dzodzo utworzono 8 września 2009 utworzono 8 września 2009 (edytowane) Log do sprawdzenia ComboFix 09-09-07.03 - boss 2009-09-08 10:30.3.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1577 [GMT 2:00]Uruchomiony z: c:\documents and settings\boss\Pulpit\ComboFix.exe. ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((( Pliki utworzone od 2009-08-08 do 2009-09-08 ))))))))))))))))))))))))))))))).2009-09-29 15:33 . 2009-09-29 15:33 -------- d-----w- c:\program files\Cute MP3 Converter2009-09-08 08:14 . 2009-09-08 08:21 -------- d-----w- c:\windows\LastGood2009-09-08 08:14 . 2009-09-08 08:14 -------- d-----w- c:\program files\ESET2009-09-07 17:06 . 2001-10-26 14:57 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys2009-09-07 17:06 . 2001-10-26 14:57 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys2009-09-05 06:57 . 2009-09-05 07:00 -------- d-----w- c:\documents and settings\boss\Dane aplikacji\BearShareTb2009-09-05 06:57 . 2009-09-05 06:57 -------- d-----w- c:\program files\BearShareTb2009-09-05 06:57 . 2009-09-05 07:17 -------- d-----w- c:\documents and settings\boss\Ustawienia lokalne\Dane aplikacji\BearShare2009-09-05 06:57 . 2009-09-05 06:57 -------- d-----w- c:\program files\BearShare Applications2009-09-04 17:58 . 2009-09-04 20:39 -------- d-----w- c:\documents and settings\boss\Dane aplikacji\ChomikBox2009-09-04 08:18 . 2004-04-30 07:37 160640 ----a-w- c:\windows\system32\drivers\a347bus.sys2009-09-04 08:18 . 2004-04-30 07:33 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys2009-09-04 08:18 . 2009-09-04 08:18 -------- d-----w- c:\program files\Alcohol Soft2009-08-12 21:26 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll2009-08-12 16:09 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-09-08 08:29 . 2009-05-30 14:47 -------- d-----w- c:\documents and settings\boss\Dane aplikacji\foobar20002009-09-08 08:21 . 2009-03-23 20:10 -------- d-----w- c:\program files\PROGRAMY2009-09-08 08:18 . 2009-03-23 20:46 -------- d-----w- c:\documents and settings\boss\Dane aplikacji\uTorrent2009-09-08 07:48 . 2009-03-25 12:24 -------- d-----w- c:\documents and settings\boss\Dane aplikacji\Nowe Gadu-Gadu2009-09-07 17:31 . 2004-08-04 10:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys2009-09-07 16:38 . 2009-03-23 23:41 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.backup2009-09-06 18:25 . 2009-03-24 15:56 189392 ----a-w- c:\windows\system32\PnkBstrB.exe2009-09-06 18:24 . 2009-03-24 15:56 138016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2009-09-06 17:56 . 2009-03-23 19:44 -------- d-----w- c:\documents and settings\boss\Dane aplikacji\Skype2009-09-06 17:39 . 2009-03-23 19:45 -------- d-----w- c:\documents and settings\boss\Dane aplikacji\skypePM2009-08-11 21:08 . 2009-03-24 15:43 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA2009-08-11 15:31 . 2009-04-12 12:55 -------- d-----w- c:\program files\America's Army Server Manager2009-08-11 15:30 . 2009-03-23 20:32 -------- d-----w- c:\program files\GRY2009-08-10 19:27 . 2009-03-23 23:44 -------- d-----w- c:\documents and settings\boss\Dane aplikacji\Kamerzysta2009-08-10 19:09 . 2009-04-24 19:57 -------- d-----w- c:\program files\Strip Poker Exclusive 42009-08-10 19:09 . 2009-04-19 15:03 -------- d-----w- c:\program files\Sony Ericsson2009-08-08 17:25 . 2009-03-24 15:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe2009-08-05 09:01 . 2004-08-04 10:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll2009-07-29 14:15 . 2009-03-23 18:22 -------- d--h--w- c:\program files\InstallShield Installation Information2009-07-29 14:04 . 2009-07-12 20:01 -------- d-----w- c:\program files\SlySoft2009-07-27 16:37 . 2009-07-27 11:54 -------- d-----w- c:\program files\GameSpy Arcade2009-07-27 16:36 . 2009-07-27 16:36 -------- d-----w- c:\program files\AWS2009-07-27 16:33 . 2009-07-27 16:33 -------- d-----w- c:\program files\Buka2009-07-22 13:54 . 2009-07-22 13:54 -------- d-----w- c:\program files\Google2009-07-22 13:54 . 2009-04-07 12:37 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP2009-07-20 18:40 . 2009-07-20 17:54 -------- d-----w- c:\program files\Common Files\Teleca Shared2009-07-20 17:59 . 2009-07-20 17:59 -------- d-----w- c:\documents and settings\boss\Dane aplikacji\Teleca2009-07-20 17:58 . 2009-07-20 17:58 -------- d-----w- c:\documents and settings\boss\Dane aplikacji\Sony Ericsson2009-07-20 08:02 . 2009-07-20 08:02 -------- d-----w- c:\documents and settings\boss\Dane aplikacji\Apple Computer2009-07-20 07:59 . 2009-07-20 07:59 -------- d-----w- c:\program files\QuickTime2009-07-20 07:59 . 2009-07-20 07:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer2009-07-17 19:04 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll2009-07-15 13:25 . 2009-07-15 13:25 -------- d-----w- c:\documents and settings\boss\Dane aplikacji\cmw2009-07-13 21:43 . 2004-08-04 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll2009-07-13 08:50 . 2009-07-13 08:50 -------- d-----w- c:\program files\AGEIA Technologies2009-07-13 08:49 . 2009-07-13 08:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2009-07-13 08:49 . 2009-07-13 08:49 -------- d-----w- c:\program files\Xvid2009-06-29 23:10 . 2009-06-29 23:10 3 ----a-w- c:\documents and settings\boss\Dane aplikacji\new.exe2009-06-29 15:59 . 2006-03-04 03:35 827392 ----a-w- c:\windows\system32\wininet.dll2009-06-29 15:59 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll2009-06-29 15:59 . 2004-08-04 10:00 17408 ------w- c:\windows\system32\corpol.dll2009-06-25 08:27 . 2004-08-04 10:00 732160 ----a-w- c:\windows\system32\lsasrv.dll2009-06-25 08:27 . 2004-08-04 10:00 56832 ----a-w- c:\windows\system32\secur32.dll2009-06-25 08:27 . 2004-08-04 10:00 54272 ----a-w- c:\windows\system32\wdigest.dll2009-06-25 08:27 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll2009-06-25 08:27 . 2004-08-04 10:00 147456 ----a-w- c:\windows\system32\schannel.dll2009-06-25 08:27 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll2009-06-24 11:18 . 2004-08-04 10:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys2009-06-24 00:20 . 2009-06-08 00:02 289248 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat2009-06-21 22:56 . 2009-06-21 22:56 3 ----a-w- c:\documents and settings\boss\Dane aplikacji\svs.exe2009-06-19 22:32 . 2009-03-23 23:45 499712 ----a-w- c:\windows\system32\msvcp71.dll2009-06-19 22:32 . 2009-03-23 23:45 348160 ----a-w- c:\windows\system32\msvcr71.dll2009-06-16 14:40 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll2009-06-16 14:40 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll2009-06-15 10:45 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\telnet.exe2009-06-15 10:45 . 2004-08-04 10:00 82944 ----a-w- c:\windows\system32\tlntsess.exe2009-06-10 14:15 . 2004-08-04 10:00 84992 ----a-w- c:\windows\system32\avifil32.dll.------- Sigcheck -------[-] 2009-09-07 . 001A8A8DDD048ED8E164BE865140605C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys[-] 2009-09-07 . 001A8A8DDD048ED8E164BE865140605C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys[-] 2009-03-23 . 324703B2316F82D656311A4607EAFC29 . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]2009-08-10 14:06 91576 ----a-w- c:\program files\BearShareTb\BearShareDx.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]2009-05-04 10:56 398776 ----a-w- c:\program files\BearShare Applications\BearShare\BearShareIEHelper.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576][HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-08 288048][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-28 8523776]"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]"tsnp325"="c:\windows\tsnp325.exe" [2006-10-10 270336]"snp325"="c:\windows\vsnp325.exe" [2006-10-10 827392]"Onet.pl AutoUpdate"="c:\program files\Common Files\Onet.pl\AutoUpdate.exe" [2006-02-08 260096]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-19 198160]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-07-20 155648]c:\documents and settings\boss\Menu Start\Programy\Autostart\santa.bat [2009-6-22 181]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk - c:\program files\PROGRAMY\Office\OSA9.EXE [1999-2-17 65588][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoResolveTrack"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\mmc.exe"="c:\\Program Files\\PROGRAMY\\ChomikBox.exe"="c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="c:\\Program Files\\GRY\\amerikan\\System\\ArmyOps.exe"="c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [2008-09-10 229648]S3 ABIT-IO;ABIT-IO;\??