x-kom hosting

log do sprawdzenia

rafal-39
utworzono
utworzono

przesyłam log, prosze o sprawdzenie
[log]
OTL logfile created on: 2009-10-14 15:00:16 - Run 1
OTL by OldTimer - Version 3.0.20.0     Folder = C:\Users\Tomek\Desktop
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1014,81 Mb Total Physical Memory | 352,53 Mb Available Physical Memory | 34,74% Memory free
2,23 Gb Paging File | 1,45 Gb Available in Paging File | 64,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,49 Gb Total Space | 22,52 Gb Free Space | 65,30% Space Free | Partition Type: NTFS
Drive D: | 40,04 Gb Total Space | 37,98 Gb Free Space | 94,87% Space Free | Partition Type: NTFS
Drive E: | 4,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOMEK-PC
Current User Name: Tomek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color="#E56717"]========== Processes (SafeList) ==========[/color]

PRC - [2009-10-14 14:59:29 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Users\Tomek\Desktop\OTL.exe
PRC - [2009-10-07 08:21:45 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-09-06 20:06:34 | 00,088,064 | ---- | M] (Kadu Team) -- C:\Program Files\Kadu\kadu.exe
PRC - [2007-03-06 19:20:00 | 00,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
PRC - [2006-11-02 11:45:07 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.exe
PRC - [2006-11-02 11:44:59 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

[color="#E56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2006-11-02 14:34:59 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006-11-02 14:34:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006-11-02 14:34:58 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006-11-02 14:34:56 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2006-11-02 14:33:48 | 00,263,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2006-11-02 11:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2006-11-02 11:46:13 | 00,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm [Auto | Running])
SRV - [2006-11-02 11:46:12 | 00,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr [Auto | Running])
SRV - [2006-11-02 08:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[color="#E56717"]========== Driver Services (SafeList) ==========[/color]

DRV - File not found --  -- (catchme [On_Demand | Running])
DRV - [2008-09-26 18:04:10 | 00,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])
DRV - [2007-02-06 17:08:24 | 00,684,672 | ---- | M] () -- C:\Windows\System32\DRIVERS\torususb.sys -- (TaurusUsb [On_Demand | Stopped])
DRV - [2007-01-22 12:52:56 | 00,060,533 | ---- | M] (STMicroelectronics              ) -- C:\Windows\System32\DRIVERS\stmatm.sys -- (Stmatm [On_Demand | Running])
DRV - [2006-11-02 11:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006-11-02 11:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006-11-02 11:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006-11-02 11:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006-11-02 11:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006-11-02 11:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006-11-02 11:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006-11-02 11:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2006-11-02 11:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006-11-02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006-11-02 11:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006-11-02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006-11-02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006-11-02 11:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006-11-02 11:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2006-11-02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006-11-02 11:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006-11-02 11:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006-11-02 11:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006-11-02 11:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006-11-02 11:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006-11-02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006-11-02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006-11-02 11:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006-11-02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006-11-02 11:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006-11-02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006-11-02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006-11-02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006-11-02 11:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006-11-02 11:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006-11-02 11:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006-11-02 11:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006-11-02 10:57:48 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Running])
DRV - [2006-11-02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006-11-02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006-11-02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006-11-02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006-11-02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006-11-02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006-11-02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006-11-02 09:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006-11-02 09:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcmwl6.sys -- (BCM43XV [On_Demand | Running])
DRV - [2006-11-02 09:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2006-11-02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006-10-19 04:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand | Running])

[color="#E56717"]========== Standard Registry (SafeList) ==========[/color]


[color="#E56717"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"]http://ie.search.msn...st/srchcust.htm[/url]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"]http://ie.search.msn...st/srchasst.htm[/url]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]http://www.microsoft...=ie&ar=iesearch[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft....k/?LinkId=69157[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color="#E56717"]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "otomoto.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-10-07 08:21:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-10-07 08:21:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009-08-24 08:57:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009-07-19 10:08:14 | 00,000,000 | ---D | M] -- C:\Users\Tomek\AppData\Roaming\mozilla\Firefox\Profiles\ojatq7j3.default\extensions
[2009-10-06 09:46:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-10-07 08:21:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-07-19 12:21:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009-10-06 09:46:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009-10-07 08:21:42 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009-10-07 08:21:42 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009-10-07 08:21:42 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009-10-07 08:21:42 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009-10-07 08:21:42 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009-07-19 12:21:20 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009-10-07 08:21:45 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006-06-03 18:39:49 | 00,000,904 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2008-06-07 02:50:04 | 00,001,419 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2007-01-18 00:05:32 | 00,002,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007-03-31 19:10:44 | 00,000,926 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2006-06-03 18:39:49 | 00,000,866 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-03-29 23:06:54 | 00,001,198 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 13:40:09 | 00,001,693 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdslTaskBar] C:\Windows\System32\stmctrl.DLL (STMicroelectronics              )
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptbehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptbehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color="#E56717"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-10-05 17:09:19 | 00,000,000 | ---D | C] -- C:\Users\Tomek\AppData\Roaming\Kadu
[2009-10-14 14:42:43 | 00,000,000 | ---D | C] -- C:\Users\Tomek\AppData\Local\temp
[2009-10-05 17:08:39 | 00,000,000 | ---D | C] -- C:\Program Files\Kadu
[2009-10-01 19:36:37 | 00,000,000 | ---D | C] -- C:\Program Files\SubEdit-Player
[2009-10-14 14:59:25 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Users\Tomek\Desktop\OTL.exe
[2009-10-14 14:42:43 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009-10-14 14:42:41 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009-10-14 14:35:27 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009-10-14 14:16:41 | 00,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tomek\Desktop\HijackThis.exe
[2009-10-13 14:01:52 | 00,000,000 | ---D | C] -- C:\Users\Tomek\Desktop\jhgjhgjkh
[2009-10-12 14:02:41 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-10-12 13:12:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009-10-12 13:12:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009-10-12 13:12:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009-10-12 13:12:10 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009-10-12 13:10:53 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009-10-04 09:27:13 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009-10-01 09:10:33 | 00,000,000 | ---D | C] -- C:\Users\Tomek\Desktop\Kurs_Photoshop_1_by_Seti

[color="#E56717"]========== Files - Modified Within 30 Days ==========[/color]

[2009-10-14 14:59:29 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Users\Tomek\Desktop\OTL.exe
[2009-10-14 14:53:29 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009-10-14 14:53:29 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009-10-14 14:44:51 | 00,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009-10-14 14:44:51 | 00,535,568 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2009-10-14 14:44:51 | 00,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009-10-14 14:44:51 | 00,086,416 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2009-10-14 14:44:50 | 01,326,240 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009-10-14 14:41:11 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009-10-14 14:31:47 | 03,337,810 | R--- | M] () -- C:\Users\Tomek\Desktop\ComboFix.exe
[2009-10-14 08:53:16 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009-10-14 08:53:09 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009-10-14 08:53:05 | 10,647,55200 | -HS- | M] () -- C:\hiberfil.sys
[2009-10-13 19:03:14 | 04,158,595 | -H-- | M] () -- C:\Users\Tomek\AppData\Local\IconCache.db
[2009-10-12 13:49:17 | 00,016,896 | ---- | M] () -- C:\Users\Tomek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-11 08:10:09 | 00,236,544 | ---- | M] () -- C:\Windows\PEV.exe
[2009-10-06 09:46:02 | 00,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009-10-06 08:54:03 | 00,017,408 | ---- | M] () -- C:\Users\Tomek\Desktop\umowa wstawienia.doc
[2009-10-06 08:54:03 | 00,015,150 | ---- | M] () -- C:\Users\Tomek\Documents\Automatic_Backup.rtf
[2009-10-05 17:08:52 | 00,000,698 | ---- | M] () -- C:\Users\Public\Desktop\Kadu.lnk
[2009-10-05 16:17:25 | 10,000,0000 | ---- | M] () -- C:\Users\Tomek\Desktop\Kurs_Photoshop_2_by_Seti.part2.rar
[2009-10-01 14:30:20 | 10,000,0000 | ---- | M] () -- C:\Users\Tomek\Desktop\Kurs_Photoshop_2_by_Seti.part1.rar
[2009-10-01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[color="#E56717"]========== Files - No Company Name ==========[/color]
[2009-10-12 13:12:10 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009-10-12 13:12:10 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009-10-12 13:12:10 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009-10-12 13:12:10 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009-10-12 13:07:44 | 03,337,810 | R--- | C] () -- C:\Users\Tomek\Desktop\ComboFix.exe
[2009-10-05 17:08:52 | 00,000,698 | ---- | C] () -- C:\Users\Public\Desktop\Kadu.lnk
[2009-10-05 16:03:46 | 10,000,0000 | ---- | C] () -- C:\Users\Tomek\Desktop\Kurs_Photoshop_2_by_Seti.part2.rar
[2009-10-01 14:14:25 | 10,000,0000 | ---- | C] () -- C:\Users\Tomek\Desktop\Kurs_Photoshop_2_by_Seti.part1.rar
[2009-07-23 13:40:45 | 00,016,896 | ---- | C] () -- C:\Users\Tomek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-19 10:55:34 | 04,158,595 | -H-- | C] () -- C:\Users\Tomek\AppData\Local\IconCache.db
[2009-07-19 10:53:57 | 00,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009-07-19 10:53:57 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009-07-19 10:46:16 | 00,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009-07-19 10:14:39 | 00,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2009-07-19 10:14:38 | 00,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2009-07-19 10:14:34 | 00,121,344 | ---- | C] () -- C:\Windows\System32\Ltpnt13n.dll
[2009-07-19 09:55:33 | 00,684,672 | ---- | C] () -- C:\Windows\System32\drivers\torususb.sys
[2009-07-19 09:55:32 | 00,000,161 | ---- | C] () -- C:\Windows\DSLSetup.ini
[2009-07-19 09:54:07 | 00,049,064 | ---- | C] () -- C:\Users\Tomek\AppData\Local\GDIPFONTCACHEV1.DAT
[2006-11-02 14:48:00 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006-11-02 12:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006-11-02 12:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006-11-02 12:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006-11-02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[color="#E56717"]========== LOP Check ==========[/color]

