Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32.delf.rtk (as reported by TeaTimer) [Solved]

Started by vanmash , Apr 06 2009 05:54 PM

  • This topic is locked This topic is locked

#1
vanmash
Posted 06 April 2009 - 05:54 PM

vanmash

    Member

  • Member
  • PipPip
  • 27 posts
Hello,

I think I might have win32.delf.rtk on my Windows XP. Below I will post HijackThis report.
Please take a look and direct me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:53:12, on 2009-04-07
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\downloads\tools\procexp.exe
c:\downloads\tools\Tcpview.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=C:\WINDOWS\explorer.exe,
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Startup: Wuala.lnk = C:\Documents and Settings\Maciek\Dane aplikacji\Wuala\Roaming\Wuala.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: Ustawienia wtyczki &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://mks.com.pl
O15 - Trusted Zone: http://www.mks.com.pl
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/sk...kanerOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.p...kanerOnline.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujit...api/activex.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 7392 bytes
  • 0

Advertisements

#2
andrewuk
Posted 10 April 2009 - 01:10 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hello vanmash

welcome to geekstogo :) and sorry to keep you waiting.

Please go to this page here and start at Step Five: Rootkit Detection and post the Rooter.exe log and OTListIT logs here in reply.

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#3
vanmash
Posted 11 April 2009 - 01:33 AM

vanmash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello andrewuk,

thank you for your reply. However I am afraid I am cut off from the network - all my network adapters has exclamation mark. I suppose ndis.sys is the issue.
I tried to resolve it (in safe mode) with

copy "C:\WINDOWS\ServicePackFiles\i386\ndis.sys" "C:\WINDOWS\system32\drivers\ndis.sys"

but all I've got was bluescreen.

EDIT: I deleted C:\WINDOWS\system32\drivers\ndis.sys to break loop of reboot-bdod-reboot.
Now I in normal mode still with no network.

How to solve this problem?

best,
vanmash

Edited by vanmash, 12 April 2009 - 09:02 AM.

  • 0

#4
andrewuk
Posted 11 April 2009 - 08:06 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
are you able to download programs from another machine and transfer them to the infected machine via a cd or memory stick?
  • 0

#5
vanmash
Posted 11 April 2009 - 08:21 AM

vanmash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Yes, I am. What should I get?
  • 0

#6
andrewuk
Posted 11 April 2009 - 11:33 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
firstly, lets protect the transfer medium you are using:

on your good machine, download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.



and then, from this page here download onto the cd or flashdrive:

Rooter.exe
OTListIt2

transfer them to the desktop of the infected machine and run them, following the instructions on that page.

then post the logs (they are text logs) here for analysis.

andrewuk
  • 0

#7
vanmash
Posted 11 April 2009 - 02:00 PM

vanmash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I have the logs on my pendrive. Is it safe to connect the pendrive to my good machine?
I did Flash_Disinfector.exe part.

Please advise.
  • 0

#8
andrewuk
Posted 11 April 2009 - 04:30 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
yes, the Flash_Disinfector.exe will prevent any bad files, if there are any, on the flash drive being uploaded onto the good machine.

just be sure to only transfer the text files.

andrewuk
  • 0

#9
vanmash
Posted 11 April 2009 - 09:44 PM

vanmash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here there are the logs:


Microsoft Windows XP Professional (5.1.2600) Dodatek Service Pack 3

C:\ [Fixed] - NTFS - (Total:38154 Mo/Free:71 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:1908 Mo/Free:1907 Mo)
G:\ [Fixed] - FAT32 - (Total:152588 Mo/Free:2578 Mo)

2009-04-11|21:54

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\SCardSvr.exe
---------- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\ThreatFire\TFService.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\LTSMMSG.exe
---------- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
---------- C:\Program Files\Apoint2K\Apoint.exe
---------- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
---------- C:\Program Files\ThreatFire\TFTray.exe
---------- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
---------- C:\Program Files\TrueCrypt\TrueCrypt.exe
---------- C:\Program Files\Apoint2K\Apntex.exe
---------- C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe
---------- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
---------- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
---------- C:\unrealcmd\Uncom.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - 2009-04-11|21:54

----------------------\\ Scan completed at 21:54




OTListIt logfile created on: 2009-04-11 21:58:07 - Run 4
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Documents and Settings\Maciek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

990,98 Mb Total Physical Memory | 203,98 Mb Available Physical Memory | 20,58% Memory free
1,58 Gb Paging File | 0,93 Gb Available in Paging File | 58,94% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 20,07 Gb Free Space | 53,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1,86 Gb Total Space | 1,86 Gb Free Space | 99,96% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 149,01 Gb Total Space | 14,52 Gb Free Space | 9,74% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EM
Current User Name: Maciek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ThreatFire\TFService.exe (PC Tools)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)
PRC - C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
PRC - C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
PRC - C:\Program Files\Apoint2K\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE (D-Link)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Documents and Settings\Maciek\Pulpit\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Disabled | Stopped]) -- C:\WINDOWS\System32\Ati2evxx.exe ()
SRV - (CCALib8 [Auto | Stopped]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (gupdate [Disabled | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Disabled | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [On_Demand | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [Disabled | Stopped]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (Irmon [Disabled | Stopped]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Disabled | Stopped]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Net Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ThreatFire [Auto | Running]) -- C:\Program Files\ThreatFire\TFService.exe (PC Tools)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aliadwdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ac97ali.sys (Acer Laboratories Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ALiIRDA [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\alifir.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCSWAP [Disabled | Stopped]) -- C:\WINDOWS\System32\drivers\bcswap.sys (Jetico, Inc.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (WIDCOMM, Inc.)
DRV - (caboagp [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\atisgkaf.sys (ATI Technologies Inc.)
DRV - (eamon [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ehdrv.sys (ESET)
DRV - (epfwtdir [System | Stopped]) -- C:\WINDOWS\system32\DRIVERS\epfwtdir.sys (ESET)
DRV - (FlashDrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\FlashDrv.sys (FUJITSU LIMITED)
DRV - (FscBapi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\FscBapi.sys (Fujitsu Siemens Computers)
DRV - (FscCmos [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\FscCmos.sys (Fujitsu Siemens Computers)
DRV - (FscCpuid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\FscCpuid.sys (Fujitsu Siemens Computers)
DRV - (FscEfDmi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\FscEfDmi.sys (Fujitsu Siemens Computers)
DRV - (FscGabi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\FscGabi.sys (Fujitsu Siemens Computers)
DRV - (FscTime [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\FscTime.sys (Fujitsu Siemens Computers)
DRV - (FUJ02B1 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys (FUJITSU LIMITED)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (LBeepKE [Auto | Running]) -- C:\WINDOWS\System32\Drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (LHidFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LMouFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LucentSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\LTSM.sys (Lucent Technologies)
DRV - (msloop [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\loop.sys (Microsoft Corporation)
DRV - (nm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\NPF.sys (CACE Technologies)
DRV - (odysseyIM3 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys (Funk Software, Inc.)
DRV - (OemF0211 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\OemF0211.sys (Fujitsu Siemens Computers)
DRV - (PCANDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (STAC97 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (TfFsMon [Boot | Running]) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfSysMon [Boot | Running]) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TNET1130 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\GPlus.sys ()
DRV - (truecrypt [System | Running]) -- C:\WINDOWS\System32\drivers\truecrypt.sys (TrueCrypt Foundation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "delicious"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.order.3: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.126
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.2
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: {A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}:0.9.9
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.14
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.20080402
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-03-30 07:55:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-03-30 07:55:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD

[2008-06-22 17:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Extensions
[2008-06-22 17:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-04-09 02:55:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions
[2008-06-06 01:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{049952B3-A745-43bd-8D26-D1349B1ED944}
[2009-03-07 08:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}
[2009-03-28 09:28:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2008-05-22 14:44:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2009-04-04 19:21:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009-01-09 23:52:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2008-05-17 10:31:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}
[2009-02-24 21:02:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009-02-03 23:26:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2009-01-11 01:59:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-02-05 07:39:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009-01-03 17:05:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009-03-28 09:28:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009-02-24 21:02:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008-10-25 03:28:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2008-12-09 00:39:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\[email protected]
[2008-04-28 18:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\[email protected]
[2008-12-13 21:51:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\[email protected]
[2008-06-22 22:52:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\[email protected]
[2008-12-11 15:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Maciek\Dane aplikacji\mozilla\Firefox\Profiles\7ux099sx.default\extensions\[email protected]
[2009-03-17 23:56:06 | 00,000,853 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\FireFox\Profiles\7ux099sx.default\searchplugins\del.icio.us.xml
[2008-07-28 19:28:23 | 00,000,836 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\FireFox\Profiles\7ux099sx.default\searchplugins\delicious.xml
[2009-04-09 16:38:45 | 00,001,633 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\FireFox\Profiles\7ux099sx.default\searchplugins\dict-eng-pol.xml
[2009-04-09 02:55:48 | 00,002,125 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\FireFox\Profiles\7ux099sx.default\searchplugins\flickr-tags.xml
[2008-06-22 14:40:34 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\FireFox\Profiles\7ux099sx.default\searchplugins\IMDB.xml
[2009-04-09 02:55:48 | 00,005,216 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\FireFox\Profiles\7ux099sx.default\searchplugins\linkedin.xml
[2008-05-28 18:04:08 | 00,001,071 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\FireFox\Profiles\7ux099sx.default\searchplugins\lonelyplanet.xml
[2009-04-09 02:55:48 | 00,001,414 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\FireFox\Profiles\7ux099sx.default\searchplugins\osiolek.xml
[2009-04-09 02:55:49 | 00,001,835 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\FireFox\Profiles\7ux099sx.default\searchplugins\weather.xml
[2008-06-22 14:40:34 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla\FireFox\Profiles\7ux099sx.default\searchplugins\wikipedia.xml
[2009-04-09 02:55:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-03-30 07:55:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008-08-15 16:15:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009-01-06 23:36:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009-04-01 07:30:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009-03-30 07:55:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-03-30 07:55:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008-10-01 19:42:52 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008-10-01 19:42:52 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008-10-01 19:42:52 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008-11-15 11:38:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008-10-01 19:42:52 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008-10-01 19:42:52 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008-10-01 19:42:52 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (618550 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 irc.zief.pl
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 16470 more lines...
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [LTSMMSG] LTSMMSG.exe (Lucent Technologies)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites (TrueCrypt Foundation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\AutorunsDisabled [2007-11-03 23:42:40 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE (D-Link)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Ustawienia wtyczki &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 127.0.0.1 ([]http in Zaufane witryny)
O15 - HKCU\..Trusted Domains: com.pl ([mks] http in Zaufane witryny)
O15 - HKCU\..Trusted Domains: com.pl ([www.mks] http in Zaufane witryny)
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.micr...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.micros...386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} http://mks.com.pl/sk...kanerOnline.cab (MainControl Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.p...kanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} http://support.fujit...api/activex.cab (DeskUpdate - Activex Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:AutorunsDisabled () -
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - E:\autorun.inf [2009-04-11 21:16:52 | 00,000,000 | RHSD | M] - [ FAT32 ]
O33 - MountPoints2\{05af9d20-a58e-11dc-878b-000b5d1fc38e}\Shell\AutoRun\command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{05af9d20-a58e-11dc-878b-000b5d1fc38e}\Shell\explore\Command - "" = E:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{05af9d20-a58e-11dc-878b-000b5d1fc38e}\Shell\open\Command - "" = E:\EXPLORER.EXE -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (aswBoot.exe) - File not found
O34 - HKLM BootExecute: (/A:*) - File not found
O34 - HKLM BootExecute: (/L:English) - File not found
O34 - HKLM BootExecute: (/KBD:2) - File not found

