Sothan utworzono 10 czerwca 2012 utworzono 10 czerwca 2012 Witam! Rok temu kupiłem dysk Toshiba 500GB, do tej pory wszystko było ok, a tu nagle *CIACH* i dysk nie działa. Wczoraj pożyczyłem dysk kumplowi, żeby zgrał mi parę filmów. (Dotychczas wszystko działało) Na drugi dzień przychodzi do mnie i mówi, że dysk chyba nie działa - ja zdziwiony, przecież w końcu 2dni temu działał. Podłączyłem dysk pod port USB, na początku już mi się nie podobał, ponieważ był czytany jako dysk I, a zwykle był jako G, i nie było miniaturki dysku w ikonce. Otworzyłem dysk, otwieram folder "Filmy" i w tym samym czasie wywaliło mi błąd, pozwolę sobie zacytować - [quote]System Windows nie może odnaleźć pliku "I:\RECYCLER\4F7D468......exe.Upewnij się, że wpisana nazwa jest poprawna i spróbuj ponownie.[/quote] Obszukałem tysiące for internetowych, wiele osób miało podobny problem, lecz osoby im pomagające prosiły o logi z OTL, i oczywiście każdy ma inny, a nie będę odkopywał tematu z 2011r. wklejając swój log.. Tak więc proszę o pomoc, nagrodzę w naturze! Pozdrawiam.
Doman komentarz 10 czerwca 2012 komentarz 10 czerwca 2012 [quote name='Sothan' timestamp='1339359374' post='1518442'] Tak więc proszę o pomoc, nagrodzę w naturze! [/quote] Śmiesznie brzmi. A np. możesz do niego wejść przez Total Comandera, lub jakiegoś linuxa ? Albo czy możesz go przeskanować hd tune ? Próbowałeś formatować ?
Sothan komentarz 11 czerwca 2012 Autor komentarz 11 czerwca 2012 Próbowałem wejść przez TotalCmd, ale to nic nie dało, nadal wywalało ten sam błąd. Nie formatowałem, ponieważ są tam cenne dane Przeskanuje przez ten hd tune i zobaczymy, mam wysłać jakiś log?
Doman komentarz 11 czerwca 2012 komentarz 11 czerwca 2012 [url="http://www.forumpc.pl/index.php?showtopic=237061&st=0&p=1428336&#entry1428336"]http://www.forumpc.pl/index.php?showtopic=237061&st=0&p=1428336&#entry1428336[/url] tam masz o hd tune.
Sothan komentarz 12 czerwca 2012 Autor komentarz 12 czerwca 2012 Ale czy ktoś wie w ogóle, o co chodzi z tymi ikonami?
Doman komentarz 12 czerwca 2012 komentarz 12 czerwca 2012 Wstaw ss jak to wygląda w praktyce i logi z OTL'a
Sothan komentarz 12 czerwca 2012 Autor komentarz 12 czerwca 2012 Zielona strzałeczka pokazuje, to co wyskakuje po kliknięciu na ten "skrót" Niebieska strzałka pokazuje, te felerne skróty, na dysku. Jak widać HDtune, nie pokazuje aby były jakiekolwiek Bad Sectory, więc "fizycznie" z dyskiem wszystko gra. Pomooocy! [img]http://img819.imageshack.us/img819/7536/hddc.jpg[/img]
Doman komentarz 12 czerwca 2012 komentarz 12 czerwca 2012 Pewnie używałeś jakiegoś programu do zmiany wyglądu systemu ?
Sothan komentarz 12 czerwca 2012 Autor komentarz 12 czerwca 2012 Raczej nie używałem. Mam SevenLight v3. Nic w wyglądzie nie zmieniałem. A czym to może być jeszcze spowodowane?
Doman komentarz 12 czerwca 2012 komentarz 12 czerwca 2012 Przeskanuj całość malwarewebs, po skanie usuń i wstaw te logi z OTL'a
Sothan komentarz 13 czerwca 2012 Autor komentarz 13 czerwca 2012 malwarewebs? Wpisując to w google, nie ma żadneg programu do pobrania. Logi z OTL'a są niedostępne ponieważ ten skrypt, o jakim mówiłem u mnie nie działa,
Doman komentarz 13 czerwca 2012 komentarz 13 czerwca 2012 Już prostuję. Przepraszam - [url="http://www.google.pl/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&sqi=2&ved=0CGsQFjAB&url=http%3A%2F%2Fwww.dobreprogramy.pl%2FMalwarebytes-AntiMalware%2CProgram%2CWindows%2C13117.html&ei=yYnYT86hMsnHsgbP5vWTDw&usg=AFQjCNEGWDSZ2t0kJbDDVjv-jkRkeSsk4g&sig2=311r1BmRuvDmrXylMlgN_g"]proszę[/url] i jak tak OTL nie działa, to pobierz go z innym rozszerzeniem.
