naekana utworzono 7 kwietnia 2010 utworzono 7 kwietnia 2010 Przyszła kryska na matyska kurna... Mks_vir znalazł trzy wiry, przy czym jeden wygląda na standardową bibliotekę Nero, a reszta znajduje się w folderze, który nie istnieje (również po odznaczeniu "ukryj chronione pliki systemu operacyjnego"). Poniżej log z OTL i raport mks-vir (swoją drogą, żeby nie można było przekopiować treści, to jest jakieś straszne niedopatrzenie autorów...) [log]OTL logfile created on: 2010-04-07 13:40:13 - Run 1 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\naekana\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 447,00 Mb Total Physical Memory | 103,00 Mb Available Physical Memory | 23,00% Memory free 959,00 Mb Paging File | 616,00 Mb Available in Paging File | 64,00% Paging File free Paging file location(s): C:\pagefile.sys 576 1152 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32,45 Gb Total Space | 12,62 Gb Free Space | 38,91% Space Free | Partition Type: FAT32 Drive D: | 21,56 Gb Total Space | 9,76 Gb Free Space | 45,26% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANNA Current User Name: naekana Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-04-07 13:16:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\naekana\Pulpit\OTL.exe PRC - [2010-04-04 10:11:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-03-17 23:33:20 | 008,319,560 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe PRC - [2010-03-09 04:28:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2009-08-06 19:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2009-05-21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe PRC - [2009-02-09 13:25:58 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 19:21:50 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 19:21:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPDEVMGMT] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2008-03-25 20:49:02 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe PRC - [2008-03-25 20:49:00 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe PRC - [2008-03-25 20:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2007-10-14 21:17:32 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2006-06-01 14:02:54 | 000,491,520 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe PRC - [2006-05-31 22:57:02 | 000,573,440 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2006-05-30 10:28:20 | 000,811,008 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2006-04-27 03:39:50 | 000,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ATI2EVXX.EXE PRC - [2006-04-17 02:24:30 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe PRC - [2006-04-17 00:34:42 | 016,143,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-04-01 01:37:00 | 002,170,880 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe PRC - [2006-03-14 17:46:00 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe PRC - [2006-02-21 15:20:54 | 000,180,224 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2006-01-26 20:51:16 | 000,761,946 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2005-11-08 22:02:46 | 000,038,912 | ---- | M] (Felix 'SniperBeamer' Geyer) -- C:\Program Files\Thunderbird-Tray\TBTray.exe PRC - [2005-07-06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe PRC - [2005-06-20 23:10:30 | 000,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2005-02-17 07:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2004-11-02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe PRC - [2004-01-26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe PRC - [2003-10-16 18:07:12 | 000,053,248 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\TaskBarIcon.exe PRC - [2003-10-16 18:07:10 | 000,024,576 | ---- | M] () -- C:\Program Files\Neostrada TP\CnxMon.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-04-07 13:33:00 | 000,079,360 | RHS- | M] () -- C:\Documents and Settings\naekana\Ustawienia lokalne\Temp\cvasds0.dll MOD - [2010-04-07 13:16:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\naekana\Pulpit\OTL.exe MOD - [2010-02-25 08:19:14 | 001,209,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\urlmon.dll MOD - [2010-02-25 08:19:14 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll MOD - [2010-02-25 08:19:10 | 001,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iertutil.dll MOD - [2009-12-08 10:25:46 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 16:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 16:09:00 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 12:53:44 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-01-07 18:20:36 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\normaliz.dll MOD - [2008-10-23 13:42:42 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-06-17 20:03:16 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 19:20:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 19:20:58 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll MOD - [2008-04-14 19:20:58 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2help.dll MOD - [2008-04-14 19:20:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 19:20:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 19:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 19:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 19:20:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 19:20:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008-04-14 19:20:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 19:20:32 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 19:20:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 19:12:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime MOD - [2008-04-14 18:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2006-05-17 16:39:26 | 000,028,672 | ---- | M] () -- C:\Program Files\ASUS\Asus MultiFrame\HookTitle.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2008-04-13 18:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2006-06-14 18:16:00 | 000,425,472 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ASUS)) ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS) DRV - [2006-05-31 23:03:00 | 000,894,336 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2006-04-27 03:46:50 | 001,540,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006-04-17 01:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-01-26 20:25:54 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2006-01-18 12:41:58 | 000,080,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2005-07-13 21:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk) DRV - [2005-07-12 04:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005-02-17 08:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2004-08-03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2003-12-08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003-12-08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) DRV - [2002-09-09 19:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5) DRV - [2001-08-17 21:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com IE - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com IE - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll () IE - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7 FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b1 