combofix
- Kod: Zaznacz wszystko
ComboFix 08-07-13.2 - rybak_dusz 2008-07-13 19:51:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.991 [GMT 2:00]
Running from: E:\Documents and Settings\rybak_dusz\Pulpit\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.
2008-07-08 14:48 . 2008-07-08 14:49 <DIR> d-------- E:\Documents and Settings\mateusz\Dane aplikacji\Winamp
2008-07-08 14:44 . 2008-07-08 15:04 <DIR> d-------- E:\Documents and Settings\mateusz\Dane aplikacji\MEGAUPLOADTOOLBAR
2008-07-08 14:42 . 2008-07-13 19:53 <DIR> d--h----- E:\Documents and Settings\mateusz\Ustawienia lokalne
2008-07-08 14:42 . 2008-07-08 14:43 <DIR> dr------- E:\Documents and Settings\mateusz\Ulubione
2008-07-08 14:42 . 2008-05-18 15:15 <DIR> d--h----- E:\Documents and Settings\mateusz\Szablony
2008-07-08 14:42 . 2008-07-08 15:10 <DIR> d-------- E:\Documents and Settings\mateusz\Pulpit
2008-07-08 14:42 . 2008-07-08 14:43 <DIR> dr------- E:\Documents and Settings\mateusz\Moje dokumenty
2008-07-08 14:42 . 2008-05-18 17:06 <DIR> dr------- E:\Documents and Settings\mateusz\Menu Start
2008-07-08 14:42 . 2008-07-10 21:47 <DIR> dr-h----- E:\Documents and Settings\mateusz\Dane aplikacji
2008-07-08 14:42 . 2008-07-08 14:42 <DIR> d-------- E:\Documents and Settings\mateusz
2008-07-02 21:40 . 2008-07-13 19:32 <DIR> d-------- E:\Documents and Settings\rybak_dusz\Dane aplikacji\XnView
2008-07-02 21:36 . 2007-12-19 16:35 <DIR> d-------- E:\Program Files\XnView
2008-07-01 14:46 . 2008-07-01 14:47 <DIR> d-------- E:\Program Files\Spik
2008-07-01 14:46 . 2008-07-01 14:46 <DIR> d-------- E:\Documents and Settings\rybak_dusz\Dane aplikacji\Spik
2008-06-27 22:11 . 2008-06-27 22:11 427 --a------ E:\WINDOWS\ODBC.INI
2008-06-27 22:09 . 2008-06-27 22:09 <DIR> d-------- E:\Documents and Settings\rybak_dusz\Dane aplikacji\Microsoft Web Folders
2008-06-13 13:15 . 2008-06-13 13:15 <DIR> d-------- E:\Program Files\MegauploadToolbar
2008-06-13 13:15 . 2008-06-13 13:47 <DIR> d-------- E:\Documents and Settings\rybak_dusz\Dane aplikacji\MegauploadToolbar
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 17:58 --------- d-----w E:\Documents and Settings\rybak_dusz\Dane aplikacji\Winamp
2008-07-10 06:58 --------- d-----w E:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-06-27 20:09 --------- d-----w E:\Program Files\microsoft frontpage
2008-06-20 17:42 246,784 ----a-w E:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w E:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w E:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w E:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:01 273,024 ------w E:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 16:22 --------- d-----w E:\Documents and Settings\rybak_dusz\Dane aplikacji\BESTplayer
2008-05-30 13:51 --------- d-----w E:\Program Files\MSXML 4.0
2008-05-19 10:58 --------- d-----w E:\Program Files\AutoCAD 2007
2008-05-19 10:56 --------- d-----w E:\Program Files\Common Files\Autodesk Shared
2008-05-19 10:56 --------- d-----w E:\Program Files\AnswerWorks 4.0
2008-05-19 10:46 --------- d-----w E:\Documents and Settings\rybak_dusz\Dane aplikacji\Autodesk
2008-05-19 10:46 --------- d-----w E:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-05-19 10:44 --------- d-----w E:\Program Files\Autodesk
2008-05-19 10:42 --------- d-----w E:\Program Files\Microsoft Works
2008-05-19 10:41 --------- d-----w E:\Program Files\Microsoft.NET
2008-05-18 16:45 --------- d-----w E:\Program Files\Synaptics
2008-05-18 16:38 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-05-18 16:31 --------- d-----w E:\Documents and Settings\rybak_dusz\Dane aplikacji\CDBurnerXP_Soft
2008-05-18 16:15 98,304 ----a-w E:\WINDOWS\system32\qttask.exe
2008-05-18 16:15 --------- d-----w E:\Program Files\ACE Mega CoDecS Pack
2008-05-18 16:07 --------- d-----w E:\Program Files\Winamp
2008-05-18 16:06 --------- d-----w E:\Program Files\CDBurnerXP
2008-05-18 16:05 --------- d-----w E:\Program Files\Common Files\Adobe
2008-05-18 16:03 --------- d-----w E:\Program Files\PDFCreator
2008-05-18 16:03 --------- d-----w E:\Program Files\Alwil Software
2008-05-18 13:40 --------- d-----w E:\Program Files\Broadcom
2008-05-18 13:39 --------- d-----w E:\Program Files\Common Files\InstallShield
2008-05-18 13:30 --------- d-----w E:\Program Files\Intel
2008-05-18 13:27 --------- d-----w E:\Program Files\CONEXANT
2008-05-18 13:25 315,392 ----a-w E:\WINDOWS\HideWin.exe
2008-05-18 13:25 --------- d-----w E:\Program Files\Realtek
2008-05-18 13:18 --------- d-----w E:\Program Files\Usługi online
2008-05-07 05:16 1,291,264 ----a-w E:\WINDOWS\system32\quartz.dll