Gość komentarz 13 czerwca 2012 komentarz 13 czerwca 2012 [quote]Logi z OTL'a są niedostępne ponieważ ten skrypt, o jakim mówiłem u mnie nie działa, [/quote] Jaki skrypt? Masz uruchomic OTL zaznaczyć wszystkie sekcje na Uzyj filtrowania, zaznaczyć Wszyscy użtkownicy, zanzczyć Infekcja LOP i PURITY i kliknać w [b]Skanuj[/b] 1
Sothan komentarz 13 czerwca 2012 Autor komentarz 13 czerwca 2012 (edytowane) [b][size=4]MALWARE:[/size][/b] [size=4][log][/size] Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Wersja bazy: v2012.04.04.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Maciej :: MACIEJ-KOMPUTER [administrator] 2012-06-13 15:07:44 mbam-log-2012-06-13 (15-07-44).txt Typ skanowania: Niestandardowe skanowanie Zaznaczone opcje skanowania: System plików | Heuristyka/Shuriken | PUP | PUM Odznaczone opcje skanowania: Pamięć | Rozruch | Rejestr | Heurystyka/Dodatkowe | P2P Przeskanowano obiektów: 3091 Upłynęło: 8 minut(y), 18 sekund(y) Wykrytych procesów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych modułów w pamięci: 0 (Nie znaleziono zagrożeń) Wykrytych kluczy rejestru: 0 (Nie znaleziono zagrożeń) Wykrytych wartości rejestru: 0 (Nie znaleziono zagrożeń) Wykryte wpisy rejestru systemowego: 0 (Nie znaleziono zagrożeń) wykrytych folderów: 0 (Nie znaleziono zagrożeń) Wykrytych plików: 1 I:\System Volume Information\_restore{8B5917AE-E87D-4792-A0BD-323FDF5288A0}\RP175\A0856692.exe (Trojan.FakeAlert) -> Dodanie do kwarantanny i usunięcie pliku zakończyły się powodzeniem. (zakończo [size=4][/log][/size] [b][size=3]OTL::[/size][/b] [size=4][log][/size] OTL logfile created on: 2012-06-13 15:08:18 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = E:\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,50 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 25,57% Memory free 7,00 Gb Paging File | 3,75 Gb Available in Paging File | 53,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 70,32 Gb Total Space | 49,48 Gb Free Space | 70,37% Space Free | Partition Type: NTFS Drive D: | 39,64 Gb Total Space | 37,53 Gb Free Space | 94,68% Space Free | Partition Type: NTFS Drive E: | 206,05 Gb Total Space | 10,48 Gb Free Space | 5,08% Space Free | Partition Type: NTFS Drive I: | 465,76 Gb Total Space | 58,01 Gb Free Space | 12,46% Space Free | Partition Type: NTFS Computer Name: MACIEJ-KOMPUTER | User Name: Maciej | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-06-12 14:29:14 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012-06-12 14:29:14 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe PRC - [2012-06-10 22:16:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL (1).exe PRC - [2012-06-07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012-04-22 13:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2012-04-22 13:50:44 | 000,174,120 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012-04-22 13:50:32 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2012-04-09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-04-05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG\avgtray.exe PRC - [2012-04-04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012-04-04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-03-15 04:05:14 | 003,090,056 | ---- | M] (Trend Media Corporation Limited) -- D:\Programy\FlashGet 3\Flashget3.exe PRC - [2012-03-01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012-02-29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG\avgwdsvc.exe PRC - [2012-02-14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG\avgrsx.exe PRC - [2012-02-14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Programy\AVG\avgcsrvx.exe PRC - [2011-07-04 19:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- D:\Programy\Gadu-Gadu 10\gg.exe PRC - [2011-04-15 01:54:42 | 002,640,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011-03-27 02:01:01 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011-03-27 02:00:49 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010-07-08 23:25:36 | 003,554,304 | ---- | M] (MacGadger Studios) -- C:\Program Files\MacGadger\MacG.exe PRC - [2010-02-22 10:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe PRC - [2010-01-15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2008-10-26 05:57:38 | 016,151,824 | ---- | M] (Electronic Arts) -- E:\Gry\undercover\nfs.exe PRC - [2007-12-17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE PRC - [2007-01-11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-06-12 14:29:15 | 000,132,664 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll MOD - [2012-06-12 14:29:14 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012-06-07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll MOD - [2012-06-07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll MOD - [2012-06-07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\libglesv2.dll MOD - [2012-06-07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\libegl.dll MOD - [2012-06-07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\avutil-51.dll MOD - [2012-06-07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\avformat-54.dll MOD - [2012-06-07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll MOD - [2012-06-07 09:23:19 | 009,252,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll MOD - [2012-05-05 16:14:28 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2012-03-15 04:06:50 | 000,059,016 | ---- | M] () -- D:\Programy\FlashGet 3\zlib.dll MOD - [2012-03-15 04:00:08 | 000,262,144 | ---- | M] () -- D:\Programy\FlashGet 3\ckcore.dll MOD - [2012-03-15 04:00:08 | 000,249,856 | ---- | M] () -- D:\Programy\FlashGet 3\BugReport.dll MOD - [2011-07-04 19:46:20 | 000,217,696 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\gglog.dll MOD - [2011-07-04 19:46:18 | 000,123,488 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\ggipcradioproxy.dll MOD - [2011-07-04 19:46:16 | 000,017,504 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\ggipc.dll MOD - [2011-07-04 19:46:12 | 000,027,744 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\ggcrypto.dll MOD - [2011-07-04 19:46:10 | 000,356,960 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\ggcommon.dll MOD - [2011-04-16 05:04:30 | 014,749,696 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\QtWebKit4.dll MOD - [2011-02-17 11:00:28 | 001,781,760 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\QtScript4.dll MOD - [2011-02-17 11:00:28 | 000,393,216 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\QtXml4.dll MOD - [2011-02-17 11:00:28 | 000,327,680 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\QtSvg4.dll MOD - [2011-02-17 11:00:26 | 001,044,480 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\QtNetwork4.dll MOD - [2011-02-17 11:00:24 | 009,097,216 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\QtGui4.dll MOD - [2011-02-17 11:00:24 | 002,560,000 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\QtCore4.dll MOD - [2011-02-17 10:59:40 | 000,311,296 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\imageformats\qtiff4.dll