x-kom hosting

Podejrzane pliki na pendrive

osemka
utworzono
utworzono

Witam!

Pojawiły mi się podejrzane pliki na pendrive'ach, których wcześniej nie zauważyłem. Wszystkie mają atrybut "ukryty". Na moim pierwszym nośniku są to dwa pliki z ikoną kosza o nazwach "GORDANA" i "MILEGEJ" oraz trzeci plik "autorun.inf". Przy próbie otwarcia tego ostatniego za pomocą notatnika wyskakuje błąd. Na drugim pendrive pojawił się jak na razie tylko "GORDANA" i "autorun.inf". Kaspersky nic nie znajduje.

Log z OTL
[log]OTL logfile created on: 2010-04-07 17:58:43 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 3,45 Gb Free Space | 35,37% Space Free | Partition Type: NTFS
Drive D: | 7,45 Gb Total Space | 7,45 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive E: | 64,76 Gb Total Space | 1,57 Gb Free Space | 2,43% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 556,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 1,91 Gb Total Space | 1,89 Gb Free Space | 99,13% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: MX8PC
Current User Name: Marcin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2010-02-19 00:53:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010-01-09 00:14:28 | 000,045,603 | ---- | M] (The Pidgin developer community) -- E:\Program Files\Pidgin\pidgin.exe
PRC - [2009-10-21 23:28:34 | 000,208,616 | ---- | M] (Kaspersky Lab) -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2009-08-28 13:13:02 | 000,832,808 | ---- | M] (Opera Software) -- E:\Program Files\Opera\opera.exe
PRC - [2009-07-05 01:07:33 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2009-06-28 21:03:27 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2009-06-27 17:16:26 | 002,025,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009-05-09 16:59:22 | 001,272,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008-04-15 00:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-15 00:51:50 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe
PRC - [2008-04-15 00:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-15 00:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-15 00:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-15 00:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-02-26 15:00:48 | 001,123,608 | ---- | M] (Diskeeper Corporation) -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2007-02-03 01:02:46 | 001,396,736 | R--- | M] () -- C:\Program Files\UGS\UGSLicensing\ugslmd.exe
PRC - [2007-02-03 01:02:44 | 001,327,104 | R--- | M] (Macrovision Corporation) -- C:\Program Files\UGS\UGSLicensing\lmgrd.exe
PRC - [2007-02-02 16:02:46 | 001,327,104 | ---- | M] (Macrovision Corporation) -- C:\Program Files\UGS\I-DEAS\Resource Locking\lmgrd.exe
PRC - [2007-01-23 16:31:46 | 001,396,736 | ---- | M] () -- C:\Program Files\UGS\I-DEAS\Resource Locking\ideasrl.exe
PRC - [2006-05-04 09:59:16 | 016,206,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006-03-14 17:46:00 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
PRC - [2006-03-08 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2006-03-08 16:42:00 | 000,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006-02-23 06:40:40 | 000,106,496 | R--- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006-02-21 09:25:58 | 002,170,880 | R--- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2005-10-21 08:26:48 | 000,761,945 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2009-07-05 15:23:12 | 017,202,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2009-07-05 02:18:13 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2009-07-05 01:07:33 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-07-05 01:06:31 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-07-05 01:06:28 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2009-07-05 01:04:52 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-06-09 02:47:53 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2009-06-09 01:53:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-02-09 17:00:17 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-07-29 20:22:12 | 000,079,112 | ---- | M] (Kaspersky Lab) -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
MOD - [2008-07-29 20:22:08 | 000,079,112 | ---- | M] (Kaspersky Lab) -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
MOD - [2008-04-15 00:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-15 00:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008-04-15 00:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-15 00:50:58 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-15 00:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-15 00:50:48 | 000,956,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-15 00:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-15 00:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-15 00:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-15 00:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-15 00:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-15 00:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-15 00:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-15 00:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-15 00:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-15 00:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-15 00:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-15 00:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2008-04-15 00:29:10 | 001,025,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (ALG)
SRV - [2010-02-21 22:28:54 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-10-21 23:28:34 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP)
SRV - [2008-02-26 15:00:48 | 001,123,608 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2007-02-03 01:02:44 | 001,327,104 | R--- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\UGS\UGSLicensing\lmgrd.exe -- (UGS License Server (ugslmd)) UGS License Server (ugslmd)
SRV - [2007-02-02 16:02:46 | 001,327,104 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\UGS\I-DEAS\Resource Locking\lmgrd.exe -- (NX I-DEAS Resource Locking Service)
SRV - [2006-01-05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- E:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-12-17 16:02:34 | 000,099,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009-12-17 16:02:34 | 000,031,824 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2009-10-21 23:28:34 | 000,213,520 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009-10-21 23:28:34 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009-10-21 22:16:23 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2009-07-05 02:19:05 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2009-07-04 23:08:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2009-07-04 23:08:26 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2008-07-21 18:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008-04-30 18:06:48 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008-04-14 00:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-12 04:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2008-02-05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007-04-24 17:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2006-05-04 10:13:52 | 004,271,616 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-03-08 16:49:20 | 001,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-02-24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006-02-08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006-02-02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006-01-20 06:44:42 | 000,862,340 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006-01-18 12:41:58 | 000,080,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005-12-14 17:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005-11-24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005-11-11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005-10-21 08:13:08 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005-08-01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005-07-14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005-07-12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005-07-11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005-07-08 14:44:18 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vax347b.sys -- (vax347b)
DRV - [2005-02-17 17:07:48 | 000,005,632 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005-02-11 22:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005-01-06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004-05-28 04:13:04 | 000,016,269 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5)
DRV - [2004-04-30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vax347s.sys -- (vax347s)
DRV - [2002-10-04 03:32:48 | 000,017,932 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt680x.sys -- (GT680xNT)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKU\.DEFAULT..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware)
O4 - HKU\S-1-5-18..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware)
O4 - HKU\S-1-5-20..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware)
O4 - Startup: C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\Pidgin.lnk = E:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O9 - Extra Button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Marcin\csrss.exe) - C:\Documents and Settings\Marcin\csrss.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-10-21 21:21:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O32 - AutoRun File - [2001-10-09 18:42:52 | 000,000,045 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - Unable to obtain root file information for disk H:\
O33 - MountPoints2\{fceb419a-f63e-11de-b921-0018f39f42d3}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck OODBS) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-10-21 21:20:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "O&O Defrag"
MsConfig - Services: "UPS"
MsConfig - Services: "Norton Ghost"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "LightScribeService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Tango Patcher 2600 Reloader.lnk - C:\WINDOWS\Tango Patcher 2600\Reloader.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Marcin^Menu Start^Programy^Autostart^PowerReg Scheduler.exe - C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\PowerReg Scheduler.exe - File not found
MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - e:\Program Files\ALLPlayer\ALLUpdate.exe ()
MsConfig - StartUpReg: [b]Gadu-Gadu[/b] - hkey= - key= - E:\Program Files\Gadu-Gadu\gg.exe File not found
MsConfig - StartUpReg: [b]HPDJ Taskbar Utility[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Norton Ghost 12.0[/b] - hkey= - key= - E:\Program Files\Norton Ghost\Agent\VProTray.exe File not found
MsConfig - StartUpReg: [b]RemoteControl[/b] - hkey= - key= - e:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: [b]SMSERIAL[/b] - hkey= - key= - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]TransBar[/b] - hkey= - key= - C:\WINDOWS\TransBar.exe (AKSoftware)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-04-07 17:57:19 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010-04-07 07:49:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marcin\Recent
[2010-04-04 10:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Układy wykład
[2010-03-28 00:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\EACOM
[2010-03-18 21:51:06 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2010-03-18 21:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\QuickTime
[2010-03-18 21:50:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010-03-15 22:09:35 | 000,000,000 | ---D | C] -- C:\ideas
[2010-03-15 21:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\IONA63
[2010-03-15 20:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\UGS
[2010-03-13 21:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Pulpit\Układy lab2
[2010-03-13 17:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Macrovision
[2010-03-13 16:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\OrbixE2AConfigurations
[2010-03-02 00:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Help
[2010-03-02 00:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Help
[2010-03-01 22:55:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Tango Patcher 2600
[2010-02-27 22:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xtupdate
[2010-02-27 22:09:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS
[2010-02-27 16:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\uTorrent
[2010-02-27 12:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\PTC
[2010-02-22 23:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Dev-Cpp
[2010-02-21 22:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
[2010-02-21 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\DWG TrueView 2010
[2010-02-21 22:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010-02-21 22:29:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Templates
[2010-02-21 22:29:59 | 000,000,000 | ---D | C] -- E:\Magazyn\Moje dokumenty\Inventor
[2010-02-21 22:29:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Design Data
[2010-02-21 22:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010-02-21 22:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Autodesk
[2010-02-21 22:18:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010-02-21 20:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010-02-19 00:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010-02-19 00:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010-02-19 00:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun
[2010-02-19 00:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-02-19 00:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010-02-07 21:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Hardcore
[2010-02-07 04:08:37 | 001,451,651 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\scifiworld.exe
[2010-02-07 04:08:37 | 000,400,020 | ---- | C] (MacSourcery) -- C:\WINDOWS\scifiworld.scr
[2010-02-07 04:08:37 | 000,029,696 | ---- | C] (MacSourcery) -- C:\WINDOWS\mickey32.dll
[2009-10-21 23:25:49 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347b.sys
[2009-10-21 23:25:49 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347s.sys
[2009-10-21 22:26:06 | 000,017,932 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Gt680x.sys
[2009-10-21 21:35:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-10-21 21:35:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-10-21 21:30:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-10-21 21:30:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010-04-07 17:49:59 | 000,023,632 | ---- | M] () -- C:\WINDOWS\System32\Notepad.ini
[2010-04-07 13:50:38 | 012,952,608 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010-04-07 13:47:35 | 000,104,368 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010-04-07 10:35:27 | 000,183,808 | RHS- | M] () -- C:\Documents and Settings\Marcin\csrss.exe
[2010-04-07 10:33:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-04-07 10:33:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-04-07 07:49:19 | 000,974,880 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010-04-07 07:49:19 | 000,005,460 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010-04-07 07:49:14 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Marcin\NTUSER.DAT
[2010-04-07 07:49:14 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Marcin\ntuser.ini
[2010-04-06 10:46:03 | 000,000,579 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-04-06 10:46:03 | 000,000,467 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-04-06 10:46:03 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-04-05 12:13:49 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-03-31 16:04:34 | 015,156,777 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\przyklady_CATIA_1.pdf
[2010-03-31 05:54:18 | 000,114,938 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 2.pdf
[2010-03-31 05:52:35 | 000,111,623 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 1.pdf
[2010-03-31 03:42:08 | 000,355,124 | ---- | M] () -- C:\acadminidump.dmp
[2010-03-31 03:35:26 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\acad.err
[2010-03-31 02:45:44 | 000,225,152 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\proj.proc.prod1.dwg
[2010-03-29 05:27:44 | 000,043,394 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\PKM szkic.pdf
[2010-03-29 02:40:05 | 000,014,426 | ---- | M] () -- E:\Magazyn\Moje dokumenty\Ref.odt
[2010-03-29 00:03:36 | 000,013,824 | ---- | M] () -- E:\Magazyn\Moje dokumenty\Ciśnienie.xls
[2010-03-28 23:48:37 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Microsoft Excel.lnk
[2010-03-28 23:03:25 | 000,773,498 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\WR.tif
[2010-03-28 14:43:18 | 000,142,083 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\p hydrostatyczna wyniki.rar
[2010-03-28 14:39:36 | 000,200,290 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Wojciech oboda.pdf
[2010-03-28 00:38:26 | 000,000,497 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010-03-25 00:08:32 | 000,011,495 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\u napędowe 2 sprawozdanie.docx
[2010-03-23 01:18:47 | 000,625,971 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\projektowanie procesów technologicznych.docx
[2010-03-21 20:30:15 | 000,000,154 | ---- | M] () -- C:\JANUS.ERR
[2010-03-19 01:55:53 | 002,640,536 | -H-- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-03-18 22:13:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010-03-18 21:50:52 | 000,000,361 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2010-03-14 20:05:06 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Bierzące.lnk
[2010-03-13 20:15:51 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas900.app
[2010-03-13 20:15:51 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error900.out
[2010-03-13 20:10:33 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas2820.app
[2010-03-13 20:10:33 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error2820.out
[2010-03-13 20:07:54 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas3592.app
[2010-03-13 20:07:54 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error3592.out
[2010-03-13 20:05:27 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas3800.app
[2010-03-13 20:05:27 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error3800.out
[2010-03-13 20:03:23 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas3400.app
[2010-03-13 20:03:23 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error3400.out
[2010-03-10 19:20:14 | 000,659,730 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Zdjęcie007.jpg
[2010-03-10 19:10:07 | 001,483,471 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Zdjęcie006.jpg
[2010-03-03 00:45:40 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-02 23:30:42 | 003,638,382 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\IMG_8984.JPG
[2010-03-01 23:04:18 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\taskmgr.lnk
[2010-03-01 23:00:34 | 000,003,372 | ---- | M] () -- C:\WINDOWS\System32\NOTEPAD.bak.ini
[2010-03-01 22:12:45 | 000,001,004 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2010-02-27 22:13:49 | 000,000,081 | ---- | M] () -- C:\WINDOWS\xptools.ini
[2010-02-27 22:09:55 | 000,620,032 | ---- | M] () -- C:\WINDOWS\System32\xtbaksm.dll
[2010-02-27 22:09:55 | 000,620,032 | ---- | M] () -- C:\WINDOWS\System32\xtbaksm.dat
[2010-02-27 22:09:53 | 000,000,510 | ---- | M] () -- C:\WINDOWS\System32\xtupdate.zip
[2010-02-27 22:09:53 | 000,000,510 | ---- | M] () -- C:\WINDOWS\System32\xtupdate.dat
[2010-02-27 22:09:53 | 000,000,030 | ---- | M] () -- C:\WINDOWS\System32\xtbn.dll
[2010-02-27 16:17:36 | 000,006,250 | ---- | M] () -- C:\ptcsetup.bak
[2010-02-24 20:19:40 | 000,000,710 | ---- | M] () -- C:\WINDOWS\QIII.INI
[2010-02-21 22:58:20 | 000,079,664 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-02-21 22:44:52 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-02-19 01:48:44 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\OpenOffice.org Writer.lnk
[2010-02-07 19:37:31 | 000,008,169 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\iPod konkurs regulamin.rtf
[2010-02-07 04:08:37 | 001,451,651 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\scifiworld.exe
[2010-02-07 04:08:37 | 000,400,020 | ---- | M] (MacSourcery) -- C:\WINDOWS\scifiworld.scr
[2010-02-07 04:08:37 | 000,029,696 | ---- | M] (MacSourcery) -- C:\WINDOWS\mickey32.dll