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.1.14 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9 FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.5 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.3 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2 FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2 FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-05-26 12:49:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-05-26 12:49:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008-08-06 08:22:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010-02-17 05:21:54 | 000,000,000 | ---D | M] [2009-01-10 16:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Extensions [2008-08-04 10:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions [2010-03-27 16:06:02 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010-01-29 11:59:06 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2009-08-09 08:58:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-03-17 23:37:50 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010-02-06 13:42:20 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66} [2008-08-05 19:49:22 | 000,000,000 | ---D | M] (QuickNote) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9} [2010-01-07 18:13:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-01-07 18:13:54 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} [2010-01-30 02:17:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2009-10-26 00:07:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010-02-16 01:55:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010-03-17 23:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} [2009-07-07 19:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\CrystalFox_Qute@BigRedBrent [2008-12-19 14:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\dlembed@aeruder.net [2009-07-30 11:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\fastdial@telega.phpnet.us [2010-02-06 13:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\secureLogin@blueimp.net [2009-10-31 17:49:22 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\searchplugins\getionarypl.xml [2009-10-31 17:49:22 | 000,002,064 | ---- | M] () -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\searchplugins\getionaryen.xml [2009-05-26 12:49:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-03-16 21:50:20 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-16 21:50:20 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-16 21:50:20 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-16 21:50:20 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-16 21:50:20 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-16 21:50:20 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found. O3 - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe () O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKLM..\Run: [WooCnxMon] C:\Program Files\Neostrada TP\CnxMon.exe () O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\TaskBarIcon.exe (France Télécom R&D) O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Neostrada TP\Watch.exe (France Télécom R&D) O4 - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005..\Run: [ccleaner] D:\PROGRAMY\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005..\Run: [cdoosoft] C:\Documents and Settings\naekana\Ustawienia lokalne\Temp\herss.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\MultiFrame.lnk = C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.) O4 - Startup: C:\Documents and Settings\naekana\Menu Start\Programy\Autostart\TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe (Felix 'SniperBeamer' Geyer) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ATI2EVXX.DLL (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\naekana\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\naekana\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-04-07 13:40:36 | 000,000,063 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2008-08-03 05:45:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2010-04-07 13:40:36 | 000,000,063 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{faed92f8-455c-11de-91ea-000e50ead57c}\Shell\AutoRun\command - "" = G:\mi9al8rs.exe -- File not found O33 - MountPoints2\{faed92f8-455c-11de-91ea-000e50ead57c}\Shell\open\Command - "" = G:\mi9al8rs.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008-08-03 05:31:58 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ASUS ChkMail.lnk - C:\PROGRA~1\ASUS\ASUSCH~1\ChkMail.exe - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpReg: [b]AVP[/b] - hkey= - key= - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe File not found MsConfig - StartUpReg: [b]Control Center[/b] - hkey= - key= - C:\Program Files\ASUS\WLAN Card Utilities\Center.exe (ASUSTeK COMPUTER INC.) MsConfig - StartUpReg: [b]hpqSRMon[/b] - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) MsConfig - StartUpReg: [b]MSMSGS[/b] - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]PowerForPhone[/b] - hkey= - key= - C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe (ASUSTek) MsConfig - StartUpReg: [b]RemoteControl[/b] - hkey= - key= - D:\PROGRAMY\AsusDVD\PDVDServ.exe File not found MsConfig - StartUpReg: [b]SynTPEnh[/b] - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-04-07 13:24:12 | 000,000,000 | ---D | C] -- C:\rsit [2010-04-07 13:16:35 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\naekana\Pulpit\OTL.exe [2010-04-07 13:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\naekana\Moje dokumenty\Pobieranie [2010-04-07 11:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\naekana\Moje dokumenty\ASUSTeK [2010-04-05 14:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Sports Interactive [2010-03-31 00:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2010-03-31 00:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-03-26 10:48:18 | 000,000,000 | -HSD | C] -- C:\FOUND.010 [2010-03-23 19:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\naekana\Dane aplikacji\Ashampoo [2010-03-23 19:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\naekana\Ustawienia lokalne\Dane aplikacji\ashampoo [2010-03-23 19:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2010-03-23 18:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\naekana\Dane aplikacji\Canneverbe Limited [2010-03-23 18:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2010-03-22 20:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee [2010-03-19 16:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Pity 2009 [2010-03-12 15:21:22 | 000,000,000 | -HSD | C] -- C:\FOUND.009 [2010-02-18 17:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up [2008-12-01 21:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple [2008-08-03 05:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008-08-03 05:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008-08-03 05:36:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2008-08-03 05:36:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2004-12-07 09:13:40 | 000,479,432 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dxsetup.exe [2004-12-07 09:13:38 | 002,249,416 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll [2004-12-07 09:13:38 | 000,069,832 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\Documents and Settings\naekana\Pulpit\*.tmp