MOD - [2011-02-17 10:59:40 | 000,274,432 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\imageformats\qmng4.dll MOD - [2011-02-17 10:59:40 | 000,143,360 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\imageformats\qjpeg4.dll MOD - [2011-02-17 10:59:40 | 000,027,648 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\imageformats\qgif4.dll MOD - [2011-02-17 10:59:40 | 000,018,944 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\imageformats\qsvg4.dll MOD - [2011-02-17 10:59:32 | 000,059,904 | ---- | M] () -- D:\Programy\Gadu-Gadu 10\zlib1.dll MOD - [2008-10-22 06:27:06 | 000,833,236 | ---- | M] () -- E:\Gry\undercover\PB\pbcl.dll MOD - [2008-10-22 06:27:06 | 000,057,344 | ---- | M] () -- C:\Users\Maciej\AppData\Local\PunkBuster\UNCO\pb\pbag.dll MOD - [2007-05-22 11:59:22 | 000,128,512 | ---- | M] () -- D:\Programy\RarExt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- D:\Programy\avgwdsvc.exe -- (avg9wd) SRV - File not found [Auto | Stopped] -- D:\Programy\avgemc.exe -- (avg9emc) SRV - [2012-06-12 14:29:14 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0) SRV - [2012-05-05 16:14:28 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-04-22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012-04-09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-04-05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-04-04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-03-01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Programy\AVG\avgwdsvc.exe -- (avgwd) SRV - [2010-02-22 10:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr) SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-12-17 04:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007-01-11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Maciej\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ac9p9lfj) DRV - [2012-06-13 15:07:41 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012-06-13 14:07:43 | 000,138,184 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2012-04-22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2012-04-19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012-03-23 22:16:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2012-03-23 22:15:48 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2012-03-01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012-02-22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2012-01-31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2012-01-09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012-01-09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011-12-23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011-07-29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2011-07-29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011-03-27 02:01:27 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2011-03-27 02:01:13 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011-03-27 02:00:38 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2011-03-27 02:00:38 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2011-03-27 02:00:38 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2011-03-27 02:00:37 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2011-03-27 02:00:37 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2011-03-27 02:00:37 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2011-03-27 02:00:37 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2011-03-27 02:00:37 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2011-03-27 02:00:37 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2011-03-27 02:00:35 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2011-03-27 02:00:35 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2009-07-14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"]http://www.bing.com/...ms}&FORM=IE8SRC[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [url="http://isearch.avg.com/search?cid={D0B53B00-76CB-46CE-AEC1-1082E40B389C}&mid=706efdf006a7141f96d5dd5c2a0979f9-3b19f0a6dd146ab4e105ba3ad8be9fe06f4d8838&lang=pl&ds=AVG&pr=fr&d=2012-05-12"]http://isearch.avg.c...fr&d=2012-05-12[/url] 19:41:16&v=11.0.0.9&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: D:\Programy\AVG\Firefox\DoNotTrack\ [2012-05-12 19:40:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012-06-12 14:29:18 | 000,000,000 | ---D | M] [2012-04-20 21:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maciej\AppData\Roaming\mozilla\Extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = [url="http://isearch.avg.com/search?cid={D0B53B00-76CB-46CE-AEC1-1082E40B389C}&mid=706efdf006a7141f96d5dd5c2a0979f9-3b19f0a6dd146ab4e105ba3ad8be9fe06f4d8838&lang=pl&ds=AVG&pr=fr&d=2012-05-12"]http://isearch.avg.c...fr&d=2012-05-12[/url] 19:41:16&v=11.1.0.7&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = [url="http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}"]http://clients5.goog...outputEncoding}[/url] CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Maciej\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Maciej\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\Maciej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\Maciej\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Skype Click to Call = C:\Users\Maciej\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\ CHR - Extension: AVG Do Not Track = C:\Users\Maciej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Gmail = C:\Users\Maciej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Programy\AVG\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Maciej\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O4 - HKLM..\Run: [AVG_TRAY] D:\Programy\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programy\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [FlashGet 3] D:\Programy\FlashGet 3\FlashGet3.exe (Trend Media Corporation Limited) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Download all links by FlashGet3 - D:\Programy\FlashGet 3\BHO\fdgetallurl.htm () O8 - Extra context menu item: Download by FlashGet3 - D:\Programy\FlashGet 3\BHO\fdgeturl.htm () O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Programy\AVG\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.88.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C01D4BED-825F-4D5D-BCA2-F2647C67AC9B}: DhcpNameServer = 192.168.1.254 192.168.88.