[2010-02-07 00:07:23 | 000,000,810 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-04-06 10:46:03 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\Pidgin.lnk
[2010-04-05 13:24:24 | 000,183,808 | RHS- | C] () -- C:\Documents and Settings\Marcin\csrss.exe
[2010-03-31 16:04:41 | 015,156,777 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\przyklady_CATIA_1.pdf
[2010-03-31 03:35:26 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\acad.err
[2010-03-29 05:27:44 | 000,043,394 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\PKM szkic.pdf
[2010-03-29 00:03:36 | 000,013,824 | ---- | C] () -- E:\Magazyn\Moje dokumenty\Ciśnienie.xls
[2010-03-28 23:37:57 | 000,002,419 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Microsoft Excel.lnk
[2010-03-28 23:03:25 | 000,773,498 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\WR.tif
[2010-03-28 14:43:18 | 000,142,083 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\p hydrostatyczna wyniki.rar
[2010-03-28 14:39:36 | 000,200,290 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Wojciech oboda.pdf
[2010-03-28 00:38:26 | 000,000,497 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010-03-25 06:08:59 | 000,114,938 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 2.pdf
[2010-03-25 00:50:25 | 000,111,623 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 1.pdf
[2010-03-25 00:08:32 | 000,011,495 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\u napędowe 2 sprawozdanie.docx
[2010-03-24 22:04:01 | 000,225,152 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\proj.proc.prod1.dwg
[2010-03-18 22:13:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010-03-18 21:50:52 | 000,000,361 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp
[2010-03-18 21:49:14 | 000,000,154 | ---- | C] () -- C:\JANUS.ERR
[2010-03-18 21:39:16 | 000,507,904 | ---- | C] () -- C:\WINDOWS\Silent Hunter II remove.exe
[2010-03-14 20:05:06 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Bierzące.lnk
[2010-03-13 20:15:48 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas900.app
[2010-03-13 20:15:47 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error900.out
[2010-03-13 20:10:30 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas2820.app
[2010-03-13 20:10:29 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error2820.out
[2010-03-13 20:07:51 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas3592.app
[2010-03-13 20:07:50 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error3592.out
[2010-03-13 20:05:24 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas3800.app
[2010-03-13 20:05:23 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error3800.out
[2010-03-13 20:03:19 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas3400.app
[2010-03-13 20:03:15 | 000,020,193 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas_sysenvlog.txt
[2010-03-13 20:03:15 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error3400.out
[2010-03-12 20:09:11 | 000,625,971 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\projektowanie procesów technologicznych.docx
[2010-03-10 19:10:07 | 001,483,471 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Zdjęcie006.jpg
[2010-03-10 19:10:00 | 000,659,730 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Zdjęcie007.jpg
[2010-03-02 23:30:42 | 003,638,382 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\IMG_8984.JPG
[2010-03-01 23:57:44 | 000,023,632 | ---- | C] () -- C:\WINDOWS\System32\Notepad.ini
[2010-03-01 23:57:43 | 000,796,672 | ---- | C] () -- C:\WINDOWS\System32\notepad.exe
[2010-02-27 22:13:49 | 000,000,081 | ---- | C] () -- C:\WINDOWS\xptools.ini
[2010-02-27 22:09:55 | 000,620,032 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.dll
[2010-02-27 22:09:55 | 000,620,032 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.dat
[2010-02-27 22:09:53 | 000,000,510 | ---- | C] () -- C:\WINDOWS\System32\xtupdate.zip
[2010-02-27 22:09:53 | 000,000,510 | ---- | C] () -- C:\WINDOWS\System32\xtupdate.dat
[2010-02-27 22:09:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\xtbn.dll
[2010-02-27 22:08:57 | 000,001,004 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010-02-27 10:58:50 | 000,006,250 | ---- | C] () -- C:\ptcsetup.bak
[2010-02-25 22:25:09 | 000,355,124 | ---- | C] () -- C:\acadminidump.dmp
[2010-02-19 01:48:44 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\OpenOffice.org Writer.lnk
[2010-02-19 01:07:51 | 000,014,426 | ---- | C] () -- E:\Magazyn\Moje dokumenty\Ref.odt
[2010-02-19 00:58:25 | 000,058,368 | ---- | C] () -- E:\Magazyn\Moje dokumenty\Okładki na płyty.doc
[2010-02-07 19:37:31 | 000,008,169 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\iPod konkurs regulamin.rtf
[2010-02-07 00:07:25 | 000,000,000 | RHS- | C] () -- C:\msdos.$$$
[2010-01-17 17:04:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marcin\.gtkrc-2.0
[2010-01-12 04:04:55 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Marcin\.recently-used.xbel
[2010-01-02 19:17:39 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2009-12-29 21:34:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2009-12-29 21:30:03 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2009-12-29 21:30:03 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2009-12-06 14:07:30 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009-12-04 02:03:27 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2009-11-24 10:13:37 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Q3CDKey.ini
[2009-11-23 23:05:16 | 000,000,710 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2009-11-08 22:14:49 | 000,000,055 | ---- | C] () -- C:\WINDOWS\MinGW.INI
[2009-11-02 00:14:26 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2009-11-01 00:45:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-10-28 19:40:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009-10-23 02:38:29 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-22 00:21:36 | 000,003,372 | ---- | C] () -- C:\WINDOWS\System32\NOTEPAD.bak.ini
[2009-10-22 00:17:45 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-10-22 00:17:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-10-22 00:17:43 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-10-22 00:17:43 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-10-22 00:17:42 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-10-22 00:17:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-10-21 23:52:42 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-10-21 23:35:13 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009-10-21 22:35:53 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2009-10-21 22:26:06 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2009-10-21 22:25:55 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2009-10-21 22:13:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009-10-21 22:00:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2009-10-21 22:00:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2009-10-21 22:00:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2009-10-21 22:00:24 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2009-10-21 22:00:24 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2009-10-21 22:00:24 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2009-10-21 22:00:24 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2009-10-21 22:00:23 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2009-10-21 22:00:23 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2009-10-21 21:56:40 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-10-21 21:47:45 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2009-10-21 21:42:11 | 000,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2009-10-21 21:38:44 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Marcin\ntuser.ini
[2009-10-21 21:38:39 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\Marcin\NTUSER.DAT
[2009-10-21 21:38:39 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Marcin\NTUSER.DAT.LOG
[2009-10-21 21:30:28 | 000,530,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2009-10-21 21:24:03 | 000,000,047 | ---- | C] () -- C:\WINDOWS\TransBar.ini
[2009-07-05 18:59:43 | 000,000,810 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005-09-02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005-07-22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004-07-20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004-01-15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2001-12-12 02:28:51 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Marcin\hpsfx.ini
[1999-01-22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2009-10-21 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Foxit
[2010-02-26 18:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
[2009-10-24 20:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus
[2009-11-11 11:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DassaultSystemes
[2010-01-01 23:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation
[2010-01-22 11:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PDF Writer
[2009-10-21 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Foxit
[2010-04-07 17:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\.purple
[2010-02-26 18:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Autodesk
[2010-02-01 10:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Azureus
[2009-11-11 11:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\DassaultSystemes
[2010-03-02 00:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Dev-Cpp
[2010-03-31 02:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\foobar2000
[2009-10-21 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Foxit
[2009-10-22 00:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\GHISLER
[2010-01-15 02:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\gtk-2.0
[2010-02-07 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Hardcore
[2010-01-12 04:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\inkscape
[2010-01-10 02:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\OpenOffice.org
[2009-10-22 00:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Opera
[2010-01-22 11:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\PDF Writer
[2010-02-27 12:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\PTC
[2010-02-27 16:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\uTorrent