files -> C:\Documents and Settings\naekana\Pulpit\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-04-07 13:41:50 | 000,000,063 | RHS- | M] () -- C:\autorun.inf [2010-04-07 13:34:20 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\naekana\Pulpit\RSIT(2).exe [2010-04-07 13:32:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-04-07 13:32:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-04-07 13:32:50 | 469,159,936 | -HS- | M] () -- C:\hiberfil.sys [2010-04-07 13:31:40 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\naekana\ntuser.dat [2010-04-07 13:31:40 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\naekana\ntuser.ini [2010-04-07 13:23:36 | 000,091,019 | ---- | M] () -- C:\Documents and Settings\naekana\Pulpit\skaner2.JPG [2010-04-07 13:22:44 | 000,114,731 | ---- | M] () -- C:\Documents and Settings\naekana\Pulpit\skaner1.JPG [2010-04-07 13:16:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\naekana\Pulpit\OTL.exe [2010-04-07 13:16:24 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\naekana\Pulpit\RSIT.exe [2010-04-07 13:15:54 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\naekana\Pulpit\ltficky6.exe [2010-04-07 11:48:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-04-07 11:47:58 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\naekana\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-04-07 09:21:46 | 000,117,248 | RHS- | M] () -- C:\ysyjq1bs.exe [2010-04-05 17:07:48 | 000,012,813 | ---- | M] () -- C:\Documents and Settings\naekana\Pulpit\rachunki.xlsx [2010-04-05 14:22:56 | 000,001,516 | ---- | M] () -- C:\Documents and Settings\naekana\Pulpit\Football Manager 2005.lnk [2010-04-05 14:14:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-04-02 16:19:10 | 000,558,380 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-04-02 16:19:08 | 001,278,178 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-04-02 16:19:08 | 000,493,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-04-02 16:19:08 | 000,118,138 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-04-02 16:19:08 | 000,092,398 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-04-02 16:16:18 | 000,116,224 | RHS- | M] () -- C:\pbyqfn.exe [2010-04-01 00:37:34 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-03-31 19:09:10 | 000,115,712 | RHS- | M] () -- C:\sdfqh.exe [2010-03-31 00:08:30 | 000,112,128 | RHS- | M] () -- C:\mi9al8rs.exe [2010-03-28 11:50:58 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-03-26 18:32:22 | 000,132,608 | RHS- | M] () -- C:\affi8l.exe [2010-03-25 22:31:12 | 000,135,168 | RHS- | M] () -- C:\bbjl2g.exe [2010-03-25 17:39:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010-03-23 19:23:04 | 000,128,512 | RHS- | M] () -- C:\ji83j.exe [2010-03-19 16:42:46 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Pity 2009.lnk [2010-03-18 03:06:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-02-13 11:47:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\acovcnt.exe [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\Documents and Settings\naekana\Pulpit\*.tmp files -> C:\Documents and Settings\naekana\Pulpit\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-07 13:34:20 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\naekana\Pulpit\RSIT(2).exe [2010-04-07 13:23:34 | 000,091,019 | ---- | C] () -- C:\Documents and Settings\naekana\Pulpit\skaner2.JPG [2010-04-07 13:22:42 | 000,114,731 | ---- | C] () -- C:\Documents and Settings\naekana\Pulpit\skaner1.JPG [2010-04-07 13:16:23 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\naekana\Pulpit\RSIT.exe [2010-04-07 13:15:56 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\naekana\Pulpit\ltficky6.exe [2010-04-05 14:22:54 | 000,001,516 | ---- | C] () -- C:\Documents and Settings\naekana\Pulpit\Football Manager 2005.lnk [2010-04-05 14:16:55 | 000,117,248 | RHS- | C] () -- C:\ysyjq1bs.exe [2010-04-02 00:12:18 | 000,116,224 | RHS- | C] () -- C:\pbyqfn.exe [2010-04-01 00:37:33 | 000,001,506 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-03-31 19:09:40 | 000,115,712 | RHS- | C] () -- C:\sdfqh.exe [2010-03-27 15:58:14 | 000,112,128 | RHS- | C] () -- C:\mi9al8rs.exe [2010-03-26 10:51:34 | 000,132,608 | RHS- | C] () -- C:\affi8l.exe [2010-03-24 12:32:51 | 000,135,168 | RHS- | C] () -- C:\bbjl2g.exe [2010-03-23 19:23:28 | 000,128,512 | RHS- | C] () -- C:\ji83j.exe [2010-03-23 19:22:47 | 000,115,905 | RHS- | C] () -- C:\mbdm.exe [2010-03-23 19:22:47 | 000,000,063 | RHS- | C] () -- C:\autorun.inf [2010-03-19 16:42:44 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Pity 2009.lnk [2010-03-15 14:49:30 | 000,012,813 | ---- | C] () -- C:\Documents and Settings\naekana\Pulpit\rachunki.xlsx [2010-02-12 16:50:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe [2010-01-31 21:23:32 | 001,910,995 | ---- | C] () -- C:\Documents and Settings\naekana\Dane aplikacji\langInstall.exe [2009-10-24 13:58:02 | 005,767,168 | ---- | C] () -- C:\Documents and Settings\naekana\ntuser.dat [2009-10-24 00:25:14 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009-10-16 20:21:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-07 21:35:09 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI [2009-02-21 14:19:24 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2008-11-19 22:24:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2008-10-24 11:51:37 | 000,000,115 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008-09-11 09:30:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2008-09-11 09:20:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6e.DLL [2008-09-10 14:45:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\naekana\.gtk-bookmarks [2008-09-10 14:08:50 | 000,206,373 | ---- | C] () -- C:\Documents and Settings\naekana\.fonts.cache-1 [2008-08-27 02:43:59 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\naekana\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-08-11 19:45:14 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini [2008-08-07 03:30:25 | 000,004,633 | ---- | C] () -- C:\Documents and Settings\naekana\.recently-used.xbel [2008-08-04 19:37:20 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-08-04 13:37:34 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008-08-04 11:06:36 | 000,005,940 | ---- | C] () -- C:\Documents and Settings\naekana\.plugin140_03.trace [2008-08-03 07:35:37 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\naekana\LuResult.txt [2008-08-03 06:56:07 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2008-08-03 06:55:03 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2008-08-03 06:14:09 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\naekana\ntuser.dat.LOG [2008-08-03 06:14:09 | 000,000,292 | -HS- | C] () -- C:\Documents and Settings\naekana\ntuser.ini [2008-08-03 06:13:31 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2008-08-03 06:13:31 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG [2008-08-03 06:07:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008-08-03 05:51:01 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008-08-03 05:25:53 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2004-12-07 09:13:42 | 003,578,547 | ---- | C] () -- C:\Program Files\ManagedDX.CAB [2004-12-07 09:13:42 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab [2004-12-07 09:13:42 | 000,703,080 | ---- | C] () -- C:\Program Files\BDA.cab [2004-12-07 09:13:38 | 013,265,040 | R--- | C] () -- C:\Program Files\dxnt.cab [2004-12-07 09:13:36 | 015,493,481 | ---- | C] () -- C:\Program Files\DirectX.cab [2004-12-07 09:13:36 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab [2004-12-07 08:47:32 | 000,020,717 | ---- | C] () -- C:\Program Files\DirectX SDK EULA.txt [2004-11-24 07:38:18 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2004-11-24 07:38:18 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002-03-19 01:18:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\LAME_ENC.DLL [1998-10-11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll [color=#E56717]========== LOP Check ==========[/color] [2008-09-12 22:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2008-10-31 07:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\tlen.pl [2008-11-30 21:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2008-12-17 23:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Graboid Inc [2008-12-18 12:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Launcher [2009-05-26 14:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm [2010-01-16 16:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\karta [2010-01-31 19:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-01-31 21:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Iceni [2010-03-23 18:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2010-03-23 19:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2008-08-03 19:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Gadu-Gadu [2008-08-04 12:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\gtk-2.0 [2008-08-06 08:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Thunderbird [2008-10-31 07:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Tlen.pl [2008-11-30 21:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\ipla [2008-12-19 12:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Orbit [2009-05-19 16:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mesa Dynamics, LLC [2009-05-26 14:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\COWON [2009-10-14 12:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\uTorrent [2010-01-31 19:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Gadu-Gadu 10 [2010-03-23 18:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Canneverbe Limited [2010-03-23 19:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Ashampoo [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-04-07 09:21:46 | 000,117,248 | RHS- | M] () -- C:\ysyjq1bs.exe [2010-04-07 13:43:30 | 000,000,063 | RHS- | M] () -- C:\autorun.inf [2006-07-09 19:41:00 | 000,524,288 | RH-- | M] () -- C:\A9Rp.rom [2004-10-21 19:57:46 | 000,000,009 | ---- | M] () -- C:\A9RP.10 [2010-04-07 13:32:48 | 603,979,776 | -HS- | M] () -- C:\PAGEFILE.SYS [2004-08-04 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2008-12-18 13:36:10 | 000,251,152 | RHS- | M] () -- C:\ntldr [2004-08-04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004-11-23 16:25:10 | 000,000,014 | ---- | M] () -- C:\XPHL_SP2.POL [2006-06-22 18:52:56 | 000,000,010 | ---- | M] () -- C:\RECOVERY.DAT [2009-07-29 03:24:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2008-08-03 05:45:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008-08-03 05:45:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008-08-03 05:45:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008-08-03 05:45:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-04-07 13:32:50 | 469,159,936 | -HS- | M] () -- C:\hiberfil.sys [2009-12-02 09:04:04 | 000,115,905 | RHS- | M] () -- C:\mbdm.exe [2010-03-23 19:23:04 | 000,128,512 | RHS- | M] () -- C:\ji83j.exe [2008-08-03 05:51:08 | 000,000,440 | ---- | M] () -- C:\RHDSetup.log [2010-03-25 22:31:12 | 000,135,168 | RHS- | M] () -- C:\bbjl2g.exe [2010-03-26 18:32:22 | 000,132,608 | RHS- | M] () -- C:\affi8l.exe [2010-03-31 00:08:30 | 000,112,128 | RHS- | M] () -- C:\mi9al8rs.exe [2010-03-31 19:09:10 | 000,115,712 | RHS- | M] () -- C:\sdfqh.exe [2010-04-02 16:16:18 | 000,116,224 | RHS- | M] () -- C:\pbyqfn.exe [2010-04-07 13:23:56 | 000,007,520 | ---- | M] () -- C:\mksbasel.cpp.log [2007-02-10 10:06:18 | 000,524,288 | RH-- | M] () -- C:\A9RP.BIN [2009-02-23 04:14:38 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2008-12-18 13:30:02 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:agp440.sys [2008-12-18 13:30:02 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008-12-18 13:30:02 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2008-12-18 13:30:02 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2004-08-04 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2004-08-04 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008-12-18 13:30:02 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys [2008-12-18 13:30:02 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004-08-04 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-14 19:20:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 19:20:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004-08-04 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004-08-04 13:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report >[/log] [URL=http://www.fotosik.pl/showFullSize.php?id=0e8c88269ded15fc][IMG]http://images42.fotosik.pl/193/0e8c88269ded15fcm.jpg[/IMG][/URL] Screen jest z dupy, bo mi się całość na ekranie nie mieści Nazwy rzekomych wirów, których nie widać na screenie to kolejno: Warm.sobig.f.dam Trojan.Downloader.Zlob.bbk Hilfe! Help! Pomoszczi! Oskuuuur!
Mateusz J. komentarz 7 kwietnia 2010 komentarz 7 kwietnia 2010 Drugi i trzeci plik to wirusy znajdujące się w folderze przywracania systemu. Aby je usunąć wyłącz na chwile przywracanie systemu. Wracając do pierwszego pliku, jest to bibliotek nero (z resztą jak widać), nie będziemy jej usuwać, chyba że chcesz przeinstalować nero. Jeśli jednak nie chcesz przeinstalowywać wykonaj skan Kaspersky virus removal tool, który powinien wyleczyć bibliotekę. Tych bibliotek może być więcej dlatego przeskanuj najlepiej obszar całego komputera. A w logu zaś widzimy infekcję z pendrive, usuwanie poniżej. Uruchom OTL i w oknie Custom Scans/Fixes wklej [code] :OTL MOD - [2010-04-07 13:33:00 | 000,079,360 | RHS- | M] () -- C:\Documents and Settings\naekana\Ustawienia lokalne\Temp\cvasds0.dll O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found. O3 - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005..\Run: [cdoosoft] C:\Documents and Settings\naekana\Ustawienia lokalne\Temp\herss.exe () O32 - AutoRun File - [2010-04-07 13:40:36 | 000,000,063 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010-04-07 13:40:36 | 000,000,063 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{faed92f8-455c-11de-91ea-000e50ead57c}\Shell\AutoRun\command - "" = G:\mi9al8rs.exe -- File not found O33 - MountPoints2\{faed92f8-455c-11de-91ea-000e50ead57c}\Shell\open\Command - "" = G:\mi9al8rs.exe -- File not found :Files C:\Documents and Settings\naekana\Ustawienia lokalne\Temp\cvasds0.dll C:\Documents and Settings\naekana\Ustawienia lokalne\Temp\herss.exe C:\autorun.inf D:\autorun.inf C:\mi9al8rs.exe D:\mi9al8rs.exe C:\FOUND.010 C:\FOUND.009 C:\ysyjq1bs.exe D:\ysyjq1bs.exe C:\pbyqfn.exe C:\sdfqh.exe C:\mi9al8rs.exe C:\affi8l.exe C:\bbjl2g.exe C:\ji83j.exe D:\pbyqfn.exe D:\sdfqh.exe D:\mi9al8rs.exe D:\affi8l.exe D:\bbjl2g.exe D:\ji83j.exe C:\mbdm.exe D:\mbdm.exe :Commands [emptytemp] [Reboot] [/code] Kliknij Run Fix. Zatwierdź restart komputera. Po ponownym uruchomieniu komputera tworzysz nowy log i pokazujesz do kontroli. Miło mi Cie ponownie "zobaczyć". 1