========== Files/Folders - Created Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009-04-11 21:54:03 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009-04-11 21:40:30 | 00,500,736 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Maciek\Pulpit\OTListIt2.exe
[2009-04-11 08:08:02 | 00,167,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\NDIS.SYS
[2009-04-10 11:44:53 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\restore.sys
[2009-04-09 22:43:02 | 13,563,840 | ---- | C] (Doctor Web, Ltd.) -- C:\DOCUME~1\Maciek\Pulpit\launch.exe
[2009-04-09 22:39:20 | 00,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2009-04-09 20:32:46 | 06,237,728 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\SUPERAntiSpyware.exe
[2009-04-09 19:41:45 | 02,986,872 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\FixVirut.com
[2009-04-09 19:26:43 | 02,691,072 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\rmvirut2.exe
[2009-04-09 19:24:34 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009-04-09 19:24:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2009-04-09 19:12:34 | 00,724,952 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\avenger.zip
[2009-04-09 16:34:38 | 31,305,216 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\eav_nt32_enu.msi
[2009-04-09 04:34:33 | 00,495,104 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\rmvirut.nt
[2009-04-09 04:34:22 | 02,691,072 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\rmvirut.exe
[2009-04-09 04:28:46 | 00,061,866 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\LogonSessions.zip
[2009-04-09 04:22:17 | 00,000,621 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Pulpit\ThreatFire.lnk
[2009-04-09 04:22:13 | 00,051,472 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2009-04-09 04:22:13 | 00,039,184 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2009-04-09 04:22:13 | 00,033,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2009-04-09 04:22:13 | 00,012,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys
[2009-04-09 04:22:11 | 00,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2009-04-09 04:22:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Tools
[2009-04-09 04:19:07 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009-04-09 03:47:32 | 02,062,665 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\spywareguardsetup.exe
[2009-04-09 02:46:37 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-04-08 21:04:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-04-08 20:55:13 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-04-08 20:55:13 | 00,162,304 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-04-08 20:55:13 | 00,137,728 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-04-08 20:55:13 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-04-08 20:55:13 | 00,086,016 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-04-08 20:55:13 | 00,080,384 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-04-08 20:55:13 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-04-08 20:55:13 | 00,053,248 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-04-08 20:55:13 | 00,031,744 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-04-08 20:24:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-04-08 18:55:00 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009-04-08 07:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com
[2009-04-08 07:54:02 | 00,000,780 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Pulpit\SUPERAntiSpyware Free Edition.lnk
[2009-04-08 07:53:54 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009-04-08 07:53:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Dane aplikacji\SUPERAntiSpyware.com
[2009-04-07 22:43:35 | 00,289,280 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\m5lwuefc.exe
[2009-04-07 21:05:02 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Maciek\Pulpit\hosts
[2009-04-07 03:09:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Dane aplikacji\Malwarebytes
[2009-04-07 03:09:43 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Pulpit\Malwarebytes' Anti-Malware.lnk
[2009-04-07 03:09:42 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-04-07 03:09:40 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-04-07 03:09:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-04-07 03:09:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2009-04-07 01:46:09 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\Rooter.exe
[2009-04-07 01:39:01 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009-04-07 00:49:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009-04-07 00:49:24 | 00,262,400 | ---- | C] () -- C:\cmldr
[2009-04-07 00:49:22 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009-04-07 00:41:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-04-07 00:39:32 | 00,001,734 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\HijackThis.lnk
[2009-04-07 00:39:32 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-04-06 22:59:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3361
[2009-04-06 22:59:39 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009-04-06 22:59:38 | 00,213,120 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009-04-06 22:50:02 | 00,068,514 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\Mindjet_MindManager_446.xml
[2009-04-06 22:45:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Mindjet
[2009-04-06 22:44:28 | 00,005,632 | ---- | C] (Tracker Software) -- C:\WINDOWS\System32\pxc25pm.dll
[2009-04-06 22:44:27 | 00,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2009-04-06 22:43:45 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Maciek\Moje dokumenty\My Maps
[2009-04-06 22:41:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mindjet
[2009-04-06 22:41:35 | 00,000,000 | ---D | C] -- C:\Program Files\Mindjet
[2009-04-06 22:40:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\{C24E1477-464B-411A-880C-32B85B236C7E}
[2009-04-06 22:05:56 | 00,038,175 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\mjc_getConnected_en.mmap
[2009-04-06 21:57:08 | 00,031,730 | ---- | C] () -- C:\DOCUME~1\Maciek\Pulpit\Mindjet_MindManager_446.mmap
[2009-03-27 20:43:40 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009-03-27 20:43:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Real
[2009-03-27 20:43:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Real
[2009-03-27 20:43:39 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009-03-13 21:56:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Maciek\Dane aplikacji\WinRAR
[2009-01-26 18:34:39 | 00,001,184 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI
[2008-12-18 22:46:49 | 00,000,080 | RHS- | C] () -- C:\WINDOWS\System32\43395FA6AA.dll
[2008-09-19 23:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008-09-19 23:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008-09-19 23:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008-08-29 19:19:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008-08-06 00:02:12 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-05-23 13:54:11 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2008-02-27 01:08:31 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008-02-11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008-02-11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008-02-08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2008-02-04 19:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007-12-15 04:03:00 | 00,283,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\GPLUS.sys
[2007-11-13 16:51:04 | 00,000,227 | ---- | C] () -- C:\WINDOWS\cmap2txt.INI
[2007-07-27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007-07-27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007-01-12 12:40:19 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006-11-22 21:18:55 | 00,000,240 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-11-16 19:51:02 | 00,000,578 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2006-10-05 23:23:49 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\tnetwcoinst.dll
[2006-09-28 08:13:27 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\w32mkrc.dll
[2006-09-22 22:25:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006-04-23 01:00:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005-12-05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005-12-05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2002-09-23 14:00:00 | 00,001,066 | ---- | C] () -- C:\WINDOWS\win.ini
[2002-09-23 14:00:00 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2002-08-21 17:44:48 | 00,128,804 | ---- | C] () -- C:\WINDOWS\System32\libatk-1.0-0.dll.off
[2002-03-07 22:30:16 | 00,047,027 | ---- | C] () -- C:\WINDOWS\System32\libintl-1.dll