[2009-10-05 17:09:19 | 00,000,000 | ---D | M] -- C:\Users\Tomek\AppData\Roaming
[2009-07-20 09:54:47 | 00,000,000 | ---D | M] -- C:\Users\Tomek\AppData\Roaming\Ahead
[2009-07-26 21:19:34 | 00,000,000 | ---D | M] -- C:\Users\Tomek\AppData\Roaming\BESTplayer
[2009-08-20 16:52:20 | 00,000,000 | R--D | M] -- C:\Users\Tomek\AppData\Roaming\Brother
[2009-07-19 10:14:45 | 00,000,000 | ---D | M] -- C:\Users\Tomek\AppData\Roaming\EasyOffice
[2009-07-19 10:03:41 | 00,000,000 | ---D | M] -- C:\Users\Tomek\AppData\Roaming\Gadu-Gadu
[2009-07-19 10:31:55 | 00,000,000 | ---D | M] -- C:\Users\Tomek\AppData\Roaming\IrfanView
[2009-10-14 08:54:08 | 00,000,000 | ---D | M] -- C:\Users\Tomek\AppData\Roaming\Kadu
[2009-07-19 10:22:00 | 00,000,000 | ---D | M] -- C:\Users\Tomek\AppData\Roaming\Thunderbird
[2009-10-11 09:15:58 | 00,000,000 | ---D | M] -- C:\Users\Tomek\AppData\Roaming\VSO
[2009-10-14 08:53:16 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009-10-13 19:03:26 | 00,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color="#E56717"]========== Purity Check ==========[/color]


< End of report >
[/log]




[color="#ff0000"]//Poprawiam temat, nie tytułuj w ten sposób.
//Pikusław[/color]


Psycholandia
komentarz
komentarz

1. Jaki powód sprawdzania?
2. Zmień temat na taki, który dotyczy problem.
3. W okienko OTL wklej poniższy skrypt i klik na Run Fix:

[code]:Processes
explorer.exe

:OTL
O4 - HKLM..\Run: [AdslTaskBar] C:\Windows\System32\stmctrl.DLL (STMicroelectronics )

:Files
C:\Windows\System32\conime.exe
C:\$RECYCLE.BIN
C:\ComboFix
C:\Qoobox
C:\Windows\SWXCACLS.exe
C:\Windows\SWREG.exe
C:\Windows\SWSC.exe
C:\Windows\NIRCMD.exe
C:\Windows\ERDNT
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115- 601632D005A0
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115- 601632D005A0
C:\Windows\PEV.exe
C:\Windows\sed.exe
C:\Windows\grep.exe
C:\Windows\zip.exe
C:\Users\Tomek\Desktop\ComboFix.exe

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

4. Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)

rafal-39
komentarz
komentarz

Powód sprawdzania, myślę że to z powodu e8kj.exe lub tazebama(jezeli to to). Coś tworzy w każdym folderze po 2 pliki exe które po usunięciu natychmiast pojawiają sie pod inną nazwą

[log]Malwarebytes' Anti-Malware 1.41
Wersja bazy definicji: 2960
Windows 6.0.6000

2009-10-15 12:15:41
mbam-log-2009-10-15 (12-15-41).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|)
Przeskanowane obiekty: 138173
Upłynęło: 48 minute(s), 22 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 1
Zainfekowane klucze rejestru: 3
Zainfekowane wartości rejestru: 1
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 3

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> Delete on reboot.

Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\TypeLib\{7b154753-c2ff-45c9-974e-98e4d3914d9c} (Worm.Mabezat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a198fc3-51aa-4403-b281-168f86d9053a} (Worm.Mabezat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{79806449-ab35-42ec-9be9-b390209ce514} (Worm.Mabezat) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{79806449-ab35-42ec-9be9-b390209ce514} (Worm.Mabezat) -> Quarantined and deleted successfully.

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> Delete on reboot.
C:\Users\tazebama.dll (Worm.Mabezat) -> Delete on reboot.
C:\Users\hook.dl_ (Worm.Mabezat) -> Quarantined and deleted successfully.
[/log]

Psycholandia
komentarz
komentarz

Jeśli pliki utworzyły się na nowo, przeskanuj każdy z osobna na tej stronce: http://www.virustotal.com/pl/ i wklej wyniki.

rafal-39
komentarz
komentarz (edytowane)

gdy usuwam je ręcznie na razie nie tworzą się, pliki w folderach w każdym pod inną nazwą z tym że nazwa pliku jest zazwyczaj nazwą folderu