\c:\program files\U-ABIT\abitEQ\ABIT-IO.sys --> c:\program files\U-ABIT\abitEQ\ABIT-IO.sys [?]S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2009-05-06 81832]S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2009-05-06 13864]S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2009-05-06 107304]S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2009-05-06 99112]S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2009-05-07 21928]S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2009-05-06 97320]S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2009-05-07 97704]S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2009-04-05 10253056][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Zawartość folderu 'Zaplanowane zadania'2009-04-07 c:\windows\Tasks\Uniblue DiskRescue 2009.job- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]..------- Skan uzupełniający -------.uStart Page = hxxp://search.bearshare.com/uDefault_Search_URL = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200FF - ProfilePath - c:\documents and settings\boss\Dane aplikacji\Mozilla\Firefox\Profiles\k0cmttlc.default\FF - prefs.js: browser.search.selectedEngine - BearShare Web SearchFF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/webResults.html?src=ffb&q=FF - plugin: c:\documents and settings\boss\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dllFF - plugin: c:\program files\Google\Picasa3\npPicasa3.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-09-08 10:32Windows 5.1.2600 Dodatek Service Pack 3 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-2025429265-448539723-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]@Denied: (A 2) (Everyone)@="IFlashBroker3"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'explorer.exe'(2456)c:\windows\system32\WININET.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Czas ukończenia: 2009-09-08 10:32ComboFix-quarantined-files.txt 2009-09-08 08:32Przed: 31 462 092 800 bajtów wolnychPo: 31 565 230 080 bajtów wolnych214 --- E O F --- 2009-08-25 18:56
Psycholandia komentarz 8 września 2009 komentarz 8 września 2009 Czy przeglądałeś dział FAQ -> Obsługa forum? Jeżeli tak to zapewne wiesz, że logi wstawiamy w tagi LOG . Tu masz instrukcję Tworzenie logaPopraw swój post. W przypadku odmowy, będę zmuszony przenieść Twój temat do Kosza. 1
dzodzo komentarz 8 września 2009 Autor komentarz 8 września 2009 to trochę dziwne bo dr web wykrył http://img178.imageshack.us/img178/8780/skanerpc.jpg
dzodzo komentarz 12 września 2009 Autor komentarz 12 września 2009 jednak coś siedzi u mnie w kompie Trojan.Win32.BHO.ypd c:\system volume information\_restore{3f8ddc2d-d789-457f-8a60-dcdba652fd49}\rp143\a0033999.dll
MarekM25 komentarz 12 września 2009 komentarz 12 września 2009 Wyłącz i włącz przywracanie systemu (Mój komputer->PPM->właściwości->Przywracanie systemu-> Zaznaczasz Wyłącz przywracanie systemu na wszystkich dyskach a później znowu zaznaczasz).
dzodzo komentarz 12 września 2009 Autor komentarz 12 września 2009 jest lepiej ale jeszcze coś się muli komputer :/
MarekM25 komentarz 12 września 2009 komentarz 12 września 2009 OTListIt2. Przeskanuj komputer dr webem
dzodzo komentarz 12 września 2009 Autor komentarz 12 września 2009 (edytowane) OTl log Log do sprawdzenia OTL logfile created on: 2009-09-12 15:20:29 - Run 1OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\boss\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,37% Memory free 3,85 Gb Paging File | 3,19 Gb Available in Paging File | 83,03% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 60,00 Gb Total Space | 29,51 Gb Free Space | 49,18% Space Free | Partition Type: NTFS Drive D: | 70,00 Gb Total Space | 3,11 Gb Free Space | 4,44% Space Free | Partition Type: NTFS Drive E: | 102,87 Gb Total Space | 3,33 Gb Free Space | 3,24% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BONZER Current User Name: boss Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2007-02-12 14:50:40 | 00,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe PRC - [2006-10-10 15:49:42 | 00,270,336 | ---- | M] () -- C:\WINDOWS\tsnp325.exe PRC - [2006-10-10 14:11:08 | 00,827,392 | ---- | M] () -- C:\WINDOWS\vsnp325.exe PRC - [2006-02-08 16:40:50 | 00,260,096 | ---- | M] (Onet.pl) -- C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe PRC - [2009-06-20 00:32:52 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2007-06-28 12:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe PRC - [2007-06-28 12:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe PRC - [2009-03-24 01:49:24 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2007-11-28 10:45:31 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2009-08-08 19:25:24 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe PRC - [2009-09-06 20:25:32 | 00,189,392 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe PRC - [2008-09-10 17:22:22 | 00,229,648 | ---- | M] (Uniblue) -- C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe PRC - [2009-08-11 10:04:48 | 01,517,568 | ---- | M] () -- C:\Program Files\PROGRAMY\ChomikBox.exe PRC - [2009-05-29 10:53:17 | 09,818,728 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2009-04-20 16:08:38 | 00,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-06-29 10:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe PRC - [2009-09-30 16:16:27 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-09-12 15:19:54 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boss\Pulpit\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2007-06-28 12:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -- (AVP [Auto | Running]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008-08-01 00:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2007-03-11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running]) SRV - [2007-03-11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running]) SRV - [2005-11-14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - [2009-03-24 01:49:24 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2006-11-08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2007-11-28 10:45:31 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2006-11-08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running]) SRV - [2009-08-08 19:25:24 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running]) SRV - [2009-09-06 20:25:32 | 00,189,392 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running]) SRV - [2008-09-10 17:22:22 | 00,229,648 | ---- | M] (Uniblue) -- C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe -- (Uniblue DiskRescue [Auto | Running]) SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== DRV - [2004-04-30 09:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus [boot | Running]) DRV - [2004-04-30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi [boot | Running]) DRV - [2008-04-13 20:40:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi [boot | Running]) DRV - [2007-08-08 18:54:10 | 00,028,968 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ATITool.sys -- (ATITool [system | Stopped]) DRV - [2007-03-16 11:11:38 | 00,012,256 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\TBPANEL.SYS -- (Cardex [On_Demand | Stopped]) DRV - [2004-12-13 23:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [boot | Stopped]) DRV - [2004-10-25 21:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped]) DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007-03-08 06:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped]) DRV - [2007-03-08 06:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped]) DRV - [2007-03-08 06:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped]) DRV - [2007-01-30 12:57:50 | 04,474,368 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2009-09-10 21:23:56 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [boot | Running]) DRV - [2009-09-10 21:23:56 | 00,194,320 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys -- (klif [system | Running]) DRV - [2007-04-04 14:58:26 | 00,024,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running]) DRV - [2006-04-18 14:53:44 | 00,004,047 | ---- | M] () -- C:\Program Files\U-ABIT\FlashMenu\Memctl.sys -- (Memctl [On_Demand | Stopped]) DRV - [2007-11-28 10:45:31 | 07,429,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2009-09-06 20:24:27 | 