========== Files - Modified Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009-04-11 21:35:54 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Maciek\Pulpit\OTListIt2.exe
[2009-04-11 21:31:48 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\Rooter.exe
[2009-04-11 09:26:28 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-04-11 09:25:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-04-11 09:25:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-04-10 11:44:53 | 00,006,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\restore.sys
[2009-04-10 02:42:28 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2009-04-10 02:42:27 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wupdmgr.exe
[2009-04-10 02:42:24 | 00,155,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2009-04-10 02:42:23 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2009-04-10 02:42:17 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpstub.exe
[2009-04-10 02:42:11 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2009-04-10 02:42:02 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmsd.exe
[2009-04-10 02:42:01 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2009-04-10 02:42:01 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2009-04-10 02:42:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhstb.exe
[2009-04-10 02:41:55 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32tm.exe
[2009-04-10 02:41:55 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2009-04-10 02:41:54 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vssadmin.exe
[2009-04-10 02:41:52 | 00,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\verifier.exe
[2009-04-10 02:41:50 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe
[2009-04-10 02:41:50 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2009-04-10 02:41:49 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\typeperf.exe
[2009-04-10 02:41:49 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unlodctr.exe
[2009-04-10 02:41:48 | 00,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\System32\dllcache\twunk_32.exe
[2009-04-10 02:41:48 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2009-04-10 02:41:48 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009-04-10 02:41:47 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2009-04-10 02:41:47 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2009-04-10 02:41:47 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2009-04-10 02:41:46 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tracert6.exe
[2009-04-10 02:41:42 | 00,455,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009-04-10 02:41:42 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009-04-10 02:41:41 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tftp.exe
[2009-04-10 02:41:40 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpsvcs.exe
[2009-04-10 02:41:39 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2009-04-10 02:41:39 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcmsetup.exe
[2009-04-10 02:41:39 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\systray.exe
[2009-04-10 02:41:38 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\syncapp.exe
[2009-04-10 02:41:38 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\syskey.exe
[2009-04-10 02:41:37 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\subst.exe
[2009-04-10 02:41:36 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2009-04-10 02:41:35 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2009-04-10 02:41:34 | 00,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2009-04-10 02:41:33 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2009-04-10 02:41:29 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2009-04-10 02:41:29 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sfc.exe
[2009-04-10 02:41:27 | 01,677,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2009-04-10 02:41:25 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2009-04-10 02:41:25 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009-04-10 02:41:24 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2009-04-10 02:41:24 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2009-04-10 02:41:23 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\runas.exe
[2009-04-10 02:41:22 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsvp.exe
[2009-04-10 02:41:22 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsopprov.exe
[2009-04-10 02:41:22 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsmui.exe
[2009-04-10 02:41:21 | 00,054,272 | ---- | M] (Microsoft Corp) -- C:\WINDOWS\System32\dllcache\rsm.exe
[2009-04-10 02:41:21 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\routemon.exe
[2009-04-10 02:41:21 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsmsink.exe
[2009-04-10 02:41:20 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\route.exe
[2009-04-10 02:41:20 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2009-04-10 02:41:19 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\relog.exe
[2009-04-10 02:41:19 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\replace.exe
[2009-04-10 02:41:19 | 00,004,608 | ---- | M] (Microsoft) -- C:\WINDOWS\System32\dllcache\regwiz.exe
[2009-04-10 02:41:18 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2009-04-10 02:41:18 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009-04-10 02:41:18 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\recover.exe
[2009-04-10 02:41:18 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regedt32.exe
[2009-04-10 02:41:17 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasdial.exe
[2009-04-10 02:41:17 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasautou.exe
[2009-04-10 02:41:16 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2009-04-10 02:41:16 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009-04-10 02:41:16 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009-04-10 02:41:14 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2009-04-10 02:41:13 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\print.exe
[2009-04-10 02:41:12 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009-04-10 02:41:11 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ping6.exe
[2009-04-10 02:41:11 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pentnt.exe
[2009-04-10 02:41:10 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\osuninst.exe
[2009-04-10 02:41:10 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pathping.exe
[2009-04-10 02:41:08 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nwscript.exe
[2009-04-10 02:41:07 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntsd.exe
[2009-04-10 02:40:58 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2009-04-10 02:40:56 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nbtstat.exe
[2009-04-10 02:40:50 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msswchx.exe
[2009-04-10 02:40:41 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2009-04-10 02:40:36 | 00,128,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2009-04-10 02:40:36 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2009-04-10 02:40:36 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2009-04-10 02:40:33 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrinfo.exe
[2009-04-10 02:40:31 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpnotify.exe
[2009-04-10 02:40:31 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mountvol.exe
[2009-04-10 02:40:29 | 00,991,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2009-04-10 02:40:28 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2009-04-10 02:40:24 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpr.exe
[2009-04-10 02:40:24 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpq.exe
[2009-04-10 02:40:23 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logagent.exe
[2009-04-10 02:40:22 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lights.exe
[2009-04-10 02:40:22 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lnkstub.exe
[2009-04-10 02:40:22 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lodctr.exe
[2009-04-10 02:40:21 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\label.exe
[2009-04-10 02:40:15 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec6.exe
[2009-04-10 02:40:15 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009-04-10 02:40:14 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009-04-10 02:40:11 | 00,067,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009-04-10 02:40:10 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009-04-10 02:40:09 | 00,262,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009-04-10 02:40:09 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009-04-10 02:40:08 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009-04-10 02:40:07 | 00,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009-04-10 02:40:07 | 00,208,896 | ---- | M] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009-04-10 02:40:06 | 00,155,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009-04-10 02:40:05 | 00,307,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009-04-10 02:40:05 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009-04-10 02:40:02 | 00,311,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009-04-10 02:40:02 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009-04-10 02:40:01 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009-04-10 02:40:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009-04-10 02:39:59 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009-04-10 02:39:55 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2009-04-10 02:39:53 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2009-04-10 02:39:53 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009-04-10 02:39:42 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2009-04-10 02:39:41 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostname.exe
[2009-04-10 02:39:40 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2009-04-10 02:39:40 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gpupdate.exe
[2009-04-10 02:39:38 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009-04-10 02:39:37 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fsutil.exe
[2009-04-10 02:39:37 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2009-04-10 02:39:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009-04-10 02:39:36 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\finger.exe
[2009-04-10 02:39:36 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\find.exe
[2009-04-10 02:39:36 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fixmapi.exe
[2009-04-10 02:39:35 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\expand.exe
[2009-04-10 02:39:35 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fc.exe
[2009-04-10 02:39:33 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009-04-10 02:39:32 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eventvwr.exe
[2009-04-10 02:39:31 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esentutl.exe
[2009-04-10 02:39:28 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drwtsn32.exe
[2009-04-10 02:39:26 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\doskey.exe
