Problem z dyskiem SSD


(Kontakt Olbekgampl) #1

Witam wszystkich otóż chciałbym opisać mój problem. Pewnego dnia zaniosłem mój dysk SSD do szkoły, aby sobie skopiować pewne pliki. Wtedy wszystko było w porządku. Następnego dnia chciałem przerzucić pliki na SSD. Nie wiem co się stało, ale zamiast folderów miałem skróty. Pojawił mi się folder o nazwie $RECYCLE.BIN więc go usunąłem. Później przeskanowałem dysk programem Microsoft Security Essentials i wykrył mi wirusa więc tak jak każdy by zrobił usunąłem go. Następnie zrobiłem tak, aby pokazywał mi ukryte pliki i foldery. Na dysku zobaczyłem folder RECYCLED a w nim był plik o nazwie Desktop.ini a jego zawartość to :

[.ShellClassInfo]

CLSID={645FF040-5081-101B-9F08-00AA002F954E}

Nie wiem o co w tym chodzi. Więc proszę o pomoc. Zaraz zamieszczę wam loga z OTL-A i z UsbFix.

To jest plik OTL.txt :

OTL logfile created on: 2013-02-28 20:43:19 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OlbekGamPL\Downloads

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


2,99 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 47,28% Memory free

6,19 Gb Paging File | 4,72 Gb Available in Paging File | 76,31% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 252,81 Gb Total Space | 221,82 Gb Free Space | 87,74% Space Free | Partition Type: NTFS

Drive D: | 30,52 Gb Total Space | 23,48 Gb Free Space | 76,92% Space Free | Partition Type: NTFS

Drive G: | 6,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Drive H: | 931,48 Gb Total Space | 823,54 Gb Free Space | 88,41% Space Free | Partition Type: NTFS


Computer Name: OLBEKGAMPL-PC | User Name: OlbekGamPL | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2013-02-28 20:24:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OlbekGamPL\Downloads\OTL.exe

PRC - [2013-01-26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2012-03-26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2009-04-28 21:02:22 | 002,916,352 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe

PRC - [2008-10-29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008-09-27 10:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe

PRC - [2008-07-16 14:52:42 | 005,285,792 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe

PRC - [2008-06-13 06:17:22 | 002,693,688 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe

PRC - [2008-05-14 09:52:30 | 001,853,992 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe

PRC - [2008-05-14 09:52:30 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

PRC - [2008-05-14 09:52:30 | 000,522,792 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe

PRC - [2008-02-14 12:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe

PRC - [2008-01-21 03:33:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2008-01-21 03:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe

PRC - [2008-01-21 03:33:00 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe

PRC - [2008-01-16 11:04:36 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

PRC - [2007-06-03 12:06:56 | 000,425,984 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe

PRC - [2007-03-14 20:01:30 | 000,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\Lenovo\PowerDVD\PDVDServ.exe



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2013-01-26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll

MOD - [2013-01-26 03:35:05 | 012,459,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll

MOD - [2013-01-26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll

MOD - [2013-01-26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libglesv2.dll

MOD - [2013-01-26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libegl.dll

MOD - [2013-01-26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll

MOD - [2009-04-28 21:02:22 | 002,916,352 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\PManage.exe

MOD - [2009-04-28 21:02:22 | 000,507,904 | ---- | M] () -- C:\Windows\System32\SimpleExt.dll

MOD - [2009-04-28 21:02:22 | 000,241,752 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll

MOD - [2009-04-28 21:02:22 | 000,036,864 | ---- | M] () -- C:\Program Files\Lenovo\VeriFaceIII\Time.dll

MOD - [2008-05-14 09:45:34 | 000,126,976 | ---- | M] () -- C:\Program Files\Lenovo\Bluetooth Software\BTKeyInd.dll

MOD - [2007-06-03 12:04:42 | 000,274,432 | ---- | M] () -- C:\Program Files\Lenovo\ReadyComm\NetApp.dll

MOD - [2006-02-17 12:33:48 | 000,057,344 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll



[color=#E56717]========== Services (SafeList) ==========[/color]


SRV - [2012-03-26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012-03-26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2008-09-27 10:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)

SRV - [2008-05-14 09:52:30 | 000,522,792 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)

SRV - [2008-02-14 15:40:18 | 000,098,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)

SRV - [2008-02-14 12:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)

SRV - [2008-01-21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008-01-16 11:04:36 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2007-06-03 12:04:26 | 000,469,504 | ---- | M] (Lenovo Group Limited) [On_Demand | Running] -- C:\Program Files\Lenovo\ReadyComm\IncSvc.dll -- (IncSvc)