00,138,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped]) DRV - [2004-08-04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-11-20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2007-06-19 09:51:16 | 00,081,832 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816bus.sys -- (s816bus [On_Demand | Stopped]) DRV - [2007-06-19 09:51:18 | 00,013,864 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816mdfl.sys -- (s816mdfl [On_Demand | Stopped]) DRV - [2007-06-19 09:51:20 | 00,107,304 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816mdm.sys -- (s816mdm [On_Demand | Stopped]) DRV - [2007-06-19 09:51:18 | 00,099,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816mgmt.sys -- (s816mgmt [On_Demand | Stopped]) DRV - [2007-06-19 09:51:18 | 00,021,928 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816nd5.sys -- (s816nd5 [On_Demand | Stopped]) DRV - [2007-06-19 09:51:18 | 00,097,320 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816obex.sys -- (s816obex [On_Demand | Stopped]) DRV - [2007-06-19 09:51:18 | 00,097,704 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\s816unic.sys -- (s816unic [On_Demand | Stopped]) DRV - [2006-09-18 14:58:48 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27bus.sys -- (SE27bus [On_Demand | Stopped]) DRV - [2006-09-18 14:58:52 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys -- (SE27mdfl [On_Demand | Stopped]) DRV - [2006-09-18 14:58:54 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mdm.sys -- (SE27mdm [On_Demand | Stopped]) DRV - [2006-09-18 14:58:58 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys -- (SE27mgmt [On_Demand | Stopped]) DRV - [2006-09-18 14:59:00 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se27nd5.sys -- (se27nd5 [On_Demand | Stopped]) DRV - [2006-09-18 14:59:02 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27obex.sys -- (SE27obex [On_Demand | Stopped]) DRV - [2006-09-18 14:59:08 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se27unic.sys -- (se27unic [On_Demand | Stopped]) DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2007-04-20 18:51:56 | 10,253,056 | ---- | M] (Sonix Co. Ltd.) -- C:\WINDOWS\System32\DRIVERS\snp325.sys -- (SNP325 [On_Demand | Stopped]) DRV - [2009-03-25 00:35:28 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running]) DRV - [2007-03-16 11:11:38 | 00,012,256 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel [Auto | Running]) DRV - [2008-04-13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running]) DRV - [2007-01-12 10:54:00 | 00,010,848 | ---- | M] () -- C:\Program Files\U-ABIT\FlashMenu\WinFlash.sys -- (WINFLASH [On_Demand | Stopped]) DRV - [2006-11-22 09:01:00 | 00,250,496 | ---- | M] (Marvell) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/ IE - HKU\S-1-5-21-2025429265-448539723-839522115-1003\S-1-5-21-2025429265-448539723-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search" FF - prefs.js..browser.search.order.1: "BearShare Web Search" FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - prefs.js..keyword.URL: "http://search.bearshare.com/webResults.html?src=ffb&q=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-24 01:49:25 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-06-30 22:05:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-12 14:36:03 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-30 16:16:36 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-03-23 22:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\mozilla\Extensions [2009-03-23 22:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-09-05 13:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\mozilla\Firefox\Profiles\k0cmttlc.default\extensions [2009-06-30 22:10:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\mozilla\Firefox\Profiles\k0cmttlc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-08-13 21:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\mozilla\Firefox\Profiles\k0cmttlc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009-09-05 13:07:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\mozilla\Firefox\Profiles\k0cmttlc.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2009-07-18 01:02:48 | 00,002,476 | ---- | M] () -- C:\Documents and Settings\boss\Dane aplikacji\Mozilla\FireFox\Profiles\k0cmttlc.default\searchplugins\BearShareWebSearch.xml [2009-06-18 10:20:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-09-30 16:16:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-09-30 16:16:24 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-09-30 16:16:24 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2009-09-30 16:16:30 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007-05-10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-06-20 00:33:00 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009-06-20 00:33:07 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-06-20 00:32:57 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-09-30 16:16:31 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-07-18 01:02:48 | 00,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml [2009-09-30 16:16:31 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-09-30 16:16:31 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-09-30 16:16:31 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-09-30 16:16:31 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-09-30 16:16:31 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-09-30 16:16:31 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll () O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll () O3 - HKU\S-1-5-21-2025429265-448539723-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe (Onet.pl) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [snp325] C:\WINDOWS\vsnp325.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe () O4 - HKU\S-1-5-21-2025429265-448539723-839522115-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\PROGRAMY\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\boss\Menu Start\Programy\Autostart\santa.bat () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2025429265-448539723-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2025429265-448539723-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm () O9 - Extra Button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250091209609 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.175.180.30 83.175.180.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-03-23 20:11:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-04-05 07:41:09 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-04-05 07:41:09 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-04-05 07:41:09 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [6 C:\WINDOWS\*.tmp files] [2009-10-03 20:13:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Moje dokumenty\Pobieranie [2009-10-02 19:58:02 | 00,485,668 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\akon ft. david guetta - sexy bitch dzwonek 1.mp3 [2009-10-02 19:53:43 | 03,909,621 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\akon ft. david guetta - sexy bitch.mp3 [2009-09-30 14:32:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Pulpit\techno amfitratr [2009-09-30 14:29:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Pulpit\Nowy folder [2009-09-29 18:19:54 | 00,290,095 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\dj numerraz - mama dzwoni.mp3 [2009-09-29 18:00:58 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\mp3DirectCut.lnk [2009-09-29 18:00:12 | 00,212,713 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\mp3DC211.exe [2009-09-29 17:45:54 | 00,000,721 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Audacity.lnk [2009-09-29 17:33:24 | 01,323,008 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdvorbi.ocx [2009-09-29 17:33:24 | 00,282,624 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdcdrip.ocx [2009-09-29 17:33:24 | 00,270,336 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdmp3.ocx [2009-09-29 17:33:24 | 00,208,896 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdwma9.ocx [2009-09-29 17:33:24 | 00,176,128 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdwave.ocx [2009-09-29 17:33:24 | 00,131,072 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdplay.ocx [2009-09-29 17:33:24 | 00,118,784 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdconv.ocx [2009-09-29 17:33:24 | 00,000,750 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Cute