1 plik
[log]
Antywirus Wersja Ostatnia aktualizacja Wynik
a-squared 4.5.0.41 2009.10.15 Worm.Win32.Mabezat!IK
AhnLab-V3 5.0.0.2 2009.10.14 Win32/Mabezat
AntiVir 7.9.1.35 2009.10.15 Worm/Mabezat.b
Antiy-AVL 2.0.3.7 2009.10.15 Worm/Win32.Mabezat.gen
Authentium 5.1.2.4 2009.10.15 W32/Mabezat.A
Avast 4.8.1351.0 2009.10.14 Win32:Mabezat-AM
AVG 8.5.0.420 2009.10.15 Worm/Mabezat.A
BitDefender 7.2 2009.10.15 Worm.Generic.56564
CAT-QuickHeal 10.00 2009.10.15 W32.Mabezat.Dr
ClamAV 0.94.1 2009.10.15 W32.Mabezat-2
Comodo 2608 2009.10.15 -
DrWeb 5.0.0.12182 2009.10.15 Win32.HLLW.Tazebama
eSafe 7.0.17.0 2009.10.14 Win32.Mabezat.b
eTrust-Vet 35.1.7069 2009.10.15 Win32/Mabezat.B
F-Prot 4.5.1.85 2009.10.14 W32/Mabezat.A
F-Secure 8.0.14470.0 2009.10.15 Worm.Win32.Mabezat.b
Fortinet 3.120.0.0 2009.10.15 W32/Mabezat.B
GData 19 2009.10.15 Worm.Generic.56564
Ikarus T3.1.1.72.0 2009.10.15 Worm.Win32.Mabezat
Jiangmin 11.0.800 2009.10.15 Trojan/Mabezat.j
K7AntiVirus 7.10.870 2009.10.14 Virus.Win32.Mabezat.b-3
Kaspersky 7.0.0.125 2009.10.15 Worm.Win32.Mabezat.b
McAfee 5771 2009.10.14 W32/Mabezat
McAfee+Artemis 5771 2009.10.14 W32/Mabezat
McAfee-GW-Edition 6.8.5 2009.10.15 Heuristic.LooksLike.Win32.Mabezat.H
Microsoft 1.5101 2009.10.15 Virus:Win32/Mabezat.B
NOD32 4509 2009.10.15 Win32/Mabezat.A
Norman 6.01.09 2009.10.14 Mabezat.B
nProtect 2009.1.8.0 2009.10.15 -
Panda 10.0.2.2 2009.10.15 W32/Mabezat.C.worm
PCTools 4.4.2.0 2009.10.14 Worm.Mabezat.A
Prevx 3.0 2009.10.15 Medium Risk Malware
Rising 21.51.32.00 2009.10.15 Win32.Mabezat.b
Sophos 4.46.0 2009.10.15 W32/Mabezat-B
Sunbelt 3.2.1858.2 2009.10.15 Worm.Win32.Mabezat.b (v)
Symantec 1.4.4.12 2009.10.15 W32.Mabezat.B
TheHacker 6.5.0.2.042 2009.10.14 W32/Mabezat.gen
TrendMicro 8.950.0.1094 2009.10.15 PE_MABEZAT.B-O
VBA32 3.12.10.11 2009.10.14 Worm.Win32.Mabezat.b
ViRobot 2009.10.15.1986 2009.10.15 Worm.Win32.Mabezat.154751
VirusBuster 4.6.5.0 2009.10.14 Worm.Mabezat.A
Dodatkowe informacje
File size: 155513 bytes
MD5...: e1587194bf6938e637645229da18c228
SHA1..: e79bb89eea1d9e84fcf855120ec1ead1fd29b56e
SHA256: 81454f236404faa7dea42d9e6d1aa653f630dcf1e63948b311b042d08e18b99e
ssdeep: 3072:yZ1UE7Zk06M6fjScmUdt+LPGvtT2n2Az5S31AibtLOQeJ7aWK:yZpL6MEjw
eqbz5S31jtLOLdK
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x47257ae1 (Mon Oct 29 06:17:05 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd15a 0xd200 6.31 1914f0eea471c4da93e11e98bca9b8f0
.rdata 0xf000 0xfd6 0x1000 3.21 0a15e36ffbdbfe3c1dc992522468a94e
.data 0x10000 0x44bc 0x2800 5.44 cf002120bd31f4cae97868a3cedf6390
.rsrc 0x15000 0x115c 0x1200 3.83 495a0d35f600aa62865e71aff09645db

( 3 imports )
> MSVCRT.dll: srand, memcmp, strcat, isdigit, isspace, memcpy, rename, memset, _EH_prolog, __CxxFrameHandler, strcmp, strncpy, strstr, strcpy, rand, abs, strlen
> USER32.dll: MessageBoxA, wvsprintfA
> KERNEL32.dll: GetModuleHandleA, HeapReAlloc, HeapFree, GetProcessHeap, HeapAlloc, LoadLibraryA, GetProcAddress, GetTickCount, GetStartupInfoA, GetCommandLineA, ExitProcess

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=1C268802794823285F2002A3752DD4002CD55001' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=1C268802794823285F2002A3752DD4002CD55001</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

[/log]


2 plik

[log]

Plik został już przeskanowany:
MD5: cd87497c0efa26eb6acfbab12c0fa064
First received: 2009.06.06 07:38:19 UTC
Data: 2009.06.23 13:11:07 UTC [>113D]
Wyniki: 39/41
Permalink: analisis/57190d1346354c4bfa103ee91c7f788e66a8387db8be8ca0697a126d9c701102-1245762667

[/log]

Psycholandia
komentarz
komentarz

Jak się plik nazywa i gdzie jest ulokowany?
Daj nowego loga z OTL.

rafal-39
komentarz
komentarz

[log]OTL logfile created on: 2009-10-15 13:22:43 - Run 2
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Users\Tomek\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1014,81 Mb Total Physical Memory | 515,82 Mb Available Physical Memory | 50,83% Memory free
2,23 Gb Paging File | 1,51 Gb Available in Paging File | 67,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,49 Gb Total Space | 22,11 Gb Free Space | 64,10% Space Free | Partition Type: NTFS
Drive D: | 40,04 Gb Total Space | 37,99 Gb Free Space | 94,88% Space Free | Partition Type: NTFS
Drive E: | 4,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOMEK-PC
Current User Name: Tomek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-10-14 14:59:29 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Users\Tomek\Desktop\OTL.exe
PRC - [2009-10-07 08:21:45 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-09-06 20:06:34 | 00,088,064 | ---- | M] (Kadu Team) -- C:\Program Files\Kadu\kadu.exe
PRC - [2007-03-12 14:51:26 | 00,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2007-03-02 16:48:00 | 00,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
PRC - [2006-11-02 11:45:07 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2006-11-02 14:34:59 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006-11-02 14:34:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006-11-02 14:34:58 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006-11-02 14:34:56 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2006-11-02 14:33:48 | 00,263,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2006-11-02 11:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2006-11-02 11:46:13 | 00,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm [Auto | Running])
SRV - [2006-11-02 11:46:12 | 00,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr [Auto | Running])
SRV - [2006-11-02 08:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2008-09-26 18:04:10 | 00,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys -- (hwdatacard [On_Demand | Stopped])
DRV - [2007-02-06 17:08:24 | 00,684,672 | ---- | M] () -- C:\Windows\System32\DRIVERS\torususb.sys -- (TaurusUsb [On_Demand | Stopped])
DRV - [2007-01-22 12:52:56 | 00,060,533 | ---- | M] (STMicroelectronics ) -- C:\Windows\System32\DRIVERS\stmatm.sys -- (Stmatm [On_Demand | Running])
DRV - [2006-11-02 11:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006-11-02 11:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006-11-02 11:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006-11-02 11:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006-11-02 11:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006-11-02 11:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006-11-02 11:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006-11-02 11:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2006-11-02 11:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006-11-02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006-11-02 11:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006-11-02 11:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006-11-02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006-11-02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006-11-02 11:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006-11-02 11:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2006-11-02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006-11-02 11:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006-11-02 11:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006-11-02 11:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006-11-02 11:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006-11-02 11:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006-11-02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006-11-02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006-11-02 11:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006-11-02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006-11-02 11:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006-11-02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006-11-02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006-11-02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006-11-02 11:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006-11-02 11:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006-11-02 11:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006-11-02 11:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006-11-02 10:57:48 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Running])
DRV - [2006-11-02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006-11-02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006-11-02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006-11-02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006-11-02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006-11-02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006-11-02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006-11-02 09:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006-11-02 09:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcmwl6.sys -- (BCM43XV [On_Demand | Running])
DRV - [2006-11-02 09:30:53 | 00,045,056 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2006-11-02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006-10-19 04:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (ialm [On_Demand | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (pl)"
FF - prefs.js..browser.startup.homepage: "otomoto.pl"

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-10-07 08:21:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-10-07 08:21:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009-08-24 08:57:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009-07-19 10:08:14 | 00,000,000 | ---D | M] -- C:\Users\Tomek\AppData\Roaming\mozilla\Firefox\Profiles\ojatq7j3.default\extensions
[2009-10-06 09:46:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-10-07 08:21:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-07-19 12:21:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009-10-06 09:46:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009-10-07 08:21:42 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009-10-07 08:21:42 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009-10-07 08:21:42 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009-10-07 08:21:42 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009-10-07 08:21:42 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009-07-19 12:21:20 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009-10-07 08:21:45 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006-06-03 18:39:49 | 00,000,904 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2008-06-07 02:50:04 | 00,001,419 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2007-01-18 00:05:32 | 00,002,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007-03-31 19:10:44 | 00,000,926 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2006-06-03 18:39:49 | 00,000,866 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2008-03-29 23:06:54 | 00,001,198 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2007-01-05 13:40:09 | 00,001,693 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-10-15 12:16:44 | 00,000,126 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-15 12:16:44 | 00,000,126 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-10-14 16:42:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009-10-05 17:09:19 | 00,000,000 | ---D | C] -- C:\Users\Tomek\AppData\Roaming\Kadu
[2009-10-14 16:42:17 | 00,000,000 | ---D | C] -- C:\Users\Tomek\AppData\Roaming\Malwarebytes
[2009-10-14 14:42:43 | 00,000,000 | ---D | C] -- C:\Users\Tomek\AppData\Local\temp
[2009-10-05 17:08:39 | 00,000,000 | ---D | C] -- C:\Program Files\Kadu
[2009-10-14 16:42:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-10-01 19:36:37 | 00,000,000 | ---D | C] -- C:\Program Files\SubEdit-Player
[2009-10-14 16:42:12 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009-10-14 16:42:10 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009-10-14 16:36:51 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009-10-14 16:35:58 | 00,000,000 | ---D | C] -- C:\_OTL
[2009-10-14 16:35:05 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tomek\Desktop\mbam-setup.exe
[2009-10-14 14:59:25 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Users\Tomek\Desktop\OTL.exe
[2009-10-14 14:42:43 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009-10-14 14:16:41 | 00,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tomek\Desktop\HijackThis.exe
[2009-10-13 14:01:52 | 00,000,000 | ---D | C] -- C:\Users\Tomek\Desktop\jhgjhgjkh
[2009-10-04 09:27:13 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009-10-01 09:10:33 | 00,000,000 | ---D | C] -- C:\Users\Tomek\Desktop\Kurs_Photoshop_1_by_Seti