SRV - [2007-04-11 08:59:18 | 000,270,336 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012-03-20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2009-04-28 21:03:32 | 000,049,472 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\funfrm.sys -- (funfrm)

DRV - [2008-09-10 11:09:00 | 001,132,840 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)

DRV - [2008-08-28 17:39:08 | 000,048,192 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)

DRV - [2008-08-07 10:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008-07-25 09:31:00 | 007,547,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008-06-25 21:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008-06-13 11:23:12 | 000,008,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)

DRV - [2008-06-13 11:22:02 | 000,008,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdkbdmou.sys -- (Wdkbdmou)

DRV - [2008-05-21 16:35:24 | 000,220,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2008-01-10 09:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)

DRV - [2008-01-02 08:50:26 | 000,018,448 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV - [2007-10-18 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007-05-23 15:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2006-11-02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-2060009070-3949873878-3392535767-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKU\S-1-5-21-2060009070-3949873878-3392535767-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/

IE - HKU\S-1-5-21-2060009070-3949873878-3392535767-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2060009070-3949873878-3392535767-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2060009070-3949873878-3392535767-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE

IE - HKU\S-1-5-21-2060009070-3949873878-3392535767-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



[color=#E56717]========== FireFox ==========[/color]


FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)




[color=#E56717]========== Chrome ==========[/color]


CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - Extension: Dokumenty Google = C:\Users\OlbekGamPL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\

CHR - Extension: Dokumenty Google = C:\Users\OlbekGamPL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Dysk Google = C:\Users\OlbekGamPL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: Dysk Google = C:\Users\OlbekGamPL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\OlbekGamPL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Szukaj w Google = C:\Users\OlbekGamPL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\OlbekGamPL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\


O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2060009070-3949873878-3392535767-1004\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Lenovo\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [Readycomm] C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Lenovo\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant)

O4 - HKLM..\Run: [Unattend0000000001{0D12E576-92EF-4E85-9A29-F4B780F67C87}] C:\Windows\test.bat File not found

O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2060009070-3949873878-3392535767-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2060009070-3949873878-3392535767-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKU\S-1-5-21-2060009070-3949873878-3392535767-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.152.34 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16FFEC5D-6775-4D37-A295-45283C6B8F39}: DhcpNameServer = 194.204.152.34 192.168.1.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [NTFS]

O32 - AutoRun File - [2013-02-28 15:38:54 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [NTFS]

O32 - AutoRun File - [2013-02-28 15:38:54 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [NTFS]

O32 - AutoRun File - [2011-11-01 21:39:30 | 000,000,079 | ---- | M] () - G:\autorun.inf -- [UDF]

O32 - AutoRun File - [2013-02-28 15:38:56 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [NTFS]

O33 - MountPoints2\{f1c99849-7a8e-11e2-9ae3-00242cfb2b78}\Shell - "" = AutoRun

O33 - MountPoints2\{f1c99849-7a8e-11e2-9ae3-00242cfb2b78}\Shell\AutoRun\command - "" = G:\WD Drive Unlock.exe -- [2012-08-14 16:35:28 | 002,009,024 | ---- | M] (Western Digital)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2013-02-28 15:54:48 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\AppData\Local\GHISLER

[2013-02-28 15:53:48 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander

[2013-02-28 15:53:44 | 000,000,000 | ---D | C] -- C:\totalcmd

[2013-02-28 15:53:44 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\AppData\Roaming\GHISLER

[2013-02-28 15:52:15 | 000,232,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2013-02-28 15:38:54 | 000,000,000 | RHSD | C] -- C:\autorun.inf

[2013-02-28 15:05:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2013-02-28 15:02:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2013-02-21 07:38:58 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe

[2013-02-21 07:36:02 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe

[2013-02-21 07:32:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

[2013-02-21 07:30:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll

[2013-02-21 07:30:29 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe

[2013-02-21 07:30:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe

[2013-02-21 07:30:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe

[2013-02-21 07:30:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll

[2013-02-21 07:30:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll

[2013-02-21 07:30:25 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll

[2013-02-21 07:30:25 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe

[2013-02-21 07:30:25 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll

[2013-02-21 07:30:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll

[2013-02-21 07:30:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll

[2013-02-21 07:30:17 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll

[2013-02-21 07:30:17 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe

[2013-02-21 07:30:17 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll

[2013-02-21 07:30:17 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll

[2013-02-21 07:30:17 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll

[2013-02-19 22:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital

[2013-02-19 14:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2013-02-19 14:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2013-02-19 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\AppData\Local\Google

[2013-02-19 14:02:46 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\AppData\Local\Deployment

[2013-02-19 14:02:46 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\AppData\Local\Apps