2008-04-23 07:20 826,368 ----a-w E:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-30_ 0.09.55,40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:49:59 297,984 ----a-w E:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 03:28:35 16,096 ----a-w E:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 03:28:40 216,288 ----a-w E:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 03:28:33 22,752 ----a-w E:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 03:28:58 723,680 ----a-w E:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 03:29:50 386,784 ----a-w E:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2008-05-07 05:03:16 1,291,776 ----a-w E:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:18 1,291,776 ----a-w E:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:09:08 1,291,776 ----a-w E:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:21:28 19,320 ----a-w E:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:21:28 234,360 ----a-w E:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:21:28 26,488 ----a-w E:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:40:47 763,256 ----a-w E:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:40:47 398,200 ----a-w E:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:14:48 100,352 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:41 147,968 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:41 246,784 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:48:53 147,968 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:48:53 246,784 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:44 147,968 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:44 246,784 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w E:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:40:46 19,320 ----a-w E:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:40:46 234,360 ----a-w E:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:40:46 26,488 ----a-w E:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:40:47 763,256 ----a-w E:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:40:48 398,200 ----a-w E:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2006-03-02 12:00:00 294,400 -c----w E:\WINDOWS\$NtUninstallKB932823-v3$\msctf.dll
+ 2007-03-06 03:28:40 216,288 -c----w E:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe
+ 2007-03-06 03:29:50 386,784 -c----w E:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\updspapi.dll
- 2008-05-19 11:09:57 1,257,472 ----a-w E:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-05-30 13:53:18 1,265,664 ----a-w E:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-05-19 11:09:58 1,224,704 ----a-w E:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-05-30 13:53:19 1,232,896 ----a-w E:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-05-30 13:54:01 118,784 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4eca0829\CustomMarshalers.dll
+ 2008-05-30 13:53:31 61,440 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_faacc2c2\CustomMarshalers.dll
+ 2008-05-30 13:54:18 8,908,800 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1d9cdbd4\mscorlib.dll
+ 2008-05-30 13:53:54 3,391,488 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_ae53d8a1\mscorlib.dll
+ 2008-05-30 13:54:12 3,395,584 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_24f2d21d\System.Design.dll
+ 2008-05-30 13:53:47 1,470,464 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_516276fb\System.Design.dll
+ 2008-05-30 13:54:02 192,512 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_385571f8\System.Drawing.Design.dll
+ 2008-05-30 13:53:33 90,112 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_8691b3ed\System.Drawing.Design.dll
+ 2008-05-30 13:53:50 835,584 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_333720dd\System.Drawing.dll
+ 2008-05-30 13:54:14 2,244,608 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_4e71b437\System.Drawing.dll
+ 2008-05-30 13:54:07 7,884,800 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_676b2e8b\System.Windows.Forms.dll
+ 2008-05-30 13:53:38 3,018,752 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_bf5f76cf\System.Windows.Forms.dll
+ 2008-05-30 13:53:43 2,088,960 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_10e9ee9f\System.Xml.dll
+ 2008-05-30 13:54:10 5,513,216 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_468e6801\System.Xml.dll
+ 2008-05-30 13:54:00 4,788,224 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b4e852ce\System.dll
+ 2008-05-30 13:53:29 1,966,080 ----a-w E:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b54ad0ba\System.dll
+ 2008-05-19 11:10:35 3,379,200 ------w E:\WINDOWS\assembly\temp\GPX5DLT19H\mscorlib.dll
+ 2008-05-19 11:09:58 1,224,704 ------w E:\WINDOWS\assembly\temp\HQY6EMU2AH\System.dll
+ 2008-05-19 11:10:06 1,953,792 ------w E:\WINDOWS\assembly\temp\NW4CKSZ7FN\System.dll
+ 2008-05-19 11:10:21 2,088,960 ------w E:\WINDOWS\assembly\temp\R19HPX5DLT\System.Xml.dll
+ 2008-05-19 11:10:16 3,014,656 ------w E:\WINDOWS\assembly\temp\T2AIQY6EMU\System.Windows.Forms.dll
+ 2008-05-19 11:10:32 835,584 ------w E:\WINDOWS\assembly\temp\Y7EMU2AIQY\System.Drawing.dll
- 2008-05-29 21:55:13 2,048 --s-a-w E:\WINDOWS\bootstat.dat
+ 2008-07-12 07:32:03 2,048 --s-a-w E:\WINDOWS\bootstat.dat