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-03-31 03:42:08 | 000,355,124 | ---- | M] () -- C:\acadminidump.dmp
[2009-11-11 14:02:34 | 000,000,170 | ---- | M] () -- C:\ASWL2K.ini
[2009-10-21 21:21:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-04-06 10:46:03 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001-07-22 02:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-10-21 21:21:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-10-21 21:21:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-03-21 20:30:15 | 000,000,154 | ---- | M] () -- C:\JANUS.ERR
[2009-10-21 21:21:44 | 000,000,000 | RHS- | M] () -- C:\msdos.$$$
[2009-10-21 21:21:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-14 00:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-14 02:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010-02-27 16:17:36 | 000,006,250 | ---- | M] () -- C:\ptcsetup.bak
[2010-03-05 00:02:48 | 000,005,947 | ---- | M] () -- C:\ptcsetup.log
[2009-10-22 22:41:21 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX


[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-04-14 02:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-15 00:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-14 02:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-15 00:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
< End of report >
[/log]

Plik stronicowania w ogóle wyłączyłem. Nie wiem czemu w logu jest napisane, że pagefile ma 2GB.

Mateusz J.
komentarz
komentarz

Uruchom OTL i w oknie Custom Scans/Fixes wklej
[code]
:OTL
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Marcin\csrss.exe) - C:\Documents and Settings\Marcin\csrss.exe ()
O32 - Unable to obtain root file information for disk D:\
O32 - AutoRun File - [2001-10-09 18:42:52 | 000,000,045 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - Unable to obtain root file information for disk H:\
O33 - MountPoints2\{fceb419a-f63e-11de-b921-0018f39f42d3}\Shell - "" = AutoRun

:Files
C:\autorun.inf
D:\autorun.inf
E:\autorun.inf
F:\autorun.inf
G:\autorun.inf
H:\autorun.inf

:Commands
[emptytemp]
[Reboot]

[/code]
Kliknij Run Fix. Zatwierdź restart komputera.
Po ponownym uruchomieniu komputera tworzysz nowy log i pokazujesz do kontroli.