[2013-02-19 14:01:23 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll

[2013-02-19 14:01:23 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll

[2013-02-19 14:01:19 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2013-02-19 14:01:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2013-02-19 14:01:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2013-02-19 14:01:04 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll

[2013-02-19 14:00:56 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2013-02-19 14:00:55 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll

[2013-02-19 14:00:55 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll

[2013-02-19 14:00:55 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll

[2013-02-19 14:00:55 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll

[2013-02-19 14:00:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2013-02-19 14:00:55 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe

[2013-02-19 14:00:53 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2013-02-19 14:00:53 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll

[2013-02-19 14:00:53 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2013-02-19 14:00:52 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll

[2013-02-19 13:52:25 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2013-02-19 13:52:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2013-02-19 13:52:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2013-02-19 13:52:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll

[2013-02-19 13:50:37 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2013-02-19 13:50:37 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013-02-19 13:50:37 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2013-02-19 13:50:37 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013-02-19 13:50:37 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013-02-19 13:50:37 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2013-02-19 13:50:37 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2013-02-19 13:50:37 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2013-02-19 13:50:37 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013-02-19 13:50:37 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2013-02-19 13:50:37 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013-02-19 13:50:37 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013-02-19 13:45:36 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll

[2013-02-19 13:45:36 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE

[2013-02-19 13:45:36 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE

[2013-02-19 13:45:36 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE

[2013-02-19 13:45:36 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE

[2013-02-19 13:45:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe

[2013-02-19 13:45:36 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE

[2013-02-19 13:45:35 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll

[2013-02-19 13:44:46 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll

[2013-02-19 13:42:47 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll

[2013-02-19 13:42:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll

[2013-02-19 13:42:47 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll

[2013-02-19 13:42:39 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2013-02-19 13:42:38 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2013-02-19 13:42:33 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2013-02-19 13:42:33 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2013-02-19 13:42:30 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll

[2013-02-19 13:42:27 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL

[2013-02-19 13:42:26 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2013-02-19 13:42:21 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2013-02-19 13:42:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2013-02-19 13:42:11 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll

[2013-02-19 13:42:11 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll

[2013-02-19 13:42:08 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2013-02-19 13:42:06 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013-02-19 13:41:51 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll

[2013-02-19 13:41:50 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

[2013-02-19 13:41:48 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl

[2013-02-19 13:41:44 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL

[2013-02-19 13:41:06 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm

[2013-02-19 13:41:05 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2013-02-19 13:40:56 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll

[2013-02-19 13:40:56 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll

[2013-02-19 13:40:56 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll

[2013-02-19 13:40:52 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll

[2013-02-19 13:40:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2013-02-19 13:40:48 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll

[2013-02-19 13:40:48 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll

[2013-02-19 13:40:43 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe

[2013-02-19 13:40:36 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll

[2013-02-19 13:40:27 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll

[2013-02-19 13:40:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2013-02-19 13:40:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2013-02-19 13:39:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb

[2013-02-19 13:39:51 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb

[2013-02-19 13:39:42 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2013-02-19 13:39:42 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2013-02-19 13:39:42 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2013-02-19 13:39:42 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2013-02-19 13:39:42 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2013-02-19 13:39:42 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2013-02-19 13:39:42 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2013-02-19 13:39:42 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2013-02-19 13:39:42 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2013-02-19 13:39:34 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll

[2013-02-19 13:39:34 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe

[2013-02-19 13:39:28 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2013-02-19 13:39:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2013-02-19 13:39:22 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll

[2013-02-19 13:39:20 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL

[2013-02-19 13:39:20 | 000,220,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2013-02-19 13:39:20 | 000,098,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS

[2013-02-19 13:39:02 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL

[2013-02-19 13:39:01 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll

[2013-02-19 13:38:51 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll

[2013-02-19 13:38:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll

[2013-02-19 13:38:38 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe

[2013-02-19 13:38:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll

[2013-02-19 13:38:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx

[2013-02-19 13:38:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll

[2013-02-19 13:38:34 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2013-02-19 13:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013-02-18 22:40:24 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\Bluetooth Software

[2013-02-18 22:40:24 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\Documents\Bluetooth Exchange Folder

[2013-02-18 22:40:18 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\AppData\Roaming\Lenovo

[2013-02-18 22:40:07 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\AppData\Roaming\Symantec

[2013-02-18 22:39:42 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2013-02-18 22:39:42 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\Searches

[2013-02-18 22:39:42 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2013-02-18 22:39:32 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\AppData\Roaming\Identities

[2013-02-18 22:39:28 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\Contacts

[2013-02-18 22:39:20 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\AppData\Local\VirtualStore

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\Ustawienia lokalne

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\AppData\Local\Temporary Internet Files

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\Szablony

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\SendTo

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\Recent

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\PrintHood

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\NetHood

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\Documents\Moje wideo

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\Documents\Moje obrazy

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\Moje dokumenty

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\Documents\Moja muzyka

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\Menu Start

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\AppData\Local\Historia

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\Dane aplikacji

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\AppData\Local\Dane aplikacji

[2013-02-18 22:39:17 | 000,000,000 | -HSD | C] -- C:\Users\OlbekGamPL\Cookies

[2013-02-18 22:39:14 | 000,000,000 | --SD | C] -- C:\Users\OlbekGamPL\AppData\Roaming\Microsoft

[2013-02-18 22:39:14 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\Videos

[2013-02-18 22:39:14 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\Saved Games

[2013-02-18 22:39:14 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\Pictures

[2013-02-18 22:39:14 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\Music

[2013-02-18 22:39:14 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2013-02-18 22:39:14 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\Links

[2013-02-18 22:39:14 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\Favorites

[2013-02-18 22:39:14 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\Downloads

[2013-02-18 22:39:14 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\Documents

[2013-02-18 22:39:14 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\Desktop

[2013-02-18 22:39:14 | 000,000,000 | R--D | C] -- C:\Users\OlbekGamPL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2013-02-18 22:39:14 | 000,000,000 | -H-D | C] -- C:\Users\OlbekGamPL\AppData

[2013-02-18 22:39:14 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\AppData\Local\Temp

[2013-02-18 22:39:14 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\AppData\Local\Microsoft

[2013-02-18 22:39:14 | 000,000,000 | ---D | C] -- C:\Users\OlbekGamPL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo

[2013-02-18 22:35:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony

[2013-02-18 22:35:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo

[2013-02-18 22:35:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy

[2013-02-18 22:35:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka

[2013-02-18 22:35:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione

[2013-02-18 22:35:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit

[2013-02-18 22:35:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start

[2013-02-18 22:35:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty

[2013-02-18 22:35:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2013-02-28 20:13:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013-02-28 20:11:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Sprawdź aktualizacje paska narzędzi Windows Live Toolbar.job

[2013-02-28 20:05:43 | 000,028,599 | ---- | M] () -- C:\ProgramData\nvModes.001

[2013-02-28 20:05:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013-02-28 16:13:00 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013-02-28 15:20:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

[2013-02-28 15:09:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013-02-28 15:09:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013-02-28 15:08:24 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo

[2013-02-28 15:07:22 | 3215,527,936 | -HS- | M] () -- C:\hiberfil.sys

[2013-02-28 15:06:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2013-02-28 15:04:06 | 207,317,542 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013-02-21 07:27:39 | 000,007,680 | ---- | M] () -- C:\Users\OlbekGamPL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013-02-19 13:20:34 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013-01-30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2013-02-28 15:53:46 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF

[2013-02-28 15:53:46 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF

[2013-02-28 15:53:46 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF

[2013-02-28 15:53:46 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF

[2013-02-28 15:53:46 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF

[2013-02-28 15:53:46 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF

[2013-02-28 15:20:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

[2013-02-28 15:02:22 | 207,317,542 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2013-02-21 07:30:19 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs

[2013-02-21 07:30:19 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml

[2013-02-21 07:30:19 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl

[2013-02-19 14:03:16 | 000,001,044 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013-02-19 14:03:14 | 000,001,040 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013-02-19 13:42:48 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf

[2013-02-19 13:20:34 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif

[2013-02-19 13:18:19 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2013-02-19 13:17:24 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF

[2013-02-19 13:12:15 | 000,007,680 | ---- | C] () -- C:\Users\OlbekGamPL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013-02-18 22:39:44 | 000,000,949 | ---- | C] () -- C:\Users\OlbekGamPL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2013-02-18 22:39:41 | 000,000,944 | ---- | C] () -- C:\Users\OlbekGamPL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2013-02-18 22:39:28 | 000,000,915 | ---- | C] () -- C:\Users\OlbekGamPL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

[2009-04-28 20:32:36 | 000,028,599 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009-04-28 20:28:03 | 000,028,599 | ---- | C] () -- C:\ProgramData\nvModes.dat


[color=#E56717]========== ZeroAccess Check ==========[/color]


[2006-11-02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]


[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2011-01-21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-03-03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-01-21 03:33:39 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both


< End of report >

Dziękuję za wszelką pomoc. PROSZĘ O SZYBKĄ POMOC (na dysku mam ważne dane).