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programy\AVG\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012-06-09 17:56:44 | 000,000,120 | -H-- | M] () - I:\autorun.bak -- [ NTFS ] O32 - AutoRun File - [2012-06-09 17:56:44 | 000,000,139 | -H-- | M] () - I:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{5040deb9-75c1-11e1-b318-001a4d7b46fc}\Shell - "" = AutoRun O33 - MountPoints2\{5040deb9-75c1-11e1-b318-001a4d7b46fc}\Shell\AutoRun\command - "" = G:\NokiaPCIA_Autorun.exe O33 - MountPoints2\{5667364a-758e-11e1-abe6-001a4d7b46fc}\Shell - "" = AutoRun O33 - MountPoints2\{5667364a-758e-11e1-abe6-001a4d7b46fc}\Shell\AutoRun\command - "" = H:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (D:\Programy\AVG\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-06-13 15:07:41 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012-06-13 15:06:30 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\Malwarebytes [2012-06-13 15:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-06-13 15:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-06-13 15:06:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012-06-13 15:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012-06-11 16:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012-06-11 16:33:29 | 000,000,000 | ---D | C] -- C:\Users\Maciej\Desktop\hsr2.0cdromsetup [2012-06-11 05:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune [2012-06-11 05:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune [2012-06-10 20:36:10 | 000,000,000 | ---D | C] -- C:\totalcmd [2012-06-10 20:36:10 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander [2012-06-10 20:36:10 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\GHISLER [2012-06-10 20:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NTIReg [2012-06-10 19:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Backup Now EZ [2012-06-10 19:57:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Xp_x86 [2012-06-10 19:57:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\w2k_x86 [2012-06-10 19:57:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_x86 [2012-06-10 19:57:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_ia64 [2012-06-10 19:57:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_amd64 [2012-06-10 19:57:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_x86 [2012-06-10 19:57:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_ia64 [2012-06-10 19:57:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_amd64 [2012-06-10 19:57:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti [2012-06-10 19:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\NewTech Infosystems [2012-06-10 19:56:55 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012-06-09 12:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\OpenFM [2012-06-09 12:53:58 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\OpenFM [2012-06-08 18:51:49 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Local\CrashRpt [2012-06-08 18:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outerra [2012-06-08 18:50:26 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outerra [2012-06-08 18:50:24 | 000,000,000 | ---D | C] -- C:\Users\Maciej\Outerra [2012-06-08 10:26:26 | 000,000,000 | ---D | C] -- C:\Users\Maciej\Documents\NFS Undercover [2012-06-08 10:25:57 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Local\PunkBuster [2012-06-07 18:53:38 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\Milestone [2012-06-07 17:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Milestone [2012-06-07 11:13:09 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Local\Chromium [2012-06-07 11:13:04 | 000,000,000 | ---D | C] -- C:\Users\Maciej\Documents\Rockstar Games [2012-06-07 10:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games [2012-06-07 09:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games [2012-05-29 20:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012-05-29 20:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012-05-29 16:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2012-05-29 16:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2012-05-29 16:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2012-05-27 19:32:42 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Local\SniperV2 [2012-05-27 19:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebellion [2012-05-27 14:19:37 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBFBE.DLL [2012-05-27 14:19:37 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BFBE.DLL [2012-05-27 14:19:37 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\E_DCINST.DLL [2012-05-27 14:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2012-05-26 23:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012-05-26 12:50:16 | 000,000,000 | ---D | C] -- C:\Users\Maciej\Documents\Witcher 2 [2012-05-26 12:50:16 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Local\The Witcher 2 [2012-05-26 12:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2 [2012-05-24 14:33:41 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Roaming\LolClient2 [2012-05-24 14:14:29 | 000,000,000 | ---D | C] -- C:\Users\Maciej\AppData\Local\SKIDROW [2012-05-24 13:36:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012-05-22 16:01:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime [2012-05-22 16:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7 [2012-05-22 16:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2012-05-22 16:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012-05-22 16:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared [2012-05-19 09:14:27 | 000,000,000 | ---D | C] -- C:\Users\Maciej\Documents\Diablo III [2012-05-19 09:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012-05-19 09:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012-05-19 09:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo.III.Collectors.Edition [2012-05-15 18:43:57 | 000,000,000 | ---D | C] -- C:\Downloads [2012-05-14 18:41:08 | 000,000,000 | R--D | C] -- C:\Users\Maciej\Documents\Scanned Documents [2012-05-14 18:41:08 | 000,000,000 | ---D | C] -- C:\Users\Maciej\Documents\Fax [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-06-13 15:07:41 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012-06-13 15:06:57 | 000,737,242 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-06-13 15:06:57 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-06-13 15:06:57 | 000,153,930 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-06-13 15:06:57 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-06-13 14:26:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-06-13 14:14:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-06-13 14:07:43 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012-06-13 13:43:07 | 000,000,045 | ---- | M] () -- C:\Windows\MacG.INI [2012-06-13 13:43:06 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-06-13 13:42:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-06-13 11:55:34 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-06-13 11:55:34 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-06-13 11:54:09 | 100,275,833 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2012-06-13 11:48:06 | 2818,220,032 | -HS- | M] () -- C:\hiberfil.sys [2012-06-13 07:32:21 | 000,004,648 | ---- | M] () -- C:\Windows\System32\secustat.dat [2012-06-13 00:24:48 | 000,029,605 | ---- | M] () -- C:\Windows\System32\secushr.dat [2012-06-12 20:06:35 | 000,263,801 | ---- | M] () -- C:\Users\Maciej\Desktop\hdd.jpg [2012-06-12 17:44:16 | 000,075,023 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjg.avm [2012-06-12 17:22:38 