   --------   d-----w-   c:\program files\Ashampoo
2009-08-02 19:36 . 2009-08-02 19:39   --------   d-----w-   c:\program files\7-Zip
2009-08-02 19:29 . 2009-08-02 19:29   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\ConeXware
2009-08-01 21:01 . 2009-08-01 21:02   --------   d-----w-   C:\ATI
2009-08-01 19:55 . 2009-08-08 15:39   --------   d-----w-   c:\program files\EA SPORTS
2009-08-01 19:53 . 2009-08-01 19:53   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-08-01 19:53 . 2009-08-01 19:53   --------   d-----w-   c:\program files\DAEMON Tools Toolbar
2009-08-01 19:53 . 2009-08-01 20:48   --------   d-----w-   c:\program files\DAEMON Tools Lite
2009-08-01 19:49 . 2009-08-01 19:51   721904   ----a-w-   c:\windows\system32\drivers\sptd.sys
2009-08-01 19:33 . 2009-08-01 19:33   --------   d-----w-   c:\program files\PowerISO
2009-08-01 13:42 . 2009-08-01 13:44   --------   d-----w-   c:\documents and settings\Sylwia\Ustawienia lokalne\Dane aplikacji\Adobe
2009-07-19 10:41 . 2009-08-12 23:02   --------   d-----w-   c:\program files\SubEdit-Player
2009-07-16 15:23 . 2009-07-16 15:23   --------   d-----w-   c:\windows\Sun