MP3 Converter.lnk [2009-09-29 17:33:22 | 00,000,000 | ---D | C] -- C:\Program Files\Cute MP3 Converter [2009-09-29 17:31:35 | 03,565,491 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\cmc.exe [2009-09-12 15:21:22 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\launch(5).exe [2009-09-12 15:21:20 | 17,255,602 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\launch(5).exe.part [2009-09-12 15:19:54 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\boss\Pulpit\OTL.exe [2009-09-11 17:21:01 | 00,001,498 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Kalkulator.lnk [2009-09-11 17:02:06 | 00,731,282 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\dysk_gut(2).zip [2009-09-11 17:01:59 | 00,775,652 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\winimage60pl.rar [2009-09-11 17:01:30 | 00,731,282 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\dysk_gut.zip [2009-09-10 21:09:12 | 00,107,547 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2009-09-10 21:09:11 | 00,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2009-09-10 21:08:49 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2009-09-10 21:08:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab [2009-09-10 21:08:47 | 00,021,536 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009-09-10 21:08:47 | 00,015,648 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009-09-10 21:08:47 | 00,002,348 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009-09-10 21:08:47 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009-09-09 19:45:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\E280 [2009-09-09 09:18:55 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll [2009-09-08 20:03:33 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-09-08 10:32:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009-09-08 10:29:56 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009-09-08 10:14:17 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2009-09-08 10:08:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Pulpit\Nowy folder (2) [2009-09-07 19:06:15 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys [2009-09-07 19:06:15 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys [2009-09-06 10:43:46 | 00,016,477 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Final_Destination_The_(NAPiSY-110908).NS.zip [2009-09-05 09:34:46 | 01,823,266 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Vixen_-_Pokaz_feat._Peja dzwonek.mp3 [2009-09-05 09:05:56 | 06,837,729 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Vixen_-_Pokaz_feat._Peja.mp3 [2009-09-05 08:57:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Moje dokumenty\My Received Files [2009-09-05 08:57:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Moje dokumenty\BearShare [2009-09-05 08:57:38 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\boss\Dane aplikacji\Smiley.ico [2009-09-05 08:57:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Dane aplikacji\BearShareTb [2009-09-05 08:57:35 | 00,000,000 | ---D | C] -- C:\Program Files\BearShareTb [2009-09-05 08:57:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Ustawienia lokalne\Dane aplikacji\BearShare [2009-09-05 08:57:19 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx [2009-09-05 08:57:16 | 00,000,000 | ---D | C] -- C:\Program Files\BearShare Applications [2009-09-04 19:58:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Dane aplikacji\ChomikBox [2009-09-04 15:29:20 | 00,154,725 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Faktura - era.pdf [2009-09-04 10:18:35 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys [2009-09-04 10:18:35 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys [2009-09-04 10:18:34 | 00,001,785 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Alcohol 120%.lnk [2009-09-04 10:18:31 | 00,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft [2009-08-25 16:13:57 | 00,603,158 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Obrazek.jpg [2009-08-22 18:53:42 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Playlist H-H.lnk [2009-08-19 19:17:33 | 00,018,336 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\mam wyjebane.jpeg [2009-08-15 22:14:18 | 00,064,816 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Obraz(3).jpeg [2009-08-15 22:14:01 | 00,067,943 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Obraz(2).jpeg [2009-08-15 22:13:36 | 00,056,432 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Obraz.jpeg [2009-08-14 19:54:55 | 00,082,700 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\P1020240.jpg [2009-08-14 18:27:22 | 00,160,266 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\single2.JPG [2009-07-15 17:59:52 | 00,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009-05-15 00:07:58 | 00,210,032 | ---- | C] () -- C:\WINDOWS\System32\DBCLIENT.DLL [2009-04-23 19:36:58 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpx32.dll [2009-04-09 20:00:18 | 00,010,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\WinFlash.sys [2009-04-07 16:26:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\graphedit.INI [2009-04-05 21:55:08 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-04-05 21:55:07 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-04-05 21:55:02 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-04-05 21:55:02 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-04-05 21:55:02 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-04-05 15:03:37 | 00,015,498 | ---- | C] () -- C:\WINDOWS\snp325.ini [2009-04-05 15:03:33 | 00,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp325.dll [2009-04-05 15:03:33 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnp325.dll [2009-04-05 15:03:33 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp325.dll [2009-04-02 20:01:22 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009-03-25 15:54:27 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-03-25 00:35:28 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-03-24 22:10:53 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2009-03-24 21:12:22 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009-03-24 17:56:14 | 00,138,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-03-24 02:13:10 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-03-24 02:13:09 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-03-23 20:32:18 | 00,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI [2009-03-16 22:16:48 | 00,000,030 | -HS- | C] () -- C:\WINDOWS\System32\SECENEKLER8.INI [2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007-11-28 10:45:31 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007-11-28 10:45:31 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007-11-28 10:45:31 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007-11-28 10:45:31 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007-11-28 10:45:31 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007-09-12 23:54:48 | 00,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007-08-08 18:54:10 | 00,028,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys [2004-08-04 12:00:00 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys [2004-08-04 12:00:00 | 00,000,869 | ---- | C] () -- C:\WINDOWS\win.ini [2004-08-04 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [1999-01-22 20:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [6 C:\WINDOWS\*.tmp files] [2009-10-03 20:12:38 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Nowy Dokument programu Microsoft Word .doc [2009-10-02 19:58:02 | 00,485,668 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\akon ft. david guetta - sexy bitch dzwonek 1.mp3 [2009-09-29 18:19:54 | 00,290,095 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\dj numerraz - mama dzwoni.mp3 [2009-09-29 18:00:58 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\mp3DirectCut.lnk [2009-09-29 18:00:21 | 00,212,713 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\mp3DC211.exe [2009-09-29 17:45:54 | 00,000,721 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Audacity.lnk [2009-09-29 17:33:24 | 00,000,750 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Cute MP3 Converter.lnk [2009-09-29 17:31:45 | 03,565,491 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\cmc.exe [2009-09-12 15:22:28 | 17,273,952 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\boss\Pulpit\launch(5).exe [2009-09-12 15:21:18 | 00,197,152 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009-09-12 15:21:18 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009-09-12 15:21:15 | 00,015,648 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009-09-12 15:19:54 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boss\Pulpit\OTL.exe [2009-09-12 14:29:27 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-12 14:29:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-09-12 14:29:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-09-12 12:31:40 | 00,002,348 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009-09-11 17:02:07 | 00,731,282 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\dysk_gut(2).zip [2009-09-11 17:02:00 | 00,775,652 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\winimage60pl.rar [2009-09-11 17:01:30 | 00,731,282 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\dysk_gut.zip [2009-09-11 02:53:34 | 00,000,169 | -H-- | M] () -- C:\Documents and Settings\boss\Menu Start\Programy\Autostart\santa.bat [2009-09-11 02:51:13 | 00,107,547 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2009-09-11 02:51:13 | 00,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2009-09-10 21:23:56 | 00,194,320 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2009-09-10 21:23:56 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\kl1.sys [2009-09-10 20:39:36 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2009-09-10 19:41:37 | 00,114,688 | ---- | M] () -- C:\Documents and Settings\boss\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-10 12:09:33 | 00,000,869 | ---- | M] () -- C:\WINDOWS\win.ini [2009-09-09 00:31:44 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys [2009-09-09 00:31:44 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys [2009-09-08 21:58:25 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Microsoft Word.lnk [2009-09-08 10:32:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-09-07 19:31:27 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys.backup [2009-09-06 21:20:44 | 00,000,206 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\hwmonitorw.ini [2009-09-06 20:25:32 | 00,189,392 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2009-09-06 20:25:32 | 00,189,392 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2009-09-06 20:24:27 | 00,138,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-09-06 10:43:46 | 00,016,477 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Final_Destination_The_(NAPiSY-110908).NS.zip [2009-09-05 09:34:46 | 01,823,266 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Vixen_-_Pokaz_feat._Peja dzwonek.mp3 [2009-09-05 09:28:04 | 06,837,729 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Vixen_-_Pokaz_feat._Peja.mp3 [2009-09-04 20:16:40 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009-09-04 15:29:20 | 00,154,725 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Faktura - era.pdf [2009-09-04 10:18:34 | 00,001,785 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Alcohol 120%.lnk [2009-09-03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009-08-30 22:06:12 | 03,909,621 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\akon ft. david guetta - sexy bitch.mp3 [2009-08-28 23:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-08-19 19:17:33 | 00,018,336 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\mam wyjebane.jpeg [2009-08-15 22:11:45 | 00,056,432 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Obraz.jpeg [2009-08-15 22:11:32 | 00,067,943 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Obraz(2).jpeg [2009-08-15 22:11:28 | 00,064,816 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Obraz(3).jpeg [2009-08-14 18:27:22 | 00,160,266 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\single2.JPG [2009-08-14 17:37:58 | 00,082,700 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\P1020240.jpg [2009-08-13 17:24:10 | 00,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll [2009-08-13 17:24:10 | 00,512,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll ========== LOP Check ========== [2009-09-10 21:08:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2009-04-07 14:37:13 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{DFF7A91C-600F-4C83-8796-2CC83A70FF04} [2009-06-07 14:27:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AA2DeployClient [2009-06-22 22:36:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AA3DeployClient [2009-03-25 00:39:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2009-09-09 19:45:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\E280 [2009-03-23 20:34:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2009-03-23 21:49:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\muvee Technologies [2009-06-11 15:24:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-03-25 15:56:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SBT [2009-07-22 15:54:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-09-05 08:57:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\boss\Dane aplikacji [2009-03-24 01:44:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\AutoUpdate [2009-09-05 09:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\BearShareTb [2009-09-04 22:39:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\ChomikBox [2009-07-15 15:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\cmw [2009-03-25 00:40:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\DAEMON Tools [2009-03-25 00:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\DAEMON Tools Lite [2009-03-25 00:40:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\DAEMON Tools Pro [2009-06-30 12:37:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\DeepBurner [2009-04-01 12:43:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\ESET [2009-09-12 11:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\foobar2000 [2009-03-23 22:48:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Gadu-Gadu [2009-06-22 09:07:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Intermedia Software [2009-08-10 21:27:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Kamerzysta [2009-05-02 15:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Listonosz [2009-09-08 09:48:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Nowe Gadu-Gadu [2009-05-02 15:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Onet [2009-05-23 20:17:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\OpenFM [2009-04-06 11:45:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\boss\Dane aplikacji\SecuROM [2009-07-20 19:59:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Teleca [2009-04-07 14:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Uniblue [2009-09-12 14:44:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\uTorrent [2009-03-23 21:02:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-03-23 20:15:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2009-03-23 20:15:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2004-08-04 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-09-12 14:29:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009-04-07 14:37:20 | 00,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue DiskRescue 2009.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EEFF768F @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9482CFB4 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 < End of report > dr web czysto ponownie kaspersky wykrył wykryto: riskware Hidden object Uruchomiony proces: C:\Documents and Settings\boss\Ustawienia lokalne\temp\RarSFX0\4zpn4xp.exe
Psycholandia komentarz 12 września 2009 komentarz 12 września 2009 W okienko OTL wklej poniższy skrypt i klik na Run Fix: :Processesexplorer.exe:OTLO32 - AutoRun File - [2009-04-05 07:41:09 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009-04-05 07:41:09 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009-04-05 07:41:09 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]:FilesC:\WINDOWS\PEV.exeC:\RECYCLER:Reg[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"SuperHidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"Hidden"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"ShowSuperHidden"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]"CheckedValue"=dword:00000001[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]@="":Commands[emptytemp][start explorer][Reboot] Daj loga , który utworzy się po usuwaniu.
dzodzo komentarz 13 września 2009 Autor komentarz 13 września 2009 (edytowane) nie jestem pewien czy chodziło o te loga Files\Folders moved on Reboot... Folder move failed. D:\autorun.inf scheduled to be moved on reboot. Folder move failed. E:\autorun.inf scheduled to be moved on reboot. Registry entries deleted on Reboot... na wszelki wypadek dam nowy log Log do sprawdzenia OTL logfile created on: 2009-09-13 07:54:24 - Run 2OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\boss\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,33% Memory free 3,85 Gb Paging File | 3,37 Gb Available in Paging File | 87,62% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 60,00 Gb Total Space | 29,40 Gb Free Space | 49,00% Space Free | Partition Type: NTFS Drive D: | 70,00 Gb Total Space | 3,11 Gb Free Space | 4,44% Space Free | Partition Type: NTFS Drive E: | 102,87 Gb Total Space | 1,58 Gb Free Space | 1,54% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BONZER Current User Name: boss Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2007-02-12 14:50:40 | 00,020,480 | ---- | M] () -- C:\WINDOWS\FixCamera.exe PRC - [2006-10-10 15:49:42 | 00,270,336 | ---- | M] () -- C:\WINDOWS\tsnp325.exe PRC - [2006-10-10 14:11:08 | 00,827,392 | ---- | M] () -- C:\WINDOWS\vsnp325.exe PRC - [2006-02-08 16:40:50 | 00,260,096 | ---- | M] (Onet.pl) -- C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe PRC - [2009-06-20 00:32:52 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2007-06-28 12:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe PRC - [2009-07-08 23:48:22 | 00,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2007-06-28 12:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe PRC - [2009-03-24 01:49:24 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2007-11-28 10:45:31 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2009-08-08 19:25:24 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe PRC - [2009-09-06 20:25:32 | 00,189,392 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe PRC - [2008-09-10 17:22:22 | 00,229,648 | ---- | M] (Uniblue) -- C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe PRC - [2009-02-06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2009-09-30 16:16:27 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-09-12 15:19:54 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boss\Pulpit\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2007-06-28 12:51:38 | 00,218,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -- (AVP [Auto | Running]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008-08-01 00:16:28 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2007-03-11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running]) SRV - [2007-03-11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running]) SRV - [2005-11-14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - [2009-03-24 01:49:24 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2006-11-08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2007-11-28 10:45:31 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2006-11-08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running]) SRV - [2009-08-08 19:25:24 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running]) SRV - [2009-09-06 20:25:32 | 00,189,392 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running]) SRV - [2008-09-10 17:22:22 | 00,229,648 | ---- | M] (Uniblue) -- C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe -- (Uniblue DiskRescue [Auto | Running]) SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== DRV - [2004-04-30 09:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus [boot | Running]) DRV - [2004-04-30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi [boot | Running]) DRV - [2008-04-13 20:40:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi [boot | Running]) DRV - [2007-08-08 18:54:10 | 00,028,968 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\ATITool.sys -- (ATITool [system | Stopped]) DRV - [2007-03-16 11:11:38 | 00,012,256 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\TBPANEL.SYS -- (Cardex [On_Demand | Stopped]) DRV - [2004-12-13 23:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [boot | Stopped]) DRV - [2004-10-25 21:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped]) DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007-03-08 06:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped]) DRV - [2007-03-08 06:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped]) DRV - [2007-03-08 06:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped]) DRV - [2007-01-30 12:57:50 | 04,474,368 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2009-09-10 21:23:56 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [boot | Running]) DRV - [2009-09-10 21:23:56 | 00,194,320 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys -- (klif [system | Running]) DRV - [2007-04-04 14:58:26 | 00,024,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klim5.sys -- (klim5 [On_Demand | Running]) DRV - [2006-04-18 14:53:44 | 00,004,047 | ---- | M] () -- C:\Program Files\U-ABIT\FlashMenu\Memctl.sys -- (Memctl [On_Demand | Stopped]) DRV - [2007-11-28 10:45:31 | 07,429,088 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2009-09-06 20:24:27 | 00,138,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys -- (PnkBstrK [On_Demand | Stopped]) DRV - [2004-08-04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-11-20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2007-06-19 09:51:16 | 00,081,832 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816bus.sys -- (s816bus [On_Demand | Stopped]) DRV - [2007-06-19 09:51:18 | 00,013,864 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816mdfl.sys -- (s816mdfl [On_Demand | Stopped]) DRV - [2007-06-19 09:51:20 | 00,107,304 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816mdm.sys -- (s816mdm [On_Demand | Stopped]) DRV - [2007-06-19 09:51:18 | 00,099,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816mgmt.sys -- (s816mgmt [On_Demand | Stopped]) DRV - [2007-06-19 09:51:18 | 00,021,928 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816nd5.sys -- (s816nd5 [On_Demand | Stopped]) DRV - [2007-06-19 09:51:18 | 00,097,320 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\s816obex.sys -- (s816obex [On_Demand | Stopped]) DRV - [2007-06-19 09:51:18 | 00,097,704 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\s816unic.sys -- (s816unic [On_Demand | Stopped]) DRV - [2006-09-18 14:58:48 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27bus.sys -- (SE27bus [On_Demand | Stopped]) DRV - [2006-09-18 14:58:52 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mdfl.sys -- (SE27mdfl [On_Demand | Stopped]) DRV - [2006-09-18 14:58:54 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mdm.sys -- (SE27mdm [On_Demand | Stopped]) DRV - [2006-09-18 14:58:58 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27mgmt.sys -- (SE27mgmt [On_Demand | Stopped]) DRV - [2006-09-18 14:59:00 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se27nd5.sys -- (se27nd5 [On_Demand | Stopped]) DRV - [2006-09-18 14:59:02 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\SE27obex.sys -- (SE27obex [On_Demand | Stopped]) DRV - [2006-09-18 14:59:08 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\se27unic.sys -- (se27unic [On_Demand | Stopped]) DRV - [2008-04-13 18:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2007-04-20 18:51:56 | 10,253,056 | ---- | M] (Sonix Co. Ltd.) -- C:\WINDOWS\System32\DRIVERS\snp325.sys -- (SNP325 [On_Demand | Stopped]) DRV - [2009-03-25 00:35:28 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running]) DRV - [2007-03-16 11:11:38 | 00,012,256 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel [Auto | Running]) DRV - [2008-04-13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running]) DRV - [2007-01-12 10:54:00 | 00,010,848 | ---- | M] () -- C:\Program Files\U-ABIT\FlashMenu\WinFlash.sys -- (WINFLASH [On_Demand | Stopped]) DRV - [2006-11-22 09:01:00 | 00,250,496 | ---- | M] (Marvell) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/ IE - HKU\S-1-5-21-2025429265-448539723-839522115-1003\S-1-5-21-2025429265-448539723-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search" FF - prefs.js..browser.search.order.1: "BearShare Web Search" FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.onet.pl/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - prefs.js..keyword.URL: "http://search.bearshare.com/webResults.html?src=ffb&q=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-03-24 01:49:25 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-06-30 22:05:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-12 14:36:03 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-30 16:16:36 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-03-23 22:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\mozilla\Extensions [2009-03-23 22:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-09-05 13:07:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\mozilla\Firefox\Profiles\k0cmttlc.default\extensions [2009-06-30 22:10:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\mozilla\Firefox\Profiles\k0cmttlc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-08-13 21:37:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\mozilla\Firefox\Profiles\k0cmttlc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009-09-05 13:07:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\mozilla\Firefox\Profiles\k0cmttlc.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} [2009-07-18 01:02:48 | 00,002,476 | ---- | M] () -- C:\Documents and Settings\boss\Dane aplikacji\Mozilla\FireFox\Profiles\k0cmttlc.default\searchplugins\BearShareWebSearch.xml [2009-06-18 10:20:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-09-30 16:16:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-09-30 16:16:24 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-09-30 16:16:24 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2009-09-30 16:16:30 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007-05-10 22:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009-06-20 00:33:00 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009-07-20 09:59:55 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009-06-20 00:33:07 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2009-06-20 00:32:57 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-09-30 16:16:31 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-07-18 01:02:48 | 00,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml [2009-09-30 16:16:31 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-09-30 16:16:31 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-09-30 16:16:31 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-09-30 16:16:31 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-09-30 16:16:31 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-09-30 16:16:31 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll () O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll () O3 - HKU\S-1-5-21-2025429265-448539723-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe (Onet.pl) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [snp325] C:\WINDOWS\vsnp325.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe () O4 - HKU\S-1-5-21-2025429265-448539723-839522115-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\PROGRAMY\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\boss\Menu Start\Programy\Autostart\santa.bat () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2025429265-448539723-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2025429265-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2025429265-448539723-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm () O9 - Extra Button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250091209609 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.175.180.30 83.175.180.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-03-23 20:11:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-04-05 07:41:09 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-04-05 07:41:09 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [6 C:\WINDOWS\*.tmp files] [2009-10-03 20:13:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Moje dokumenty\Pobieranie [2009-10-02 19:58:02 | 00,485,668 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\akon ft. david guetta - sexy bitch dzwonek 1.mp3 [2009-10-02 19:53:43 | 03,909,621 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\akon ft. david guetta - sexy bitch.mp3 [2009-09-30 14:32:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Pulpit\techno amfitratr [2009-09-30 14:29:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Pulpit\Nowy folder [2009-09-29 18:19:54 | 00,290,095 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\dj numerraz - mama dzwoni.mp3 [2009-09-29 18:00:58 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\mp3DirectCut.lnk [2009-09-29 18:00:12 | 00,212,713 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\mp3DC211.exe [2009-09-29 17:45:54 | 00,000,721 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Audacity.lnk [2009-09-29 17:33:24 | 01,323,008 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdvorbi.ocx [2009-09-29 17:33:24 | 00,282,624 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdcdrip.ocx [2009-09-29 17:33:24 | 00,270,336 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdmp3.ocx [2009-09-29 17:33:24 | 00,208,896 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdwma9.ocx [2009-09-29 17:33:24 | 00,176,128 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdwave.ocx [2009-09-29 17:33:24 | 00,131,072 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdplay.ocx [2009-09-29 17:33:24 | 00,118,784 | ---- | C] (Streamware Development) -- C:\WINDOWS\System32\swdconv.ocx [2009-09-29 17:33:24 | 00,000,750 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Cute MP3 Converter.lnk [2009-09-29 17:33:22 | 00,000,000 | ---D | C] -- C:\Program Files\Cute MP3 Converter [2009-09-29 17:31:35 | 03,565,491 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\cmc.exe [2009-09-13 01:15:33 | 00,000,000 | ---D | C] -- C:\_OTL [2009-09-12 15:21:22 | 17,273,952 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\boss\Pulpit\launch(5).exe [2009-09-12 15:19:54 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\boss\Pulpit\OTL.exe [2009-09-11 17:21:01 | 00,001,498 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Kalkulator.lnk [2009-09-11 17:02:06 | 00,731,282 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\dysk_gut(2).zip [2009-09-11 17:01:59 | 00,775,652 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\winimage60pl.rar [2009-09-11 17:01:30 | 00,731,282 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\dysk_gut.zip [2009-09-10 21:09:12 | 00,107,547 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2009-09-10 21:09:11 | 00,095,259 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2009-09-10 21:08:49 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2009-09-10 21:08:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab [2009-09-10 21:08:47 | 00,026,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009-09-10 21:08:47 | 00,016,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009-09-10 21:08:47 | 00,003,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009-09-10 21:08:47 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009-09-09 19:45:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\E280 [2009-09-09 09:18:55 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll [2009-09-08 10:32:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009-09-08 10:14:17 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2009-09-07 19:06:15 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys [2009-09-07 19:06:15 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys [2009-09-06 10:43:46 | 00,016,477 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Final_Destination_The_(NAPiSY-110908).NS.zip [2009-09-05 09:34:46 | 01,823,266 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Vixen_-_Pokaz_feat._Peja dzwonek.mp3 [2009-09-05 09:05:56 | 06,837,729 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Vixen_-_Pokaz_feat._Peja.mp3 [2009-09-05 08:57:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Moje dokumenty\My Received Files [2009-09-05 08:57:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Moje dokumenty\BearShare [2009-09-05 08:57:38 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\boss\Dane aplikacji\Smiley.ico [2009-09-05 08:57:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Dane aplikacji\BearShareTb [2009-09-05 08:57:35 | 00,000,000 | ---D | C] -- C:\Program Files\BearShareTb [2009-09-05 08:57:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Ustawienia lokalne\Dane aplikacji\BearShare [2009-09-05 08:57:19 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx [2009-09-05 08:57:16 | 00,000,000 | ---D | C] -- C:\Program Files\BearShare Applications [2009-09-04 19:58:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\boss\Dane aplikacji\ChomikBox [2009-09-04 15:29:20 | 00,154,725 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Faktura - era.pdf [2009-09-04 10:18:35 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys [2009-09-04 10:18:35 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys [2009-09-04 10:18:34 | 00,001,785 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Alcohol 120%.lnk [2009-09-04 10:18:31 | 00,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft [2009-08-25 16:13:57 | 00,603,158 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Obrazek.jpg [2009-08-22 18:53:42 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Playlist H-H.lnk [2009-08-19 19:17:33 | 00,018,336 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\mam wyjebane.jpeg [2009-08-15 22:14:18 | 00,064,816 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Obraz(3).jpeg [2009-08-15 22:14:01 | 00,067,943 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Obraz(2).jpeg [2009-08-15 22:13:36 | 00,056,432 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\Obraz.jpeg [2009-08-14 19:54:55 | 00,082,700 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\P1020240.jpg [2009-08-14 18:27:22 | 00,160,266 | ---- | C] () -- C:\Documents and Settings\boss\Pulpit\single2.JPG [2009-07-15 17:59:52 | 00,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009-05-15 00:07:58 | 00,210,032 | ---- | C] () -- C:\WINDOWS\System32\DBCLIENT.DLL [2009-04-23 19:36:58 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpx32.dll [2009-04-09 20:00:18 | 00,010,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\WinFlash.sys [2009-04-07 16:26:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\graphedit.INI [2009-04-05 21:55:08 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-04-05 21:55:07 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-04-05 21:55:02 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-04-05 21:55:02 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-04-05 21:55:02 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-04-05 15:03:37 | 00,015,498 | ---- | C] () -- C:\WINDOWS\snp325.ini [2009-04-05 15:03:33 | 00,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp325.dll [2009-04-05 15:03:33 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnp325.dll [2009-04-05 15:03:33 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp325.dll [2009-04-02 20:01:22 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009-03-25 15:54:27 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-03-25 00:35:28 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-03-24 22:10:53 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2009-03-24 21:12:22 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009-03-24 17:56:14 | 00,138,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-03-24 02:13:10 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-03-24 02:13:09 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-03-23 20:32:18 | 00,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI [2009-03-16 22:16:48 | 00,000,030 | -HS- | C] () -- C:\WINDOWS\System32\SECENEKLER8.INI [2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2007-11-28 10:45:31 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007-11-28 10:45:31 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007-11-28 10:45:31 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007-11-28 10:45:31 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007-11-28 10:45:31 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007-09-12 23:54:48 | 00,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007-08-08 18:54:10 | 00,028,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys [2004-08-04 12:00:00 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys [2004-08-04 12:00:00 | 00,000,869 | ---- | C] () -- C:\WINDOWS\win.ini [2004-08-04 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [1999-01-22 20:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [6 C:\WINDOWS\*.tmp files] [2009-10-03 20:12:38 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Nowy Dokument programu Microsoft Word .doc [2009-10-02 19:58:02 | 00,485,668 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\akon ft. david guetta - sexy bitch dzwonek 1.mp3 [2009-09-29 18:19:54 | 00,290,095 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\dj numerraz - mama dzwoni.mp3 [2009-09-29 18:00:58 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\mp3DirectCut.lnk [2009-09-29 18:00:21 | 00,212,713 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\mp3DC211.exe [2009-09-29 17:45:54 | 00,000,721 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Audacity.lnk [2009-09-29 17:33:24 | 00,000,750 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Cute MP3 Converter.lnk [2009-09-29 17:31:45 | 03,565,491 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\cmc.exe [2009-09-13 07:59:16 | 00,179,232 | ---- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2009-09-13 07:58:22 | 00,000,032 | ---- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2009-09-13 07:49:04 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-13 07:48:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-09-13 07:48:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-09-13 03:13:54 | 00,016,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2009-09-13 03:13:54 | 00,003,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2009-09-12 20:37:47 | 00,119,296 | ---- | M] () -- C:\Documents and Settings\boss\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-12 15:22:28 | 17,273,952 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\boss\Pulpit\launch(5).exe [2009-09-12 15:19:54 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boss\Pulpit\OTL.exe [2009-09-11 17:02:07 | 00,731,282 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\dysk_gut(2).zip [2009-09-11 17:02:00 | 00,775,652 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\winimage60pl.rar [2009-09-11 17:01:30 | 00,731,282 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\dysk_gut.zip [2009-09-11 02:53:34 | 00,000,169 | -H-- | M] () -- C:\Documents and Settings\boss\Menu Start\Programy\Autostart\santa.bat [2009-09-11 02:51:13 | 00,107,547 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2009-09-11 02:51:13 | 00,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [2009-09-10 21:23:56 | 00,194,320 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys [2009-09-10 21:23:56 | 00,112,144 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\kl1.sys [2009-09-10 20:39:36 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2009-09-10 12:09:33 | 00,000,869 | ---- | M] () -- C:\WINDOWS\win.ini [2009-09-09 00:31:44 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys [2009-09-09 00:31:44 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys [2009-09-08 21:58:25 | 00,002,483 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Microsoft Word.lnk [2009-09-08 10:32:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-09-07 19:31:27 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip.sys.backup [2009-09-06 21:20:44 | 00,000,206 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\hwmonitorw.ini [2009-09-06 20:25:32 | 00,189,392 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2009-09-06 20:25:32 | 00,189,392 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2009-09-06 20:24:27 | 00,138,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-09-06 10:43:46 | 00,016,477 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Final_Destination_The_(NAPiSY-110908).NS.zip [2009-09-05 09:34:46 | 01,823,266 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Vixen_-_Pokaz_feat._Peja dzwonek.mp3 [2009-09-05 09:28:04 | 06,837,729 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Vixen_-_Pokaz_feat._Peja.mp3 [2009-09-04 20:16:40 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009-09-04 15:29:20 | 00,154,725 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Faktura - era.pdf [2009-09-04 10:18:34 | 00,001,785 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Alcohol 120%.lnk [2009-08-30 22:06:12 | 03,909,621 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\akon ft. david guetta - sexy bitch.mp3 [2009-08-28 23:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-08-19 19:17:33 | 00,018,336 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\mam wyjebane.jpeg [2009-08-15 22:11:45 | 00,056,432 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Obraz.jpeg [2009-08-15 22:11:32 | 00,067,943 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Obraz(2).jpeg [2009-08-15 22:11:28 | 00,064,816 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\Obraz(3).jpeg [2009-08-14 18:27:22 | 00,160,266 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\single2.JPG [2009-08-14 17:37:58 | 00,082,700 | ---- | M] () -- C:\Documents and Settings\boss\Pulpit\P1020240.jpg ========== LOP Check ========== [2009-09-10 21:08:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2009-04-07 14:37:13 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{DFF7A91C-600F-4C83-8796-2CC83A70FF04} [2009-06-07 14:27:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AA2DeployClient [2009-06-22 22:36:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AA3DeployClient [2009-03-25 00:39:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2009-09-09 19:45:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\E280 [2009-03-23 20:34:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2009-03-23 21:49:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\muvee Technologies [2009-06-11 15:24:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2009-03-25 15:56:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SBT [2009-07-22 15:54:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-09-05 08:57:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\boss\Dane aplikacji [2009-03-24 01:44:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\AutoUpdate [2009-09-05 09:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\BearShareTb [2009-09-04 22:39:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\ChomikBox [2009-07-15 15:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\cmw [2009-03-25 00:40:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\DAEMON Tools [2009-03-25 00:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\DAEMON Tools Lite [2009-03-25 00:40:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\DAEMON Tools Pro [2009-06-30 12:37:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\DeepBurner [2009-04-01 12:43:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\ESET [2009-09-12 20:00:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\foobar2000 [2009-03-23 22:48:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Gadu-Gadu [2009-06-22 09:07:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Intermedia Software [2009-08-10 21:27:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Kamerzysta [2009-05-02 15:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Listonosz [2009-09-08 09:48:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Nowe Gadu-Gadu [2009-05-02 15:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Onet [2009-05-23 20:17:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\OpenFM [2009-04-06 11:45:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\boss\Dane aplikacji\SecuROM [2009-07-20 19:59:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Teleca [2009-04-07 14:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\Uniblue [2009-09-13 07:59:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\boss\Dane aplikacji\uTorrent [2009-03-23 21:02:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2009-03-23 20:15:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2009-03-23 20:15:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2004-08-04 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-09-13 07:48:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009-04-07 14:37:20 | 00,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue DiskRescue 2009.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:EEFF768F @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:9482CFB4 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:DFC5A2B2 < End of report >
MarekM25 komentarz 13 września 2009 komentarz 13 września 2009 Tego pliku: C:\Documents and Settings\boss\Ustawienia lokalne\temp\RarSFX0\4zpn4xp.exe w logu nie widać. Usunąłęś go kasperskym?? Użyj narzędzia Flash DisInfector. Jeżeli posiadasz jakąś pamięć przenośną niech będzie w tym czasie podłączona. Niektóre antywirusy wykrywają te narzędzie jako wirusa, ale oczywiście Flash DisInfector nim nie jest.
dzodzo komentarz 13 września 2009 Autor komentarz 13 września 2009 tak z kasperskigo usunąłem wszystko co się dało wygląda na to że jest czysto )
MarekM25 komentarz 14 września 2009 komentarz 14 września 2009 Usuń resztki po programach typu combofix używając: http://www.forumpc.pl/index.php?showtopic=104989 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.