osemka utworzono 7 kwietnia 2010 utworzono 7 kwietnia 2010 Witam! Pojawiły mi się podejrzane pliki na pendrive'ach, których wcześniej nie zauważyłem. Wszystkie mają atrybut "ukryty". Na moim pierwszym nośniku są to dwa pliki z ikoną kosza o nazwach "GORDANA" i "MILEGEJ" oraz trzeci plik "autorun.inf". Przy próbie otwarcia tego ostatniego za pomocą notatnika wyskakuje błąd. Na drugim pendrive pojawił się jak na razie tylko "GORDANA" i "autorun.inf". Kaspersky nic nie znajduje. Log z OTL [log]OTL logfile created on: 2010-04-07 17:58:43 - Run 1 OTL by OldTimer - Version 3.2.1.0 Folder = C:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9,77 Gb Total Space | 3,45 Gb Free Space | 35,37% Space Free | Partition Type: NTFS Drive D: | 7,45 Gb Total Space | 7,45 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive E: | 64,76 Gb Total Space | 1,57 Gb Free Space | 2,43% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 556,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 1,91 Gb Total Space | 1,89 Gb Free Space | 99,13% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: MX8PC Current User Name: Marcin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe PRC - [2010-02-19 00:53:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-01-09 00:14:28 | 000,045,603 | ---- | M] (The Pidgin developer community) -- E:\Program Files\Pidgin\pidgin.exe PRC - [2009-10-21 23:28:34 | 000,208,616 | ---- | M] (Kaspersky Lab) -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe PRC - [2009-08-28 13:13:02 | 000,832,808 | ---- | M] (Opera Software) -- E:\Program Files\Opera\opera.exe PRC - [2009-07-05 01:07:33 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009-06-28 21:03:27 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe PRC - [2009-06-27 17:16:26 | 002,025,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-05-09 16:59:22 | 001,272,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2008-04-15 00:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-15 00:51:50 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-15 00:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-15 00:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-15 00:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-15 00:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-02-26 15:00:48 | 001,123,608 | ---- | M] (Diskeeper Corporation) -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe PRC - [2007-02-03 01:02:46 | 001,396,736 | R--- | M] () -- C:\Program Files\UGS\UGSLicensing\ugslmd.exe PRC - [2007-02-03 01:02:44 | 001,327,104 | R--- | M] (Macrovision Corporation) -- C:\Program Files\UGS\UGSLicensing\lmgrd.exe PRC - [2007-02-02 16:02:46 | 001,327,104 | ---- | M] (Macrovision Corporation) -- C:\Program Files\UGS\I-DEAS\Resource Locking\lmgrd.exe PRC - [2007-01-23 16:31:46 | 001,396,736 | ---- | M] () -- C:\Program Files\UGS\I-DEAS\Resource Locking\ideasrl.exe PRC - [2006-05-04 09:59:16 | 016,206,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-03-14 17:46:00 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe PRC - [2006-03-08 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe PRC - [2006-03-08 16:42:00 | 000,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2006-02-23 06:40:40 | 000,106,496 | R--- | M] () -- C:\WINDOWS\ATK0100\HControl.exe PRC - [2006-02-21 09:25:58 | 002,170,880 | R--- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe PRC - [2005-10-21 08:26:48 | 000,761,945 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe MOD - [2009-07-05 15:23:12 | 017,202,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2009-07-05 02:18:13 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2009-07-05 01:07:33 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-07-05 01:06:31 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-07-05 01:06:28 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2009-07-05 01:04:52 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-06-09 02:47:53 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2009-06-09 01:53:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-02-09 17:00:17 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-07-29 20:22:12 | 000,079,112 | ---- | M] (Kaspersky Lab) -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll MOD - [2008-07-29 20:22:08 | 000,079,112 | ---- | M] (Kaspersky Lab) -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll MOD - [2008-04-15 00:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-15 00:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-15 00:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-15 00:50:58 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-15 00:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-15 00:50:48 | 000,956,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-15 00:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-15 00:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-15 00:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-15 00:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-15 00:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-15 00:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-15 00:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-15 00:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-15 00:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-15 00:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-15 00:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-15 00:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2008-04-15 00:29:10 | 001,025,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (ALG) SRV - [2010-02-21 22:28:54 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-10-21 23:28:34 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP) SRV - [2008-02-26 15:00:48 | 001,123,608 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2007-02-03 01:02:44 | 001,327,104 | R--- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\UGS\UGSLicensing\lmgrd.exe -- (UGS License Server (ugslmd)) UGS License Server (ugslmd) SRV - [2007-02-02 16:02:46 | 001,327,104 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\UGS\I-DEAS\Resource Locking\lmgrd.exe -- (NX I-DEAS Resource Locking Service) SRV - [2006-01-05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- E:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper) SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-12-17 16:02:34 | 000,099,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2009-12-17 16:02:34 | 000,031,824 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB) DRV - [2009-10-21 23:28:34 | 000,213,520 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2009-10-21 23:28:34 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg) DRV - [2009-10-21 22:16:23 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x) DRV - [2009-07-05 02:19:05 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112) DRV - [2009-07-04 23:08:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2009-07-04 23:08:26 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) DRV - [2008-07-21 18:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2008-04-30 18:06:48 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2008-04-14 00:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-02-12 04:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm) DRV - [2008-02-05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2007-04-24 17:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver) DRV - [2006-05-04 10:13:52 | 004,271,616 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-03-08 16:49:20 | 001,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006-02-24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006-02-08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid) DRV - [2006-02-02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd) DRV - [2006-01-20 06:44:42 | 000,862,340 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2006-01-18 12:41:58 | 000,080,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2005-12-14 17:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp) DRV - [2005-11-24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2005-11-11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM) DRV - [2005-10-21 08:13:08 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005-08-01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005-07-14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk) DRV - [2005-07-12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005-07-11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt) DRV - [2005-07-08 14:44:18 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vax347b.sys -- (vax347b) DRV - [2005-02-17 17:07:48 | 000,005,632 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2005-02-11 22:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005-01-06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2004-05-28 04:13:04 | 000,016,269 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5) DRV - [2004-04-30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vax347s.sys -- (vax347s) DRV - [2002-10-04 03:32:48 | 000,017,932 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt680x.sys -- (GT680xNT) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVP] E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKU\.DEFAULT..