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 12:29 . 2009-08-13 10:20   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Rising
2009-08-13 10:33 . 2009-08-13 10:33   19552   ----a-w-   c:\program files\Common Files\xejeri.sys
2009-08-13 10:33 . 2009-08-13 10:33   19188   ----a-w-   c:\program files\Common Files\xujigi.db
2009-08-13 10:33 . 2009-08-13 10:33   15738   ----a-w-   c:\windows\system32\efewuticy.pif
2009-08-13 10:33 . 2009-08-13 10:33   15148   ----a-w-   c:\windows\banoripaze.bin
2009-08-13 10:33 . 2009-08-13 10:33   14199   ----a-w-   c:\program files\Common Files\eraz.db
2009-08-13 10:33 . 2009-08-13 10:33   13489   ----a-w-   c:\windows\system32\uwirafozy.scr
2009-08-13 10:33 . 2009-08-13 10:33   12023   ----a-w-   c:\windows\osoky.dat
2009-08-13 10:20 . 2009-08-13 10:20   --------   d-----w-   c:\program files\Rising
2009-08-13 10:19 . 2009-08-13 10:21   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2009-08-13 10:19 . 2009-08-13 10:21   1060864   ----a-w-   c:\windows\system32\mfc71.dll
2009-08-13 07:36 . 2009-08-13 07:36   16897   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\xasezef.dat
2009-08-13 07:36 . 2009-08-13 07:36   16421   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\qekuxisok.vbs
2009-08-13 07:36 . 2009-08-13 07:36   14033   ----a-w-   c:\program files\Common Files\zupaqe.inf
2009-08-13 07:36 . 2009-08-13 07:36   12155   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\cyvocajiz.bin
2009-08-12 23:23 . 2009-08-12 23:23   19551   ----a-w-   c:\program files\Common Files\ijohosiga._dl
2009-08-12 22:57 . 2009-08-12 19:55   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\AntiSpyInfo
2009-08-12 18:24 . 2009-08-12 18:24   17642   ----a-w-   c:\program files\Common Files\toraq.dl
2009-08-12 18:24 . 2009-08-12 18:24   15921   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\ipil.vbs
2009-08-12 18:24 . 2009-08-12 18:24   14917   ----a-w-   c:\program files\Common Files\ovyxyqy.lib
2009-08-12 18:24 . 2009-08-12 18:24   11720   ----a-w-   c:\documents and settings\All Users\Dane aplikacji\ligusire.reg
2009-08-12 18:10 . 2001-10-26 19:15   74450   ----a-w-   c:\windows\system32\perfc015.dat
2009-08-12 18:10 . 2001-10-26 19:15   448348   ----a-w-   c:\windows\system32\perfh015.dat
2009-08-12 18:09 . 2009-07-12 10:10   --------   d-----w-   c:\documents and settings\Sylwia\Dane aplikacji\uTorrent
2009-08-12 16:18 . 2009-06-30 19:02   23016   ----a-w-   c:\windows\system32\emptyregdb.dat
2009-08-10 15:50 . 2009-06-30 19:37   1080   ----a-w-   c:\windows\AUTOLNCH.REG
2009-07-13 21:44 . 2009-07-01 09:39   --------   d-----w-   c:\program files\NAPI-PROJEKT
2009-07-09 19:07 . 2009-07-09 19:07   --------   d-----w-   c:\program files\Rockstar Games
2009-07-09 19:07 . 2009-06-30 19:14   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-07-09 16:58 . 2009-07-09 16:51   --------   d-----w-   c:\program files\Return to Castle Wolfenstein
2009-07-08 11:56 . 2009-07-05 16:26   --------   d-----w-   c:\documents and settings\Sylwia\Dane aplikacji\Winamp
2009-07-04 18:06 . 2009-07-04 18:06   --------   d-----w-   c:\program files\Microsoft.NET
2009-07-04 08:54 . 2009-07-04 08:54   --------   d-----w-   c:\documents and settings\Sylwia\Dane aplikacji\DivX
2009-07-04 08:54 . 2009-07-04 08:54   --------   d-----w-   c:\documents and settings\Sylwia\Dane aplikacji\ESTsoft
2009-07-03 09:59 . 2009-07-03 09:59   --------   d-----w-   c:\program files\Common Files\Nero
2009-07-03 09:58 . 2009-07-03 09:57   --------   d-----w-   c:\program files\Ahead
2009-07-03 09:57 . 2009-07-03 09:57   --------   d-----w-   c:\program files\Common Files\Ahead
2009-07-02 16:11 . 2009-07-02 16:11   --------   d-----w-   c:\documents and settings\Sylwia\Dane aplikacji\Gadu-Gadu
2009-07-01 19:25 . 2009-06-30 19:04   86327   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-01 09:48 . 2009-07-01 09:48   --------   d-----w-   c:\program files\MediaCoder
2009-07-01 09:42 . 2009-07-01 09:42   --------   d-----w-   c:\program files\MarBit
2009-07-01 09:41 . 2009-07-01 09:41   --------   d-----w-   c:\program files\K-Lite Codec Pack
2009-07-01 09:12 . 2009-07-01 09:12   --------   d-----w-   c:\program files\uTorrent
2009-07-01 08:55 . 2009-07-01 08:55   --------   d-----w-   c:\program files\Java
2009-07-01 08:55 . 2009-07-01 08:55   --------   d-----w-   c:\program files\Common Files\Java
2009-07-01 08:54 . 2009-07-01 08:54   --------   d-----w-   c:\program files\Lavalys
2009-07-01 08:45 . 2009-07-01 08:45   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\ESTsoft
2009-07-01 08:44 . 2009-07-01 08:44   --------   d-----w-   c:\program files\ESTsoft
2009-07-01 08:43 . 2009-07-01 08:43   --------   d-----w-   c:\program files\Common Files\Adobe
2009-07-01 08:34 . 2009-07-01 08:34   --------   d-----w-   c:\program files\Gadu-Gadu
2009-07-01 08:31 . 2009-07-01 08:31   0   ----a-w-   c:\windows\nsreg.dat
2009-07-01 08:27 . 2009-07-01 08:24   --------   d-----w-   c:\program files\Winamp
2009-06-30 20:29 . 2009-06-30 20:29   --------   d-----w-   c:\program files\AVG
2009-06-30 20:06 . 2009-06-30 20:06   --------   d-----w-   c:\program files\Thomson
2009-06-30 19:48 . 2009-06-30 19:48   --------   d-----w-   c:\program files\Common Files\snpstd3
2009-06-30 19:48 . 2009-06-30 19:48   --------   d-----w-   c:\program files\camtool
2009-06-30 19:42 . 2009-06-30 19:37   --------   d-----w-   c:\program files\Hewlett-Packard
2009-06-30 19:42 . 2009-06-30 19:42   --------   d-----w-   c:\program files\HP
2009-06-30 19:35 . 2009-06-30 19:35   --------   d-----w-   c:\program files\Multimedia Card Reader
2009-06-30 19:35 . 2009-06-30 19:15   --------   d-----w-   c:\program files\Common Files\InstallShield
2009-06-30 19:31 . 2009-06-30 19:31   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Creative
2009-06-30 19:29 . 2009-06-30 19:29   --------   d-----w-   c:\program files\Creative
2009-06-30 19:14 . 2009-06-30 19:14   --------   d-----w-   c:\program files\Realtek
2009-06-30 19:14 . 2009-06-30 19:14   --------   d-----w-   c:\program files\Intel
2009-06-30 19:05 . 2009-06-30 19:05   --------   d-----w-   c:\program files\microsoft frontpage
2009-06-30 19:04 . 2009-06-30 19:04   --------   d-----w-   c:\program files\Usługi online
2009-06-02 16:11 . 2009-07-01 09:41   85504   ----a-w-   c:\windows\system32\ff_vfw.dll
2009-05-29 21:37 . 2009-07-01 09:41   205824   ----a-w-   c:\windows\system32\xvidvfw.dll
2009-05-29 21:31 . 2009-07-01 09:41   881664   ----a-w-   c:\windows\system32\xvidcore.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\Marek Goˆy\Menu Start\Programy\Autostart\
ikowin32.exe [2004-8-4 24064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^camtool.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\camtool.lnk
backup=c:\windows\pss\camtool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Marek Goły^Menu Start^Programy^Autostart^ikowin32.exe]
path=c:\documents and settings\Marek Goły\Menu Start\Programy\Autostart\ikowin32.exe
backup=c:\windows\pss\ikowin32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2009-06-30 21048]
S3 ALLOW-IO;ALLOW-IO;\??\i:\allow-io.sys --> i:\ALLOW-IO.sys [?]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D0D0E946-D3B0-4FE6-8A11-BF8B6921F678} = 194.204.159.1
FF - ProfilePath - c:\documents and settings\Marek Goły\Dane aplikacji\Mozilla\Firefox\Profiles\z003mosg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 14:39
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-08-13 14:40 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2009-08-13 12:40