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-10-15 13:18:34 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009-10-15 13:18:33 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009-10-15 12:22:55 | 00,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009-10-15 12:22:55 | 00,535,568 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2009-10-15 12:22:55 | 00,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009-10-15 12:22:55 | 00,086,416 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2009-10-15 12:22:54 | 01,326,240 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009-10-15 12:18:30 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009-10-15 12:18:23 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009-10-15 12:18:19 | 10,647,55200 | -HS- | M] () -- C:\hiberfil.sys
[2009-10-15 12:16:52 | 04,167,028 | -H-- | M] () -- C:\Users\Tomek\AppData\Local\IconCache.db
[2009-10-15 12:16:44 | 00,000,126 | RHS- | M] () -- C:\autorun.inf
[2009-10-15 12:15:43 | 00,155,943 | RHS- | M] () -- C:\zPharaoh.exe
[2009-10-14 16:42:15 | 00,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-10-14 16:35:40 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tomek\Desktop\mbam-setup.exe
[2009-10-14 14:59:29 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Users\Tomek\Desktop\OTL.exe
[2009-10-14 14:41:11 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009-10-12 13:49:17 | 00,016,896 | ---- | M] () -- C:\Users\Tomek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-06 09:46:02 | 00,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009-10-06 08:54:03 | 00,017,408 | ---- | M] () -- C:\Users\Tomek\Desktop\umowa wstawienia.doc
[2009-10-06 08:54:03 | 00,015,150 | ---- | M] () -- C:\Users\Tomek\Documents\Automatic_Backup.rtf
[2009-10-05 17:08:52 | 00,000,698 | ---- | M] () -- C:\Users\Public\Desktop\Kadu.lnk
[2009-10-05 16:17:25 | 10,000,0000 | ---- | M] () -- C:\Users\Tomek\Desktop\Kurs_Photoshop_2_by_Seti.part2.rar
[2009-10-01 14:30:20 | 10,000,0000 | ---- | M] () -- C:\Users\Tomek\Desktop\Kurs_Photoshop_2_by_Seti.part1.rar
[2009-10-01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[color=#E56717]========== Files - No Company Name ==========[/color]
[2009-10-15 12:15:43 | 00,155,943 | RHS- | C] () -- C:\zPharaoh.exe
[2009-10-15 12:15:43 | 00,000,126 | RHS- | C] () -- C:\autorun.inf
[2009-10-14 16:42:15 | 00,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-10-05 17:08:52 | 00,000,698 | ---- | C] () -- C:\Users\Public\Desktop\Kadu.lnk
[2009-10-05 16:03:46 | 10,000,0000 | ---- | C] () -- C:\Users\Tomek\Desktop\Kurs_Photoshop_2_by_Seti.part2.rar
[2009-10-01 14:14:25 | 10,000,0000 | ---- | C] () -- C:\Users\Tomek\Desktop\Kurs_Photoshop_2_by_Seti.part1.rar
[2009-07-23 13:40:45 | 00,016,896 | ---- | C] () -- C:\Users\Tomek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-19 10:55:34 | 04,167,028 | -H-- | C] () -- C:\Users\Tomek\AppData\Local\IconCache.db
[2009-07-19 10:53:57 | 00,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009-07-19 10:53:57 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009-07-19 10:46:16 | 00,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009-07-19 10:14:39 | 00,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2009-07-19 10:14:38 | 00,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2009-07-19 10:14:34 | 00,121,344 | ---- | C] () -- C:\Windows\System32\Ltpnt13n.dll
[2009-07-19 09:55:33 | 00,684,672 | ---- | C] () -- C:\Windows\System32\drivers\torususb.sys
[2009-07-19 09:55:32 | 00,000,161 | ---- | C] () -- C:\Windows\DSLSetup.ini
[2009-07-19 09:54:07 | 00,049,064 | ---- | C] () -- C:\Users\Tomek\AppData\Local\GDIPFONTCACHEV1.DAT
[2006-11-02 14:48:00 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006-11-02 12:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006-11-02 12:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006-11-02 12:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006-11-02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >
[/log]


tutaj link gdzie są te pliki http://twojezdjecie.pl/pliki/9b987fa5474469a5fdf0cbe421c05acf.jpg

Psycholandia
komentarz
komentarz

W okienko OTL wklej poniższy skrypt i klik na Run Fix:

[code]:Processes
explorer.exe

:OTL
O32 - AutoRun File - [2009-10-15 12:16:44 | 00,000,126 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-15 12:16:44 | 00,000,126 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]

:Files
C:\$RECYCLE.BIN
C:\Users\Tomek\Desktop\jhgjhgjkh
C:\Windows\temp
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115- 601632D005A0
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115- 601632D005A0
C:\autorun.inf
D:\autorun.inf
C:\zPharaoh.exe
D:\zPharaoh.exe

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Otwórz notatnik tekstowy i wklej do niego poniższy tekst: [code]Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[/code]
Zapisz jako->Wybierz [b]Wszystkie pliki[/b]->wpisz [b]Fix.reg[/b]->Następnie kliknij na zapisany plik i uruchom komputer ponownie.

Pendriva lub inne urządzenia przenośne, które podpinasz do komputera przeskanuj programem: [url="http://www.programosy.pl/program,flash-desinfector.html"]Flash Desinfector[/url] --> czyli podpinasz pendriva i uruchamiasz program. Na chwilę zniknie pulpit, program w tym momencie oczyści Ci go z wirusów.

rafal-39
komentarz
komentarz

Na razie jest ok. dzięki. Jeszcze jedno pytanko- gdybym chciał na drugim kompie to zrobić to muszę postępować tak samo??

Psycholandia
komentarz
komentarz

Zrób logi z OTL z drugiego komputera, zobaczymy czy coś mu dolega :)
Mam nadzieję, że pendriva przeczyściłeś? Bo nim możesz roznosić wirusy między komputerami.

rafal-39
komentarz
komentarz

Na razie nie czyściłem bo nie mam go przy sobie. Loga z drugiego kompa wyśle jutro.

przesyłam log z drugiego kompa
[log]OTL logfile created on: 2009-10-15 18:29:35 - Run 2
OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Administrator\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

383,48 Mb Total Physical Memory | 220,57 Mb Available Physical Memory | 57,52% Memory free
922,03 Mb Paging File | 789,62 Mb Available in Paging File | 85,64% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 11,70 Gb Free Space | 79,88% Space Free | Partition Type: NTFS
Drive D: | 22,61 Gb Total Space | 22,55 Gb Free Space | 99,70% Space Free | Partition Type: NTFS
Drive E: | 498,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 70,22 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 9,92 Gb Total Space | 2,65 Gb Free Space | 26,75% Space Free | Partition Type: FAT32
Drive H: | 21,98 Gb Total Space | 2,99 Gb Free Space | 13,60% Space Free | Partition Type: FAT32
Drive I: | 5,14 Gb Total Space | 5,14 Gb Free Space | 99,98% Space Free | Partition Type: FAT32