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware) O4 - HKU\S-1-5-18..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware) O4 - HKU\S-1-5-20..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware) O4 - Startup: C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\Pidgin.lnk = E:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0 O9 - Extra Button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab) O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Marcin\csrss.exe) - C:\Documents and Settings\Marcin\csrss.exe () O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-10-21 21:21:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - Unable to obtain root file information for disk D:\ O32 - AutoRun File - [2001-10-09 18:42:52 | 000,000,045 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O32 - Unable to obtain root file information for disk H:\ O33 - MountPoints2\{fceb419a-f63e-11de-b921-0018f39f42d3}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (autocheck OODBS) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-10-21 21:20:46 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "O&O Defrag" MsConfig - Services: "UPS" MsConfig - Services: "Norton Ghost" MsConfig - Services: "LiveUpdate" MsConfig - Services: "LightScribeService" MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Tango Patcher 2600 Reloader.lnk - C:\WINDOWS\Tango Patcher 2600\Reloader.exe - () MsConfig - StartUpFolder: C:^Documents and Settings^Marcin^Menu Start^Programy^Autostart^PowerReg Scheduler.exe - C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\PowerReg Scheduler.exe - File not found MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - e:\Program Files\ALLPlayer\ALLUpdate.exe () MsConfig - StartUpReg: [b]Gadu-Gadu[/b] - hkey= - key= - E:\Program Files\Gadu-Gadu\gg.exe File not found MsConfig - StartUpReg: [b]HPDJ Taskbar Utility[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Norton Ghost 12.0[/b] - hkey= - key= - E:\Program Files\Norton Ghost\Agent\VProTray.exe File not found MsConfig - StartUpReg: [b]RemoteControl[/b] - hkey= - key= - e:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: [b]SMSERIAL[/b] - hkey= - key= - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: [b]TransBar[/b] - hkey= - key= - C:\WINDOWS\TransBar.exe (AKSoftware) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-04-07 17:57:19 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2010-04-07 07:49:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marcin\Recent [2010-04-04 10:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Układy wykład [2010-03-28 00:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\EACOM [2010-03-18 21:51:06 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe [2010-03-18 21:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\QuickTime [2010-03-18 21:50:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime [2010-03-15 22:09:35 | 000,000,000 | ---D | C] -- C:\ideas [2010-03-15 21:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\IONA63 [2010-03-15 20:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\UGS [2010-03-13 21:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Układy lab2 [2010-03-13 17:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Macrovision [2010-03-13 16:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\OrbixE2AConfigurations [2010-03-02 00:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Help [2010-03-02 00:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Help [2010-03-01 22:55:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Tango Patcher 2600 [2010-02-27 22:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xtupdate [2010-02-27 22:09:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS [2010-02-27 16:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\uTorrent [2010-02-27 12:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\PTC [2010-02-22 23:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Dev-Cpp [2010-02-21 22:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet [2010-02-21 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\DWG TrueView 2010 [2010-02-21 22:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE [2010-02-21 22:29:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Templates [2010-02-21 22:29:59 | 000,000,000 | ---D | C] -- E:\Magazyn\Moje dokumenty\Inventor [2010-02-21 22:29:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Design Data [2010-02-21 22:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2010-02-21 22:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Autodesk [2010-02-21 22:18:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX [2010-02-21 20:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai [2010-02-19 00:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\JRE [2010-02-19 00:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2010-02-19 00:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2010-02-19 00:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-02-19 00:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010-02-07 21:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Hardcore [2010-02-07 04:08:37 | 001,451,651 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\scifiworld.exe [2010-02-07 04:08:37 | 000,400,020 | ---- | C] (MacSourcery) -- C:\WINDOWS\scifiworld.scr [2010-02-07 04:08:37 | 000,029,696 | ---- | C] (MacSourcery) -- C:\WINDOWS\mickey32.dll [2009-10-21 23:25:49 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347b.sys [2009-10-21 23:25:49 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347s.sys [2009-10-21 22:26:06 | 000,017,932 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Gt680x.sys [2009-10-21 21:35:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-10-21 21:35:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-10-21 21:30:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-10-21 21:30:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2010-04-07 17:49:59 | 000,023,632 | ---- | M] () -- C:\WINDOWS\System32\Notepad.ini [2010-04-07 13:50:38 | 012,952,608 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010-04-07 13:47:35 | 000,104,368 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010-04-07 10:35:27 | 000,183,808 | RHS- | M] () -- C:\Documents and Settings\Marcin\csrss.exe [2010-04-07 10:33:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-04-07 10:33:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-04-07 07:49:19 | 000,974,880 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2010-04-07 07:49:19 | 000,005,460 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2010-04-07 07:49:14 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Marcin\NTUSER.DAT [2010-04-07 07:49:14 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Marcin\ntuser.ini [2010-04-06 10:46:03 | 000,000,579 | ---- | M] () -- C:\WINDOWS\win.ini [2010-04-06 10:46:03 | 000,000,467 | ---- | M] () -- C:\WINDOWS\system.ini [2010-04-06 10:46:03 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010-04-05 12:13:49 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-03-31 16:04:34 | 015,156,777 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\przyklady_CATIA_1.pdf [2010-03-31 05:54:18 | 000,114,938 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 2.pdf [2010-03-31 05:52:35 | 000,111,623 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 1.pdf [2010-03-31 03:42:08 | 000,355,124 | ---- | M] () -- C:\acadminidump.dmp [2010-03-31 03:35:26 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\acad.err [2010-03-31 02:45:44 | 000,225,152 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\proj.proc.prod1.dwg [2010-03-29 05:27:44 | 000,043,394 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\PKM szkic.pdf [2010-03-29 02:40:05 | 000,014,426 | ---- | M] () -- E:\Magazyn\Moje dokumenty\Ref.odt [2010-03-29 00:03:36 | 000,013,824 | ---- | M] () -- E:\Magazyn\Moje dokumenty\Ciśnienie.xls [2010-03-28 23:48:37 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Microsoft Excel.lnk [2010-03-28 23:03:25 | 000,773,498 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\WR.tif [2010-03-28 14:43:18 | 000,142,083 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\p hydrostatyczna wyniki.rar [2010-03-28 14:39:36 | 000,200,290 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Wojciech oboda.pdf [2010-03-28 00:38:26 | 000,000,497 | ---- | M] () -- C:\WINDOWS\eReg.dat [2010-03-25 00:08:32 | 000,011,495 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\u napędowe 2 sprawozdanie.docx [2010-03-23 01:18:47 | 000,625,971 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\projektowanie procesów technologicznych.docx [2010-03-21 20:30:15 | 000,000,154 | ---- | M] () -- C:\JANUS.ERR [2010-03-19 01:55:53 | 002,640,536 | -H-- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-18 22:13:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat [2010-03-18 21:50:52 | 000,000,361 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp [2010-03-14 20:05:06 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Bierzące.lnk [2010-03-13 20:15:51 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas900.app [2010-03-13 20:15:51 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error900.out [2010-03-13 20:10:33 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas2820.app [2010-03-13 20:10:33 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error2820.out [2010-03-13 20:07:54 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas3592.app [2010-03-13 20:07:54 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error3592.out [2010-03-13 20:05:27 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas3800.app [2010-03-13 20:05:27 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error3800.out [2010-03-13 20:03:23 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas3400.app [2010-03-13 20:03:23 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error3400.out [2010-03-10 19:20:14 | 000,659,730 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Zdjęcie007.jpg [2010-03-10 19:10:07 | 001,483,471 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Zdjęcie006.jpg [2010-03-03 00:45:40 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-02 23:30:42 | 003,638,382 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\IMG_8984.JPG [2010-03-01 23:04:18 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\taskmgr.lnk [2010-03-01 23:00:34 | 000,003,372 | ---- | M] () -- C:\WINDOWS\System32\NOTEPAD.bak.ini [2010-03-01 22:12:45 | 000,001,004 | ---- | M] () -- C:\WINDOWS\unins000.dat [2010-02-27 22:13:49 | 000,000,081 | ---- | M] () -- C:\WINDOWS\xptools.ini [2010-02-27 22:09:55 | 000,620,032 | ---- | M] () -- C:\WINDOWS\System32\xtbaksm.dll [2010-02-27 22:09:55 | 000,620,032 | ---- | M] () -- C:\WINDOWS\System32\xtbaksm.dat [2010-02-27 22:09:53 | 000,000,510 | ---- | M] () -- C:\WINDOWS\System32\xtupdate.zip [2010-02-27 22:09:53 | 000,000,510 | ---- | M] () -- C:\WINDOWS\System32\xtupdate.dat [2010-02-27 22:09:53 | 000,000,030 | ---- | M] () -- C:\WINDOWS\System32\xtbn.dll [2010-02-27 16:17:36 | 000,006,250 | ---- | M] () -- C:\ptcsetup.bak [2010-02-24 20:19:40 | 000,000,710 | ---- | M] () -- C:\WINDOWS\QIII.INI [2010-02-21 22:58:20 | 000,079,664 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-02-21 22:44:52 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-02-19 01:48:44 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\OpenOffice.org Writer.lnk [2010-02-07 19:37:31 | 000,008,169 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\iPod konkurs regulamin.rtf [2010-02-07 04:08:37 | 001,451,651 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\scifiworld.exe [2010-02-07 04:08:37 | 000,400,020 | ---- | M] (MacSourcery) -- C:\WINDOWS\scifiworld.scr [2010-02-07 04:08:37 | 000,029,696 | ---- | M] (MacSourcery) -- C:\WINDOWS\mickey32.dll [2010-02-07 00:07:23 | 000,000,810 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-06 10:46:03 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\Pidgin.lnk [2010-04-05 13:24:24 | 000,183,808 | RHS- | C] () -- C:\Documents and Settings\Marcin\csrss.exe [2010-03-31 16:04:41 | 015,156,777 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\przyklady_CATIA_1.pdf [2010-03-31 03:35:26 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\acad.err [2010-03-29 05:27:44 | 000,043,394 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\PKM szkic.pdf [2010-03-29 00:03:36 | 000,013,824 | ---- | C] () -- E:\Magazyn\Moje dokumenty\Ciśnienie.xls [2010-03-28 23:37:57 | 000,002,419 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Microsoft Excel.lnk [2010-03-28 23:03:25 | 000,773,498 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\WR.tif [2010-03-28 14:43:18 | 000,142,083 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\p hydrostatyczna wyniki.rar [2010-03-28 14:39:36 | 000,200,290 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Wojciech oboda.pdf [2010-03-28 00:38:26 | 000,000,497 | ---- | C] () -- C:\WINDOWS\eReg.dat [2010-03-25 06:08:59 | 000,114,938 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 2.pdf [2010-03-25 00:50:25 | 000,111,623 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 1.pdf [2010-03-25 00:08:32 | 000,011,495 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\u napędowe 2 sprawozdanie.docx [2010-03-24 22:04:01 | 000,225,152 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\proj.proc.prod1.dwg [2010-03-18 22:13:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat [2010-03-18 21:50:52 | 000,000,361 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp [2010-03-18 21:49:14 | 000,000,154 | ---- | C] () -- C:\JANUS.ERR [2010-03-18 21:39:16 | 000,507,904 | ---- | C] () -- C:\WINDOWS\Silent Hunter II remove.exe [2010-03-14 20:05:06 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Bierzące.lnk [2010-03-13 20:15:48 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas900.app [2010-03-13 20:15:47 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error900.out [2010-03-13 20:10:30 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas2820.app [2010-03-13 20:10:29 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error2820.out [2010-03-13 20:07:51 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas3592.app [2010-03-13 20:07:50 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error3592.out [2010-03-13 20:05:24 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas3800.app [2010-03-13 20:05:23 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error3800.out [2010-03-13 20:03:19 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas3400.app [2010-03-13 20:03:15 | 000,020,193 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas_sysenvlog.txt [2010-03-13 20:03:15 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error3400.out [2010-03-12 20:09:11 | 000,625,971 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\projektowanie procesów technologicznych.docx [2010-03-10 19:10:07 | 001,483,471 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Zdjęcie006.jpg [2010-03-10 19:10:00 | 000,659,730 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Zdjęcie007.jpg [2010-03-02 23:30:42 | 003,638,382 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\IMG_8984.JPG [2010-03-01 23:57:44 | 000,023,632 | ---- | C] () -- C:\WINDOWS\System32\Notepad.ini [2010-03-01 23:57:43 | 000,796,672 | ---- | C] () -- C:\WINDOWS\System32\notepad.exe [2010-02-27 22:13:49 | 000,000,081 | ---- | C] () -- C:\WINDOWS\xptools.ini [2010-02-27 22:09:55 | 000,620,032 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.dll [2010-02-27 22:09:55 | 000,620,032 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.dat [2010-02-27 22:09:53 | 000,000,510 | ---- | C] () -- C:\WINDOWS\System32\xtupdate.zip [2010-02-27 22:09:53 | 000,000,510 | ---- | C] () -- C:\WINDOWS\System32\xtupdate.dat [2010-02-27 22:09:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\xtbn.dll [2010-02-27 22:08:57 | 000,001,004 | ---- | C] () -- C:\WINDOWS\unins000.dat [2010-02-27 10:58:50 | 000,006,250 | ---- | C] () -- C:\ptcsetup.bak [2010-02-25 22:25:09 | 000,355,124 | ---- | C] () -- C:\acadminidump.dmp [2010-02-19 01:48:44 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\OpenOffice.org Writer.lnk [2010-02-19 01:07:51 | 000,014,426 | ---- | C] () -- E:\Magazyn\Moje dokumenty\Ref.odt [2010-02-19 00:58:25 | 000,058,368 | ---- | C] () -- E:\Magazyn\Moje dokumenty\Okładki na płyty.doc [2010-02-07 19:37:31 | 000,008,169 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\iPod konkurs regulamin.rtf [2010-02-07 00:07:25 | 000,000,000 | RHS- | C] () -- C:\msdos.