[2009-04-10 02:39:25 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diskperf.exe
[2009-04-10 02:39:25 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dllhst3g.exe
[2009-04-10 02:39:21 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2009-04-10 02:39:20 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009-04-10 02:39:20 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009-04-10 02:39:19 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009-04-10 02:39:19 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convert.exe
[2009-04-10 02:39:18 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compact.exe
[2009-04-10 02:39:18 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comp.exe
[2009-04-10 02:39:18 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\control.exe
[2009-04-10 02:39:16 | 00,480,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009-04-10 02:39:16 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ckcnv.exe
[2009-04-10 02:39:15 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cidaemon.exe
[2009-04-10 02:39:13 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2009-04-10 02:39:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009-04-10 02:39:12 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009-04-10 02:39:12 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkdsk.exe
[2009-04-10 02:39:12 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkntfs.exe
[2009-04-10 02:39:11 | 00,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2009-04-10 02:39:11 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009-04-10 02:39:11 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009-04-10 02:39:09 | 00,115,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2009-04-10 02:39:09 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2009-04-10 02:39:08 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bootvrfy.exe
[2009-04-10 02:39:08 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bootok.exe
[2009-04-10 02:39:07 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2009-04-10 02:39:05 | 00,033,792 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dllcache\asr_ldm.exe
[2009-04-10 02:39:04 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\arp.exe
[2009-04-10 02:34:55 | 00,030,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xcopy.exe
[2009-04-10 02:34:52 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wupdmgr.exe
[2009-04-10 02:34:51 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WudfHost.exe
[2009-04-10 02:34:46 | 00,155,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscript.exe
[2009-04-10 02:34:46 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
[2009-04-10 02:34:46 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2009-04-10 02:34:45 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpnpinst.exe
[2009-04-10 02:34:44 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpdshextautoplay.exe
[2009-04-10 02:34:42 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpabaln.exe
[2009-04-10 02:34:33 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpstub.exe
[2009-04-10 02:34:19 | 00,171,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wjview.exe
[2009-04-10 02:34:18 | 00,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WISPTIS.EXE
[2009-04-10 02:34:18 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winver.exe
[2009-04-10 02:34:16 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winmsd.exe
[2009-04-10 02:34:15 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2009-04-10 02:34:14 | 00,206,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009-04-10 02:34:14 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winhlp32.exe
[2009-04-10 02:34:09 | 00,435,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaacmgr.exe
[2009-04-10 02:34:08 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wextract.exe
[2009-04-10 02:34:07 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
[2009-04-10 02:34:04 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w32tm.exe
[2009-04-10 02:34:03 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssadmin.exe
[2009-04-10 02:34:02 | 00,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verifier.exe
[2009-04-10 02:34:01 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009-04-10 02:33:59 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\utilman.exe
[2009-04-10 02:33:59 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uwdf.exe
[2009-04-10 02:33:58 | 00,077,824 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrmlnka.exe
[2009-04-10 02:33:58 | 00,069,632 | ---- | M] ( U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrshuta.exe
[2009-04-10 02:33:58 | 00,061,440 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\usrprbda.exe
[2009-04-10 02:33:54 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\upnpcont.exe
[2009-04-10 02:33:54 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\unlodctr.exe
[2009-04-10 02:33:53 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\unam4ie.exe
[2009-04-10 02:33:52 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2009-04-10 02:33:51 | 00,036,352 | ---- | M] () -- C:\WINDOWS\System32\typeperf.exe
[2009-04-10 02:33:51 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2009-04-10 02:33:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2009-04-10 02:33:50 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2009-04-10 02:33:49 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2009-04-10 02:33:49 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2009-04-10 02:33:48 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tracert6.exe
[2009-04-10 02:33:48 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tracert.exe
[2009-04-10 02:33:47 | 00,260,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tracerpt.exe
[2009-04-10 02:33:46 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tourstart.exe
[2009-04-10 02:33:45 | 00,080,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsess.exe
[2009-04-10 02:33:45 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntadmn.exe
[2009-04-10 02:33:44 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tftp.exe
[2009-04-10 02:33:43 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\telnet.exe
[2009-04-10 02:33:43 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
[2009-04-10 02:33:42 | 00,139,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
[2009-04-10 02:33:42 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcmsetup.exe
[2009-04-10 02:33:41 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe
[2009-04-10 02:33:41 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskkill.exe
[2009-04-10 02:33:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskman.exe
[2009-04-10 02:33:39 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\systeminfo.exe
[2009-04-10 02:33:39 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\systray.exe
[2009-04-10 02:33:38 | 00,107,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sysocmgr.exe
[2009-04-10 02:33:37 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\syskey.exe
[2009-04-10 02:33:36 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\syncapp.exe
[2009-04-10 02:33:35 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\subst.exe
[2009-04-10 02:33:34 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\stimon.exe
[2009-04-10 02:33:33 | 00,679,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sstext3d.scr
[2009-04-10 02:33:33 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssstars.scr
[2009-04-10 02:33:32 | 00,610,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sspipes.scr
[2009-04-10 02:33:31 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmypics.scr
[2009-04-10 02:33:31 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmarque.scr
[2009-04-10 02:33:31 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmyst.scr
[2009-04-10 02:33:30 | 00,393,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssflwbox.scr
[2009-04-10 02:33:30 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssbezier.scr
[2009-04-10 02:33:29 | 00,708,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ss3dfo.scr
[2009-04-10 02:33:26 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2009-04-10 02:33:25 | 00,131,072 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009-04-10 02:33:25 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe
[2009-04-10 02:33:24 | 00,538,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2009-04-10 02:33:24 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spiisupd.exe
[2009-04-10 02:33:23 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2009-04-10 02:33:23 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sort.exe
[2009-04-10 02:33:23 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2009-04-10 02:33:22 | 00,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2009-04-10 02:33:21 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009-04-10 02:33:20 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
[2009-04-10 02:33:18 | 00,089,088 | ---- | M] (MKS Sp. z o.o.) -- C:\WINDOWS\System32\SkanerOnlineUninstall.exe
[2009-04-10 02:33:18 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\skeys.exe
[2009-04-10 02:33:17 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sigverif.exe
[2009-04-10 02:33:16 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shrpubw.exe
[2009-04-10 02:33:16 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shutdown.exe
[2009-04-10 02:33:12 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2009-04-10 02:33:11 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009-04-10 02:33:11 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc.exe
[2009-04-10 02:33:10 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setup.exe
[2009-04-10 02:33:09 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sethc.exe
[2009-04-10 02:33:06 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sdbinst.exe
[2009-04-10 02:33:06 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\secedit.exe
[2009-04-10 02:33:05 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scrnsave.scr
[2009-04-10 02:33:04 | 00,128,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
[2009-04-10 02:33:03 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sc.exe
[2009-04-10 02:33:02 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2009-04-10 02:33:01 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2009-04-10 02:33:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runas.exe
[2009-04-10 02:33:00 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runonce.exe
[2009-04-10 02:32:59 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rtcshare.exe
[2009-04-10 02:32:59 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsopprov.exe
[2009-04-10 02:32:58 | 00,107,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsnotify.exe
[2009-04-10 02:32:58 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsmui.exe
[2009-04-10 02:32:58 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsmsink.exe
[2009-04-10 02:32:57 | 00,054,272 | ---- | M] (Microsoft Corp) -- C:\WINDOWS\System32\rsm.exe
[2009-04-10 02:32:57 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsh.exe
[2009-04-10 02:32:56 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\routemon.exe
[2009-04-10 02:32:55 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\route.exe