+ 2008-03-24 17:33:02 1,527,056 ----a-w E:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-06-14 18:01:34 273,024 ------w E:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:02:23 124,928 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:02:23 347,136 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:02:23 214,528 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:02:23 133,120 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:02:23 63,488 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:59:00 70,656 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:02:23 153,088 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:02:23 230,400 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:02:24 383,488 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:02:24 384,512 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:02:26 6,066,176 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:02:26 44,544 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:02:26 267,776 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:59:23 625,664 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:02:27 27,648 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:02:27 459,264 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:02:27 52,224 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 16:32:30 3,591,680 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:02:29 478,208 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:02:29 193,024 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:02:29 671,232 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:02:29 102,912 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:02:29 44,544 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 03:28:39 216,288 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 03:29:50 386,784 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:02:29 105,984 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:02:29 1,159,680 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:02:29 233,472 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:02:29 826,368 -c----w E:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2006-10-27 13:07:36 17,891,112 ----a-r E:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119F20000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 18:42:36 8,423,224 ----a-r E:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119F20000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-27 13:23:04 347,432 ----a-r E:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119F20000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 13:11:38 4,235,560 ----a-r E:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119F20000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 13:11:36 21,264 ----a-r E:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119F20000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 13:23:08 17,483,560 ----a-r E:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119F20000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 19:13:08 14,674,216 ----a-r E:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119F20000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 19:17:08 11,072 ----a-r E:\WINDOWS\Installer\$PatchCache$\Managed\[u]0[/u]0002119F20000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2008-06-27 20:11:05 155,136 ----a-r E:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\accicons.exe
+ 2008-06-27 20:11:05 22,528 ----a-r E:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\bindico.exe
+ 2008-06-27 20:11:05 73,216 ----a-r E:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\fpicon.exe
+ 2008-06-27 20:11:05 28,160 ----a-r E:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\misc.exe
+ 2008-06-27 20:11:05 104,960 ----a-r E:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\outicon.exe
+ 2008-06-27 20:11:05 11,264 ----a-r E:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\PEicons.exe
+ 2008-06-27 20:11:05 30,208 ----a-r E:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\pptico.exe
+ 2008-06-27 20:11:05 35,328 ----a-r E:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\wordicon.exe
+ 2008-06-27 20:11:05 69,120 ----a-r E:\WINDOWS\Installer\{00000415-78E1-11D2-B60F-006097C998E7}\xlicons.exe
- 2008-05-19 10:42:39 20,240 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-07-10 06:58:24 20,240 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-19 10:42:39 184,080 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-07-10 06:58:23 184,080 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-05-19 10:42:39 217,864 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-07-10 06:58:24 217,864 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-19 10:42:39 18,704 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-07-10 06:58:25 18,704 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-19 10:42:40 35,088 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-07-10 06:58:25 35,088 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-19 10:42:39 922,384 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-07-10 06:58:24 922,384 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-19 10:42:39 888,080 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-07-10 06:58:25 888,080 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-19 10:42:39 1,172,240 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-07-10 06:58:23 1,172,240 ----a-r E:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-30 13:51:56 32,768 ----a-r E:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2004-07-14 23:49:16 258,048 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-13 19:30:52 258,048 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-14 23:49:22 32,768 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-13 19:30:52 32,768 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-14 22:32:22 81,920 