$$$ [2010-01-17 17:04:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marcin\.gtkrc-2.0 [2010-01-12 04:04:55 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Marcin\.recently-used.xbel [2010-01-02 19:17:39 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Clony2.ini [2009-12-29 21:34:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI [2009-12-29 21:30:03 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll [2009-12-29 21:30:03 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll [2009-12-06 14:07:30 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2009-12-04 02:03:27 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI [2009-11-24 10:13:37 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Q3CDKey.ini [2009-11-23 23:05:16 | 000,000,710 | ---- | C] () -- C:\WINDOWS\QIII.INI [2009-11-08 22:14:49 | 000,000,055 | ---- | C] () -- C:\WINDOWS\MinGW.INI [2009-11-02 00:14:26 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2009-11-01 00:45:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-28 19:40:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI [2009-10-23 02:38:29 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-22 00:21:36 | 000,003,372 | ---- | C] () -- C:\WINDOWS\System32\NOTEPAD.bak.ini [2009-10-22 00:17:45 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-10-22 00:17:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-10-22 00:17:43 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-10-22 00:17:43 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-10-22 00:17:42 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-10-22 00:17:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-10-21 23:52:42 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-10-21 23:35:13 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009-10-21 22:35:53 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll [2009-10-21 22:26:06 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll [2009-10-21 22:25:55 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI [2009-10-21 22:13:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2009-10-21 22:00:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll [2009-10-21 22:00:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll [2009-10-21 22:00:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll [2009-10-21 22:00:24 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll [2009-10-21 22:00:24 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll [2009-10-21 22:00:24 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll [2009-10-21 22:00:24 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll [2009-10-21 22:00:23 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll [2009-10-21 22:00:23 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll [2009-10-21 21:56:40 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-10-21 21:47:45 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2009-10-21 21:42:11 | 000,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2009-10-21 21:38:44 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Marcin\ntuser.ini [2009-10-21 21:38:39 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\Marcin\NTUSER.DAT [2009-10-21 21:38:39 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Marcin\NTUSER.DAT.LOG [2009-10-21 21:30:28 | 000,530,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-10-21 21:24:03 | 000,000,047 | ---- | C] () -- C:\WINDOWS\TransBar.ini [2009-07-05 18:59:43 | 000,000,810 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005-09-02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005-07-22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004-07-20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004-01-15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2001-12-12 02:28:51 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Marcin\hpsfx.ini [1999-01-22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [color=#E56717]========== LOP Check ==========[/color] [2009-10-21 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Foxit [2010-02-26 18:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk [2009-10-24 20:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus [2009-11-11 11:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DassaultSystemes [2010-01-01 23:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation [2010-01-22 11:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PDF Writer [2009-10-21 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Foxit [2010-04-07 17:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\.purple [2010-02-26 18:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Autodesk [2010-02-01 10:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Azureus [2009-11-11 11:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\DassaultSystemes [2010-03-02 00:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Dev-Cpp [2010-03-31 02:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\foobar2000 [2009-10-21 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Foxit [2009-10-22 00:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\GHISLER [2010-01-15 02:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\gtk-2.0 [2010-02-07 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Hardcore [2010-01-12 04:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\inkscape [2010-01-10 02:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\OpenOffice.org [2009-10-22 00:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Opera [2010-01-22 11:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\PDF Writer [2010-02-27 12:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\PTC [2010-02-27 16:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-03-31 03:42:08 | 000,355,124 | ---- | M] () -- C:\acadminidump.dmp [2009-11-11 14:02:34 | 000,000,170 | ---- | M] () -- C:\ASWL2K.ini [2009-10-21 21:21:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-04-06 10:46:03 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2001-07-22 02:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-10-21 21:21:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009-10-21 21:21:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-03-21 20:30:15 | 000,000,154 | ---- | M] () -- C:\JANUS.ERR [2009-10-21 21:21:44 | 000,000,000 | RHS- | M] () -- C:\msdos.$$$ [2009-10-21 21:21:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-14 00:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-14 02:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2010-02-27 16:17:36 | 000,006,250 | ---- | M] () -- C:\ptcsetup.bak [2010-03-05 00:02:48 | 000,005,947 | ---- | M] () -- C:\ptcsetup.log [2009-10-22 22:41:21 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 02:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-15 00:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-14 02:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-15 00:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] Plik stronicowania w ogóle wyłączyłem. Nie wiem czemu w logu jest napisane, że pagefile ma 2GB.
Mateusz J. komentarz 7 kwietnia 2010 komentarz 7 kwietnia 2010 Uruchom OTL i w oknie Custom Scans/Fixes wklej [code] :OTL O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Marcin\csrss.exe) - C:\Documents and Settings\Marcin\csrss.exe () O32 - Unable to obtain root file information for disk D:\ O32 - AutoRun File - [2001-10-09 18:42:52 | 000,000,045 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O32 - Unable to obtain root file information for disk H:\ O33 - MountPoints2\{fceb419a-f63e-11de-b921-0018f39f42d3}\Shell - "" = AutoRun :Files C:\autorun.inf D:\autorun.inf E:\autorun.inf F:\autorun.inf G:\autorun.inf H:\autorun.inf :Commands [emptytemp] [Reboot] [/code] Kliknij Run Fix. Zatwierdź restart komputera. Po ponownym uruchomieniu komputera tworzysz nowy log i pokazujesz do kontroli. Wykonaj: http://www.forumpc.pl/index.php?showtopic=107753 Raport na forum, usuwasz wszystko co program znajdzie. Ukryte pliki z pendrive usuwasz ręcznie.