Wykonaj: http://www.forumpc.pl/index.php?showtopic=107753
Raport na forum, usuwasz wszystko co program znajdzie.

Ukryte pliki z pendrive usuwasz ręcznie.

osemka
komentarz
komentarz

Log z OTL:
[log]
OTL logfile created on: 2010-04-07 23:57:13 - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 4,31 Gb Free Space | 44,08% Space Free | Partition Type: NTFS
Drive D: | 7,45 Gb Total Space | 7,45 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive E: | 64,76 Gb Total Space | 1,49 Gb Free Space | 2,29% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 556,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 1,91 Gb Total Space | 1,89 Gb Free Space | 99,14% Space Free | Partition Type: FAT32
Drive I: | 946,69 Mb Total Space | 941,69 Mb Free Space | 99,47% Space Free | Partition Type: FAT

Computer Name: MX8PC
Current User Name: Marcin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2010-02-19 00:53:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010-01-09 00:14:28 | 000,045,603 | ---- | M] (The Pidgin developer community) -- E:\Program Files\Pidgin\pidgin.exe
PRC - [2009-10-21 23:28:34 | 000,208,616 | ---- | M] (Kaspersky Lab) -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
PRC - [2009-08-28 13:13:02 | 000,832,808 | ---- | M] (Opera Software) -- E:\Program Files\Opera\opera.exe
PRC - [2009-07-05 01:07:52 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009-07-05 01:07:33 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2009-06-28 21:03:27 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2009-06-27 17:16:26 | 002,025,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009-05-09 16:59:22 | 001,272,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008-04-15 00:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-15 00:51:50 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiapsrv.exe
PRC - [2008-04-15 00:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-15 00:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-15 00:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-15 00:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-15 00:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-02-26 15:00:48 | 001,123,608 | ---- | M] (Diskeeper Corporation) -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2007-02-03 01:02:46 | 001,396,736 | R--- | M] () -- C:\Program Files\UGS\UGSLicensing\ugslmd.exe
PRC - [2007-02-03 01:02:44 | 001,327,104 | R--- | M] (Macrovision Corporation) -- C:\Program Files\UGS\UGSLicensing\lmgrd.exe
PRC - [2007-02-02 16:02:46 | 001,327,104 | ---- | M] (Macrovision Corporation) -- C:\Program Files\UGS\I-DEAS\Resource Locking\lmgrd.exe
PRC - [2007-01-23 16:31:46 | 001,396,736 | ---- | M] () -- C:\Program Files\UGS\I-DEAS\Resource Locking\ideasrl.exe
PRC - [2006-05-04 09:59:16 | 016,206,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006-03-14 17:46:00 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
PRC - [2006-03-08 21:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2006-03-08 16:42:00 | 000,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006-02-23 06:40:40 | 000,106,496 | R--- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006-02-21 09:25:58 | 002,170,880 | R--- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2005-10-21 08:26:48 | 000,761,945 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2009-07-05 15:23:12 | 017,202,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2009-07-05 02:18:13 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2009-07-05 01:07:33 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2009-07-05 01:06:31 | 001,020,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-07-05 01:06:28 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2009-07-05 01:04:52 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-06-09 02:47:53 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2009-06-09 01:53:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-02-09 17:00:17 | 000,723,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-07-29 20:22:12 | 000,079,112 | ---- | M] (Kaspersky Lab) -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
MOD - [2008-07-29 20:22:08 | 000,079,112 | ---- | M] (Kaspersky Lab) -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll
MOD - [2008-04-15 00:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-15 00:50:58 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008-04-15 00:50:58 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wldap32.dll
MOD - [2008-04-15 00:50:58 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-15 00:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll
MOD - [2008-04-15 00:50:48 | 000,956,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-15 00:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-15 00:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-15 00:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-15 00:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-15 00:50:46 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\samlib.dll
MOD - [2008-04-15 00:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-15 00:50:42 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntmarta.dll
MOD - [2008-04-15 00:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-15 00:50:34 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-15 00:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-15 00:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-15 00:43:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2008-04-15 00:29:10 | 001,025,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [On_Demand | Stopped] -- -- (ALG)
SRV - [2010-02-21 22:28:54 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-10-21 23:28:34 | 000,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP)
SRV - [2008-02-26 15:00:48 | 001,123,608 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- E:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2007-02-03 01:02:44 | 001,327,104 | R--- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\UGS\UGSLicensing\lmgrd.exe -- (UGS License Server (ugslmd)) UGS License Server (ugslmd)
SRV - [2007-02-02 16:02:46 | 001,327,104 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\UGS\I-DEAS\Resource Locking\lmgrd.exe -- (NX I-DEAS Resource Locking Service)
SRV - [2006-01-05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- E:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-12-17 16:02:34 | 000,099,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009-12-17 16:02:34 | 000,031,824 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2009-10-21 23:28:34 | 000,213,520 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009-10-21 23:28:34 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009-10-21 22:16:23 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2009-07-05 02:19:05 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2009-07-04 23:08:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2009-07-04 23:08:26 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2008-07-21 18:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008-04-30 18:06:48 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008-04-14 00:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-12 04:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2008-02-05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007-04-24 17:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2006-05-04 10:13:52 | 004,271,616 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-03-08 16:49:20 | 001,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-02-24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006-02-08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006-02-02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006-01-20 06:44:42 | 000,862,340 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006-01-18 12:41:58 | 000,080,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005-12-14 17:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005-11-24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005-11-11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005-10-21 08:13:08 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005-08-01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005-07-14 12:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005-07-12 19:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005-07-11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005-07-08 14:44:18 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vax347b.sys -- (vax347b)
DRV - [2005-02-17 17:07:48 | 000,005,632 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005-02-11 22:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005-01-06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004-05-28 04:13:04 | 000,016,269 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\ATK0100\ASNDIS5.sys -- (ASNDIS5)
DRV - [2004-04-30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vax347s.sys -- (vax347s)
DRV - [2002-10-04 03:32:48 | 000,017,932 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt680x.sys -- (GT680xNT)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKU\.DEFAULT..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware)
O4 - HKU\S-1-5-18..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware)
O4 - HKU\S-1-5-20..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware)
O4 - Startup: C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\Pidgin.lnk = E:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1123561945-1364589140-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O9 - Extra Button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-10-21 21:21:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001-10-09 18:42:52 | 000,000,045 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck OODBS) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-10-21 21:20:46 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "O&O Defrag"
MsConfig - Services: "UPS"