naekana komentarz 8 kwietnia 2010 Autor komentarz 8 kwietnia 2010 Kasper znalazł...14 wirów (Gdzie ja łaziłam? ) Opcja wyleczenia nie była możliwa, jedynie usunięcie plików. Przywracanie wyłączyłam. Poniżej log z OTL. [log]OTL logfile created on: 2010-04-08 10:49:53 - Run 3 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\naekana\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 447,00 Mb Total Physical Memory | 52,00 Mb Available Physical Memory | 12,00% Memory free 959,00 Mb Paging File | 585,00 Mb Available in Paging File | 61,00% Paging File free Paging file location(s): C:\pagefile.sys 576 1152 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32,45 Gb Total Space | 15,93 Gb Free Space | 49,11% Space Free | Partition Type: FAT32 Drive D: | 21,56 Gb Total Space | 9,79 Gb Free Space | 45,43% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ANNA Current User Name: naekana Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-04-07 13:16:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\naekana\Pulpit\OTL.exe PRC - [2010-04-04 10:11:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-03-17 23:33:20 | 008,319,560 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe PRC - [2010-03-09 04:28:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe PRC - [2009-08-06 19:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe PRC - [2009-05-21 18:57:00 | 000,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe PRC - [2009-02-09 13:25:58 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2008-04-14 19:21:50 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-14 19:21:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPZ12] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [HPDEVMGMT] PRC - [2008-04-14 19:21:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-14 19:21:42 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-14 19:21:22 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-04-14 19:21:10 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe PRC - [2008-04-14 19:21:10 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-04-14 19:21:02 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe PRC - [2008-03-25 20:49:02 | 000,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe PRC - [2008-03-25 20:49:00 | 000,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe PRC - [2008-03-25 20:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2007-10-14 21:17:32 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2006-06-01 14:02:54 | 000,491,520 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe PRC - [2006-05-31 22:57:02 | 000,573,440 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2006-05-30 10:28:20 | 000,811,008 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2006-04-27 03:39:50 | 000,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ATI2EVXX.EXE PRC - [2006-04-17 02:24:30 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe PRC - [2006-04-17 00:34:42 | 016,143,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-04-01 01:37:00 | 002,170,880 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe PRC - [2006-03-14 17:46:00 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe PRC - [2006-02-21 15:20:54 | 000,180,224 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2006-01-26 20:51:16 | 000,761,946 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2005-11-08 22:02:46 | 000,038,912 | ---- | M] (Felix 'SniperBeamer' Geyer) -- C:\Program Files\Thunderbird-Tray\TBTray.exe PRC - [2005-07-06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe PRC - [2005-06-20 23:10:30 | 000,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2005-02-17 07:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2004-11-02 20:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe PRC - [2004-01-26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe PRC - [2003-10-16 18:07:12 | 000,053,248 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\TaskBarIcon.exe PRC - [2003-10-16 18:07:10 | 000,024,576 | ---- | M] () -- C:\Program Files\Neostrada TP\CnxMon.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-04-07 13:16:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\naekana\Pulpit\OTL.exe MOD - [2009-12-08 10:25:46 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-06-25 10:27:54 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-04-15 16:54:38 | 000,585,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2009-03-21 16:09:00 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-02-09 12:53:44 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2008-10-23 13:42:42 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2008-06-17 20:03:16 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-14 19:21:56 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-14 19:20:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-14 19:20:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-14 19:20:56 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2008-04-14 19:20:56 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2008-04-14 19:20:56 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-14 19:20:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-14 19:20:44 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-14 19:20:44 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-14 19:20:44 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-14 19:20:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-14 19:20:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-14 19:20:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-14 19:20:36 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctf.dll MOD - [2008-04-14 19:20:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-14 19:20:32 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-14 19:20:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-14 19:12:58 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime MOD - [2008-04-14 18:59:08 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-10-22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\92772342.sys -- (92772342) DRV - [2009-10-09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\9277234.sys -- (setup_9.0.0.722_07.04.2010_19-07drv) DRV - [2009-09-25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\92772341.sys -- (92772341) DRV - [2008-04-13 18:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2006-06-14 18:16:00 | 000,425,472 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ASUS)) ASUS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ASUS) DRV - [2006-05-31 23:03:00 | 000,894,336 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2006-04-27 03:46:50 | 001,540,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006-04-17 01:31:26 | 004,262,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-01-26 20:25:54 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2006-01-18 12:41:58 | 000,080,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2005-07-13 21:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk) DRV - [2005-07-12 04:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005-02-17 08:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2004-08-03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2003-12-08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003-12-08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) DRV - [2002-09-09 19:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5) DRV - [2001-08-17 21:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com IE - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com IE - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll () IE - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "chrome://fastdial/content/fastdial.html" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7 FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b1 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.1.14 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9 FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.5 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.3 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2 FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2 FF - prefs.js..extensions.enabledItems: CrystalFox_Qute@BigRedBrent:3.7 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-05-26 12:49:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-05-26 12:49:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008-08-06 08:22:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010-02-17 05:21:54 | 000,000,000 | ---D | M] [2009-01-10 16:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Extensions [2008-08-04 10:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions [2010-03-27 16:06:02 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010-01-29 11:59:06 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2009-08-09 08:58:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-03-17 23:37:50 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010-02-06 13:42:20 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66} [2008-08-05 19:49:22 | 000,000,000 | ---D | M] (QuickNote) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9} [2010-01-07 18:13:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-01-07 18:13:54 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} [2010-01-30 02:17:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2009-10-26 00:07:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010-02-16 01:55:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010-03-17 23:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033} [2009-07-07 19:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\CrystalFox_Qute@BigRedBrent [2008-12-19 14:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\dlembed@aeruder.net [2009-07-30 11:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\fastdial@telega.phpnet.us [2010-02-06 13:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\extensions\secureLogin@blueimp.net [2009-10-31 17:49:22 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\searchplugins\getionarypl.xml [2009-10-31 17:49:22 | 000,002,064 | ---- | M] () -- C:\Documents and Settings\naekana\Dane aplikacji\Mozilla\Firefox\Profiles\rddvirzg.default\searchplugins\getionaryen.xml [2009-05-26 12:49:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-03-16 21:50:20 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-03-16 21:50:20 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-03-16 21:50:20 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-03-16 21:50:20 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-03-16 21:50:20 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-03-16 21:50:20 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe () O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKLM..\Run: [WooCnxMon] C:\Program Files\Neostrada TP\CnxMon.exe () O4 - HKLM..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\TaskBarIcon.exe (France Télécom R&D) O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Neostrada TP\Watch.exe (France Télécom R&D) O4 - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005..\Run: [ccleaner] D:\PROGRAMY\CCleaner\CCleaner.exe (Piriform Ltd) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\MultiFrame.lnk = C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.) O4 - Startup: C:\Documents and Settings\naekana\Menu Start\Programy\Autostart\TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe (Felix 'SniperBeamer' Geyer) O4 - Startup: C:\Documents and Settings\naekana\Menu Start\Programy\Autostart\setup_9.0.0.722_07.04.2010_19-07.lnk = C:\Documents and Settings\naekana\Pulpit\Virus Removal Tool\setup_9.0.0.722_07.04.2010_19-07\startup.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1934228333-2307936120-1222219993-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ATI2EVXX.DLL (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\naekana\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\naekana\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-08-03 05:45:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008-08-03 05:31:58 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ASUS ChkMail.lnk - C:\PROGRA~1\ASUS\ASUSCH~1\ChkMail.exe - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpReg: [b]AVP[/b] - hkey= - key= - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe File not found MsConfig - StartUpReg: [b]Control Center[/b] - hkey= - key= - C:\Program Files\ASUS\WLAN Card Utilities\Center.exe (ASUSTeK COMPUTER INC.) MsConfig - StartUpReg: [b]hpqSRMon[/b] - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) MsConfig - StartUpReg: [b]MSMSGS[/b] - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]PowerForPhone[/b] - hkey= - key= - C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe (ASUSTek) MsConfig - StartUpReg: [b]RemoteControl[/b] - hkey= - key= - D:\PROGRAMY\AsusDVD\PDVDServ.exe File not found MsConfig - StartUpReg: [b]SynTPEnh[/b] - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-04-08 10:37:27 | 000,000,000 | ---D | C] -- C:\_OTL [2010-04-07 18:02:52 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\9277234.sys [2010-04-07 18:02:52 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\92772341.sys [2010-04-07 18:02:52 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\92772342.sys [2010-04-07 18:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\naekana\Pulpit\Virus Removal Tool [2010-04-07 17:59:57 | 069,094,224 | ---- | C] ( ) -- C:\Documents and Settings\naekana\Pulpit\setup_9.0.0.722_07.04.2010_19-07.exe [2010-04-07 13:24:12 | 000,000,000 | ---D | C] -- C:\rsit [2010-04-07 13:16:35 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\naekana\Pulpit\OTL.exe [2010-04-07 13:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\naekana\Moje dokumenty\Pobieranie [2010-04-07 11:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\naekana\Moje dokumenty\ASUSTeK [2010-04-05 14:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Sports Interactive [2010-03-31 00:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2010-03-31 00:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-03-23 19:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\naekana\Dane aplikacji\Ashampoo [2010-03-23 19:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\naekana\Ustawienia lokalne\Dane aplikacji\ashampoo [2010-03-23 19:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2010-03-23 18:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\naekana\Dane aplikacji\Canneverbe Limited [2010-03-23 18:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2010-03-22 20:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee [2010-03-19 16:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\Pity 2009 [2010-02-18 17:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up [2008-12-01 21:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple [2008-08-03 05:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008-08-03 05:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2008-08-03 05:36:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2008-08-03 05:36:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2004-12-07 09:13:40 | 000,479,432 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dxsetup.exe [2004-12-07 09:13:38 | 002,249,416 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll [2004-12-07 09:13:38 | 000,069,832 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll [3 C:\Documents and Settings\naekana\Pulpit\*.tmp files -> C:\Documents and Settings\naekana\Pulpit\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-04-08 10:41:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-04-08 10:41:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-04-08 10:41:04 | 469,159,936 | -HS- | M] () -- C:\hiberfil.sys [2010-04-08 10:40:06 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\naekana\ntuser.dat [2010-04-08 10:40:06 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\naekana\ntuser.ini [2010-04-08 10:39:50 | 001,278,178 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-04-08 10:39:50 | 000,558,380 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-04-08 10:39:50 | 000,493,554 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-04-08 10:39:50 | 000,118,138 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-04-08 10:39:50 | 000,092,398 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-04-08 10:16:22 | 000,116,224 | RHS- | M] () -- C:\ba.exe [2010-04-07 18:04:24 | 000,002,129 | ---- | M] () -- C:\Documents and Settings\naekana\Menu Start\Programy\Autostart\setup_9.0.0.722_07.04.2010_19-07.lnk [2010-04-07 18:02:32 | 069,094,224 | ---- | M] ( ) -- C:\Documents and Settings\naekana\Pulpit\setup_9.0.0.722_07.04.2010_19-07.exe [2010-04-07 15:32:34 | 000,012,937 | ---- | M] () -- C:\Documents and Settings\naekana\Pulpit\rachunki.xlsx [2010-04-07 14:07:28 | 000,075,841 | ---- | M] () -- C:\Documents and Settings\naekana\Pulpit\skaner full.JPG [2010-04-07 14:04:54 | 000,021,875 | ---- | M] () -- C:\Documents and Settings\naekana\Pulpit\skaner2.JPG [2010-04-07 14:04:18 | 000,053,899 | ---- | M] () -- C:\Documents and Settings\naekana\Pulpit\skaner1.JPG [2010-04-07 13:16:38 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\naekana\Pulpit\OTL.exe [2010-04-07 13:15:54 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\naekana\Pulpit\ltficky6.exe [2010-04-07 11:48:02 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010-04-07 11:47:58 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\naekana\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-04-05 14:22:56 | 000,001,516 | ---- | M] () -- C:\Documents and Settings\naekana\Pulpit\Football Manager 2005.lnk [2010-04-05 14:14:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-04-01 00:37:34 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-03-28 11:50:58 | 000,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-03-25 17:39:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010-03-19 16:42:46 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Pity 2009.lnk [2010-03-18 03:06:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-02-13 11:47:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\acovcnt.exe [3 C:\Documents and Settings\naekana\Pulpit\*.tmp files -> C:\Documents and Settings\naekana\Pulpit\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-08 10:16:51 | 000,116,224 | RHS- | C] () -- C:\ba.exe [2010-04-07 18:04:23 | 000,002,129 | ---- | C] () -- C:\Documents and Settings\naekana\Menu Start\Programy\Autostart\setup_9.0.0.722_07.04.2010_19-07.lnk [2010-04-07 13:54:51 | 000,075,841 | ---- | C] () -- C:\Documents and Settings\naekana\Pulpit\skaner full.JPG [2010-04-07 13:23:34 | 000,021,875 | ---- | C] () -- C:\Documents and Settings\naekana\Pulpit\skaner2.JPG [2010-04-07 13:22:42 | 000,053,899 | ---- | C] () -- C:\Documents and Settings\naekana\Pulpit\skaner1.JPG [2010-04-07 13:15:56 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\naekana\Pulpit\ltficky6.exe [2010-04-05 14:22:54 | 000,001,516 | ---- | C] () -- C:\Documents and Settings\naekana\Pulpit\Football Manager 2005.lnk [2010-04-01 00:37:33 | 000,001,506 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2010-03-19 16:42:44 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Pity 2009.lnk [2010-03-15 14:49:30 | 000,012,937 | ---- | C] () -- C:\Documents and Settings\naekana\Pulpit\rachunki.xlsx [2010-02-12 16:50:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe [2010-01-31 21:23:32 | 001,910,995 | ---- | C] () -- C:\Documents and Settings\naekana\Dane aplikacji\langInstall.exe [2009-10-24 13:58:02 | 005,767,168 | ---- | C] () -- C:\Documents and Settings\naekana\ntuser.dat [2009-10-24 00:25:14 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009-10-16 20:21:37 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-07 21:35:09 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI [2009-02-21 14:19:24 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2008-11-19 22:24:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2008-10-24 11:51:37 | 000,000,115 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008-09-11 09:30:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2008-09-11 09:20:50 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6e.DLL [2008-09-10 14:45:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\naekana\.gtk-bookmarks [2008-09-10 14:08:50 | 000,206,373 | ---- | C] () -- C:\Documents and Settings\naekana\.fonts.cache-1 [2008-08-27 02:43:59 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\naekana\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-08-11 19:45:14 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini [2008-08-07 03:30:25 | 000,004,633 | ---- | C] () -- C:\Documents and Settings\naekana\.recently-used.xbel [2008-08-04 19:37:20 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-08-04 13:37:34 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008-08-04 11:06:36 | 000,005,940 | ---- | C] () -- C:\Documents and Settings\naekana\.plugin140_03.trace [2008-08-03 07:35:37 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\naekana\LuResult.txt [2008-08-03 06:56:07 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2008-08-03 06:55:03 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2008-08-03 06:14:09 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\naekana\ntuser.dat.LOG [2008-08-03 06:14:09 | 000,000,292 | -HS- | C] () -- C:\Documents and Settings\naekana\ntuser.ini [2008-08-03 06:13:31 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2008-08-03 06:13:31 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG [2008-08-03 06:07:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008-08-03 05:51:01 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008-08-03 05:25:53 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2004-12-07 09:13:42 | 003,578,547 | ---- | C] () -- C:\Program Files\ManagedDX.CAB [2004-12-07 09:13:42 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab [2004-12-07 09:13:42 | 000,703,080 | ---- | C] () -- C:\Program Files\BDA.cab [2004-12-07 09:13:38 | 013,265,040 | R--- | C] () -- C:\Program Files\dxnt.cab [2004-12-07 09:13:36 | 015,493,481 | ---- | C] () -- C:\Program Files\DirectX.cab [2004-12-07 09:13:36 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab [2004-12-07 08:47:32 | 000,020,717 | ---- | C] () -- C:\Program Files\DirectX SDK EULA.txt [2004-11-24 07:38:18 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2004-11-24 07:38:18 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002-03-19 01:18:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\LAME_ENC.DLL [1998-10-11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll [color=#E56717]========== LOP Check ==========[/color] [2008-09-12 22:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2008-10-31 07:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\tlen.pl [2008-11-30 21:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2008-12-17 23:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Graboid Inc [2008-12-18 12:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Launcher [2009-05-26 14:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm [2010-01-16 16:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\karta [2010-01-31 19:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-01-31 21:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Iceni [2010-03-23 18:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2010-03-23 19:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2008-08-03 19:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Gadu-Gadu [2008-08-04 12:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\gtk-2.0 [2008-08-06 08:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Thunderbird [2008-10-31 07:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Tlen.pl [2008-11-30 21:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\ipla [2008-12-19 12:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Orbit [2009-05-19 16:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Mesa Dynamics, LLC [2009-05-26 14:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\COWON [2009-10-14 12:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\uTorrent [2010-01-31 19:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Gadu-Gadu 10 [2010-03-23 18:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Canneverbe Limited [2010-03-23 19:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\naekana\Dane aplikacji\Ashampoo [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2006-07-09 19:41:00 | 000,524,288 | RH-- | M] () -- C:\A9Rp.rom [2004-10-21 19:57:46 | 000,000,009 | ---- | M] () -- C:\A9RP.10 [2010-04-08 10:41:02 | 603,979,776 | -HS- | M] () -- C:\PAGEFILE.SYS [2004-08-04 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2008-12-18 13:36:10 | 000,251,152 | RHS- | M] () -- C:\ntldr [2004-08-04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004-11-23 16:25:10 | 000,000,014 | ---- | M] () -- C:\XPHL_SP2.POL [2006-06-22 18:52:56 | 000,000,010 | ---- | M] () -- C:\RECOVERY.DAT [2009-07-29 03:24:34 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2008-08-03 05:45:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008-08-03 05:45:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008-08-03 05:45:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008-08-03 05:45:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010-04-08 10:41:04 | 469,159,936 | -HS- | M] () -- C:\hiberfil.sys [2010-04-08 10:16:22 | 000,116,224 | RHS- | M] () -- C:\ba.exe [2008-08-03 05:51:08 | 000,000,440 | ---- | M] () -- C:\RHDSetup.log [2010-04-07 13:23:56 | 000,007,520 | ---- | M] () -- C:\mksbasel.cpp.log [2007-02-10 10:06:18 | 000,524,288 | RH-- | M] () -- C:\A9RP.BIN [2009-02-23 04:14:38 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [2008-12-18 13:30:02 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:agp440.sys [2008-12-18 13:30:02 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008-12-18 13:30:02 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2008-12-18 13:30:02 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2004-08-04 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2004-08-04 13:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008-12-18 13:30:02 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2004-08-04 13:00:00 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:cdrom.sys [2008-12-18 13:30:02 | 023,908,281 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004-08-04 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-14 19:20:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-14 19:20:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004-08-04 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004-08-04 13:00:00 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 19:21:48 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report >[/log]
Mateusz J. komentarz 8 kwietnia 2010 komentarz 8 kwietnia 2010 Włącz pokazywanie ukrytych plików i folderów oraz wyłącz ukrywanie chronionych plikow systemowtch. Następnie usuń: C:\ba.exe W OTL odpalasz opcję CleanUP. Clean 1
naekana komentarz 8 kwietnia 2010 Autor komentarz 8 kwietnia 2010 Z c:\ usunięty, ale jest jeszcze taki pliczek na d:\ Usunąć?
naekana komentarz 8 kwietnia 2010 Autor komentarz 8 kwietnia 2010 Usunięte. Śmiga. Dzięks A i jeszcze jedna kwestia - co zrobić z tym chorym penem, co by za każdym razem nie zadżumiał mi laptopka? Zapoznałam się z tym tematem -> http://www.forumpc.pl/index.php?showtopic=99378, ale trochę to chaotycznie napisane. Więc po kolei: 1 - wyłączyć autouruchamianie (jak to z powrotem włączyć? czy to zapobiegnie przeniesieniu wirów na dysk po wpięciu pena?) 2 - użyć Flash Disinfectora (czy dane znajdujące na penie zostaną bezpowrotnie utracone po tej operacji?) Jak zabezpieczyć się przed ewentualną (ponowną) infekcją? Kasper wyłapie wiry zanim przeniosą się na twardziela, czy za każdym razem przed wpięciem pena trzeba będzie wyłączać autouruchamianie?
Mateusz J. komentarz 8 kwietnia 2010 komentarz 8 kwietnia 2010 Przeczytaj: http://www.searchengines.pl/Infekcje-z-pendrive-mediow-przenosnych-t94761.html Wyłączenie autouruchamianie zapobiega przenoszenie wirusów przy wpięciu pendrive, jednak nie 100%, jak wejdziesz już na pendrive to wirusy i tka sie przenoszą. Flash Disinfector nie usuwa zawartości pendrive. Najlepiej przeczytaj: http://www.searchengines.pl/Infekcje-z-pendrive-mediow-przenosnych-t94761.html
naekana komentarz 9 kwietnia 2010 Autor komentarz 9 kwietnia 2010 Ok, zdecydowałam się na Pandę USB Vaccine. Czy jeśli ją pobiorę, to nie będzie się czasem kłócić z Kasperem (tj. czy taka kombinacja nie spowolni mi drastycznie kompa)? Upieram się przy Kasperze, bo to najlepsze jak dotąd z przetestowanych przeze mnie zabezpieczeń.
Mateusz J. komentarz 9 kwietnia 2010 komentarz 9 kwietnia 2010 Oj...Kasper może gryźć pandę. Ale nie testowałem takiego połączenia, a więc proponuje spróbować.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.