osemka komentarz 7 kwietnia 2010 Autor komentarz 7 kwietnia 2010 Log z OTL: [log] OTL logfile created on: 2010-04-07 23:57:13 - Run 2 OTL by OldTimer - Version 3.2.1.0 Folder = C:\ Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9,77 Gb Total Space | 4,31 Gb Free Space | 44,08% Space Free | Partition Type: NTFS Drive D: | 7,45 Gb Total Space | 7,45 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Drive E: | 64,76 Gb Total Space | 1,49 Gb Free Space | 2,29% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 556,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 1,91 Gb Total Space | 1,89 Gb Free Space | 99,14% Space Free | Partition Type: FAT32 Drive I: | 946,69 Mb Total Space | 941,69 Mb Free Space | 99,47% Space Free | Partition Type: FAT Computer Name: MX8PC Current User Name: Marcin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 60 Days Output = Standard [color=#E56717]========== Processes (All) ==========[/color] PRC - [2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe PRC - [2010-02-19 00:53:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2010-01-09 00:14:28 | 000,045,603 | ---- | M] (The Pidgin developer community) -- E:\Program Files\Pidgin\pidgin.exe PRC - [2009-10-21 23:28:34 | 000,208,616 | ---- | M] (Kaspersky Lab) -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe PRC - [2009-08-28 13:13:02 | 000,832,808 | ---- | M] (Opera Software) -- E:\Program Files\Opera\opera.exe PRC - [2009-07-05 01:07:52 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2009-07-05 01:07:33 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe PRC - [2009-06-28 21:03:27 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe PRC - [2009-06-27 17:16:26 | 002,025,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-05-09 16:59:22 | 001,272,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe PRC - [2008-04-15 00:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe PRC - [2008-04-15 00:51:50 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe PRC - [2008-04-15 00:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe PRC - [2008-04-15 00:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS] PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS] PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE] PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC] PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH] PRC - [2008-04-15 00:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe PRC - [2008-04-15 00:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe PRC - [2008-02-26 15:00:48 | 001,123,608 | ---- | M] (Diskeeper Corporation) -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe PRC - [2007-02-03 01:02:46 | 001,396,736 | R--- | M] () -- C:\Program Files\UGS\UGSLicensing\ugslmd.exe PRC - [2007-02-03 01:02:44 | 001,327,104 | R--- | M] (Macrovision Corporation) -- C:\Program Files\UGS\UGSLicensing\lmgrd.exe PRC - [2007-02-02 16:02:46 | 001,327,104 | ---- | M] (Macrovision Corporation) -- C:\Program Files\UGS\I-DEAS\Resource Locking\lmgrd.exe PRC - [2007-01-23 16:31:46 | 001,396,736 | ---- | M] () -- C:\Program Files\UGS\I-DEAS\Resource Locking\ideasrl.exe PRC - [2006-05-04 09:59:16 | 016,206,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2006-03-14 17:46:00 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe PRC - [2006-03-08 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe PRC - [2006-03-08 16:42:00 | 000,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe PRC - [2006-02-23 06:40:40 | 000,106,496 | R--- | M] () -- C:\WINDOWS\ATK0100\HControl.exe PRC - [2006-02-21 09:25:58 | 002,170,880 | R--- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe PRC - [2005-10-21 08:26:48 | 000,761,945 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [color=#E56717]========== Modules (All) ==========[/color] MOD - [2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe MOD - [2009-07-05 15:23:12 | 017,202,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll MOD - [2009-07-05 02:18:13 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll MOD - [2009-07-05 01:07:33 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll MOD - [2009-07-05 01:06:31 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll MOD - [2009-07-05 01:06:28 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll MOD - [2009-07-05 01:04:52 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll MOD - [2009-06-09 02:47:53 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll MOD - [2009-06-09 01:53:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll MOD - [2009-02-09 17:00:17 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll MOD - [2008-07-29 20:22:12 | 000,079,112 | ---- | M] (Kaspersky Lab) -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll MOD - [2008-07-29 20:22:08 | 000,079,112 | ---- | M] (Kaspersky Lab) -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll MOD - [2008-04-15 00:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv MOD - [2008-04-15 00:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll MOD - [2008-04-15 00:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll MOD - [2008-04-15 00:50:58 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll MOD - [2008-04-15 00:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll MOD - [2008-04-15 00:50:48 | 000,956,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll MOD - [2008-04-15 00:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll MOD - [2008-04-15 00:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll MOD - [2008-04-15 00:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll MOD - [2008-04-15 00:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll MOD - [2008-04-15 00:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll MOD - [2008-04-15 00:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll MOD - [2008-04-15 00:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll MOD - [2008-04-15 00:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll MOD - [2008-04-15 00:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll MOD - [2008-04-15 00:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll MOD - [2008-04-15 00:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll MOD - [2008-04-15 00:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME MOD - [2008-04-15 00:29:10 | 001,025,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (ALG) SRV - [2010-02-21 22:28:54 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009-10-21 23:28:34 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP) SRV - [2008-02-26 15:00:48 | 001,123,608 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2007-02-03 01:02:44 | 001,327,104 | R--- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\UGS\UGSLicensing\lmgrd.exe -- (UGS License Server (ugslmd)) UGS License Server (ugslmd) SRV - [2007-02-02 16:02:46 | 001,327,104 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\UGS\I-DEAS\Resource Locking\lmgrd.exe -- (NX I-DEAS Resource Locking Service) SRV - [2006-01-05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- E:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper) SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-12-17 16:02:34 | 000,099,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2009-12-17 16:02:34 | 000,031,824 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB) DRV - [2009-10-21 23:28:34 | 000,213,520 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) DRV - [2009-10-21 23:28:34 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg) DRV - [2009-10-21 22:16:23 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x) DRV - [2009-07-05 02:19:05 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112) DRV - [2009-07-04 23:08:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2009-07-04 23:08:26 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) DRV - [2008-07-21 18:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1) DRV - [2008-04-30 18:06:48 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5) DRV - [2008-04-14 00:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-02-12 04:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm) DRV - [2008-02-05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2007-04-24 17:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver) DRV - [2006-05-04 10:13:52 | 004,271,616 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006-03-08 16:49:20 | 001,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006-02-24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006-02-08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid) DRV - [2006-02-02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd) DRV - [2006-01-20 06:44:42 | 000,862,340 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2006-01-18 12:41:58 | 000,080,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2005-12-14 17:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp) DRV - [2005-11-24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2005-11-11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM) DRV - [2005-10-21 08:13:08 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005-08-01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005-07-14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk) DRV - [2005-07-12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2005-07-11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt) DRV - [2005-07-08 14:44:18 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vax347b.sys -- (vax347b) DRV - [2005-02-17 17:07:48 | 000,005,632 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2005-02-11 22:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2005-01-06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2004-05-28 04:13:04 | 000,016,269 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5) DRV - [2004-04-30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vax347s.sys -- (vax347s) DRV - [2002-10-04 03:32:48 | 000,017,932 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt680x.sys -- (GT680xNT) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVP] E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKU\.DEFAULT..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware) O4 - HKU\S-1-5-18..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware) O4 - HKU\S-1-5-20..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware) O4 - Startup: C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\Pidgin.lnk = E:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0 O9 - Extra Button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab) O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab) O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-10-21 21:21:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001-10-09 18:42:52 | 000,000,045 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (autocheck OODBS) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-10-21 21:20:46 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "O&O Defrag" MsConfig - Services: "UPS" MsConfig - Services: "Norton Ghost" MsConfig - Services: "LiveUpdate" MsConfig - Services: "LightScribeService" MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Tango Patcher 2600 Reloader.lnk - C:\WINDOWS\Tango Patcher 2600\Reloader.exe - () MsConfig - StartUpFolder: C:^Documents and Settings^Marcin^Menu Start^Programy^Autostart^PowerReg Scheduler.exe - C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\PowerReg Scheduler.exe - File not found MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - e:\Program Files\ALLPlayer\ALLUpdate.exe () MsConfig - StartUpReg: [b]Gadu-Gadu[/b] - hkey= - key= - E:\Program Files\Gadu-Gadu\gg.exe File not found MsConfig - StartUpReg: [b]HPDJ Taskbar Utility[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Norton Ghost 12.0[/b] - hkey= - key= - E:\Program Files\Norton Ghost\Agent\VProTray.exe File not found MsConfig - StartUpReg: [b]RemoteControl[/b] - hkey= - key= - e:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: [b]SMSERIAL[/b] - hkey= - key= - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: [b]TransBar[/b] - hkey= - key= - C:\WINDOWS\TransBar.exe (AKSoftware) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2010-04-07 23:46:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marcin\Recent [2010-04-07 21:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Malwarebytes [2010-04-07 21:35:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-04-07 21:35:13 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-04-07 21:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-04-07 21:34:10 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.45.exe [2010-04-07 21:29:05 | 000,000,000 | ---D | C] -- C:\_OTL [2010-04-07 17:57:19 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2010-03-28 00:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\EACOM [2010-03-18 21:51:06 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe [2010-03-18 21:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\QuickTime [2010-03-18 21:50:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime [2010-03-15 22:09:35 | 000,000,000 | ---D | C] -- C:\ideas [2010-03-15 21:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\IONA63 [2010-03-15 20:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\UGS [2010-03-13 17:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Macrovision [2010-03-13 16:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\OrbixE2AConfigurations [2010-03-02 00:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Help [2010-03-02 00:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Help [2010-03-01 22:55:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Tango Patcher 2600 [2010-02-27 22:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xtupdate [2010-02-27 22:09:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS [2010-02-27 16:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\uTorrent [2010-02-27 12:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\PTC [2010-02-22 23:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Dev-Cpp [2010-02-21 22:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet [2010-02-21 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\DWG TrueView 2010 [2010-02-21 22:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE [2010-02-21 22:29:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Templates [2010-02-21 22:29:59 | 000,000,000 | ---D | C] -- E:\Magazyn\Moje dokumenty\Inventor [2010-02-21 22:29:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Design Data [2010-02-21 22:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2010-02-21 22:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Autodesk [2010-02-21 22:18:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX [2010-02-21 20:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai [2010-02-19 00:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\JRE [2010-02-19 00:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2010-02-19 00:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun [2010-02-19 00:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010-02-19 00:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010-02-07 21:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Hardcore [2010-02-07 04:08:37 | 001,451,651 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\scifiworld.exe [2010-02-07 04:08:37 | 000,400,020 | ---- | C] (MacSourcery) -- C:\WINDOWS\scifiworld.scr [2010-02-07 04:08:37 | 000,029,696 | ---- | C] (MacSourcery) -- C:\WINDOWS\mickey32.dll [2009-10-21 23:25:49 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347b.sys [2009-10-21 23:25:49 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347s.sys [2009-10-21 22:26:06 | 000,017,932 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Gt680x.sys [2009-10-21 21:35:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-10-21 21:35:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-10-21 21:30:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-10-21 21:30:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2010-04-07 23:47:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-04-07 23:47:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-04-07 23:46:49 | 000,005,460 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx [2010-04-07 23:46:48 | 012,956,192 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010-04-07 23:46:48 | 000,974,880 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2010-04-07 23:46:48 | 000,104,396 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010-04-07 23:46:41 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Marcin\NTUSER.DAT [2010-04-07 23:46:41 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Marcin\ntuser.ini [2010-04-07 23:44:26 | 000,386,857 | ---- | M] () -- C:\acadminidump.dmp [2010-04-07 23:43:26 | 000,023,630 | ---- | M] () -- C:\WINDOWS\System32\Notepad.ini [2010-04-07 22:09:13 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Microsoft Excel.lnk [2010-04-07 21:34:36 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.45.exe [2010-04-07 21:29:09 | 000,499,500 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-04-07 21:29:09 | 000,439,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-04-07 21:29:09 | 000,088,158 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-04-07 21:29:08 | 001,106,650 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-04-07 