MsConfig - Services: "Norton Ghost"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "LightScribeService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Tango Patcher 2600 Reloader.lnk - C:\WINDOWS\Tango Patcher 2600\Reloader.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Marcin^Menu Start^Programy^Autostart^PowerReg Scheduler.exe - C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\PowerReg Scheduler.exe - File not found
MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - e:\Program Files\ALLPlayer\ALLUpdate.exe ()
MsConfig - StartUpReg: [b]Gadu-Gadu[/b] - hkey= - key= - E:\Program Files\Gadu-Gadu\gg.exe File not found
MsConfig - StartUpReg: [b]HPDJ Taskbar Utility[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - File not found
MsConfig - StartUpReg: [b]Norton Ghost 12.0[/b] - hkey= - key= - E:\Program Files\Norton Ghost\Agent\VProTray.exe File not found
MsConfig - StartUpReg: [b]RemoteControl[/b] - hkey= - key= - e:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: [b]SMSERIAL[/b] - hkey= - key= - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: [b]TransBar[/b] - hkey= - key= - C:\WINDOWS\TransBar.exe (AKSoftware)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-04-07 23:46:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Marcin\Recent
[2010-04-07 21:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Malwarebytes
[2010-04-07 21:35:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-07 21:35:13 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-07 21:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-04-07 21:34:10 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.45.exe
[2010-04-07 21:29:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-04-07 17:57:19 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010-03-28 00:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\EACOM
[2010-03-18 21:51:06 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2010-03-18 21:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\QuickTime
[2010-03-18 21:50:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010-03-15 22:09:35 | 000,000,000 | ---D | C] -- C:\ideas
[2010-03-15 21:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\IONA63
[2010-03-15 20:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\UGS
[2010-03-13 17:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Macrovision
[2010-03-13 16:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\OrbixE2AConfigurations
[2010-03-02 00:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\Help
[2010-03-02 00:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Help
[2010-03-01 22:55:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Tango Patcher 2600
[2010-02-27 22:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xtupdate
[2010-02-27 22:09:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS
[2010-02-27 16:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\uTorrent
[2010-02-27 12:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\PTC
[2010-02-22 23:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Dev-Cpp
[2010-02-21 22:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
[2010-02-21 22:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\DWG TrueView 2010
[2010-02-21 22:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010-02-21 22:29:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Templates
[2010-02-21 22:29:59 | 000,000,000 | ---D | C] -- E:\Magazyn\Moje dokumenty\Inventor
[2010-02-21 22:29:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Design Data
[2010-02-21 22:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010-02-21 22:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Autodesk
[2010-02-21 22:18:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010-02-21 20:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010-02-19 00:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010-02-19 00:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010-02-19 00:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sun
[2010-02-19 00:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-02-19 00:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010-02-07 21:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marcin\Dane aplikacji\Hardcore
[2010-02-07 04:08:37 | 001,451,651 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\scifiworld.exe
[2010-02-07 04:08:37 | 000,400,020 | ---- | C] (MacSourcery) -- C:\WINDOWS\scifiworld.scr
[2010-02-07 04:08:37 | 000,029,696 | ---- | C] (MacSourcery) -- C:\WINDOWS\mickey32.dll
[2009-10-21 23:25:49 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347b.sys
[2009-10-21 23:25:49 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347s.sys
[2009-10-21 22:26:06 | 000,017,932 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Gt680x.sys
[2009-10-21 21:35:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-10-21 21:35:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-10-21 21:30:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-10-21 21:30:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-04-07 23:47:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-04-07 23:47:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-04-07 23:46:49 | 000,005,460 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010-04-07 23:46:48 | 012,956,192 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010-04-07 23:46:48 | 000,974,880 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010-04-07 23:46:48 | 000,104,396 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010-04-07 23:46:41 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Marcin\NTUSER.DAT
[2010-04-07 23:46:41 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Marcin\ntuser.ini
[2010-04-07 23:44:26 | 000,386,857 | ---- | M] () -- C:\acadminidump.dmp
[2010-04-07 23:43:26 | 000,023,630 | ---- | M] () -- C:\WINDOWS\System32\Notepad.ini
[2010-04-07 22:09:13 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Microsoft Excel.lnk
[2010-04-07 21:34:36 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.45.exe
[2010-04-07 21:29:09 | 000,499,500 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-04-07 21:29:09 | 000,439,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-04-07 21:29:09 | 000,088,158 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-04-07 21:29:08 | 001,106,650 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-07 21:29:08 | 000,070,798 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010-04-06 10:46:03 | 000,000,579 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-04-06 10:46:03 | 000,000,467 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-04-06 10:46:03 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010-04-05 12:13:49 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-03-31 16:04:34 | 015,156,777 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\przyklady_CATIA_1.pdf
[2010-03-31 05:54:18 | 000,114,938 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 2.pdf
[2010-03-31 05:52:35 | 000,111,623 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 1.pdf
[2010-03-31 03:35:26 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\acad.err
[2010-03-31 02:45:44 | 000,225,152 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\proj.proc.prod1.dwg
[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-03-29 05:27:44 | 000,043,394 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\PKM szkic.pdf
[2010-03-29 02:40:05 | 000,014,426 | ---- | M] () -- E:\Magazyn\Moje dokumenty\Ref.odt
[2010-03-29 00:03:36 | 000,013,824 | ---- | M] () -- E:\Magazyn\Moje dokumenty\Ciśnienie.xls
[2010-03-28 00:38:26 | 000,000,497 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2010-03-23 01:18:47 | 000,625,971 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\projektowanie procesów technologicznych.docx
[2010-03-21 20:30:15 | 000,000,154 | ---- | M] () -- C:\JANUS.ERR
[2010-03-19 01:55:53 | 002,640,536 | -H-- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-03-18 22:13:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010-03-18 21:50:52 | 000,000,361 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2010-03-14 20:05:06 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\Bierzące.lnk
[2010-03-13 20:15:51 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas900.app
[2010-03-13 20:15:51 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error900.out
[2010-03-13 20:10:33 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas2820.app
[2010-03-13 20:10:33 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error2820.out
[2010-03-13 20:07:54 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas3592.app
[2010-03-13 20:07:54 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error3592.out
[2010-03-13 20:05:27 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas3800.app
[2010-03-13 20:05:27 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error3800.out
[2010-03-13 20:03:23 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\Marcin\ideas3400.app
[2010-03-13 20:03:23 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Marcin\error3400.out
[2010-03-03 00:45:40 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-01 23:04:18 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\taskmgr.lnk
[2010-03-01 23:00:34 | 000,003,372 | ---- | M] () -- C:\WINDOWS\System32\NOTEPAD.bak.ini
[2010-03-01 22:12:45 | 000,001,004 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2010-02-27 22:13:49 | 000,000,081 | ---- | M] () -- C:\WINDOWS\xptools.ini
[2010-02-27 22:09:55 | 000,620,032 | ---- | M] () -- C:\WINDOWS\System32\xtbaksm.dll
[2010-02-27 22:09:55 | 000,620,032 | ---- | M] () -- C:\WINDOWS\System32\xtbaksm.dat
[2010-02-27 22:09:53 | 000,000,510 | ---- | M] () -- C:\WINDOWS\System32\xtupdate.zip
[2010-02-27 22:09:53 | 000,000,510 | ---- | M] () -- C:\WINDOWS\System32\xtupdate.dat
[2010-02-27 22:09:53 | 000,000,030 | ---- | M] () -- C:\WINDOWS\System32\xtbn.dll
[2010-02-27 16:17:36 | 000,006,250 | ---- | M] () -- C:\ptcsetup.bak
[2010-02-24 20:19:40 | 000,000,710 | ---- | M] () -- C:\WINDOWS\QIII.INI
[2010-02-21 22:58:20 | 000,079,664 | ---- | M] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-02-21 22:44:52 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-02-19 01:48:44 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\OpenOffice.org Writer.lnk
[2010-02-07 19:37:31 | 000,008,169 | ---- | M] () -- C:\Documents and Settings\Marcin\Pulpit\iPod konkurs regulamin.rtf
[2010-02-07 04:08:37 | 001,451,651 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\scifiworld.exe
[2010-02-07 04:08:37 | 000,400,020 | ---- | M] (MacSourcery) -- C:\WINDOWS\scifiworld.scr
[2010-02-07 04:08:37 | 000,029,696 | ---- | M] (MacSourcery) -- C:\WINDOWS\mickey32.dll
[2010-02-07 00:07:23 | 000,000,810 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-04-06 10:46:03 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Marcin\Menu Start\Programy\Autostart\Pidgin.lnk
[2010-03-31 16:04:41 | 015,156,777 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\przyklady_CATIA_1.pdf
[2010-03-31 03:35:26 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\acad.err
[2010-03-29 05:27:44 | 000,043,394 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\PKM szkic.pdf
[2010-03-29 00:03:36 | 000,013,824 | ---- | C] () -- E:\Magazyn\Moje dokumenty\Ciśnienie.xls
[2010-03-28 23:37:57 | 000,002,419 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Microsoft Excel.lnk
[2010-03-28 00:38:26 | 000,000,497 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010-03-25 06:08:59 | 000,114,938 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 2.pdf
[2010-03-25 00:50:25 | 000,111,623 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Dolna płyta arkusz 1.pdf
[2010-03-24 22:04:01 | 000,225,152 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\proj.proc.prod1.dwg
[2010-03-18 22:13:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010-03-18 21:50:52 | 000,000,361 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp
[2010-03-18 21:49:14 | 000,000,154 | ---- | C] () -- C:\JANUS.ERR
[2010-03-18 21:39:16 | 000,507,904 | ---- | C] () -- C:\WINDOWS\Silent Hunter II remove.exe
[2010-03-14 20:05:06 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\Bierzące.lnk
[2010-03-13 20:15:48 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas900.app
[2010-03-13 20:15:47 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error900.out
[2010-03-13 20:10:30 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas2820.app
[2010-03-13 20:10:29 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error2820.out
[2010-03-13 20:07:51 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas3592.app
[2010-03-13 20:07:50 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error3592.out
[2010-03-13 20:05:24 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas3800.app
[2010-03-13 20:05:23 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error3800.out
[2010-03-13 20:03:19 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas3400.app
[2010-03-13 20:03:15 | 000,020,193 | ---- | C] () -- C:\Documents and Settings\Marcin\ideas_sysenvlog.txt
[2010-03-13 20:03:15 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Marcin\error3400.out
[2010-03-12 20:09:11 | 000,625,971 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\projektowanie procesów technologicznych.docx
[2010-03-01 23:57:44 | 000,023,630 | ---- | C] () -- C:\WINDOWS\System32\Notepad.ini
[2010-03-01 23:57:43 | 000,796,672 | ---- | C] () -- C:\WINDOWS\System32\notepad.exe
[2010-02-27 22:13:49 | 000,000,081 | ---- | C] () -- C:\WINDOWS\xptools.ini
[2010-02-27 22:09:55 | 000,620,032 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.dll
[2010-02-27 22:09:55 | 000,620,032 | ---- | C] () -- C:\WINDOWS\System32\xtbaksm.dat
[2010-02-27 22:09:53 | 000,000,510 | ---- | C] () -- C:\WINDOWS\System32\xtupdate.zip
[2010-02-27 22:09:53 | 000,000,510 | ---- | C] () -- C:\WINDOWS\System32\xtupdate.dat
[2010-02-27 22:09:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\xtbn.dll
[2010-02-27 22:08:57 | 000,001,004 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010-02-27 10:58:50 | 000,006,250 | ---- | C] () -- C:\ptcsetup.bak
[2010-02-25 22:25:09 | 000,386,857 | ---- | C] () -- C:\acadminidump.dmp
[2010-02-19 01:48:44 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\OpenOffice.org Writer.lnk
[2010-02-19 01:07:51 | 000,014,426 | ---- | C] () -- E:\Magazyn\Moje dokumenty\Ref.odt
[2010-02-19 00:58:25 | 000,058,368 | ---- | C] () -- E:\Magazyn\Moje dokumenty\Okładki na płyty.doc
[2010-02-07 19:37:31 | 000,008,169 | ---- | C] () -- C:\Documents and Settings\Marcin\Pulpit\iPod konkurs regulamin.rtf
[2010-02-07 00:07:25 | 000,000,000 | RHS- | C] () -- C:\msdos.$$$
[2010-01-17 17:04:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marcin\.gtkrc-2.0
[2010-01-12 04:04:55 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Marcin\.recently-used.xbel
[2010-01-02 19:17:39 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2009-12-29 21:34:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2009-12-29 21:30:03 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2009-12-29 21:30:03 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2009-12-06 14:07:30 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009-12-04 02:03:27 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2009-11-24 10:13:37 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Q3CDKey.ini
[2009-11-23 23:05:16 | 000,000,710 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2009-11-08 22:14:49 | 000,000,055 | ---- | C] () -- C:\WINDOWS\MinGW.INI
[2009-11-02 00:14:26 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2009-11-01 00:45:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-10-28 19:40:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009-10-23 02:38:29 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Marcin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-22 00:21:36 | 000,003,372 | ---- | C] () -- C:\WINDOWS\System32\NOTEPAD.bak.ini
[2009-10-22 00:17:45 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-10-22 00:17:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-10-22 00:17:43 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-10-22 00:17:43 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-10-22 00:17:42 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-10-22 00:17:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-10-21 23:52:42 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-10-21 23:35:13 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009-10-21 22:35:53 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2009-10-21 22:26:06 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2009-10-21 22:25:55 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2009-10-21 22:13:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009-10-21 22:00:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2009-10-21 22:00:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2009-10-21 22:00:24 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2009-10-21 22:00:24 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2009-10-21 22:00:24 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2009-10-21 22:00:24 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2009-10-21 22:00:24 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2009-10-21 22:00:23 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2009-10-21 22:00:23 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2009-10-21 21:56:40 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-10-21 21:47:45 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2009-10-21 21:42:11 | 000,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2009-10-21 21:38:44 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Marcin\ntuser.ini
[2009-10-21 21:38:39 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\Marcin\NTUSER.DAT
[2009-10-21 21:38:39 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Marcin\NTUSER.DAT.LOG
[2009-10-21 21:30:28 | 000,530,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2009-10-21 21:24:03 | 000,000,047 | ---- | C] () -- C:\WINDOWS\TransBar.ini
[2009-07-05 18:59:43 | 000,000,810 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005-09-02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005-07-22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004-07-20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004-01-15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2001-12-12 02:28:51 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Marcin\hpsfx.ini
[1999-01-22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2009-10-21 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Foxit
[2010-02-26 18:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
[2009-10-24 20:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus
[2009-11-11 11:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DassaultSystemes
[2010-01-01 23:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation
[2010-01-22 11:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PDF Writer
[2009-10-21 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Foxit
[2010-04-07 23:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\.purple
[2010-02-26 18:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Autodesk
[2010-02-01 10:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Azureus
[2009-11-11 11:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\DassaultSystemes
[2010-03-02 00:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Dev-Cpp
[2010-03-31 02:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\foobar2000
[2009-10-21 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Foxit
[2009-10-22 00:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\GHISLER
[2010-01-15 02:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\gtk-2.0
[2010-02-07 21:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Hardcore
[2010-01-12 04:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\inkscape
[2010-01-10 02:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\OpenOffice.org
[2009-10-22 00:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\Opera
[2010-01-22 11:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\PDF Writer
[2010-02-27 12:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\PTC
[2010-02-27 16:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marcin\Dane aplikacji\uTorrent