Przed: 35 918 278 656 bajtów wolnych
Po: 35 909 480 448 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
275


[wojtas]

Otworz notatnik i wklej w nim to:

File::
c:\windows\yhodu.bin
c:\windows\hutisimofy.pif
c:\windows\system32\gosezyvi.bat
c:\windows\system32\guges.com
c:\documents and settings\All Users\Dane aplikacji\jujiwaten.dll
c:\windows\otupova.scr
c:\windows\ycoc.bin
c:\program files\Common Files\kenyvuhah.bat
c:\windows\system32\esiza.bin
c:\windows\dafizad.bin
c:\windows\zyregu.bin
c:\program files\Common Files\oqojetir.reg
c:\windows\system32\ximupu.scr
c:\windows\irugunofag.vbs
c:\documents and settings\All Users\Dane aplikacji\idibopa.pif
c:\program files\Common Files\jywulyboj.dll
c:\windows\wyqykisum.dll
c:\windows\system32\bazan.bin
c:\windows\ebolip.exe
c:\program files\Common Files\xejeri.sys
c:\program files\Common Files\xujigi.db
c:\windows\system32\efewuticy.pif
c:\windows\banoripaze.bin
c:\program files\Common Files\eraz.db
c:\windows\system32\uwirafozy.scr
c:\windows\osoky.dat
c:\documents and settings\All Users\Dane aplikacji\xasezef.dat
c:\documents and settings\All Users\Dane aplikacji\qekuxisok.vbs
c:\program files\Common
c:\documents and settings\All Users\Dane aplikacji\cyvocajiz.bin
c:\program files\Common Files\ijohosiga._dl
c:\program files\Common Files\toraq.dl
c:\documents and settings\All Users\Dane aplikacji\ipil.vbs
c:\program files\Common Files\ovyxyqy.lib
c:\documents and settings\All Users\Dane aplikacji\ligusire.reg
c:\documents and settings\Marek Goˆy\Menu Start\Programy\Autostart\ikowin32.exe

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->