[2009-04-10 02:32:52 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rexec.exe
[2009-04-10 02:32:51 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\replace.exe
[2009-04-10 02:32:51 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2009-04-10 02:32:50 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\relog.exe
[2009-04-10 02:32:50 | 00,004,608 | ---- | M] (Microsoft) -- C:\WINDOWS\System32\regwiz.exe
[2009-04-10 02:32:49 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reg.exe
[2009-04-10 02:32:49 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2009-04-10 02:32:49 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regedt32.exe
[2009-04-10 02:32:48 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2009-04-10 02:32:48 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2009-04-10 02:32:48 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\recover.exe
[2009-04-10 02:32:47 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2009-04-10 02:32:47 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcp.exe
[2009-04-10 02:32:46 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcimlby.exe
[2009-04-10 02:32:45 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasphone.exe
[2009-04-10 02:32:44 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdial.exe
[2009-04-10 02:32:44 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasautou.exe
[2009-04-10 02:32:43 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2009-04-10 02:32:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2009-04-10 02:32:37 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2009-04-10 02:32:36 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\proxycfg.exe
[2009-04-10 02:32:35 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\progman.exe
[2009-04-10 02:32:35 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009-04-10 02:32:34 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\print.exe
[2009-04-10 02:32:33 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe
[2009-04-10 02:32:31 | 00,033,280 | ---- | M] () -- C:\WINDOWS\System32\ping6.exe
[2009-04-10 02:32:31 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe
[2009-04-10 02:32:30 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\perfmon.exe
[2009-04-10 02:32:29 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pentnt.exe
[2009-04-10 02:32:28 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pathping.exe
[2009-04-10 02:32:27 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\packager.exe
[2009-04-10 02:32:26 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\osk.exe
[2009-04-10 02:32:26 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\osuninst.exe
[2009-04-10 02:32:25 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\openfiles.exe
[2009-04-10 02:32:24 | 00,077,824 | ---- | M] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2009-04-10 02:32:18 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcconf.exe
[2009-04-10 02:32:17 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcad32.exe
[2009-04-10 02:32:16 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nwscript.exe
[2009-04-10 02:32:13 | 00,421,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2009-04-10 02:32:07 | 01,222,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntbackup.exe
[2009-04-10 02:32:06 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2009-04-10 02:32:05 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\notepad.exe
[2009-04-10 02:32:03 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netstat.exe
[2009-04-10 02:32:02 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.exe
[2009-04-10 02:32:02 | 00,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netsh.exe
[2009-04-10 02:31:59 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net1.exe
[2009-04-10 02:31:58 | 00,155,648 | ---- | M] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2009-04-10 02:31:58 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net.exe
[2009-04-10 02:31:58 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nddeapir.exe
[2009-04-10 02:31:57 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\narrator.exe
[2009-04-10 02:31:57 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nbtstat.exe
[2009-04-10 02:31:56 | 00,176,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009-04-10 02:31:43 | 00,677,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2009-04-10 02:31:43 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2009-04-10 02:31:41 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msswchx.exe
[2009-04-10 02:31:37 | 00,345,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009-04-10 02:31:27 | 00,128,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2009-04-10 02:31:27 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe
[2009-04-10 02:31:26 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2009-04-10 02:31:25 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009-04-10 02:31:13 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mrinfo.exe
[2009-04-10 02:31:12 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqtgsvc.exe
[2009-04-10 02:31:12 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqsvc.exe
[2009-04-10 02:31:10 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mqbkup.exe
[2009-04-10 02:31:09 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mpnotify.exe
[2009-04-10 02:31:08 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009-04-10 02:31:07 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mountvol.exe
[2009-04-10 02:31:06 | 00,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mobsync.exe
[2009-04-10 02:31:05 | 00,053,248 | ---- | M] (Morgan Multimedia) -- C:\WINDOWS\System32\MMTray.exe
[2009-04-10 02:31:04 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009-04-10 02:31:01 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmc.exe
[2009-04-10 02:31:00 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\migpwd.exe
[2009-04-10 02:30:55 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\makecab.exe
[2009-04-10 02:30:54 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\magnify.exe
[2009-04-10 02:30:52 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lpr.exe
[2009-04-10 02:30:51 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lpq.exe
[2009-04-10 02:30:50 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2009-04-10 02:30:49 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logagent.exe
[2009-04-10 02:30:49 | 00,060,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logman.exe
[2009-04-10 02:30:49 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lodctr.exe
[2009-04-10 02:30:47 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lnkstub.exe
[2009-04-10 02:30:46 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lights.exe
[2009-04-10 02:30:39 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\label.exe
[2009-04-10 02:30:32 | 00,172,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jview.exe
[2009-04-10 02:30:30 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jdbgmgr.exe
[2009-04-10 02:30:27 | 00,152,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2009-04-10 02:30:25 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxroute.exe
[2009-04-10 02:30:24 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipv6.exe
[2009-04-10 02:30:23 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsec6.exe
[2009-04-10 02:30:22 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipconfig.exe
[2009-04-10 02:30:17 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iexpress.exe
[2009-04-10 02:30:12 | 00,016,384 | ---- | M] () -- C:\WINDOWS\System32\iconv.exe
[2009-04-10 02:30:06 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\hostname.exe
[2009-04-10 02:30:05 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\help.exe
[2009-04-10 02:30:03 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2009-04-10 02:30:02 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gpresult.exe
[2009-04-10 02:30:02 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gpupdate.exe
[2009-04-10 02:29:57 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\getmac.exe
[2009-04-10 02:29:55 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fsutil.exe
[2009-04-10 02:29:54 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2009-04-10 02:29:54 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2009-04-10 02:29:53 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fontview.exe
[2009-04-10 02:29:53 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\forcedos.exe
[2009-04-10 02:29:52 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2009-04-10 02:29:51 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\findstr.exe
[2009-04-10 02:29:51 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\finger.exe
[2009-04-10 02:29:51 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fixmapi.exe
[2009-04-10 02:29:50 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fc.exe
[2009-04-10 02:29:50 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\find.exe
[2009-04-10 02:29:49 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\extrac32.exe
[2009-04-10 02:29:49 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2009-04-10 02:29:48 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\expand.exe
[2009-04-10 02:29:48 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventvwr.exe
[2009-04-10 02:29:47 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventtriggers.exe
[2009-04-10 02:29:47 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventcreate.exe
[2009-04-10 02:29:46 | 00,194,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eudcedit.exe
[2009-04-10 02:29:46 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\esentutl.exe
[2009-04-10 02:29:39 | 01,298,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiag.exe
[2009-04-10 02:29:38 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
[2009-04-10 02:29:37 | 00,057,856 | ---- | M] () -- C:\WINDOWS\System32\dvdplay.exe
[2009-04-10 02:29:37 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dvdupgrd.exe
[2009-04-10 02:29:37 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dumprep.exe
[2009-04-10 02:29:34 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drwtsn32.exe
[2009-04-10 02:29:33 | 00,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drmupgds.exe
[2009-04-10 02:29:32 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvsetup.exe
[2009-04-10 02:29:32 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\driverquery.exe
[2009-04-10 02:29:30 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnsvr.exe
[2009-04-10 02:29:29 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dplaysvr.exe
[2009-04-10 02:29:27 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\doskey.exe
[2009-04-10 02:29:26 | 00,015,872 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dmremote.exe
[2009-04-10 02:29:24 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhst3g.exe
[2009-04-10 02:29:22 | 00,524,288 | ---- | M] (DivX Inc.) -- C:\WINDOWS\System32\DivXsm.exe
[2009-04-10 02:29:19 | 00,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diskpart.exe
[2009-04-10 02:29:19 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diskperf.exe