21:29:08 | 000,070,798 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2010-04-06 10:46:03 | 000,000,579 | ---- | M] () -- C:\WINDOWS\win.ini [2010-04-06 10:46:03 | 000,000,467 | ---- | M] () -- C:\WINDOWS\system.ini [2010-04-06 10:46:03 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010-04-05 12:13:49 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-03-31 16:04:34 | 015,156,777 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\przyklady_CATIA_1.pdf [2010-03-31 05:54:18 | 000,114,938 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 2.pdf [2010-03-31 05:52:35 | 000,111,623 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 1.pdf [2010-03-31 03:35:26 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\acad.err [2010-03-31 02:45:44 | 000,225,152 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\proj.proc.prod1.dwg [2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-03-29 05:27:44 | 000,043,394 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\PKM szkic.pdf [2010-03-29 02:40:05 | 000,014,426 | ---- | M] () -- E:\Magazyn\Moje dokumenty\Ref.odt [2010-03-29 00:03:36 | 000,013,824 | ---- | M] () -- E:\Magazyn\Moje dokumenty\Ciśnienie.xls [2010-03-28 00:38:26 | 000,000,497 | ---- | M] () -- C:\WINDOWS\eReg.dat [2010-03-23 01:18:47 | 000,625,971 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\projektowanie procesów technologicznych.docx [2010-03-21 20:30:15 | 000,000,154 | ---- | M] () -- C:\JANUS.ERR [2010-03-19 01:55:53 | 002,640,536 | -H-- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-18 22:13:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat [2010-03-18 21:50:52 | 000,000,361 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp [2010-03-14 20:05:06 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Bierzące.lnk [2010-03-13 20:15:51 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas900.app [2010-03-13 20:15:51 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error900.out [2010-03-13 20:10:33 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas2820.app [2010-03-13 20:10:33 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error2820.out [2010-03-13 20:07:54 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas3592.app [2010-03-13 20:07:54 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error3592.out [2010-03-13 20:05:27 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas3800.app [2010-03-13 20:05:27 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error3800.out [2010-03-13 20:03:23 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas3400.app [2010-03-13 20:03:23 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error3400.out [2010-03-03 00:45:40 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-01 23:04:18 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\taskmgr.lnk [2010-03-01 23:00:34 | 000,003,372 | ---- | M] () -- C:\WINDOWS\System32\NOTEPAD.bak.ini [2010-03-01 22:12:45 | 000,001,004 | ---- | M] () -- C:\WINDOWS\unins000.dat [2010-02-27 22:13:49 | 000,000,081 | ---- | M] () -- C:\WINDOWS\xptools.ini [2010-02-27 22:09:55 | 000,620,032 | ---- | M] () -- C:\WINDOWS\System32\xtbaksm.dll [2010-02-27 22:09:55 | 000,620,032 | ---- | M] () -- C:\WINDOWS\System32\xtbaksm.dat [2010-02-27 22:09:53 | 000,000,510 | ---- | M] () -- C:\WINDOWS\System32\xtupdate.zip [2010-02-27 22:09:53 | 000,000,510 | ---- | M] () -- C:\WINDOWS\System32\xtupdate.dat [2010-02-27 22:09:53 | 000,000,030 | ---- | M] () -- C:\WINDOWS\System32\xtbn.dll [2010-02-27 16:17:36 | 000,006,250 | ---- | M] () -- C:\ptcsetup.bak [2010-02-24 20:19:40 | 000,000,710 | ---- | M] () -- C:\WINDOWS\QIII.INI [2010-02-21 22:58:20 | 000,079,664 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-02-21 22:44:52 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-02-19 01:48:44 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\OpenOffice.org Writer.lnk [2010-02-07 19:37:31 | 000,008,169 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\iPod konkurs regulamin.rtf [2010-02-07 04:08:37 | 001,451,651 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\scifiworld.exe [2010-02-07 04:08:37 | 000,400,020 | ---- | M] (MacSourcery) -- C:\WINDOWS\scifiworld.scr [2010-02-07 04:08:37 | 000,029,696 | ---- | M] (MacSourcery) -- C:\WINDOWS\mickey32.dll [2010-02-07 00:07:23 | 000,000,810 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-04-06 10:46:03 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\Pidgin.lnk [2010-03-31 16:04:41 | 015,156,777 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\przyklady_CATIA_1.pdf [2010-03-31 03:35:26 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\acad.err [2010-03-29 05:27:44 | 000,043,394 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\PKM szkic.pdf [2010-03-29 00:03:36 | 000,013,824 | ---- | C] () -- E:\Magazyn\Moje dokumenty\Ciśnienie.xls [2010-03-28 23:37:57 | 000,002,419 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Microsoft Excel.lnk [2010-03-28 00:38:26 | 000,000,497 | ---- | C] () -- C:\WINDOWS\eReg.dat [2010-03-25 06:08:59 | 000,114,938 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 2.pdf [2010-03-25 00:50:25 | 000,111,623 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 1.pdf [2010-03-24 22:04:01 | 000,225,152 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\proj.proc.prod1.dwg [2010-03-18 22:13:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat [2010-03-18 21:50:52 | 000,000,361 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp [2010-03-18 21:49:14 | 000,000,154 | ---- | C] () -- C:\JANUS.ERR [2010-03-18 21:39:16 | 000,507,904 | ---- | C] () -- C:\WINDOWS\Silent Hunter II remove.exe [2010-03-14 20:05:06 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Bierzące.lnk [2010-03-13 20:15:48 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas900.app [2010-03-13 20:15:47 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error900.out [2010-03-13 20:10:30 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas2820.app [2010-03-13 20:10:29 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error2820.out [2010-03-13 20:07:51 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas3592.app [2010-03-13 20:07:50 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error3592.out [2010-03-13 20:05:24 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas3800.app [2010-03-13 20:05:23 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error3800.out [2010-03-13 20:03:19 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas3400.app [2010-03-13 20:03:15 | 000,020,193 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas_sysenvlog.txt [2010-03-13 20:03:15 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error3400.out [2010-03-12 20:09:11 | 000,625,971 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\projektowanie procesów technologicznych.docx [2010-03-01 23:57:44 | 000,023,630 | ---- | C] () -- C:\WINDOWS\System32\Notepad.ini [2010-03-01 23:57:43 | 000,796,672 | ---- | C] () -- C:\WINDOWS\System32\notepad.exe [2010-02-27 22:13:49 | 000,000,081 | ---- | C] () -- C:\WINDOWS\xptools.ini [2010-02-27 22:09:55 | 000,620,032 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.dll [2010-02-27 22:09:55 | 000,620,032 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.dat [2010-02-27 22:09:53 | 000,000,510 | ---- | C] () -- C:\WINDOWS\System32\xtupdate.zip [2010-02-27 22:09:53 | 000,000,510 | ---- | C] () -- C:\WINDOWS\System32\xtupdate.dat [2010-02-27 22:09:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\xtbn.dll [2010-02-27 22:08:57 | 000,001,004 | ---- | C] () -- C:\WINDOWS\unins000.dat [2010-02-27 10:58:50 | 000,006,250 | ---- | C] () -- C:\ptcsetup.bak [2010-02-25 22:25:09 | 000,386,857 | ---- | C] () -- C:\acadminidump.dmp [2010-02-19 01:48:44 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\OpenOffice.org Writer.lnk [2010-02-19 01:07:51 | 000,014,426 | ---- | C] () -- E:\Magazyn\Moje dokumenty\Ref.odt [2010-02-19 00:58:25 | 000,058,368 | ---- | C] () -- E:\Magazyn\Moje dokumenty\Okładki na płyty.doc [2010-02-07 19:37:31 | 000,008,169 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\iPod konkurs regulamin.rtf [2010-02-07 00:07:25 | 000,000,000 | RHS- | C] () -- C:\msdos.