Computer Name: KOMPUTER
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-10-15 18:29:06 | 00,154,751 | ---- | M] () -- C:\Documents and Settings\tazebama.dl_
PRC - [2009-10-15 18:18:12 | 00,677,231 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
PRC - [2009-10-13 19:28:57 | 01,431,999 | ---- | M] () -- C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
PRC - [2007-07-14 00:42:04 | 00,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006-08-03 05:12:00 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004-12-06 04:41:26 | 00,233,472 | R--- | M] (wvtv@sina.com) -- C:\WINDOWS\wvremcon.exe
PRC - [2004-09-08 20:51:10 | 00,106,496 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
PRC - [2004-08-04 02:44:30 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-10-13 19:34:04 | 01,156,463 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2004-08-04 02:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004-07-15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found -- -- (abp470n5 [On_Demand | Running])
DRV - [2007-07-28 03:15:52 | 00,062,208 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112 [Boot | Running])
DRV - [2007-01-04 13:48:04 | 00,104,344 | ---- | M] (Analog Devices Inc.) -- C:\WINDOWS\System32\DRIVERS\e4usbaw.sys -- (e4usbaw [On_Demand | Running])
DRV - [2007-01-04 13:47:48 | 00,069,656 | ---- | M] (Analog Deivces) -- C:\WINDOWS\System32\Drivers\e4ldr.sys -- (E4LOADER [Auto | Stopped])
DRV - [2006-08-18 13:52:00 | 04,017,536 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2004-08-04 01:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2004-08-04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2004-08-04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004-07-17 13:36:38 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2003-08-15 18:33:32 | 00,024,736 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\System32\DRIVERS\PhTvTune.sys -- (PhTvTune [On_Demand | Running])
DRV - [2003-08-15 18:31:42 | 00,353,024 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\System32\DRIVERS\Cap7134.sys -- (Cap7134 [On_Demand | Running])
DRV - [2001-08-18 01:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinDVR SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
O4 - HKLM..\Run: [wvremcon] C:\WINDOWS\wvremcon.exe (wvtv@sina.com)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-10-06 20:55:47 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-10-15 18:29:44 | 00,000,126 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-15 18:29:44 | 00,000,126 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007-05-18 13:48:52 | 00,000,044 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004-12-14 04:46:20 | 00,176,142 | R--- | M] () - F:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [2009-10-15 18:29:46 | 00,000,126 | RHS- | M] () - G:\AutoRun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009-10-15 18:29:46 | 00,000,126 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009-10-15 18:29:46 | 00,000,126 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{e1493080-b36b-11de-b812-806d6172696f}\Shell\AutoRun\command - "" = G:\zPharaoh.exe -- [2009-10-01 19:25:26 | 00,233,465 | RHS- | M] ()
O33 - MountPoints2\{e1493080-b36b-11de-b812-806d6172696f}\Shell\explore\command - "" = G:\zPharaoh.exe -- [2009-10-01 19:25:26 | 00,233,465 | RHS- | M] ()
O33 - MountPoints2\{e1493080-b36b-11de-b812-806d6172696f}\Shell\open\command - "" = G:\zPharaoh.exe -- [2009-10-01 19:25:26 | 00,233,465 | RHS- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009-10-06 22:43:43 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji
[2009-10-06 20:57:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
[2009-10-07 06:14:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo
[2009-10-06 22:43:43 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft
[2009-10-06 20:57:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Real
[2009-10-06 21:03:22 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji
[2009-10-07 07:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield
[2009-10-07 20:16:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Macromedia
[2009-10-06 21:03:22 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft
[2009-10-06 21:03:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Real
[2009-10-06 21:03:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Sun
[2009-10-06 21:03:21 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji
[2009-10-06 21:03:21 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-10-06 22:44:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009-10-07 06:10:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009-10-07 06:13:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2009-10-06 20:56:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2009-10-06 22:44:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009-10-06 20:53:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009-10-06 22:44:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009-10-06 20:53:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009-10-06 22:44:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009-10-06 20:52:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009-10-06 22:44:48 | 00,000,000 | R--D | C] -- C:\Program Files
[2009-10-07 06:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\AvRack
[2009-10-06 22:44:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009-10-06 20:51:43 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009-10-07 06:10:31 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009-10-06 20:52:46 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009-10-07 06:13:33 | 00,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2009-10-06 20:56:49 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009-10-06 20:53:03 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009-10-06 20:50:57 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009-10-06 20:52:54 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009-10-06 20:57:22 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2009-10-06 20:57:37 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009-10-07 06:10:36 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2009-10-07 06:10:48 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek Sound Manager
[2009-10-07 07:04:47 | 00,000,000 | ---D | C] -- C:\Program Files\SAGEM
[2009-10-06 20:51:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009-10-06 20:51:01 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009-10-06 20:50:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009-10-15 18:18:21 | 00,677,231 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
[2009-10-13 19:08:01 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Wideo
[2009-10-13 19:07:50 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-10-13 19:03:55 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
[2009-10-07 20:53:24 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-10-07 20:16:01 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009-10-07 07:05:02 | 00,155,648 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\adadix32.dll
[2009-10-07 07:05:01 | 00,169,496 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\drivers\adiusbawx64.sys
[2009-10-07 07:05:01 | 00,146,968 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\drivers\e4usbawx64.sys
[2009-10-07 07:05:01 | 00,118,552 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\drivers\adiusbaw.sys
[2009-10-07 07:05:01 | 00,104,344 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\drivers\e4usbaw.sys
[2009-10-07 07:04:58 | 00,316,416 | ---- | C] (Analog Devices.) -- C:\WINDOWS\System32\unaddrv.x64.exe
[2009-10-07 07:04:58 | 00,071,832 | ---- | C] (Analog Deivces) -- C:\WINDOWS\System32\drivers\e4ldrx64.sys
[2009-10-07 07:04:58 | 00,069,656 | ---- | C] (Analog Deivces) -- C:\WINDOWS\System32\drivers\e4ldr.sys
[2009-10-07 07:04:58 | 00,058,264 | ---- | C] (Analog Deivces) -- C:\WINDOWS\System32\drivers\adildrx64.sys
[2009-10-07 07:04:58 | 00,056,088 | ---- | C] (Analog Deivces) -- C:\WINDOWS\System32\drivers\adildr.sys
[2009-10-07 07:04:57 | 00,212,992 | ---- | C] (Analog Devices.) -- C:\WINDOWS\System32\unaddrv.exe
[2009-10-07 07:04:57 | 00,004,981 | ---- | C] (SITECSOFT Co., LTD.) -- C:\WINDOWS\System32\ADADIX2K.DLL
[2009-10-07 06:15:56 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSTEE.sys
[2009-10-07 06:15:52 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NdisIP.sys
[2009-10-07 06:15:50 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\StreamIP.sys
[2009-10-07 06:15:49 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009-10-07 06:15:47 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\SLIP.sys
[2009-10-07 06:15:44 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WSTCODEC.SYS
[2009-10-07 06:15:42 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NABTSFEC.sys
[2009-10-07 06:15:39 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\CCDECODE.sys
[2009-10-07 06:15:35 | 00,024,736 | R--- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\drivers\PhTvTune.sys
[2009-10-07 06:15:10 | 00,233,472 | R--- | C] (wvtv@sina.com) -- C:\WINDOWS\wvremcon.exe
[2009-10-07 06:15:10 | 00,110,592 | R--- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\Prop7134.dll
[2009-10-07 06:15:10 | 00,110,592 | R--- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\34com.dll
[2009-10-07 06:15:10 | 00,073,728 | R--- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\34TvCtrl.dll
[2009-10-07 06:15:09 | 00,353,024 | R--- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\drivers\Cap7134.sys
[2009-10-07 06:15:09 | 00,135,168 | R--- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\34api.dll
[2009-10-07 06:15:09 | 00,094,208 | R--- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\34dialog.dll
[2009-10-07 06:15:09 | 00,077,824 | R--- | C] (Philips Semiconductors) -- C:\WINDOWS\System32\34dd.dll
[2009-10-07 06:15:08 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2009-10-07 06:15:08 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009-10-07 06:15:06 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009-10-07 06:15:06 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009-10-07 06:15:06 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009-10-07 06:14:42 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2009-10-07 06:14:39 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2009-10-07 06:14:37 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DMusic.sys
[2009-10-07 06:14:35 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2009-10-07 06:14:33 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2009-10-07 06:14:30 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2009-10-07 06:14:28 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2009-10-07 06:14:26 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2009-10-07 06:14:23 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSKSSRV.sys
[2009-10-07 06:14:21 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPQM.sys
[2009-10-07 06:14:17 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPCLOCK.sys
[2009-10-07 06:14:10 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Wideo
[2009-10-07 06:10:56 | 04,017,536 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\alcxwdm.sys
[2009-10-07 06:10:54 | 00,145,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2009-10-07 06:10:54 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009-10-07 06:10:54 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009-10-07 06:10:54 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009-10-07 06:10:36 | 10,528,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe
[2009-10-07 06:10:32 | 18,804,736 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\alsndmgr.cpl
[2009-10-07 06:10:32 | 00,577,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2009-10-07 06:10:32 | 00,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2009-10-07 06:10:32 | 00,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcrmv.exe
[2009-10-06 22:48:53 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2009-10-06 22:48:06 | 00,058,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2009-10-06 22:47:31 | 04,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009-10-06 22:47:31 | 01,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2009-10-06 22:47:24 | 00,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2009-10-06 22:47:02 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2009-10-06 22:46:49 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2009-10-06 22:46:45 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2009-10-06 22:46:31 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\UAGP35.SYS
[2009-10-06 22:44:48 | 00,000,000 | R--D | C] -- C:\Program Files