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-04-07 23:44:26 | 000,386,857 | ---- | M] () -- C:\acadminidump.dmp
[2009-11-11 14:02:34 | 000,000,170 | ---- | M] () -- C:\ASWL2K.ini
[2009-10-21 21:21:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-04-06 10:46:03 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001-07-22 02:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-10-21 21:21:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-04-07 18:01:52 | 000,044,584 | ---- | M] () -- C:\Extras.Txt
[2009-10-21 21:21:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-03-21 20:30:15 | 000,000,154 | ---- | M] () -- C:\JANUS.ERR
[2010-04-07 23:42:50 | 000,001,548 | ---- | M] () -- C:\mbam-log-2010-04-07 (23-42-39).txt
[2010-04-07 21:34:36 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.45.exe
[2009-10-21 21:21:44 | 000,000,000 | RHS- | M] () -- C:\msdos.$$$
[2009-10-21 21:21:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-14 00:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-14 02:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-04-07 17:57:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010-04-07 18:01:45 | 000,115,614 | ---- | M] () -- C:\OTL.Txt
[2010-02-27 16:17:36 | 000,006,250 | ---- | M] () -- C:\ptcsetup.bak
[2010-03-05 00:02:48 | 000,005,947 | ---- | M] () -- C:\ptcsetup.log
[2009-10-22 22:41:21 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX


[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-04-14 02:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-15 00:50:32 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-14 02:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-15 00:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
< End of report >
[/log]

Log z Malwarebytes' Anti-Malware:
[log]
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Wersja bazy: 3966

Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 8.0.6001.18702

2010-04-07 23:42:39
mbam-log-2010-04-07 (23-42-39).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|H:\|)
Przeskanowano obiektów: 431491
Upłynęło: 2 godzin(y), 1 minut(y), 41 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 2
Zainfekowane informacje rejestru systemowego: 2
Zainfekowanych folderów: 0
Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.

Zainfekowane informacje rejestru systemowego:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
(Nie znaleziono zagrożeń)
[/log]

Po skanowaniach zniknęły pliki autorun.inf z nośników wymiennych. Podczas ręcznego usuwania tych z ikoną kosza okazało się, że to zwykłe foldery, które zawierały wcześniej niewidoczne pliki .exe.

Mateusz J.
komentarz
komentarz

Czysto.
Odpal opcje CleanUP w OTL.

osemka
komentarz
komentarz

Wykonać jeszcze raz procedurę skanowania wg linka na górze i dopiero dać CleanUP czy od razu po włączeniu programu?

Mateusz J.
komentarz
komentarz

Obojętne, możesz od razu.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.