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012-06-11 16:46:26 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012-06-10 19:57:31 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Backup Now EZ.lnk [2012-06-09 16:53:57 | 000,002,933 | ---- | M] () -- C:\Users\Maciej\Desktop\sztaba.jpg [2012-06-06 20:59:11 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job [2012-06-02 17:44:52 | 000,001,198 | ---- | M] () -- C:\Windows\System32\20120602174453.torrent.filelist [2012-06-02 17:44:52 | 000,000,608 | ---- | M] () -- C:\Windows\System32\20120602174452.torrent.filelist [2012-06-02 17:44:52 | 000,000,122 | ---- | M] () -- C:\Windows\System32\20120602174454.torrent.filelist [2012-06-01 10:02:11 | 000,069,362 | ---- | M] () -- C:\Windows\System32\20120602174452.torrent [2012-05-31 17:31:09 | 000,001,570 | ---- | M] () -- C:\Windows\System32\20120531173124.torrent.filelist [2012-05-31 17:31:09 | 000,000,444 | ---- | M] () -- C:\Windows\System32\20120531173125.torrent.filelist [2012-05-31 17:31:08 | 000,002,226 | ---- | M] () -- C:\Windows\System32\20120531173120.torrent.filelist [2012-05-31 17:31:08 | 000,002,166 | ---- | M] () -- C:\Windows\System32\20120531173123.torrent.filelist [2012-05-31 17:31:08 | 000,001,784 | ---- | M] () -- C:\Windows\System32\20120531173121.torrent.filelist [2012-05-31 17:31:08 | 000,001,166 | ---- | M] () -- C:\Windows\System32\20120531173119.torrent.filelist [2012-05-31 17:31:08 | 000,000,644 | ---- | M] () -- C:\Windows\System32\20120531173117.torrent.filelist [2012-05-31 17:31:08 | 000,000,292 | ---- | M] () -- C:\Windows\System32\20120531173122.torrent.filelist [2012-05-31 17:31:08 | 000,000,258 | ---- | M] () -- C:\Windows\System32\20120531173118.torrent.filelist [2012-05-31 17:31:07 | 000,002,614 | ---- | M] () -- C:\Windows\System32\20120531173111.torrent.filelist [2012-05-31 17:31:07 | 000,002,552 | ---- | M] () -- C:\Windows\System32\20120531173115.torrent.filelist [2012-05-31 17:31:07 | 000,002,296 | ---- | M] () -- C:\Windows\System32\20120531173112.torrent.filelist [2012-05-31 17:31:07 | 000,002,264 | ---- | M] () -- C:\Windows\System32\20120531173116.torrent.filelist [2012-05-31 17:31:07 | 000,001,646 | ---- | M] () -- C:\Windows\System32\20120531173109.torrent.filelist [2012-05-31 17:31:07 | 000,001,198 | ---- | M] () -- C:\Windows\System32\20120531173107.torrent.filelist [2012-05-31 17:31:07 | 000,000,814 | ---- | M] () -- C:\Windows\System32\20120531173110.torrent.filelist [2012-05-31 17:31:07 | 000,000,664 | ---- | M] () -- C:\Windows\System32\20120531173113.torrent.filelist [2012-05-31 17:31:07 | 000,000,566 | ---- | M] () -- C:\Windows\System32\20120531173114.torrent.filelist [2012-05-31 17:31:07 | 000,000,122 | ---- | M] () -- C:\Windows\System32\20120531173108.torrent.filelist [2012-05-29 16:16:23 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012-05-27 19:30:22 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Sniper Elite V2.lnk [2012-05-26 12:48:17 | 000,000,465 | ---- | M] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk [2012-05-25 14:43:35 | 000,123,792 | ---- | M] () -- C:\Users\Maciej\Desktop\generImg [2012-05-23 23:17:41 | 000,057,646 | ---- | M] () -- C:\Windows\System32\20120531173125.torrent [2012-05-23 23:09:18 | 000,015,579 | ---- | M] () -- C:\Windows\System32\20120531173123.torrent [2012-05-23 23:09:18 | 000,014,229 | ---- | M] () -- C:\Windows\System32\20120531173124.torrent [2012-05-23 20:01:51 | 000,105,871 | ---- | M] () -- C:\Windows\System32\20120531173122.torrent [2012-05-23 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\UC.PIF [2012-05-23 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\RAR.PIF [2012-05-23 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKZIP.PIF [2012-05-23 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKUNZIP.PIF [2012-05-23 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\LHA.PIF [2012-05-23 08:00:00 | 000,000,545 | ---- | M] () -- C:\Windows\ARJ.PIF [2012-05-22 22:33:34 | 000,014,612 | ---- | M] () -- C:\Windows\System32\20120531173121.torrent [2012-05-22 16:05:21 | 000,005,120 | ---- | M] () -- C:\Users\Maciej\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-05-22 14:28:24 | 000,014,839 | ---- | M] () -- C:\Windows\System32\20120531173120.torrent [2012-05-21 13:20:12 | 000,000,144 | ---- | M] () -- C:\Windows\System32\BITS.ini [2012-05-19 09:09:21 | 000,000,741 | ---- | M] () -- C:\Users\Maciej\Desktop\Diablo.III.Collectors.Edition.lnk [2012-05-18 14:59:39 | 000,022,075 | ---- | M] () -- C:\Windows\System32\20120531173119.torrent [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-12 20:06:35 | 000,263,801 | ---- | C] () -- C:\Users\Maciej\Desktop\hdd.jpg [2012-06-10 20:36:10 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF [2012-06-10 20:36:10 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF [2012-06-10 20:36:10 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF [2012-06-10 20:36:10 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF [2012-06-10 20:36:10 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF [2012-06-10 20:36:10 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF [2012-06-10 19:57:31 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Backup Now EZ.lnk [2012-06-09 16:54:02 | 000,002,933 | ---- | C] () -- C:\Users\Maciej\Desktop\sztaba.jpg [2012-06-08 10:26:20 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012-06-05 21:13:17 | 001,424,788 | ---- | C] () -- C:\Users\Maciej\Desktop\TTPod v4.4 Official S60v5 ^3 VI by Caominh171@SymbianVN.sisx [2012-06-05 20:54:56 | 001,756,392 | ---- | C] () -- C:\Users\Maciej\Desktop\TTPod_4.41_Final_By_itZoM.sis [2012-06-02 17:44:52 | 000,069,362 | ---- | C] () -- C:\Windows\System32\20120602174452.torrent [2012-06-02 17:44:52 | 000,061,483 | R--- | C] () -- C:\Windows\System32\20120602174453.torrent [2012-06-02 17:44:52 | 000,055,176 | R--- | C] () -- C:\Windows\System32\20120602174454.torrent [2012-06-02 17:44:52 | 000,001,198 | ---- | C] () -- C:\Windows\System32\20120602174453.torrent.filelist [2012-06-02 17:44:52 | 000,000,608 | ---- | C] () -- C:\Windows\System32\20120602174452.torrent.filelist [2012-06-02 17:44:52 | 000,000,122 | ---- | C] () -- C:\Windows\System32\20120602174454.torrent.filelist [2012-05-31 17:31:09 | 000,057,646 | ---- | C] () -- C:\Windows\System32\20120531173125.torrent [2012-05-31 17:31:09 | 000,014,229 | ---- | C] () -- C:\Windows\System32\20120531173124.torrent [2012-05-31 17:31:09 | 000,001,570 | ---- | C] () -- C:\Windows\System32\20120531173124.torrent.filelist [2012-05-31 17:31:09 | 000,000,444 | ---- | C] () -- C:\Windows\System32\20120531173125.torrent.filelist [2012-05-31 17:31:08 | 000,105,871 | ---- | C] () -- C:\Windows\System32\20120531173122.torrent [2012-05-31 17:31:08 | 000,076,478 | ---- | C] () -- C:\Windows\System32\20120531173118.torrent [2012-05-31 17:31:08 | 000,056,008 | ---- | C] () -- C:\Windows\System32\20120531173117.torrent [2012-05-31 17:31:08 | 000,022,075 | ---- | C] () -- C:\Windows\System32\20120531173119.torrent [2012-05-31 17:31:08 | 