[2009-04-10 02:29:17 | 00,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diantz.exe
[2009-04-10 02:29:15 | 00,105,472 | ---- | M] (Microsoft Corp. i Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgntfs.exe
[2009-04-10 02:29:15 | 00,082,944 | ---- | M] (Microsoft Corp. i Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgfat.exe
[2009-04-10 02:29:13 | 00,030,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ddeshare.exe
[2009-04-10 02:29:13 | 00,025,088 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\defrag.exe
[2009-04-10 02:29:12 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2009-04-10 02:28:53 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ctfmon.exe
[2009-04-10 02:28:52 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cscript.exe
[2009-04-10 02:28:50 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\convert.exe
[2009-04-10 02:28:50 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\control.exe
[2009-04-10 02:28:49 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
[2009-04-10 02:28:48 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009-04-10 02:28:46 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\compact.exe
[2009-04-10 02:28:46 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comp.exe
[2009-04-10 02:28:44 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmstp.exe
[2009-04-10 02:28:43 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmmon32.exe
[2009-04-10 02:28:43 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmdl32.exe
[2009-04-10 02:28:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe
[2009-04-10 02:28:41 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2009-04-10 02:28:41 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.exe
[2009-04-10 02:28:38 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cleanmgr.exe
[2009-04-10 02:28:38 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ckcnv.exe
[2009-04-10 02:28:37 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cipher.exe
[2009-04-10 02:28:37 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
[2009-04-10 02:28:36 | 00,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2009-04-10 02:28:36 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\chkdsk.exe
[2009-04-10 02:28:36 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\chkntfs.exe
[2009-04-10 02:28:32 | 00,115,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2009-04-10 02:28:32 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2009-04-10 02:28:30 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bootvrfy.exe
[2009-04-10 02:28:29 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bootcfg.exe
[2009-04-10 02:28:29 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe
[2009-04-10 02:28:29 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bootok.exe
[2009-04-10 02:28:25 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe
[2009-04-10 02:28:24 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\attrib.exe
[2009-04-10 02:28:24 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atmadm.exe
[2009-04-10 02:28:19 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\at.exe
[2009-04-10 02:28:18 | 00,073,728 | ---- | M] (Panda Software) -- C:\WINDOWS\System32\asuninst.exe
[2009-04-10 02:28:18 | 00,033,792 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\asr_ldm.exe
[2009-04-10 02:28:18 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\asr_pfu.exe
[2009-04-10 02:28:17 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\asr_fmt.exe
[2009-04-10 02:28:17 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\arp.exe
[2009-04-10 02:28:15 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ahui.exe
[2009-04-10 02:28:13 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\actmovie.exe
[2009-04-10 02:28:12 | 00,188,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2009-04-10 01:57:00 | 00,068,096 | ---- | M] () -- C:\WINDOWS\zip.exe
[2009-04-10 01:56:59 | 00,285,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2009-04-10 01:56:58 | 00,053,248 | ---- | M] () -- C:\WINDOWS\VFIND.exe
[2009-04-10 01:56:56 | 00,025,600 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[2009-04-10 01:56:55 | 00,212,480 | ---- | M] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-04-10 01:56:55 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2009-04-10 01:56:54 | 00,162,304 | ---- | M] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-04-10 01:56:54 | 00,137,728 | ---- | M] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-04-10 01:56:52 | 00,149,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2009-04-10 01:56:52 | 00,098,816 | ---- | M] () -- C:\WINDOWS\sed.exe
[2009-04-10 01:56:52 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2009-04-10 01:56:50 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2009-04-10 01:56:50 | 00,031,744 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-04-10 01:56:48 | 00,057,344 | ---- | M] (LT) -- C:\WINDOWS\ltremove.exe
[2009-04-10 01:56:43 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[2009-04-10 01:56:42 | 00,086,016 | ---- | M] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-04-10 01:56:42 | 00,080,384 | ---- | M] () -- C:\WINDOWS\grep.exe
[2009-04-10 01:56:39 | 00,262,144 | ---- | M] (Jetico) -- C:\WINDOWS\BCUnInstall.exe
[2009-04-10 00:10:33 | 00,289,280 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\m5lwuefc.exe
[2009-04-09 22:49:17 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssvc.exe
[2009-04-09 22:49:16 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2009-04-09 22:49:16 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ups.exe
[2009-04-09 22:49:15 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsvr.exe
[2009-04-09 22:49:14 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[2009-04-09 22:49:13 | 00,091,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smlogsvc.exe
[2009-04-09 22:49:13 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolsv.exe
[2009-04-09 22:49:11 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe
[2009-04-09 22:49:10 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2009-04-09 22:49:08 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scardsvr.exe
[2009-04-09 22:49:07 | 00,132,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsvp.exe
[2009-04-09 22:49:07 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rundll32.exe
[2009-04-09 22:49:06 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2009-04-09 22:49:02 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntsd.exe
[2009-04-09 22:49:00 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netdde.exe
[2009-04-09 22:48:58 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msiexec.exe
[2009-04-09 22:48:56 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2009-04-09 22:48:55 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2009-04-09 22:48:53 | 00,515,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logonui.exe
[2009-04-09 22:48:52 | 00,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logon.scr
[2009-04-09 22:48:52 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
[2009-04-09 22:48:51 | 00,150,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi.exe
[2009-04-09 22:48:50 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009-04-09 22:48:49 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009-04-09 22:48:48 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2009-04-09 22:48:30 | 00,225,280 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\dmadmin.exe
[2009-04-09 22:48:30 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhost.exe
[2009-04-09 22:48:27 | 00,396,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2009-04-09 22:48:27 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clipsrv.exe
[2009-04-09 22:48:27 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cisvc.exe
[2009-04-09 22:48:26 | 00,028,672 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2009-04-09 22:48:25 | 00,147,456 | ---- | M] () -- C:\WINDOWS\System32\ati2evxx.exe
[2009-04-09 22:48:24 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alg.exe
[2009-04-09 22:48:21 | 00,032,768 | ---- | M] (Lucent Technologies) -- C:\WINDOWS\LTSMMSG.exe
[2009-04-09 22:48:20 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2009-04-09 22:48:20 | 00,069,632 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\KHALMNPR.Exe
[2009-04-09 22:44:55 | 13,563,840 | ---- | M] (Doctor Web, Ltd.) -- C:\DOCUME~1\Maciek\Pulpit\launch.exe
[2009-04-09 20:35:05 | 06,237,728 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\SUPERAntiSpyware.exe
[2009-04-09 20:17:31 | 00,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-04-09 19:43:38 | 02,986,872 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\FixVirut.com
[2009-04-09 19:27:12 | 02,691,072 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\rmvirut2.exe
[2009-04-09 19:12:45 | 00,724,952 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\avenger.zip
[2009-04-09 16:38:20 | 31,305,216 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\eav_nt32_enu.msi
[2009-04-09 08:37:26 | 03,195,310 | -H-- | M] () -- C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-04-09 04:34:52 | 02,691,072 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\rmvirut.exe
[2009-04-09 04:34:49 | 00,495,104 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\rmvirut.nt
[2009-04-09 04:28:49 | 00,061,866 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\LogonSessions.zip
[2009-04-09 04:22:17 | 00,000,621 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Pulpit\ThreatFire.lnk
[2009-04-09 03:47:34 | 02,062,665 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\spywareguardsetup.exe
[2009-04-08 20:54:06 | 00,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-04-08 07:54:02 | 00,000,780 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Pulpit\SUPERAntiSpyware Free Edition.lnk
[2009-04-07 03:09:43 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Pulpit\Malwarebytes' Anti-Malware.lnk
[2009-04-07 00:49:29 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009-04-07 00:39:42 | 00,001,734 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\HijackThis.lnk
[2009-04-06 22:59:40 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009-04-06 22:59:38 | 00,213,120 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009-04-06 22:50:08 | 00,068,514 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\Mindjet_MindManager_446.xml
[2009-04-06 22:05:56 | 00,038,175 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\mjc_getConnected_en.mmap
[2009-04-06 21:57:10 | 00,031,730 | ---- | M] () -- C:\DOCUME~1\Maciek\Pulpit\Mindjet_MindManager_446.mmap
[2009-04-06 20:54:06 | 00,001,536 | ---- | M] () -- C:\WINDOWS\MKDEWE.TRN
[2009-04-06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-04-06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-03-31 06:49:20 | 01,007,350 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-03-31 06:49:20 | 00,457,664 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-03-31 06:49:20 | 00,400,798 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-03-31 06:49:20 | 00,077,470 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-03-31 06:49:20 | 00,060,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:1CA73D29
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2
< End of report >