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-13 18:57:52 81,920 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-20 18:09:14 86,016 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-13 18:57:58 86,016 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-14 22:25:06 315,392 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-13 18:56:30 315,392 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-14 22:33:04 102,400 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-13 18:58:00 102,400 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 12:29:02 2,138,112 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-13 18:50:46 2,142,208 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-20 18:09:18 77,824 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-13 18:58:02 77,824 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-14 22:26:52 2,510,848 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-13 18:57:00 2,523,136 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-14 22:28:34 2,502,656 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-13 18:57:28 2,514,944 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 14:20:00 106,496 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 14:11:26 73,728 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-14 23:49:16 258,048 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3236\_aspnet_isapi.dll
+ 2004-07-14 22:32:22 81,920 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3236\_CORPerfMonExt.dll
+ 2004-07-14 22:24:30 282,624 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3236\_fusion.dll
+ 2004-07-14 22:25:06 315,392 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3236\_mscorjit.dll
+ 2004-07-15 12:29:02 2,138,112 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3236\_mscorlib.dll
+ 2003-02-20 18:09:18 77,824 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3236\_mscorsn.dll
+ 2004-07-14 22:26:52 2,510,848 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3236\_mscorsvr.dll
+ 2004-07-14 22:28:34 2,502,656 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3236\_mscorwks.dll
+ 2003-02-21 02:42:22 348,160 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3236\_msvcr71.dll
+ 2004-07-14 22:34:50 94,208 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3236\_PerfCounter.dll
- 2004-07-15 12:31:16 1,224,704 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-13 19:35:38 1,232,896 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 12:29:00 1,257,472 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-13 19:35:46 1,265,664 ----a-w E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2000-08-31 06:00:00 28,160 ----a-w E:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w E:\WINDOWS\Nircmd.exe
- 2008-03-01 13:02:23 124,928 ----a-w E:\WINDOWS\system32\advpack.dll
+ 2008-04-23 07:20:42 124,928 ----a-w E:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:02:23 124,928 -c----w E:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 07:20:42 124,928 -c----w E:\WINDOWS\system32\dllcache\advpack.dll
- 2006-03-02 12:00:00 138,496 -c--a-w E:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 -c--a-w E:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-14 18:01:34 273,024 -c----w E:\WINDOWS\system32\dllcache\bthport.sys
- 2008-02-20 05:38:07 148,992 -c--a-w E:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:42:20 148,992 -c--a-w E:\WINDOWS\system32\dllcache\dnsapi.dll
- 2008-03-01 13:02:23 347,136 -c----w E:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 07:20:42 347,136 -c----w E:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:02:23 214,528 -c----w E:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 07:20:42 214,528 -c----w E:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:02:23 133,120 -c----w E:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 07:20:42 133,120 -c----w E:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:02:23 63,488 -c----w E:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 07:20:42 63,488 -c----w E:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:59:00 70,656 -c----w E:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:43:26 70,656 -c----w E:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 13:02:23 153,088 -c----w E:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 07:20:42 153,088 -c----w E:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:02:23 230,400 -c----w E:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 07:20:42 230,400 -c----w E:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c----w E:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c----w E:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 13:02:24 383,488 -c----w E:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 07:20:42 383,488 -c----w E:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:02:24 384,512 -c----w E:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 07:20:42 384,512 -c----w E:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:02:26 6,066,176 -c----w E:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 07:20:42 6,066,176 -c----w E:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:02:26 44,544 -c----w E:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 07:20:43 44,544 -c----w E:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:02:26 267,776 -c----w E:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 07:20:43 267,776 -c----w E:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 -c----w E:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 -c----w E:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:59:23 625,664 -c----w E:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:43:46 625,664 -c----w E:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-03-01 13:02:27 27,648 -c----w E:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 07:20:43 27,648 -c----w E:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-03-02 12:00:00 294,400 -c--a-w E:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 12:01:52 294,912 -c--a-w E:\WINDOWS\system32\dllcache\msctf.dll
- 2008-03-01 13:02:27 459,264 -c----w E:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 07:20:43 459,264 -c----w E:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:02:27 52,224 -c----w E:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 07:20:43 52,224 -c----w E:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 16:32:30 3,591,680 -c----w E:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 23:20:44 3,591,680 -c----w E:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 13:02:29 478,208 -c----w E:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 07:20:43 478,208 -c----w E:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:02:29 193,024 -c----w E:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 07:20:43 193,024 -c----w E:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:02:29 671,232 -c----w E:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 07:20:43 671,232 -c----w E:\WINDOWS\system32\dllcache\mstime.dll
- 2006-03-02 12:00:00 246,784 -c--a-w E:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:42:21 246,784 -c--a-w E:\WINDOWS\system32\dllcache\mswsock.dll
- 2008-03-01 13:02:29 102,912 -c----w E:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 07:20:43 102,912 -c----w E:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:02:29 44,544 -c----w E:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 07:20:43 44,544 -c----w E:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:44:30 1,291,264 -c--a-w E:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:16:26 1,291,264 -c--a-w E:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w E:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w E:\WINDOWS\system32\dllcache\rmcast.sys
- 2007-10-30 17:20:55 360,064 -c--a-w E:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w E:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c--a-w E:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w E:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-03-01 13:02:29 105,984 -c----w E:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 07:20:43 105,984 -c----w E:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:02:29 1,159,680 -c----w E:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 07:20:43 1,159,680 -c----w E:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:02:29 233,472 -c----w E:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 07:20:43 233,472 -c----w E:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:02:29 826,368 -c----w E:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 07:20:44 826,368 -c----w E:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-20 05:38:07 148,992 ----a-w E:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:42:20 148,992 ----a-w E:\WINDOWS\system32\dnsapi.dll
- 2006-07-13 08:48:58 202,240 ----a-w E:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w E:\WINDOWS\system32\drivers\rmcast.sys
- 2008-03-01 13:02:23 347,136 ------w E:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 07:20:42 347,136 ------w E:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:02:23 214,528 ------w E:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 07:20:42 214,528 ------w E:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:02:23 133,120 ------w E:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 07:20:42 133,120 ------w E:\WINDOWS\system32\extmgr.dll
- 2008-05-20 21:16:16 228,000 ----a-w E:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-30 09:39:11 229,592 ----a-w E:\WINDOWS\system32\FNTCACHE.DAT
- 2008-03-01 13:02:23 63,488 ----a-w E:\WINDOWS\system32\icardie.dll
+ 2008-04-23 07:20:42 63,488 ----a-w E:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:59:00 70,656 ------w E:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:43:26 70,656 ------w E:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:02:23 153,088 ------w E:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 07:20:42 153,088 ------w E:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:02:23 230,400 ------w E:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 07:20:42 230,400 ------w E:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ------w E:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ------w E:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:02:24 383,488 ----a-w E:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 07:20:42 383,488 ----a-w E:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:02:24 384,512 ------w E:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 