$$$ [2010-01-17 17:04:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marcin\.gtkrc-2.0 [2010-01-12 04:04:55 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Marcin\.recently-used.xbel [2010-01-02 19:17:39 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Clony2.ini [2009-12-29 21:34:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI [2009-12-29 21:30:03 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll [2009-12-29 21:30:03 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll [2009-12-06 14:07:30 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2009-12-04 02:03:27 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI [2009-11-24 10:13:37 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Q3CDKey.ini [2009-11-23 23:05:16 | 000,000,710 | ---- | C] () -- C:\WINDOWS\QIII.INI [2009-11-08 22:14:49 | 000,000,055 | ---- | C] () -- C:\WINDOWS\MinGW.INI [2009-11-02 00:14:26 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2009-11-01 00:45:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-10-28 19:40:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI [2009-10-23 02:38:29 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-22 00:21:36 | 000,003,372 | ---- | C] () -- C:\WINDOWS\System32\NOTEPAD.bak.ini [2009-10-22 00:17:45 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-10-22 00:17:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009-10-22 00:17:43 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-10-22 00:17:43 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-10-22 00:17:42 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-10-22 00:17:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-10-21 23:52:42 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-10-21 23:35:13 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009-10-21 22:35:53 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll [2009-10-21 22:26:06 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll [2009-10-21 22:25:55 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI [2009-10-21 22:13:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2009-10-21 22:00:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll [2009-10-21 22:00:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll [2009-10-21 22:00:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll [2009-10-21 22:00:24 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll [2009-10-21 22:00:24 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll [2009-10-21 22:00:24 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll [2009-10-21 22:00:24 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll [2009-10-21 22:00:23 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll [2009-10-21 22:00:23 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll [2009-10-21 21:56:40 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009-10-21 21:47:45 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2009-10-21 21:42:11 | 000,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2009-10-21 21:38:44 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Marcin\ntuser.ini [2009-10-21 21:38:39 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\Marcin\NTUSER.DAT [2009-10-21 21:38:39 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Marcin\NTUSER.DAT.LOG [2009-10-21 21:30:28 | 000,530,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-10-21 21:24:03 | 000,000,047 | ---- | C] () -- C:\WINDOWS\TransBar.ini [2009-07-05 18:59:43 | 000,000,810 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005-09-02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005-07-22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004-07-20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004-01-15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2001-12-12 02:28:51 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Marcin\hpsfx.ini [1999-01-22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [color=#E56717]========== LOP Check ==========[/color] [2009-10-21 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Foxit [2010-02-26 18:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk [2009-10-24 20:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus [2009-11-11 11:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DassaultSystemes [2010-01-01 23:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation [2010-01-22 11:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PDF Writer [2009-10-21 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Foxit [2010-04-07 23:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\.purple [2010-02-26 18:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Autodesk [2010-02-01 10:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Azureus [2009-11-11 11:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\DassaultSystemes [2010-03-02 00:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Dev-Cpp [2010-03-31 02:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\foobar2000 [2009-10-21 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Foxit [2009-10-22 00:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\GHISLER [2010-01-15 02:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\gtk-2.0 [2010-02-07 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Hardcore [2010-01-12 04:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\inkscape [2010-01-10 02:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\OpenOffice.org [2009-10-22 00:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Opera [2010-01-22 11:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\PDF Writer [2010-02-27 12:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\PTC [2010-02-27 16:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2010-04-07 23:44:26 | 000,386,857 | ---- | M] () -- C:\acadminidump.dmp [2009-11-11 14:02:34 | 000,000,170 | ---- | M] () -- C:\ASWL2K.ini [2009-10-21 21:21:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010-04-06 10:46:03 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2001-07-22 02:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2009-10-21 21:21:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010-04-07 18:01:52 | 000,044,584 | ---- | M] () -- C:\Extras.Txt [2009-10-21 21:21:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010-03-21 20:30:15 | 000,000,154 | ---- | M] () -- C:\JANUS.ERR [2010-04-07 23:42:50 | 000,001,548 | ---- | M] () -- C:\mbam-log-2010-04-07 (23-42-39).txt [2010-04-07 21:34:36 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.45.exe [2009-10-21 21:21:44 | 000,000,000 | RHS- | M] () -- C:\msdos.$$$ [2009-10-21 21:21:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008-04-14 00:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008-04-14 02:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr [2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2010-04-07 18:01:45 | 000,115,614 | ---- | M] () -- C:\OTL.Txt [2010-02-27 16:17:36 | 000,006,250 | ---- | M] () -- C:\ptcsetup.bak [2010-03-05 00:02:48 | 000,005,947 | ---- | M] () -- C:\ptcsetup.log [2009-10-22 22:41:21 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2008-04-14 02:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008-04-15 00:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2008-04-14 02:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2008-04-15 00:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe < End of report > [/log] Log z Malwarebytes' Anti-Malware: [log] Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Wersja bazy: 3966 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 8.0.6001.18702 2010-04-07 23:42:39 mbam-log-2010-04-07 (23-42-39).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|H:\|) Przeskanowano obiektów: 431491 Upłynęło: 2 godzin(y), 1 minut(y), 41 sekund(y) Zainfekowanych procesów w pamięci: 0 Zainfekowanych modułów w pamięci: 0 Zainfekowanych kluczy rejestru: 0 Zainfekowanych wartości rejestru: 2 Zainfekowane informacje rejestru systemowego: 2 Zainfekowanych folderów: 0 Zainfekowanych plików: 0 Zainfekowanych procesów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych modułów w pamięci: (Nie znaleziono zagrożeń) Zainfekowanych kluczy rejestru: (Nie znaleziono zagrożeń) Zainfekowanych wartości rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken. Zainfekowane informacje rejestru systemowego: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken. Zainfekowanych folderów: (Nie znaleziono zagrożeń) Zainfekowanych plików: (Nie znaleziono zagrożeń) [/log] Po skanowaniach zniknęły pliki autorun.inf z nośników wymiennych. Podczas ręcznego usuwania tych z ikoną kosza okazało się, że to zwykłe foldery, które zawierały wcześniej niewidoczne pliki .exe.
osemka komentarz 8 kwietnia 2010 Autor komentarz 8 kwietnia 2010 Wykonać jeszcze raz procedurę skanowania wg linka na górze i dopiero dać CleanUP czy od razu po włączeniu programu?
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.