Edited by vanmash, 11 April 2009 - 09:45 PM.

  • 0

#10
andrewuk
Posted 11 April 2009 - 10:06 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
again, download from the good machine and transfer to the infected machine:

Please run the MGA Diagnostic Tool and post back the report it shall produce:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
andrewuk
  • 0

Advertisements

#11
vanmash
Posted 11 April 2009 - 11:54 PM

vanmash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here you are.

Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-9F6TR-J26GM-YTKKD
Windows Product Key Hash: dTcDwhlX33aMfV2pAlp+lk/+oCg=
Windows Product ID: 55864-OEM-2211906-00117
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {503CDA71-8CF2-423D-9CD6-68AAD7FA4C29}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: Registered, 1.6.28.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_B4D0AA8B-604-645_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{503CDA71-8CF2-423D-9CD6-68AAD7FA4C29}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YTKKD</PKey><PID>55864-OEM-2211906-00117</PID><PIDType>2</PIDType><SID>S-1-5-21-1659004503-1935655697-1060284298</SID><SYSTEM><Manufacturer>FUJITSU SIEMENS</Manufacturer><Model>LIFEBOOK E2010</Model></SYSTEM><BIOS><Manufacturer>Phoenix/FUJITSU</Manufacturer><Version>Version 1.26 </Version><SMBIOSVersion major="2" minor="3"/><Date>20040301000000.000000+000</Date><SLPBIOS> FUJITSU SIEMENS, FSC SYSTEM, FSC SERVER, FUJITSU SIEMENS</SLPBIOS></BIOS><HWID>78933507018400E2</HWID><UserLCID>0415</UserLCID><SystemLCID>0415</SystemLCID><TimeZone>Środkowoeuropejski czas stand.(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65624</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1FFB0:Fujitsu Siemens Computers|7487:Fujitsu Siemens Computers|748F:Siemens AG
Marker string from OEMBIOS.DAT: FUJITSU SIEMENS, FSC SYSTEM, FSC SERVER, FUJITSU SIEMENS

OEM Activation 2.0 Data-->
N/A
  • 0

#12
andrewuk
Posted 12 April 2009 - 12:31 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
ok, you need to sort out your software first.

go to these forums here and post the MGA Diagnostic Report in that forum and ask for some help.

much like this forum, you will need to register first . . . . just press the "sign-in" link/button and then select "signup"

when you have resolved that issue, reply back here and we can continue with the fix.

andrewuk
  • 0

#13
andrewuk
Posted 12 April 2009 - 12:31 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
ok, you need to sort out your software first.

go to these forums here and post the MGA Diagnostic Report in that forum and ask for some help.

much like this forum, you will need to register first . . . . just press the "sign-in" link/button and then select "signup"

when you have resolved that issue, reply back here and we can continue with the fix.

andrewuk
  • 0

#14
vanmash
Posted 12 April 2009 - 04:23 AM

vanmash

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
What is a question I should ask there?
EDIT: Is it about 103 Blocked VLK?

Edited by vanmash, 12 April 2009 - 04:43 AM.

  • 0

#15
andrewuk
Posted 12 April 2009 - 08:02 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
you need to post your WGA Diagnostic Log and ask how to resolve your Office Software.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP