Hektor utworzono 12 października 2009 utworzono 12 października 2009 (edytowane) Jakiś czas temu komputer zaczął przywieszać się podczas korzystania z przeglądarki (firefox). Dzisiaj w normalnym trybie praktycznie nie chodzi. Korzystam więc z awaryjnego. Sądzę, że mógł być zawirusowany ponieważ siostra wyłączała antywirusa bo "szybciej jej się ściągało" . Dzisiaj jak robiłem skan avastem to nie mogłem usunąć trojanów bo "nie można było ich znaleźć". Teraz korzystam z kasperskiego i nie ma żadnych zagrożeń . Więc już sam nie wiem co się dzieje. Próbowałem ograniczyć programy startowe m.in. Microsoft Systems z c:/memory (nigdy czegoś takiego nie widziałem). Jak widać jestem całkiem zielony w tych sprawach. Załączam log http://wklej.org/id/172949/ Mam nadzieje że znajdzie się ktoś kto jak krowie na granicy wytłumaczy mi co i jak robić??
Psycholandia komentarz 14 października 2009 komentarz 14 października 2009 Zaznacz i Fix: [code]O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file) O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file) O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU) O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)[/code] Daj loga z OTL: http://www.forumpc.pl/index.php?showtopic=104338
Hektor komentarz 14 października 2009 Autor komentarz 14 października 2009 Dzięki za odpowiedź A to nic, że wszystko robię w trybie awaryjnym?? log z OTL http://wklej.org/id/174963/
Psycholandia komentarz 14 października 2009 komentarz 14 października 2009 Nie szkodzi. W okienko OTL wklej poniższy skrypt i klik na Run Fix: [code]:Processes explorer.exe :OTL O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL File not found O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKU\S-1-5-21-1333513283-164111248-1205283246-1000..\Run: [fsm] File not found O4 - HKLM..\RunOnce: [] File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found :Files C:\Program Files\RelevantKnowledge C:\Program Files\MyGlobalSearch C:\$RECYCLE.BIN C:\Windows\SWXCACLS.exe C:\Windows\SWREG.exe C:\Windows\SWSC.exe C:\Windows\NIRCMD.exe C:\Windows\ERDNT C:\Windows\System32\CF4609.exe C:\Windows\System32\swsc.exe C:\Qoobox C:\Windows\System32\CF1077.exe C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\PEV.exe C:\Windows\sed.exe C:\Windows\grep.exe C:\Windows\zip.exe :Commands [emptytemp] [start explorer] [Reboot][/code] Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware) 1
Hektor komentarz 14 października 2009 Autor komentarz 14 października 2009 (edytowane) Chyba bez formatu się nie obejdzie. W OTL zamiast zaznaczyć tego tekstu który mi (sory ale nie wiem) dałaś/eś? wziąłem i zaznaczyłem te wpisy i dałem fix. Jak już próbowałem robić według instrukcji to wyświetliło mi się: [code]Error: Unable to interpret <O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)> in the current context! Error: Unable to interpret <O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)> in the current context! Error: Unable to interpret <O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL> in the current context! Error: Unable to interpret <O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)> in the current context! Error: Unable to interpret <O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL> in the current context! Error: Unable to interpret <O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)> in the current context! Error: Unable to interpret <O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)> in the current context! OTL by OldTimer - Version 3.0.20.0 log created on 10142009_183615 [/code] Po wpisaniu w OTL: [code]:Processes explorer.exe :OTL O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL File not found O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKU\S-1-5-21-1333513283-164111248-1205283246-1000..\Run: [fsm] File not found O4 - HKLM..\RunOnce: [] File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found :Files C:\Program Files\RelevantKnowledge C:\Program Files\MyGlobalSearch C:\$RECYCLE.BIN C:\Windows\SWXCACLS.exe C:\Windows\SWREG.exe C:\Windows\SWSC.exe C:\Windows\NIRCMD.exe C:\Windows\ERDNT C:\Windows\System32\CF4609.exe C:\Windows\System32\swsc.exe C:\Qoobox C:\Windows\System32\CF1077.exe C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115- 601632D005A0 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115- 601632D005A0 C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\PEV.exe C:\Windows\sed.exe C:\Windows\grep.exe C:\Windows\zip.exe :Commands [emptytemp] [start explorer] [Reboot][/code] przy ponownym uruchomieniu pokazał mi się tylko czarny ekran z otwartym dokumentem w notatniku, że all procced exe zostały usunięte (czy jakoś tak) nie mogłem go nawet zapisać albo fotki strzelić bo komp się zawiesił). Teraz po skanie w Malwarebytes (znalazł 8 zainfekowanych obiektów) komputer włącza się normalnie, tylko już na "dzień dobry" zawiesza się (czyli tak samo jak przed wszystkimi działaniami). Oto log po skanie: [code]Malwarebytes' Anti-Malware 1.41 Wersja bazy definicji: 2961 Windows 6.0.6001 Service Pack 1 (Safe Mode) 2009-10-14 18:18:42 mbam-log-2009-10-14 (18-18-42).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|G:\|) Przeskanowane obiekty: 279309 Upłynęło: 35 minute(s), 28 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 9 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 1 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully. Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\_OTL\MovedFiles\10142009_172538\Qoobox\Quarantine\C\Users\ja\AppData\Roaming\Desktopicon\eBayShortcuts.exe.vir (Adware.ADON) -> Quarantined and deleted successfully. [/code] Już sam nie wiem co sie stao sie
Psycholandia komentarz 14 października 2009 komentarz 14 października 2009 Znaczy, że usunęło. Komputer chodzi sprawniej?
Hektor komentarz 14 października 2009 Autor komentarz 14 października 2009 (edytowane) Nie za bardzo, zacina się na samym początku. Nie idzie nawet folderów otworzyć. Oczywiście na awaryjnym śmiga, ale co to za komp bez dźwięku
Hektor komentarz 14 października 2009 Autor komentarz 14 października 2009 (edytowane) Log z OTL: http://wklej.org/id/175094/
Psycholandia komentarz 14 października 2009 komentarz 14 października 2009 Uruchom OTL i kliknij CleanUP. Log wygląda na czysty.
Hektor komentarz 14 października 2009 Autor komentarz 14 października 2009 Cały czas jest tak samo (długo się włącza, a jak już się uruchomi to zawiesza się przy pierwszym lepszym kliknięciu)
Psycholandia komentarz 14 października 2009 komentarz 14 października 2009 Wykonaj optymalizację: http://xp.net.pl/art/vista_opt.html 1
Hektor komentarz 18 października 2009 Autor komentarz 18 października 2009 Pomogło przywrócenie systemu Wszytko działa prawie normalnie. Pojawił się bowiem bardzo dziwny problem. Pliki ściągnięte z przeglądarek (firefox lub IE) "znikają". Pobieranie przebiega normalnie, kiedy się skończy (bez względu na to jaki jest folder docelowy i rozmiar pliku) zostaje tylko plik który ma 0 bitów. Nie da go się więc otworzyć. Załączam ostatni log z OTL: [code]OTL logfile created on: 2009-10-18 13:28:57 - Run 2 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\ja\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 83,16% Memory free 3,36 Gb Paging File | 2,10 Gb Available in Paging File | 62,52% Paging File free Paging file location(s): c:\pagefile.sys 512 512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 92,93 Gb Free Space | 64,46% Space Free | Partition Type: NTFS Drive D: | 144,15 Gb Total Space | 100,40 Gb Free Space | 69,65% Space Free | Partition Type: NTFS Drive E: | 2,44 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JA-PC Current User Name: ja Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - File not found -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009-10-17 14:45:56 | 00,208,616 | ---- | M] (Kaspersky Lab) -- D:\kaspersky\avp.exe PRC - [2009-10-14 06:28:06 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\ja\Desktop\OTL.exe PRC - [2009-08-24 22:23:38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-05-07 23:53:42 | 01,839,173 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe PRC - [2009-03-03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe PRC - [2008-12-23 12:43:26 | 00,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\ja\AppData\Local\Temp\RtkBtMnt.exe PRC - [2008-12-02 13:49:42 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe PRC - [2008-12-02 13:49:40 | 00,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe PRC - [2008-12-02 13:49:38 | 00,172,568 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe PRC - [2008-12-02 13:49:38 | 00,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe PRC - [2008-12-02 13:49:34 | 00,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe PRC - [2008-10-29 08:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE PRC - [2008-07-25 05:40:24 | 00,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2008-05-14 18:05:30 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008-05-14 18:05:22 | 00,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008-05-08 02:19:26 | 06,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008-04-30 20:02:40 | 00,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008-04-10 16:30:14 | 00,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008-04-06 22:42:36 | 00,034,040 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe PRC - [2008-04-06 22:42:24 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe PRC - [2008-04-04 03:03:14 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008-03-21 13:22:52 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2008-03-03 13:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe PRC - [2008-02-22 21:50:54 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe PRC - [2008-02-22 21:50:44 | 01,037,608 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2008-01-21 04:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe PRC - [2008-01-21 04:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2008-01-21 04:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe PRC - [2008-01-21 04:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe PRC - [2008-01-21 04:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe PRC - [2008-01-21 04:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008-01-21 04:23:29 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2008-01-16 18:35:02 | 00,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008-01-10 18:03:00 | 00,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe PRC - [2007-12-06 17:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2007-10-23 11:56:18 | 00,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007-01-17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2007-01-09 20:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe PRC - [2001-02-23 11:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found -- -- (RelevantKnowledge [Auto | Stopped]) SRV - File not found -- -- (ekrn [Auto | Running]) SRV - File not found -- -- (EhttpSrv [On_Demand | Stopped]) SRV - [2009-10-17 14:45:56 | 00,208,616 | ---- | M] (Kaspersky Lab) -- D:\kaspersky\avp.exe -- (AVP [Auto | Running]) SRV - [2009-03-20 15:56:57 | 00,357,182 | ---- | M] () -- C:\Windows\reset.exe -- (.EsetTrialReset [Auto | Stopped]) SRV - [2009-03-05 14:21:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c99d8cfa68d8ae [Auto | Stopped]) SRV - [2008-07-27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2008-06-20 03:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008-06-20 03:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2008-06-20 03:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2008-05-14 18:05:30 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service [Auto | Running]) SRV - [2008-04-06 22:42:24 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc [Auto | Running]) SRV - [2008-04-04 03:03:14 | 00,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc [Auto | Running]) SRV - [2008-03-21 13:22:52 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService [Auto | Running]) SRV - [2008-03-03 13:11:14 | 00,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc [Auto | Running]) SRV - [2008-01-21 04:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running]) SRV - [2008-01-21 04:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped]) SRV - [2008-01-21 04:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running]) SRV - [2008-01-21 04:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running]) SRV - [2008-01-16 18:35:02 | 00,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService [Auto | Running]) SRV - [2008-01-10 18:03:00 | 00,233,472 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service [Auto | Running]) SRV - [2007-12-06 17:15:28 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService [Auto | Running]) SRV - [2007-08-24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2007-01-17 11:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running]) SRV - [2007-01-09 20:25:30 | 00,272,024 | ---- | M] () -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running]) SRV - [2006-11-02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped]) SRV - [2006-11-02 14:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped]) SRV - [2006-11-02 11:46:05 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\irmon.dll -- (Irmon [Auto | Running]) SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2001-02-23 11:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-10-17 15:45:06 | 00,224,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\DRIVERS\klif.sys -- (KLIF [System | Running]) DRV - [2009-10-17 15:45:06 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\Windows\system32\drivers\klbg.sys -- (klbg [Boot | Running]) DRV - [2009-02-06 14:24:26 | 00,038,240 | ---- | M] (ESET) -- C:\Windows\System32\DRIVERS\epfwwfp.sys -- (epfwwfp [Auto | Running]) DRV - [2009-02-06 14:24:22 | 00,033,096 | ---- | M] (ESET) -- C:\Windows\System32\DRIVERS\Epfwndis.sys -- (Epfwndis [On_Demand | Running]) DRV - [2009-02-06 14:24:18 | 00,130,952 | ---- | M] (ESET) -- C:\Windows\System32\DRIVERS\epfw.sys -- (epfw [Auto | Running]) DRV - [2009-02-06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\Windows\System32\DRIVERS\ehdrv.sys -- (ehdrv [Auto | Running]) DRV - [2009-02-06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\Windows\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running]) DRV - [2008-12-28 20:04:42 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2008-12-02 13:33:08 | 04,564,992 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running]) DRV - [2008-07-21 18:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\DRIVERS\kl1.sys -- (kl1 [System | Running]) DRV - [2008-07-09 18:28:26 | 00,020,496 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\DRIVERS\klim6.sys -- (KLIM6 [System | Running]) DRV - [2008-05-14 18:05:44 | 00,060,464 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\DRIVERS\PSDVdisk.sys -- (psdvdisk [Auto | Running]) DRV - [2008-05-14 18:05:42 | 00,018,992 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter [Boot | Running]) DRV - [2008-05-14 18:05:42 | 00,016,944 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\DRIVERS\PSDNServ.sys -- (PSDNServ [Auto | Running]) DRV - [2008-05-08 05:22:50 | 02,134,424 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2008-04-18 15:01:24 | 00,061,424 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796} [Auto | Running]) DRV - [2008-04-06 04:56:08 | 00,908,800 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\DRIVERS\athr.sys -- (athr [On_Demand | Running]) DRV - [2008-03-21 10:48:24 | 00,015,392 | ---- | M] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys -- (int15 [Auto | Running]) DRV - [2008-03-11 22:02:32 | 00,061,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTSTOR.SYS -- (RTSTOR [On_Demand | Running]) DRV - [2008-02-22 21:50:48 | 00,198,064 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running]) DRV - [2008-02-21 11:55:00 | 00,299,008 | ---- | M] (Marvell) -- C:\Windows\System32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Running]) DRV - [2008-01-31 03:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running]) DRV - [2008-01-31 03:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running]) DRV - [2008-01-21 04:23:49 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\umpass.sys -- (UMPass [On_Demand | Stopped]) DRV - [2008-01-21 04:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped]) DRV - [2008-01-21 04:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped]) DRV - [2008-01-21 04:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped]) DRV - [2008-01-21 04:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped]) DRV - [2008-01-21 04:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped]) DRV - [2008-01-21 04:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped]) DRV - [2008-01-21 04:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped]) DRV - [2008-01-21 04:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped]) DRV - [2008-01-21 04:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped]) DRV - [2008-01-21 04:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped]) DRV - [2008-01-21 04:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped]) DRV - [2008-01-21 04:23:23 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\VSTCNXT3.SYS -- (winachsf [On_Demand | Stopped]) DRV - [2008-01-21 04:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped]) DRV - [2008-01-21 04:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped]) DRV - [2008-01-21 04:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped]) DRV - [2008-01-21 04:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped]) DRV - [2008-01-21 04:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped]) DRV - [2008-01-21 04:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped]) DRV - [2008-01-21 04:23:23 | 00,030,720 | ---- | M] (National Semiconductor Corporation) -- C:\Windows\System32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Stopped]) DRV - [2008-01-21 04:23:22 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\VSTDPV3.SYS -- (HSF_DPV [On_Demand | Stopped]) DRV - [2008-01-21 04:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped]) DRV - [2008-01-21 04:23:22 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped]) DRV - [2008-01-21 04:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped]) DRV - [2008-01-21 04:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped]) DRV - [2008-01-21 04:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped]) DRV - [2008-01-21 04:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped]) DRV - [2008-01-21 04:23:20 | 00,179,712 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped]) DRV - [2008-01-21 04:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped]) DRV - [2008-01-21 04:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped]) DRV - [2008-01-21 04:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped]) DRV - [2008-01-16 18:35:08 | 00,122,368 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel [Auto | Running]) DRV - [2007-04-13 17:42:16 | 00,068,096 | ---- | M] (EZB Systems, Inc.) -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive [System | Running]) DRV - [2006-12-22 21:05:34 | 00,449,536 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\DRIVERS\athrusb.sys -- (athrusb [On_Demand | Stopped]) DRV - [2006-11-03 07:29:36 | 00,021,264 | ---- | M] (Dritek System Inc.) -- C:\Windows\System32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running]) DRV - [2006-11-02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped]) DRV - [2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped]) DRV - [2006-11-02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped]) DRV - [2006-11-02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped]) DRV - [2006-11-02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped]) DRV - [2006-11-02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped]) DRV - [2006-11-02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped]) DRV - [2006-11-02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped]) DRV - [2006-11-02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped]) DRV - [2006-11-02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped]) DRV - [2006-11-02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped]) DRV - [2006-11-02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped]) DRV - [2006-11-02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped]) DRV - [2006-11-02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped]) DRV - [2006-11-02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped]) DRV - [2006-11-02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped]) DRV - [2006-11-02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped]) DRV - [2006-11-02 09:41:50 | 00,983,552 | ---- | M] (Agere Systems) -- C:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running]) DRV - [2006-11-02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped]) DRV - [2006-11-02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMini.dll (Conduit Ltd.) IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1333513283-164111248-1205283246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-1333513283-164111248-1205283246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-1333513283-164111248-1205283246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data] IE - HKU\S-1-5-21-1333513283-164111248-1205283246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1978305 IE - HKU\S-1-5-21-1333513283-164111248-1205283246-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1333513283-164111248-1205283246-1000\..\URLSearchHook: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMini.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1333513283-164111248-1205283246-1000\S-1-5-21-1333513283-164111248-1205283246-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-09-02 10:10:42 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-10-18 13:02:52 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-10-18 13:02:19 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-10-18 13:16:21 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\mozilla\Extensions [2009-10-18 13:06:53 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\mozilla\Firefox\Profiles\dlq7bqwt.default\extensions [2009-10-18 13:06:53 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\mozilla\Firefox\Profiles\dlq7bqwt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-10-18 13:02:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-10-18 13:02:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-08-24 22:23:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-08-24 22:23:38 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-08-24 22:23:38 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009-08-24 21:19:13 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-08-24 21:19:13 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-08-24 21:19:13 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-08-24 21:19:13 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-08-24 21:19:13 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-08-24 21:19:13 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-08-24 21:19:13 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\kaspersky\ievkbd.dll (Kaspersky Lab) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMini.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Mininova-Vuze Toolbar) - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMini.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1333513283-164111248-1205283246-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-1333513283-164111248-1205283246-1000\..\Toolbar\WebBrowser: (Mininova-Vuze Toolbar) - {D51D388B-F5DC-471A-A1CE-5E2D671091C0} - C:\Program Files\Mininova-Vuze\tbMini.dll (Conduit Ltd.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [AVP] D:\kaspersky\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe (Egis Incorporated) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe File not found O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation) O4 - HKU\S-1-5-21-1333513283-164111248-1205283246-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1333513283-164111248-1205283246-1000..\Run: [fsm] File not found O4 - HKU\S-1-5-21-1333513283-164111248-1205283246-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1333513283-164111248-1205283246-1000..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.) O4 - HKU\S-1-5-21-1333513283-164111248-1205283246-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\office 2003\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\kaspersky\SCIEPlgn.dll (Kaspersky Lab) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (Microgaming) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (D:\KASPER~1\mzvkbd.dll) - D:\kaspersky\mzvkbd.dll (Kaspersky Lab) O20 - AppInit_DLLs: (D:\KASPER~1\mzvkbd3.dll) - D:\kaspersky\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009-03-27 12:19:05 | 00,521,216 | ---- | M] (bujanovac) - D:\Autoselekt.exe -- [ NTFS ] O32 - AutoRun File - [2006-12-04 22:00:00 | 00,000,043 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{28e38de9-84d4-11de-a6c9-001d72c8aa99}\Shell - "" = Autorun O33 - MountPoints2\{28e38de9-84d4-11de-a6c9-001d72c8aa99}\Shell\AutoRun\command - "" = setup.exe O33 - MountPoints2\{5fb54c29-d107-11dd-af25-001d72c8aa99}\Shell\AutoRun\command - "" = H:\MEMORY\S-v-6-2009\PeAcE.exe -- File not found O33 - MountPoints2\{5fb54c29-d107-11dd-af25-001d72c8aa99}\Shell\open\command - "" = H:\MEMORY\S-v-6-2009\PeAcE.exe -- File not found O33 - MountPoints2\{71ffe83e-d10c-11dd-a549-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{71ffe83e-d10c-11dd-a549-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2006-12-04 22:00:00 | 00,109,160 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{8748d5fa-51e4-11de-854c-001d72c8aa99}\Shell\AutoRun\command - "" = H:\MEMORY\S-v-6-2009\PeAcE.exe -- File not found O33 - MountPoints2\{8748d5fa-51e4-11de-854c-001d72c8aa99}\Shell\open\command - "" = H:\MEMORY\S-v-6-2009\PeAcE.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-10-11 19:03:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2009-10-16 16:27:14 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET [2009-10-12 14:08:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2009-10-12 13:48:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2009-10-14 17:37:24 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009-10-12 14:33:58 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic [2009-10-12 14:33:58 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS [2009-10-11 20:41:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2009-10-15 17:38:41 | 00,000,000 | ---D | C] -- C:\Users\ja\AppData\Roaming\GanymedeNet [2009-10-14 17:37:29 | 00,000,000 | ---D | C] -- C:\Users\ja\AppData\Roaming\Malwarebytes [2009-10-17 16:07:45 | 00,000,000 | ---D | C] -- C:\Users\ja\AppData\Roaming\Mozilla [2009-10-11 20:41:31 | 00,000,000 | ---D | C] -- C:\Users\ja\AppData\Roaming\Simply Super Software [2009-10-01 09:08:08 | 00,000,000 | ---D | C] -- C:\Users\ja\AppData\Local\Screamer Radio [2009-10-14 15:59:40 | 00,000,000 | ---D | C] -- C:\Users\ja\AppData\Local\temp(1078) [2 D:\Dokumenty2\*.tmp files] [5 C:\Users\ja\Desktop\*.tmp files] [2009-10-12 14:33:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic [2009-10-11 19:03:41 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009-10-16 20:39:01 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics [2009-10-16 16:27:14 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2009-10-14 17:37:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-10-18 13:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2009-10-12 14:33:58 | 00,000,000 | ---D | C] -- C:\Program Files\ParetoLogic [2009-10-17 23:24:22 | 00,000,000 | ---D | C] -- C:\Program Files\SAGEM [2009-10-17 14:22:28 | 00,000,000 | ---D | C] -- C:\Program Files\Tomiga [2009-10-12 17:58:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-10-11 20:41:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2009-10-01 09:05:04 | 00,000,000 | ---D | C] -- C:\Program Files\WinAudioRecorder [2009-10-18 13:28:21 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Users\ja\Desktop\OTL.exe [2009-10-18 11:31:16 | 00,000,000 | ---D | C] -- D:\Dokumenty2\III rok [2009-10-17 21:22:00 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2009-10-16 21:08:07 | 00,000,000 | ---D | C] -- C:\Users\ja\Desktop\Kaspersky.Anti-Virus.2009.v8.0.0.454.PL.FINAL.FULL [2009-10-16 19:25:29 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2009-10-16 19:25:28 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2009-10-16 19:25:26 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2009-10-16 19:25:26 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2009-10-16 19:25:26 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2009-10-16 19:24:36 | 00,897,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys [2009-10-16 19:24:35 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll [2009-10-16 19:24:34 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE [2009-10-16 19:24:34 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE [2009-10-16 19:24:34 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE [2009-10-16 19:24:34 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE [2009-10-16 19:24:34 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe [2009-10-16 19:24:34 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE [2009-10-16 19:24:34 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE [2009-10-16 19:24:33 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2009-10-16 19:24:04 | 00,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll [2009-10-16 19:24:04 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll [2009-10-16 19:24:04 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll [2009-10-16 19:24:04 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll [2009-10-16 19:24:00 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll [2009-10-16 19:23:51 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2009-10-16 19:23:51 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL [2009-10-16 19:23:41 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2009-10-16 19:23:41 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2009-10-16 19:23:34 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL [2009-10-16 19:16:37 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2009-10-16 19:16:32 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll [2009-10-16 19:16:28 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys [2009-10-16 16:06:36 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009-10-16 16:06:33 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009-10-16 15:57:59 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2009-10-16 15:57:59 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll [2009-10-16 15:57:59 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe [2009-10-16 15:57:59 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2009-10-16 15:57:42 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2009-10-16 15:57:42 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2009-10-16 15:57:42 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2009-10-16 15:57:32 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2009-10-16 15:57:32 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2009-10-14 15:59:40 | 00,000,000 | ---D | C] -- C:\Windows\temp [2009-10-12 17:01:50 | 00,000,000 | R--D | C] -- D:\Dokumenty2\Contacts [2009-10-12 17:01:47 | 00,000,000 | ---D | C] -- D:\Dokumenty2\Gadu-Gadu [2009-10-11 20:41:40 | 00,000,000 | ---D | C] -- D:\Dokumenty2\Simply Super Software [2009-10-09 18:38:54 | 00,000,000 | ---D | C] -- D:\Dokumenty2\Downloads [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2 D:\Dokumenty2\*.tmp files] [5 C:\Users\ja\Desktop\*.tmp files] [2009-10-18 13:23:49 | 00,162,699 | ---- | M] () -- C:\Users\ja\Desktop\Przechwytywanie3.JPG [2009-10-18 13:23:01 | 00,217,945 | ---- | M] () -- C:\Users\ja\Desktop\Przechwytywanie2.JPG [2009-10-18 13:22:05 | 00,215,555 | ---- | M] () -- C:\Users\ja\Desktop\Przechwytywanie1.JPG [2009-10-18 13:14:35 | 00,220,627 | ---- | M] () -- C:\Users\ja\Desktop\Przechwytywanie.JPG [2009-10-18 13:06:00 | 00,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2009-10-18 13:03:19 | 00,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml [2009-10-18 13:03:19 | 00,001,905 | ---- | M] () -- C:\Windows\diagerr.xml [2009-10-18 13:02:54 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2009-10-18 13:02:25 | 00,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2009-10-18 12:39:32 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2009-10-18 12:38:31 | 00,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2009-10-18 12:38:29 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009-10-18 12:38:29 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009-10-18 12:38:26 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009-10-18 12:38:21 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009-10-18 12:38:18 | 31,466,33216 | -HS- | M] () -- C:\hiberfil.sys [2009-10-18 12:34:29 | 05,282,848 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat [2009-10-18 12:34:29 | 00,417,824 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat [2009-10-18 12:34:29 | 00,043,400 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx [2009-10-18 12:34:29 | 00,003,556 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx [2009-10-18 10:08:32 | 00,006,756 | ---- | M] () -- C:\Users\ja\AppData\Local\d3d9caps.dat [2009-10-18 09:44:48 | 00,300,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2009-10-18 00:01:04 | 00,139,776 | ---- | M] () -- C:\Users\ja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-17 23:24:22 | 00,001,651 | ---- | M] () -- C:\Users\Public\Desktop\Konfiguracja.lnk [2009-10-17 23:24:22 | 00,000,163 | ---- | M] () -- C:\Users\Public\Desktop\neostrada tp.url [2009-10-17 15:45:06 | 00,224,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2009-10-17 15:45:06 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klbg.sys [2009-10-17 15:45:04 | 00,108,059 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2009-10-17 15:45:04 | 00,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2009-10-17 13:39:28 | 00,000,514 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009-10-17 13:37:47 | 00,000,266 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2009-10-16 20:39:03 | 00,000,970 | ---- | M] () -- C:\Users\ja\Desktop\AusLogics Emergency Recovery.lnk [2009-10-14 06:28:06 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\ja\Desktop\OTL.exe [2009-10-12 16:32:32 | 37,827,957 | ---- | M] () -- C:\Users\ja\Desktop\Kaspersky.Anti-Virus.2009.v8.0.0.454.PL.FINAL.FULL.rar [2009-10-12 12:26:36 | 00,033,280 | ---- | M] () -- C:\Users\ja\Desktop\Izabela Rzepecka, III rok.doc [2009-10-12 10:59:40 | 00,000,162 | -H-- | M] () -- C:\Users\ja\Desktop\~$abela Rzepecka, III rok.doc [2009-10-02 11:01:58 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe [2009-10-01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2009-10-01 08:52:14 | 00,344,397 | ---- | M] () -- D:\Dokumenty2\Recording Oct 1 2009 8 52 03 AM.mp3 [2009-10-01 08:51:08 | 00,200,619 | ---- | M] () -- D:\Dokumenty2\Recording Oct 1 2009 8 51 02 AM.mp3 [2009-09-29 14:31:42 | 00,044,544 | ---- | M] () -- C:\Users\ja\Desktop\matura.doc [2009-09-29 09:54:30 | 02,231,514 | ---- | M] () -- D:\Dokumenty2\informator.pdf [color=#E56717]========== Files - No Company Name ==========[/color] [2009-10-18 13:23:47 | 00,162,699 | ---- | C] () -- C:\Users\ja\Desktop\Przechwytywanie3.JPG [2009-10-18 13:22:58 | 00,217,945 | ---- | C] () -- C:\Users\ja\Desktop\Przechwytywanie2.JPG [2009-10-18 13:22:02 | 00,215,555 | ---- | C] () -- C:\Users\ja\Desktop\Przechwytywanie1.JPG [2009-10-18 13:14:32 | 00,220,627 | ---- | C] () -- C:\Users\ja\Desktop\Przechwytywanie.JPG [2009-10-18 13:02:54 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009-10-18 13:02:25 | 00,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2009-10-18 12:38:18 | 31,466,33216 | -HS- | C] () -- C:\hiberfil.sys [2009-10-17 23:24:22 | 00,001,651 | ---- | C] () -- C:\Users\Public\Desktop\Konfiguracja.lnk [2009-10-17 23:24:22 | 00,000,163 | ---- | C] () -- C:\Users\Public\Desktop\neostrada tp.url [2009-10-17 13:39:28 | 00,000,514 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009-10-17 13:37:47 | 00,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009-10-17 13:27:50 | 00,108,059 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2009-10-17 13:27:50 | 00,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2009-10-16 21:13:03 | 00,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml [2009-10-16 21:13:03 | 00,001,905 | ---- | C] () -- C:\Windows\diagerr.xml [2009-10-16 21:10:21 | 05,282,848 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat [2009-10-16 21:10:21 | 00,417,824 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2.dat [2009-10-16 21:10:21 | 00,043,400 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx [2009-10-16 21:10:21 | 00,003,556 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2.idx [2009-10-16 20:53:03 | 37,827,957 | ---- | C] () -- C:\Users\ja\Desktop\Kaspersky.Anti-Virus.2009.v8.0.0.454.PL.FINAL.FULL.rar [2009-10-16 20:39:03 | 00,006,772 | ---- | C] () -- C:\Windows\System32\int13ext.vxd [2009-10-16 20:39:03 | 00,000,970 | ---- | C] () -- C:\Users\ja\Desktop\AusLogics Emergency Recovery.lnk [2009-10-16 19:24:05 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2009-10-12 10:59:40 | 00,033,280 | ---- | C] () -- C:\Users\ja\Desktop\Izabela Rzepecka, III rok.doc [2009-10-12 10:59:40 | 00,000,162 | -H-- | C] () -- C:\Users\ja\Desktop\~$abela Rzepecka, III rok.doc [2009-10-01 08:52:03 | 00,344,397 | ---- | C] () -- D:\Dokumenty2\Recording Oct 1 2009 8 52 03 AM.mp3 [2009-10-01 08:51:02 | 00,200,619 | ---- | C] () -- D:\Dokumenty2\Recording Oct 1 2009 8 51 02 AM.mp3 [2009-09-29 09:54:30 | 02,231,514 | ---- | C] () -- D:\Dokumenty2\informator.pdf [2009-07-21 14:40:34 | 00,114,688 | ---- | C] () -- C:\Windows\System32\WLANUTL.dll [2009-05-03 08:40:18 | 00,000,440 | ---- | C] () -- C:\Users\ja\AppData\Roaming\settings.ini [2009-05-02 20:20:10 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-01-19 22:46:57 | 00,006,756 | ---- | C] () -- C:\Users\ja\AppData\Local\d3d9caps.dat [2008-12-28 20:04:41 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008-12-28 17:40:04 | 00,072,520 | ---- | C] () -- C:\Users\ja\AppData\Roaming\GDIPFONTCACHEV1.DAT [2008-12-24 22:36:30 | 00,106,496 | ---- | C] () -- C:\Windows\System32\APmpg4v1.dll [2008-12-24 22:21:14 | 00,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2008-12-24 04:07:03 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll [2008-12-23 12:44:14 | 00,139,776 | ---- | C] () -- C:\Users\ja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-12-23 12:36:47 | 00,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008-12-23 12:35:36 | 00,091,992 | ---- | C] () -- C:\Users\ja\AppData\Local\edsinstaller.txt-20081223.log [2008-12-23 12:33:37 | 00,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008-12-23 12:33:37 | 00,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008-12-23 12:31:19 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008-12-23 12:28:16 | 00,072,520 | ---- | C] () -- C:\Users\ja\AppData\Local\GDIPFONTCACHEV1.DAT [2008-12-07 14:08:04 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008-09-12 16:21:02 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008-05-13 00:32:57 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008-05-13 00:30:09 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008-05-13 00:30:09 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008-04-30 10:09:06 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008-04-30 10:09:01 | 00,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2008-04-30 10:09:01 | 00,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2008-04-30 10:09:01 | 00,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini [2008-04-27 10:33:36 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007-02-05 20:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006-11-02 14:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini [2006-11-02 14:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 12:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini [2006-11-02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini [2006-11-02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005-10-14 11:56:51 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2005-10-14 11:56:51 | 00,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll [2005-10-14 11:56:50 | 00,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll [2005-10-14 11:56:50 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2005-10-14 11:56:50 | 00,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2005-10-14 11:56:50 | 00,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll [2005-10-14 11:56:50 | 00,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2005-10-14 11:56:49 | 00,077,824 | ---- | C] () -- C:\Windows\System32\MMSwitch.dll [2001-12-26 16:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001-09-03 23:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001-07-30 16:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001-07-23 22:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [color=#E56717]========== LOP Check ==========[/color] [2008-12-23 12:43:36 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming [2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Media Center Programs [2008-12-23 12:43:36 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming [2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Media Center Programs [2009-10-17 16:07:45 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming [2008-12-23 12:34:07 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\Acer [2008-05-13 00:27:42 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\Acer GameZone Console [2009-02-02 15:21:44 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\Ahead [2009-06-04 18:33:18 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\Azureus [2008-12-23 12:48:55 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\CyberLink [2008-12-28 20:53:19 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\DAEMON Tools [2008-12-28 20:53:18 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\DAEMON Tools Lite [2008-12-28 20:53:18 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\DAEMON Tools Pro [2009-10-16 16:45:47 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\Desktopicon [2009-08-14 20:34:41 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\dvdcss [2008-12-26 14:50:16 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\eSobi [2009-06-16 15:11:46 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\FileZilla [2008-12-24 23:18:13 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\FloodLightGames [2008-12-27 16:06:08 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\Gadu-Gadu [2009-08-24 17:19:33 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\Gaijin Ent [2009-10-15 17:38:41 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\GanymedeNet [2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\Media Center Programs [2009-10-17 22:05:08 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\Microgaming [2009-05-29 20:10:04 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\NCH Swift Sound [2009-04-13 13:24:00 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\Nowe Gadu-Gadu [2009-10-11 20:41:31 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\Simply Super Software [2009-10-18 09:55:08 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\Software Informer [2009-02-21 20:26:41 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\Thinstall [2009-10-12 14:22:53 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\uTorrent [2009-06-22 12:27:54 | 00,000,000 | ---D | M] -- C:\Users\ja\AppData\Roaming\VTExtra [2009-10-16 16:43:36 | 00,000,000 | ---D | M] -- C:\Users\Mcx1\AppData\Roaming [2008-05-13 00:27:42 | 00,000,000 | ---D | M] -- C:\Users\Mcx1\AppData\Roaming\Acer GameZone Console [2006-11-02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Mcx1\AppData\Roaming\Media Center Programs [2009-10-18 12:38:31 | 00,001,032 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2009-10-18 13:06:00 | 00,001,036 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2009-10-18 12:38:26 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT [2009-10-18 12:34:24 | 00,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:FEBEC560 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FC420CE6 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9E22BBE8 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3E7393FC @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:AA9519A6 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C95B63DA < End of report > [/code] I wyniki skanu kasperkim: [img]http://img27.imageshack.us/img27/4774/przechwytywaniepg.jpg[/img] http://img194.imageshack.us/img194/3743/przechwytywanie1q.jpg http://img26.imageshack.us/img26/1773/przechwytywanie2b.jpg (tam niżej są pliki zabezpieczone hasłem) Z góry dzięki za pomoc
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.