000,015,579 | ---- | C] () -- C:\Windows\System32\20120531173123.torrent [2012-05-31 17:31:08 | 000,014,839 | ---- | C] () -- C:\Windows\System32\20120531173120.torrent [2012-05-31 17:31:08 | 000,014,612 | ---- | C] () -- C:\Windows\System32\20120531173121.torrent [2012-05-31 17:31:08 | 000,002,226 | ---- | C] () -- C:\Windows\System32\20120531173120.torrent.filelist [2012-05-31 17:31:08 | 000,002,166 | ---- | C] () -- C:\Windows\System32\20120531173123.torrent.filelist [2012-05-31 17:31:08 | 000,001,784 | ---- | C] () -- C:\Windows\System32\20120531173121.torrent.filelist [2012-05-31 17:31:08 | 000,001,166 | ---- | C] () -- C:\Windows\System32\20120531173119.torrent.filelist [2012-05-31 17:31:08 | 000,000,644 | ---- | C] () -- C:\Windows\System32\20120531173117.torrent.filelist [2012-05-31 17:31:08 | 000,000,292 | ---- | C] () -- C:\Windows\System32\20120531173122.torrent.filelist [2012-05-31 17:31:08 | 000,000,258 | ---- | C] () -- C:\Windows\System32\20120531173118.torrent.filelist [2012-05-31 17:31:07 | 000,071,764 | R--- | C] () -- C:\Windows\System32\20120531173110.torrent [2012-05-31 17:31:07 | 000,056,426 | R--- | C] () -- C:\Windows\System32\20120531173112.torrent [2012-05-31 17:31:07 | 000,055,176 | R--- | C] () -- C:\Windows\System32\20120531173108.torrent [2012-05-31 17:31:07 | 000,045,174 | R--- | C] () -- C:\Windows\System32\20120531173113.torrent [2012-05-31 17:31:07 | 000,044,992 | R--- | C] () -- C:\Windows\System32\20120531173114.torrent [2012-05-31 17:31:07 | 000,018,454 | R--- | C] () -- C:\Windows\System32\20120531173111.torrent [2012-05-31 17:31:07 | 000,018,000 | R--- | C] () -- C:\Windows\System32\20120531173109.torrent [2012-05-31 17:31:07 | 000,015,615 | R--- | C] () -- C:\Windows\System32\20120531173115.torrent [2012-05-31 17:31:07 | 000,014,664 | ---- | C] () -- C:\Windows\System32\20120531173116.torrent [2012-05-31 17:31:07 | 000,002,614 | ---- | C] () -- C:\Windows\System32\20120531173111.torrent.filelist [2012-05-31 17:31:07 | 000,002,552 | ---- | C] () -- C:\Windows\System32\20120531173115.torrent.filelist [2012-05-31 17:31:07 | 000,002,296 | ---- | C] () -- C:\Windows\System32\20120531173112.torrent.filelist [2012-05-31 17:31:07 | 000,002,264 | ---- | C] () -- C:\Windows\System32\20120531173116.torrent.filelist [2012-05-31 17:31:07 | 000,001,646 | ---- | C] () -- C:\Windows\System32\20120531173109.torrent.filelist [2012-05-31 17:31:07 | 000,001,198 | ---- | C] () -- C:\Windows\System32\20120531173107.torrent.filelist [2012-05-31 17:31:07 | 000,000,814 | ---- | C] () -- C:\Windows\System32\20120531173110.torrent.filelist [2012-05-31 17:31:07 | 000,000,664 | ---- | C] () -- C:\Windows\System32\20120531173113.torrent.filelist [2012-05-31 17:31:07 | 000,000,566 | ---- | C] () -- C:\Windows\System32\20120531173114.torrent.filelist [2012-05-31 17:31:07 | 000,000,122 | ---- | C] () -- C:\Windows\System32\20120531173108.torrent.filelist [2012-05-29 16:16:23 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012-05-27 19:30:22 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\Sniper Elite V2.lnk [2012-05-26 12:48:17 | 000,000,465 | ---- | C] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk [2012-05-25 14:43:35 | 000,123,792 | ---- | C] () -- C:\Users\Maciej\Desktop\generImg [2012-05-22 16:03:41 | 000,005,120 | ---- | C] () -- C:\Users\Maciej\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-05-21 13:20:12 | 000,000,144 | ---- | C] () -- C:\Windows\System32\BITS.ini [2012-05-19 09:09:21 | 000,000,741 | ---- | C] () -- C:\Users\Maciej\Desktop\Diablo.III.Collectors.Edition.lnk [2012-05-01 17:01:54 | 000,195,072 | ---- | C] () -- C:\Windows\System32\SKIDROW.dll [2012-05-01 17:01:49 | 000,195,072 | ---- | C] () -- C:\Windows\SKIDROW.dll [2012-03-27 15:57:41 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012-03-27 15:57:26 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012-03-24 13:56:41 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2012-03-24 13:56:40 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2012-03-24 13:56:40 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2012-03-24 13:56:40 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2012-03-24 13:56:40 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2012-03-24 09:47:02 | 000,004,648 | ---- | C] () -- C:\Windows\System32\secustat.dat [2012-03-24 09:46:36 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012-03-24 09:45:54 | 000,029,605 | ---- | C] () -- C:\Windows\System32\secushr.dat [2012-03-24 00:12:53 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2012-03-23 22:06:25 | 000,000,045 | ---- | C] () -- C:\Windows\MacG.INI [2012-03-23 21:57:42 | 000,171,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011-04-15 04:27:03 | 000,001,764 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll [2011-03-27 02:01:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011-03-27 02:01:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:6BE50C2B < End of report > [/log] Dodatkowo AVG wykryło 2trojany i jakieś 2 Win32/Partite
Gość komentarz 13 czerwca 2012 komentarz 13 czerwca 2012 Uruchom OTL i w oknie [b]własne opcje skanowania/skrypt[/b] wklej: [code]:OTL O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O4 - HKCU..\Run: [] File not found @Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:6BE50C2B :Commands [emptyflash] [emptytemp] [/code] Kliknij w [b]Wykonaj skrypt.[/b] [quote] [size=4]Dodatkowo AVG wykryło 2trojany i jakieś 2 Win32/Partite[/size] [/quote] Gdzie wykrył? Raport jest potrzebny i dokładne ścieżki do plików. 1
Sothan komentarz 13 czerwca 2012 Autor komentarz 13 czerwca 2012 (edytowane) Niestety zapomniałem zrobić ss z avg. LOG: [log]All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ADS C:\ProgramData\TEMP:6BE50C2B deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Basia ->Flash cache emptied: 0 bytes User: Default User: Default User User: Maciej ->Flash cache emptied: 3137 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Basia ->Temp folder emptied: 328294 bytes ->Temporary Internet Files folder emptied: 1629849 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 6659229 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Maciej ->Temp folder emptied: 1561621 bytes ->Temporary Internet Files folder emptied: 2253331 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 134656603 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 22183689 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 383391 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 162,00 mb OTL by OldTimer - Version 3.2.48.0 log created on 06132012_173207 Files\Folders moved on Reboot... Registry entries deleted on Reboot...[/log]
Gość komentarz 13 czerwca 2012 komentarz 13 czerwca 2012 Ja ci dam skrina. Masz znależć w konfiguracji AVG opcje odpowiadającą za raporty ze skanowania i przedstwaić log z wynikami. 1
Sothan komentarz 13 czerwca 2012 Autor komentarz 13 czerwca 2012 Mój błąd te wirusy nie były na Toshibie, tylko na moim normalnym dysku Pooomocy, co mam robić!?
Gość komentarz 13 czerwca 2012 komentarz 13 czerwca 2012 (edytowane) Koles to że wprowadziłeś infekcje sam - to ja wiem. Może sie w końcu określ o ktory dysk chodzi ? [code]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 70,32 Gb Total Space | 49,48 Gb Free Space | 70,37% Space Free | Partition Type: NTFS Drive D: | 39,64 Gb Total Space | 37,53 Gb Free Space | 94,68% Space Free | Partition Type: NTFS Drive E: | 206,05 Gb Total Space | 10,48 Gb Free Space | 5,08% Space Free | Partition Type: NTFS Drive I: | 465,76 Gb Total Space | 58,01 Gb Free Space | 12,46% Space Free | Partition Type: NTFS[/code] 1
Sothan komentarz 13 czerwca 2012 Autor komentarz 13 czerwca 2012 Chodzi o dysk przenośny I. Na nim mam ten problem.
Gość komentarz 14 czerwca 2012 komentarz 14 czerwca 2012 Dysk ma być podpięty. Zrób skan za pomocą USBfix z opcji [b]Listing[/b] i przedstaw raport. http://eldesaparecido.com/tools/UsbFix.exe 1
Sothan komentarz 14 czerwca 2012 Autor komentarz 14 czerwca 2012 (edytowane) ############################## | UsbFix V 7.089 | [Listing] [log] User: Maciej (Administrator) # MACIEJ-KOMPUTER Updated 09/06/2012 by El Desaparecido Started at 15:29:15 | 14/06/2012 Website: [url="http://eldesaparecido.com"]http://eldesaparecido.com[/url] Forum: [url="http://forum.eldesaparecido.com"]http://forum.eldesaparecido.com[/url] Suspicious file ? : [url="http://eldesaparecido.com/upload.php"]http://eldesaparecido.com/upload.php[/url] Contact: contact@eldesaparecido.com PC: Gigabyte Technology Co., Ltd. (M61SME-S2) (X86-based PC) # Desktop Computer CPU: AMD Athlon™ 7750 Dual-Core Processor (2700) RAM -> [Total : 3584 | Free : 2040] BIOS: Award Modular BIOS v6.00PG BOOT: Normal boot OS: Microsoft SevenLight v3 Final (6.1.7601 32-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: AVG Anti-Virus Free Edition 2012 [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 70 Gb (49 Mb free - 70%) [] # NTFS D:\ -> Fixed drive # 40 Gb (38 Mb free - 95%) [] # NTFS E:\ -> Fixed drive # 206 Gb (10 Mb free - 5%) [] # NTFS F:\ -> CD-ROM H:\ -> CD-ROM I:\ -> Fixed drive # 466 Gb (58 Mb free - 12%) [TOSHIBA EXT] # NTFS ################## | Listing | [12/05/2012 - 19:40:29 | HD ] C:\$AVG [25/03/2012 - 18:32:12 | SHD ] C:\$Recycle.Bin [10/06/2009 - 23:42:20 | A | 24] C:\autoexec.bat [10/06/2009 - 23:42:20 | A | 10] C:\config.sys [14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings [15/05/2012 - 18:44:25 | D ] C:\Downloads [14/04/2012 - 08:38:43 | SHD ] C:\found.000 [14/06/2012 - 14:28:57 | ASH | 2818220032] C:\hiberfil.sys [24/03/2012 - 22:29:53 | D ] C:\NVIDIA [14/06/2012 - 14:28:57 | ASH | 3757629440] C:\pagefile.sys [14/07/2009 - 04:37:05 | D ] C:\PerfLogs [14/06/2012 - 15:27:07 | RD ] C:\Program Files [13/06/2012 - 15:06:25 | HD ] C:\ProgramData [23/03/2012 - 22:04:06 | SHD ] C:\Recovery [14/06/2012 - 15:01:45 | SHD ] C:\System Volume Information [10/06/2012 - 20:37:26 | D ] C:\totalcmd [14/06/2012 - 15:29:18 | D ] C:\UsbFix [14/06/2012 - 15:28:54 | A | 2034] C:\UsbFix.txt [25/03/2012 - 18:32:05 | RD ] C:\Users [14/06/2012 - 15:26:24 | D ] C:\Windows [12/05/2012 - 20:20:56 | HD ] D:\$AVG [25/03/2012 - 18:32:12 | SHD ] D:\$RECYCLE.BIN [05/06/2012 - 20:32:42 | D ] D:\Mjuzik [29/04/2012 - 09:33:00 | D ] D:\Program Files [22/05/2012 - 16:01:18 | D ] D:\Programy [24/03/2012 - 10:50:19 | SHD ] D:\System Volume Information [04/05/2012 - 20:31:16 | D ] D:\TIBIA [12/05/2012 - 20:16:59 | HD ] E:\$AVG [25/03/2012 - 18:32:12 | SHD ] E:\$RECYCLE.BIN [14/06/2012 - 15:28:42 | SD ] E:\Downloads [07/11/2007 - 08:00:40 | A | 17734] E:\eula.1028.txt [07/11/2007 - 08:00:40 | A | 17734] E:\eula.1031.txt [07/11/2007 - 08:00:40 | A | 10134] E:\eula.1033.txt [07/11/2007 - 08:00:40 | A | 17734] E:\eula.1036.txt [07/11/2007 - 08:00:40 | A | 17734] E:\eula.1040.txt [07/11/2007 - 08:00:40 | A | 118] E:\eula.1041.txt [07/11/2007 - 08:00:40 | A | 17734] E:\eula.1042.txt [07/11/2007 - 08:00:40 | A | 17734] E:\eula.2052.txt [07/11/2007 - 08:00:40 | A | 17734] E:\eula.3082.txt [07/11/2007 - 08:00:40 | A | 1110] E:\globdata.ini [08/06/2012 - 10:18:13 | D ] E:\Gry [07/11/2007 - 08:03:18 | A | 562688] E:\install.exe [07/11/2007 - 08:00:40 | A | 843] E:\install.ini [07/11/2007 - 08:03:18 | A | 76304] E:\install.res.1028.dll [07/11/2007 - 08:03:18 | A | 96272] E:\install.res.1031.dll [07/11/2007 - 08:03:18 | A | 91152] E:\install.res.1033.dll [07/11/2007 - 08:03:18 | A | 97296] E:\install.res.1036.dll [07/11/2007 - 08:03:18 | A | 95248] E:\install.res.1040.dll [07/11/2007 - 08:03:18 | A | 81424] E:\install.res.1041.dll [07/11/2007 - 08:03:18 | A | 79888] E:\install.res.1042.dll [07/11/2007 - 08:03:18 | A | 75792] E:\install.res.2052.dll [07/11/2007 - 08:03:18 | A | 96272] E:\install.res.3082.dll [19/04/2012 - 08:23:12 | D ] E:\Luty 2012 [18/04/2012 - 20:16:43 | D ] E:\Nowy folder [08/06/2012 - 18:50:15 | D ] E:\Program Files [24/03/2012 - 10:50:20 | SHD ] E:\System Volume Information [07/11/2007 - 08:00:40 | A | 5686] E:\vcredist.bmp [07/11/2007 - 08:09:22 | A | 1442522] E:\VC_RED.cab [07/11/2007 - 08:12:28 | A | 232960] E:\VC_RED.MSI [10/06/2012 - 22:09:10 | D ] E:\_OTL [22/08/2011 - 16:44:17 | HD ] I:\$AVG [25/03/2012 - 18:32:12 | SHD ] I:\$RECYCLE.BIN [01/05/2012 - 16:45:48 | D ] I:\364ca0be68c7a109a4da7bc2195e03 [09/06/2012 - 18:21:38 | A | 1581] I:\364ca0be68c7a109a4da7bc2195e03.lnk [01/05/2012 - 21:51:11 | D ] I:\5928644786c4bd6f2516 [09/06/2012 - 16:33:19 | A | 1561] I:\5928644786c4bd6f2516.lnk [09/06/2012 - 17:56:44 | H | 120] I:\autorun.bak [09/06/2012 - 17:56:44 | H | 139] I:\autorun.inf [10/06/2012 - 20:54:21 | D ] I:\boot [02/02/2012 - 19:29:46 | SHD ] I:\DrWeb Quarantine [24/05/2012 - 13:44:54 | SHD ] I:\Filmy [10/06/2012 - 19:13:30 | A | 1525] I:\Filmy.lnk [15/04/2009 - 15:45:34 | A | 186341] I:\grldr [10/06/2012 - 20:54:18 | D ] I:\Images(Maciej-Komputer) [13/06/2012 - 13:43:37 | A | 161] I:\menu.lst [30/04/2012 - 23:15:31 | HD ] I:\msdownld.tmp [14/06/2012 - 15:01:46 | D ] I:\My Files(Maciej-Komputer) [10/06/2012 - 19:13:15 | SHD ] I:\RECYCLER [10/06/2012 - 20:03:30 | D ] I:\restore [10/08/2009 - 09:42:40 | A | 32] I:\start.cmd [11/06/2012 - 16:36:59 | SHD ] I:\System Volume Information [31/05/2010 - 03:54:01 | SHD ] I:\TOSHIBA [10/06/2012 - 19:15:52 | A | 1529] I:\TOSHIBA.lnk [24/03/2012 - 21:52:45 | SHD ] I:\Wesela [09/06/2012 - 18:01:32 | A | 1533] I:\Wesela.lnk [10/01/2012 - 18:47:28 | SHD ] I:\YouTube Top 100 Music Hits .2011[www.lokotorrents.com][mp3] [09/06/2012 - 19:07:09 | A | 1639] I:\YouTube Top 100 Music Hits .2011[www.lokotorrents.com][mp3].lnk [24/05/2012 - 13:32:39 | SHD ] I:\Zgrane [09/06/2012 - 16:32:45 | R | 1533] I:\Zgrane.lnk ################## | E.O.F | [/log]
Gość komentarz 14 czerwca 2012 komentarz 14 czerwca 2012 Jedyny podejrzany plik na dysku [b]I[/b] to: [code][09/06/2012 - 17:56:44 | H | 120] I:\autorun.bak [09/06/2012 - 17:56:44 | H | 139] I:\autorun.inf[/code] Włacz pokazywanie ukrytych plików i otwórz w notatniku plik [b]autorun.inf[/b], przeklej jego zawartosć do posta. 1
Sothan komentarz 14 czerwca 2012 Autor komentarz 14 czerwca 2012 [autorun] icon=autorun\toshiba.ico label=Toshiba External Hard Drive open=restore\restorestarter.exe action=Restore files from backup
Gość komentarz 14 czerwca 2012 komentarz 14 czerwca 2012 To jest plik od Toshiby autouruchamianie po podpięciu. A te pliki znasz? To Twoja robota? [code][01/05/2012 - 16:45:48 | D ] I:\364ca0be68c7a109a4da7bc2195e03 [09/06/2012 - 18:21:38 | A | 1581] I:\364ca0be68c7a109a4da7bc2195e03.lnk [01/05/2012 - 21:51:11 | D ] I:\5928644786c4bd6f2516 [09/06/2012 - 16:33:19 | A | 1561] I:\5928644786c4bd6f2516.lnk[/code] 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.