[2009-10-06 22:44:45 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2009-10-06 22:44:45 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2009-10-06 22:44:45 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2009-10-06 22:44:44 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2009-10-06 22:44:44 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2009-10-06 22:44:44 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2009-10-06 22:44:44 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2009-10-06 22:44:44 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2009-10-06 22:44:43 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2009-10-06 22:44:43 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2009-10-06 22:44:43 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2009-10-06 22:44:43 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2009-10-06 22:44:43 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2009-10-06 22:44:37 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2009-10-06 22:44:37 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2009-10-06 22:44:37 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2009-10-06 22:44:37 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2009-10-06 22:44:37 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2009-10-06 22:44:37 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2009-10-06 22:44:37 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2009-10-06 22:44:37 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2009-10-06 22:44:37 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2009-10-06 22:44:37 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2009-10-06 22:44:37 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2009-10-06 22:44:36 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2009-10-06 22:44:36 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2009-10-06 22:44:36 | 00,085,532 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2009-10-06 22:44:36 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009-10-06 22:44:36 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2009-10-06 22:44:36 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009-10-06 22:44:36 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2009-10-06 22:44:35 | 00,127,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2009-10-06 22:44:35 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2009-10-06 22:44:35 | 00,073,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2009-10-06 22:44:35 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2009-10-06 22:44:35 | 00,025,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2009-10-06 22:44:35 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2009-10-06 22:44:35 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2009-10-06 22:44:35 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2009-10-06 22:44:35 | 00,009,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2009-10-06 22:44:35 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2009-10-06 22:44:35 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2009-10-06 22:44:35 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2009-10-06 22:44:35 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2009-10-06 22:44:35 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2009-10-06 22:44:35 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2009-10-06 22:44:35 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2009-10-06 22:44:34 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2009-10-06 22:44:34 | 00,109,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2009-10-06 22:44:34 | 00,070,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2009-10-06 22:44:34 | 00,033,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2009-10-06 22:44:34 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2009-10-06 22:44:34 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2009-10-06 22:44:34 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2009-10-06 22:44:33 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2009-10-06 22:44:33 | 00,069,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2009-10-06 22:44:33 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2009-10-06 22:43:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009-10-06 22:43:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009-10-06 22:43:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009-10-06 22:43:14 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009-10-06 22:38:18 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009-10-06 22:38:18 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009-10-06 22:38:18 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009-10-06 22:38:18 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009-10-06 22:38:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\pl-pl
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1045
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Offline Web Pages
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009-10-06 22:38:18 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009-10-06 21:03:52 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Muzyka
[2009-10-06 21:03:52 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Moje obrazy
[2009-10-06 21:03:38 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009-10-06 21:03:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009-10-06 21:03:11 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009-10-06 20:58:11 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009-10-06 20:58:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009-10-06 20:58:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2009-10-06 20:57:37 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009-10-06 20:57:37 | 00,185,952 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009-10-06 20:57:37 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009-10-06 20:57:37 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009-10-06 20:57:29 | 00,065,536 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009-10-06 20:57:29 | 00,049,152 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009-10-06 20:57:22 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009-10-06 20:57:22 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009-10-06 20:57:13 | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009-10-06 20:57:13 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009-10-06 20:57:13 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009-10-06 20:57:13 | 00,069,632 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009-10-06 20:56:21 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2009-10-06 20:56:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009-10-06 20:56:13 | 00,062,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rspndr.sys
[2009-10-06 20:56:13 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rspndr.exe
[2009-10-06 20:56:05 | 00,013,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009-10-06 20:55:21 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2009-10-06 20:55:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache
[2009-10-06 20:53:48 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Obrazy
[2009-10-06 20:53:19 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2009-10-06 20:53:15 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2009-10-06 20:53:12 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2009-10-06 20:53:12 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009-10-06 20:53:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009-10-06 20:53:07 | 00,382,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2009-10-06 20:53:07 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2009-10-06 20:53:07 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2009-10-06 20:53:07 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2009-10-06 20:53:02 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2009-10-06 20:53:02 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2009-10-06 20:53:02 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2009-10-06 20:53:02 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2009-10-06 20:52:59 | 00,128,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltMgr.sys
[2009-10-06 20:52:59 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2009-10-06 20:52:59 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltlib.dll
[2009-10-06 20:52:58 | 00,240,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2009-10-06 20:52:58 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll
[2009-10-06 20:52:58 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2009-10-06 20:52:58 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2009-10-06 20:52:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009-10-06 20:52:57 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2009-10-06 20:52:57 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2009-10-06 20:52:56 | 00,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2009-10-06 20:52:56 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2009-10-06 20:52:54 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2009-10-06 20:52:54 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2009-10-06 20:52:53 | 00,325,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2009-10-06 20:52:53 | 00,278,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2009-10-06 20:52:53 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2009-10-06 20:52:53 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2009-10-06 20:52:53 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2009-10-06 20:51:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009-10-06 20:50:57 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2009-10-06 20:50:53 | 00,378,735 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2009-10-06 20:50:51 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2009-10-06 20:50:51 | 00,240,495 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2009-10-06 20:50:50 | 00,279,407 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2009-10-06 20:50:50 | 00,274,799 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2009-10-06 20:50:50 | 00,216,943 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2009-10-06 20:50:49 | 00,365,935 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2009-10-06 20:50:49 | 00,293,231 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2009-10-06 20:50:49 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2009-10-06 20:50:49 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2009-10-06 20:50:49 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2009-10-06 20:50:48 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2009-10-06 20:50:48 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2009-10-06 20:50:48 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2009-10-06 20:50:48 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2009-10-06 20:50:48 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2009-10-06 20:50:48 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2009-10-06 20:50:48 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2009-10-06 20:50:48 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2009-10-06 20:50:48 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2009-10-06 20:50:48 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2009-10-06 20:50:48 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2009-10-06 20:50:47 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2009-10-06 20:50:47 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2009-10-06 20:50:47 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2009-10-06 20:50:46 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2009-10-06 20:50:46 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2009-10-06 20:50:46 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2009-10-06 20:50:46 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2009-10-06 20:50:46 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2009-10-06 20:50:40 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2009-10-06 20:50:40 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2009-10-06 20:50:39 | 00,598,895 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009-10-06 20:50:39 | 00,337,775 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009-10-06 20:50:39 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009-10-06 20:50:39 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2009-10-06 20:50:38 | 00,699,759 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2009-10-06 20:50:38 | 00,139,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2009-10-06 20:50:38 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2009-10-06 20:50:38 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2009-10-06 20:50:38 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2009-10-06 20:50:37 | 01,894,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2009-10-06 20:50:37 | 00,874,863 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2009-10-06 20:50:37 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2009-10-06 20:50:37 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2009-10-06 20:50:36 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2009-10-06 20:50:36 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2009-10-06 20:50:36 | 00,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2009-10-06 20:50:36 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2009-10-06 20:50:36 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2009-10-06 20:50:36 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2009-10-06 20:50:36 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2009-10-06 20:50:36 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2009-10-06 20:50:36 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2009-10-06 20:50:36 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2009-10-06 20:50:35 | 00,956,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2009-10-06 20:50:35 | 00,426,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2009-10-06 20:50:35 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2009-10-06 20:50:35 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2009-10-06 20:50:35 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2009-10-06 20:50:35 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2009-10-06 20:50:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009-10-06 20:50:34 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2009-10-06 20:50:34 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2009-10-06 20:50:34 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2009-10-06 20:50:34 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2009-10-06 20:50:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2009-10-06 20:50:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009-10-06 20:50:33 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2009-10-06 20:50:33 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2009-10-06 20:50:33 | 00,540,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2009-10-06 20:50:33 | 00,225,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2009-10-06 20:50:32 | 00,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2009-10-06 20:50:26 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2009-10-06 20:50:26 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2009-10-06 20:50:26 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2009-10-06 20:50:26 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2009-10-06 20:50:22 | 00,196,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2009-10-06 20:50:22 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2009-10-06 20:50:21 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Dokumenty\Muzyka

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[1 C:\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009-10-15 18:30:20 | 00,000,126 | RHS- | M] () -- C:\autorun.inf
[2009-10-15 18:29:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-10-15 18:29:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-10-15 18:29:00 | 40,218,2144 | -HS- | M] () -- C:\hiberfil.sys
[2009-10-15 18:27:21 | 03,215,512 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-10-15 18:18:12 | 00,677,231 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
[2009-10-14 20:54:18 | 00,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-10-13 19:07:55 | 00,189,295 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcad32.exe
[2009-10-13 19:07:53 | 00,279,407 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2009-10-13 19:07:52 | 00,699,759 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2009-10-13 19:07:52 | 00,216,943 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2009-10-13 19:07:50 | 00,365,935 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2009-10-13 19:07:48 | 00,293,231 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2009-10-13 19:07:47 | 00,378,735 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2009-10-13 19:07:47 | 00,337,775 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009-10-13 19:07:46 | 00,240,495 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2009-10-13 19:07:44 | 01,378,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntbackup.exe
[2009-10-13 19:07:43 | 00,874,863 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2009-10-13 19:07:41 | 00,598,895 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009-10-13 19:07:40 | 00,274,799 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2009-10-13 19:07:35 | 00,450,415 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\osk.exe
[2009-10-13 19:07:35 | 00,232,815 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\magnify.exe
[2009-10-13 19:07:34 | 00,652,655 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2009-10-13 19:07:33 | 00,325,487 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mobsync.exe
[2009-10-13 19:07:33 | 00,216,431 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\notepad.exe
[2009-10-13 19:07:31 | 00,233,235 | RHS- | M] () -- C:\zPharaoh.exe
[2009-10-13 16:41:41 | 00,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2009-10-07 20:24:46 | 00,001,666 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\InterVideo WinDVR 3.lnk
[2009-10-07 20:06:05 | 00,000,266 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-10-07 07:05:55 | 00,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Internet ADSL.lnk
[2009-10-07 07:05:54 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009-10-07 07:05:51 | 00,000,168 | ---- | M] () -- C:\WINDOWS\adidsl.ini
[2009-10-07 07:05:10 | 00,001,094 | ---- | M] () -- C:\WINDOWS\adiras.ini
[2009-10-07 07:05:10 | 00,000,033 | ---- | M] () -- C:\WINDOWS\System32\drivers\adidsl.cfg
[2009-10-07 07:05:10 | 00,000,021 | ---- | M] () -- C:\WINDOWS\Fast800.ini
[2009-10-07 07:05:04 | 00,000,836 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
[2009-10-07 06:10:48 | 00,001,519 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AvRack.lnk
[2009-10-06 21:04:45 | 00,937,572 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-10-06 21:04:45 | 00,433,262 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2009-10-06 21:04:45 | 00,377,840 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-10-06 21:04:45 | 00,065,484 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2009-10-06 21:04:45 | 00,051,494 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-10-06 21:02:53 | 00,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-10-06 21:01:51 | 00,001,078 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009-10-06 20:55:47 | 00,002,596 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-10-06 20:55:47 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-10-06 20:55:47 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-10-06 20:55:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009-10-06 20:55:47 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-10-06 20:55:47 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-10-06 20:55:44 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-10-06 20:55:37 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009-10-06 20:55:37 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009-10-06 20:55:36 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009-10-06 20:55:21 | 00,004,293 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009-10-06 20:53:54 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009-10-06 20:53:54 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009-10-06 20:53:48 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009-10-06 20:53:48 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009-10-06 20:53:48 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009-10-06 20:53:48 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009-10-06 20:53:48 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009-10-06 20:53:48 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009-10-06 20:51:58 | 00,021,856 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-10-06 20:51:39 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009-10-06 20:51:39 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009-10-06 20:49:06 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[color=#E56717]========== Files - No Company Name ==========[/color]
[2009-10-07 20:20:28 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009-10-07 20:06:06 | 00,233,235 | RHS- | C] () -- C:\zPharaoh.exe
[2009-10-07 20:06:06 | 00,000,126 | RHS- | C] () -- C:\autorun.inf
[2009-10-07 07:05:54 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009-10-07 07:05:54 | 00,001,554 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Internet ADSL.lnk
[2009-10-07 07:05:10 | 00,000,168 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2009-10-07 07:05:10 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2009-10-07 07:05:04 | 00,000,836 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
[2009-10-07 07:05:03 | 00,253,008 | ---- | C] () -- C:\WINDOWS\adirasx64.exe
[2009-10-07 07:05:03 | 00,194,128 | ---- | C] () -- C:\WINDOWS\adiras.exe
[2009-10-07 07:05:03 | 00,001,094 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2009-10-07 07:05:02 | 00,127,456 | ---- | C] () -- C:\WINDOWS\System32\IPDETECT.EXE
[2009-10-07 07:05:01 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\drivers\adiusbawx64.cat
[2009-10-07 07:05:01 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\drivers\adiusbaw.cat
[2009-10-07 07:05:01 | 00,013,981 | ---- | C] () -- C:\WINDOWS\System32\drivers\e4usbawx64.cat
[2009-10-07 07:05:01 | 00,013,981 | ---- | C] () -- C:\WINDOWS\System32\drivers\e4usbaw.cat
[2009-10-07 07:04:59 | 00,176,128 | ---- | C] () -- C:\WINDOWS\autoclk.exe
[2009-10-07 07:04:59 | 00,152,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E9P2.BIN
[2009-10-07 07:04:58 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2009-10-07 07:04:58 | 00,024,576 | ---- | C] () -- C:\WINDOWS\enddisk32.exe
[2009-10-07 07:04:58 | 00,012,403 | ---- | C] () -- C:\WINDOWS\System32\drivers\adildrx64.cat
[2009-10-07 07:04:58 | 00,012,403 | ---- | C] () -- C:\WINDOWS\System32\drivers\adildr.cat
[2009-10-07 07:04:58 | 00,011,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\e4ldrx64.cat
[2009-10-07 07:04:58 | 00,011,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\e4ldr.cat
[2009-10-07 07:04:57 | 00,261,964 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbldep3.bnm
[2009-10-07 07:04:57 | 00,261,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbldep1.bnm
[2009-10-07 07:04:57 | 00,261,926 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbldei1.bnm
[2009-10-07 07:04:57 | 00,261,926 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTBLD3p0.BNM
[2009-10-07 07:04:57 | 00,261,918 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTBLD3p3.BNM
[2009-10-07 07:04:57 | 00,261,918 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTBLD3p1.BNM
[2009-10-07 07:04:57 | 00,261,916 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbldep0.bnm
[2009-10-07 07:04:57 | 00,261,916 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbldei0.bnm
[2009-10-07 07:04:57 | 00,261,914 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbldei2.bnm
[2009-10-07 07:04:57 | 00,261,908 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbldei3.bnm
[2009-10-07 07:04:57 | 00,261,900 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTBLD3p2.BNM
[2009-10-07 07:04:57 | 00,261,892 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbldep2.bnm
[2009-10-07 07:04:57 | 00,081,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbldep4.bnm
[2009-10-07 07:04:57 | 00,078,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbldei4.bnm
[2009-10-07 07:04:57 | 00,055,228 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld4.bnm
[2009-10-07 07:04:57 | 00,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL
[2009-10-07 07:04:57 | 00,022,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTBLD3p4.BNM
[2009-10-07 07:04:56 | 00,261,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld3.bnm
[2009-10-07 07:04:56 | 00,261,932 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld0.bnm
[2009-10-07 07:04:56 | 00,261,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld2.bnm
[2009-10-07 07:04:56 | 00,261,894 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld1.bnm
[2009-10-07 07:04:56 | 00,152,220 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4I2.BIN
[2009-10-07 07:04:56 | 00,152,220 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4I1.BIN
[2009-10-07 07:04:56 | 00,152,220 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4I0.BIN
[2009-10-07 07:04:56 | 00,152,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4P2.BIN
[2009-10-07 07:04:56 | 00,152,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4P1.BIN
[2009-10-07 07:04:56 | 00,152,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4P0.BIN
[2009-10-07 07:04:56 | 00,152,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E9P0.BIN
[2009-10-07 07:04:56 | 00,152,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E9I2.BIN
[2009-10-07 07:04:56 | 00,152,036 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4D2.BIN
[2009-10-07 07:04:56 | 00,152,034 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4D1.BIN
[2009-10-07 07:04:56 | 00,152,034 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4D0.BIN
[2009-10-07 07:04:56 | 00,022,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\fpga.bin
[2009-10-07 07:04:56 | 00,000,033 | ---- | C] () -- C:\WINDOWS\System32\drivers\adidsl.cfg
[2009-10-07 07:04:55 | 00,261,964 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld9i1.bnm
[2009-10-07 07:04:55 | 00,261,962 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld9p3.bnm
[2009-10-07 07:04:55 | 00,261,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld9p1.bnm
[2009-10-07 07:04:55 | 00,261,930 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld9p0.bnm
[2009-10-07 07:04:55 | 00,261,926 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld9p2.bnm
[2009-10-07 07:04:55 | 00,261,918 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld9i2.bnm
[2009-10-07 07:04:55 | 00,152,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E9P1.BIN
[2009-10-07 07:04:55 | 00,152,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E9I1.BIN
[2009-10-07 07:04:55 | 00,152,126 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E9I0.BIN
[2009-10-07 07:04:55 | 00,053,590 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld9i4.bnm
[2009-10-07 07:04:55 | 00,041,620 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld9p4.bnm
[2009-10-07 07:04:54 | 00,261,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld9i0.bnm
[2009-10-07 07:03:22 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\adinst32.dll
[2009-10-07 06:13:55 | 00,001,666 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\InterVideo WinDVR 3.lnk
[2009-10-07 06:13:36 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009-10-07 06:13:36 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009-10-07 06:13:36 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009-10-07 06:13:35 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009-10-07 06:13:35 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009-10-07 06:13:35 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009-10-07 06:11:26 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009-10-07 06:10:47 | 00,001,519 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AvRack.lnk
[2009-10-07 06:10:47 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009-10-07 06:10:36 | 00,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2009-10-07 06:10:32 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-10-06 22:44:45 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009-10-06 22:44:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009-10-06 22:44:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009-10-06 22:44:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009-10-06 22:44:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009-10-06 22:44:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009-10-06 22:44:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009-10-06 22:44:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009-10-06 22:44:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009-10-06 22:44:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009-10-06 22:44:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009-10-06 22:44:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009-10-06 22:44:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009-10-06 22:44:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009-10-06 22:44:34 | 00,001,734 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009-10-06 22:44:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini
[2009-10-06 22:43:13 | 00,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-10-06 22:42:08 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2009-10-06 22:42:02 | 00,001,078 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009-10-06 21:16:01 | 03,215,512 | -H-- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-10-06 21:03:23 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\desktop.ini
[2009-10-06 21:03:12 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009-10-06 21:03:06 | 40,218,2144 | -HS- | C] () -- C:\hiberfil.sys
[2009-10-06 21:01:43 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009-10-06 20:55:47 | 00,002,596 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009-10-06 20:55:47 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009-10-06 20:55:47 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009-10-06 20:55:47 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009-10-06 20:55:47 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009-10-06 20:55:37 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009-10-06 20:55:37 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009-10-06 20:55:36 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009-10-06 20:53:54 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009-10-06 20:53:54 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009-10-06 20:53:48 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009-10-06 20:53:48 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009-10-06 20:53:48 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009-10-06 20:53:48 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009-10-06 20:53:48 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009-10-06 20:53:48 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009-10-06 20:51:58 | 00,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009-10-06 20:50:52 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009-10-06 20:50:51 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009-10-06 20:50:51 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009-10-06 20:50:51 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009-10-06 20:50:51 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009-10-06 20:50:51 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009-10-06 20:50:51 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009-10-06 20:50:51 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009-10-06 20:50:49 | 00,001,225 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009-10-06 20:50:48 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009-10-06 20:50:47 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009-10-06 20:50:41 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2004-07-17 13:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001-07-22 02:16:20 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2001-07-22 02:15:52 | 00,000,266 | ---- | C] () -- C:\WINDOWS\system.ini
< End of report >
[/log]

po tym sprawdzaniu nie mogę uruchomić niektórych plików exe np Flash Desinfector czy otl - wyświetla sie komunikat że nazwa katalogu jest nieprawidłowa

Psycholandia
komentarz
komentarz

W okienko OTL wklej poniższy skrypt i klik na Run Fix:

[code]:Processes
explorer.exe

:OTL
O32 - AutoRun File - [2009-10-15 18:29:44 | 00,000,126 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-15 18:29:44 | 00,000,126 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-10-15 18:29:46 | 00,000,126 | RHS- | M] () - G:\AutoRun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009-10-15 18:29:46 | 00,000,126 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009-10-15 18:29:46 | 00,000,126 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{e1493080-b36b-11de-b812-806d6172696f}\Shell\AutoRun\command - "" = G:\zPharaoh.exe -- [2009-10-01 19:25:26 | 00,233,465 | RHS- | M] ()
O33 - MountPoints2\{e1493080-b36b-11de-b812-806d6172696f}\Shell\explore\command - "" = G:\zPharaoh.exe -- [2009-10-01 19:25:26 | 00,233,465 | RHS- | M] ()
O33 - MountPoints2\{e1493080-b36b-11de-b812-806d6172696f}\Shell\open\command - "" = G:\zPharaoh.exe -- [2009-10-01 19:25:26 | 00,233,465 | RHS- | M] ()

:Files
C:\Qoobox
C:\RECYCLER
C:\autorun.inf
D:\autorun.inf
G:\autorun.inf
H:\autorun.inf
I:\autorun.inf
C:\zPharaoh.exe
D:\zPharaoh.exe
G:\zPharaoh.exe
H:\zPharaoh.exe
I:\zPharaoh.exe
C:\WINDOWS\adirasx64.exe
C:\WINDOWS\adiras.exe
C:\WINDOWS\adiras.ini

:Commands
[emptytemp]
[start explorer]
[Reboot][/code]

Otwórz notatnik tekstowy i wklej do niego poniższy tekst: [code]Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[/code]
Zapisz jako->Wybierz [b]Wszystkie pliki[/b]->wpisz [b]Fix.reg[/b]->Następnie kliknij na zapisany plik i uruchom komputer ponownie.

Wykonaj: http://support.microsoft.com/kb/310405/pl
Przeskanuj komputer tym: [url="http://www.programosy.pl/program,malwarebytes-anti-malware.html"]Malware[/url] usuń wszystko co znajdzie i daj loga po kasowaniu (loga z Malware)

Gość
komentarz
komentarz (edytowane)

Usuwanie OTL'em nic nie da!
Użyj [url=http://www.forumpc.pl/index.php?showtopic=120614&st=0&p=837303&fromsearch=1&#entry837303][b][color=blue][u]ComboFixa[/b][/color][/u][/url] i wklej logi z [b]OBYDWU[/b] komputerów.


.

rafal-39
komentarz
komentarz

Ok spróbuje Combofix'a, zauważyłem że po otl jednak wraca do tego co było, nie moge sobie jednak poradzić z pendrivem - cały czas chce sie uruchamiać plik zpharoh.exe i w kółko plik 1.taz. Z jednym komputerem już sobie poradziłem - format i wszystko działa jak powinno.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.