07:20:42 384,512 ------w E:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:02:26 6,066,176 ----a-w E:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 07:20:42 6,066,176 ----a-w E:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:02:26 44,544 ------w E:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 07:20:43 44,544 ------w E:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:02:26 267,776 ----a-w E:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 07:20:43 267,776 ----a-w E:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w E:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w E:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 13:02:27 27,648 ------w E:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 07:20:43 27,648 ------w E:\WINDOWS\system32\jsproxy.dll
+ 2008-03-25 02:32:44 218,496 ----a-r E:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe
+ 2008-03-25 03:21:18 2,889,088 ----a-w E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:20 218,496 ----a-w E:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-06-13 11:17:12 74,649 ----a-w E:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-05-30 22:01:09 70,264 ----a-w E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 1999-04-08 09:23:34 53,248 ----a-w E:\WINDOWS\system32\MFC42PLK.DLL
- 2008-05-09 12:35:06 16,863,864 ----a-w E:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w E:\WINDOWS\system32\MRT.exe
- 2005-09-23 05:28:52 270,848 ----a-w E:\WINDOWS\system32\mscoree.dll
+ 2006-12-22 10:28:14 271,360 ----a-w E:\WINDOWS\system32\mscoree.dll
- 2006-03-02 12:00:00 294,400 ----a-w E:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 12:01:52 294,912 ----a-w E:\WINDOWS\system32\msctf.dll
- 2008-03-01 13:02:27 459,264 ----a-w E:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 07:20:43 459,264 ----a-w E:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:02:27 52,224 ----a-w E:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 07:20:43 52,224 ----a-w E:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 16:32:30 3,591,680 ----a-w E:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 23:20:44 3,591,680 ----a-w E:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:02:29 478,208 ------w E:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 07:20:43 478,208 ------w E:\WINDOWS\system32\mshtmled.dll
+ 1999-03-29 12:26:10 7,680 ----a-w E:\WINDOWS\system32\MSPRPPLK.DLL
- 2008-03-01 13:02:29 193,024 ------w E:\WINDOWS\system32\msrating.dll
+ 2008-04-23 07:20:43 193,024 ------w E:\WINDOWS\system32\msrating.dll
+ 1998-09-17 03:20:48 393,216 ----a-w E:\WINDOWS\system32\MSRDO20.DLL
- 2008-03-01 13:02:29 671,232 ------w E:\WINDOWS\system32\mstime.dll
+ 2008-04-23 07:20:43 671,232 ------w E:\WINDOWS\system32\mstime.dll
- 2003-04-19 00:46:22 1,233,920 ----a-w E:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 13:03:04 1,275,392 ----a-w E:\WINDOWS\system32\msxml4.dll
- 2005-09-23 05:29:00 6,144 ----a-w E:\WINDOWS\system32\mui\[u]0[/u]409\mscorees.dll
+ 2006-12-22 11:02:36 6,144 ----a-w E:\WINDOWS\system32\mui\[u]0[/u]409\mscorees.dll
- 2008-03-01 13:02:29 102,912 ------w E:\WINDOWS\system32\occache.dll
+ 2008-04-23 07:20:43 102,912 ------w E:\WINDOWS\system32\occache.dll
- 2008-03-01 13:02:29 44,544 ------w E:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 07:20:43 44,544 ------w E:\WINDOWS\system32\pngfilt.dll
+ 1998-09-17 03:20:52 151,552 ----a-w E:\WINDOWS\system32\RDOCURS.DLL
- 2008-03-20 12:41:20 14,640 ------w E:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:40:46 19,320 ------w E:\WINDOWS\system32\spmsg.dll
- 2008-03-01 13:02:29 105,984 ----a-w E:\WINDOWS\system32\url.dll
+ 2008-04-23 07:20:43 105,984 ----a-w E:\WINDOWS\system32\url.dll
- 2008-03-01 13:02:29 1,159,680 ----a-w E:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 07:20:43 1,159,680 ----a-w E:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:02:29 233,472 ----a-w E:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 07:20:43 233,472 ----a-w E:\WINDOWS\system32\webcheck.dll
+ 2008-07-12 07:32:08 16,384 ----atw E:\WINDOWS\Temp\Perflib_Perfdata_718.dat
+ 2008-05-30 17:19:59 16,384 ----atw E:\WINDOWS\Temp\Perflib_Perfdata_9ac.dat
+ 2007-05-08 13:06:44 1,275,392 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
+ 2006-12-01 20:56:00 96,256 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 40,960 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 65,536 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w E:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="E:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2007-10-05 16:56 53248]
"IgfxTray"="E:\WINDOWS\system32\igfxtray.exe" [2007-04-21 04:57 142104]
"HotKeysCmds"="E:\WINDOWS\system32\hkcmd.exe" [2007-04-21 04:57 162584]
"Persistence"="E:\WINDOWS\system32\igfxpers.exe" [2007-04-21 04:57 138008]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="E:\WINDOWS\system32\qttask.exe" [2008-05-18 18:15 98304]
"ePower_DMC"="E:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-05-24 12:18 475136]
"Boot"="E:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"SynTPStart"="E:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 11:35 102400]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-05 16:56 16132608 E:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
E:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Acer Empowering Technology.lnk - E:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-05-18 18:35:33 45056]
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
Przyspieszenie uruchomienia programu AutoCAD.lnk - E:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 15:43:54 11000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\iac25_32.ax
"msacm.sl_anet"= E:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= E:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= E:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= E:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
"vidc.uyvy"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= E:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spik]
--a------ 2008-06-13 15:25 103912 E:\Program Files\Spik\Spik.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"E:\\Program Files\\Spik\\Spik.exe"=
R1 aswSP;avast! Self Protection;E:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 NMSAccessU;NMSAccessU;E:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e9e9886-486e-11dd-8104-001e4c505891}]
\Shell\AutoRun\command - jdwx.exe
\Shell\explore\Command - jdwx.exe
\Shell\open\Command - jdwx.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae5aea52-4e78-11dd-810a-001e4c505891}]
\Shell\AutoRun\command - H:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf08e1bd-332a-11dd-80f6-001e4c505891}]
\Shell\AutoRun\command - t.com
\Shell\explore\Command - t.com
\Shell\open\Command - t.com
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-BroadcomWireless - E:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 19:53:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-13 19:54:08
ComboFix-quarantined-files.txt 2008-07-13 17:53:55
ComboFix2.txt 2008-05-29 22:10:05
Pre-Run: 6,750,892,032 bajtów wolnych
Post-Run: 6,809,620,480 bajtów wolnych
496 --- E O F --- 2008-07-11 19:37:52
[quote]"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "E:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""E:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"AzMixerSel" = "E:\Program Files\Realtek\InstallShield\AzMixerSel.exe" ["Realtek Semiconductor Corp."]
"IgfxTray" = "E:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "E:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"Persistence" = "E:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"avast!" = "E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"Adobe Reader Speed Launcher" = ""E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"QuickTime Task" = ""E:\WINDOWS\system32\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"ePower_DMC" = "E:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [null data]
"Boot" = "E:\Acer\Empowering Technology\ePower\Boot.exe" [null data]
"SynTPStart" = "E:\Program Files\Synaptics\SynTP\SynTPStart.exe" ["Synaptics, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "E:\WINDOWS\system32\shdocvw.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "E:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."]
"{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}" = "EPM-PO Shell Extension"
-> {HKLM...CLSID} = "EPM-PO Shell Extensions"
\InProcServer32\(Default) = "epm-po.dll" ["Acer Labs USA"]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
-> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Uchwyt nakładania ikony podpisu cyfrowego"
-> {HKLM...CLSID} = "AcSignIcon"
\InProcServer32\(Default) = "E:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
\InProcServer32\(Default) = "E:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
"{B4B924A2-EBDA-11DA-95DA-00E08161165F}" = "Dodatki Spika"
-> {HKLM...CLSID} = "SpikShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Autodesk.DWF.ContextMenu\(Default) = "{6C18531F-CA85-45F7-8278-FF33CF0A5964}"
-> {HKLM...CLSID} = "DWFShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll" ["Autodesk, Inc."]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"
-> {HKLM...CLSID} = "SpikShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"
-> {HKLM...CLSID} = "SpikShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
Default executables:
--------------------
<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"
<<!>> HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"
<<!>> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""E:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "%1"" [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Documents and Settings\rybak_dusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
CDBurnerXP\
"Provider" = "CDBurnerXP"
"InvokeProgID" = "CDBurnerXPOpen"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = ""E:\Program Files\CDBurnerXP\cdbxpp.exe"" [null data]
WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "E:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""E:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""E:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]
Startup items in "rybak_dusz" & "All Users" startup folders:
------------------------------------------------------------
WARNING! "All Users" startup folder not found!
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTE
