Problem z plikem winfile co robić

Dla specjalistów Bezpieczeństwo
#1

Witam.

Mam problem bo na wszystkich partycjach znajduje się plik WINFILE.

Nie da się go usunąć, tzn da sie ale po chwili jest znowu.

załączam tez logi

hijackthis http://wklejto.pl/txt87649

combofix http://wklejto.pl/txt87656

dziekuje z góry za pomoc :smiley:

#2

Pokaż logi z OTL http://oldtimer.geekstogo.com/OTL.exe

Zaznacz-Wszyscy użytkownicy.Wszystkie panele-Użyj filtrowania.Zaznacz-infekcja LOP iPurity.

#3 
OTL logfile created on: 2011-01-23 19:30:03 - Run 2

OTL by OldTimer - Version 3.2.20.4 Folder = C:\Documents and Settings\dorota\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 97,65 Gb Total Space | 72,05 Gb Free Space | 73,78% Space Free | Partition Type: NTFS

Drive D: | 135,22 Gb Total Space | 131,87 Gb Free Space | 97,52% Space Free | Partition Type: NTFS

Drive H: | 596,00 Gb Total Space | 552,85 Gb Free Space | 92,76% Space Free | Partition Type: FAT32


Computer Name: SZKO-58459DEAFE | User Name: dorota | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2011-01-23 19:25:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dorota\Pulpit\OTL.exe

PRC - [2010-09-16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010-07-12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe

PRC - [2010-04-01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2009-12-11 18:22:37 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-04-23 21:24:44 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe

PRC - [2009-04-20 11:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe

PRC - [2009-04-09 14:17:08 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe

PRC - [2009-04-01 21:05:34 | 000,098,304 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe

PRC - [2009-04-01 11:31:32 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe

PRC - [2009-02-10 16:30:02 | 000,364,544 | ---- | M] (France Telecom SA) -- C:\Program Files\Livebox\Connectivity\corecom\CoreCom.exe

PRC - [2008-12-22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe

PRC - [2008-09-30 23:02:48 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe

PRC - [2008-08-13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe

PRC - [2008-08-13 16:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe

PRC - [2008-06-20 12:11:04 | 000,028,672 | ---- | M] (France Telecom SA) -- C:\Program Files\Livebox\Connectivity\corecom\OraConfigRecover.exe

PRC - [2008-06-20 12:08:24 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

PRC - [2008-06-20 12:08:08 | 000,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

PRC - [2008-06-10 11:14:42 | 000,147,456 | ---- | M] (France Telecom SA) -- C:\Program Files\Livebox\Systray\SystrayApp.exe

PRC - [2008-06-10 11:14:14 | 000,602,864 | ---- | M] (France Telecom SA) -- C:\Program Files\Livebox\Launcher\Launcher.exe

PRC - [2008-06-10 11:11:34 | 000,712,704 | ---- | M] (France Telecom SA) -- C:\Program Files\Livebox\Connectivity\ConnectivityManager.exe

PRC - [2008-06-10 11:11:04 | 000,090,112 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-08-08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

PRC - [2007-03-21 17:50:00 | 000,163,840 | ---- | M] (Syntek Ltd.) -- C:\WINDOWS\STK02N\STK02NM.exe

PRC - [2006-11-13 15:57:16 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe

PRC - [2006-11-13 15:57:06 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe

PRC - [2005-07-06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe

PRC - [2004-07-21 09:23:26 | 000,372,736 | ---- | M] (Samsung Electronics.) -- C:\WINDOWS\Samsung\ComSMMgr\SSMMgr.exe

PRC - [2004-01-26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe



[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - [2011-01-23 19:25:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dorota\Pulpit\OTL.exe

MOD - [2010-08-23 17:12:53 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008-06-10 11:12:26 | 000,006,144 | ---- | M] (France Telecom SA) -- C:\Program Files\Livebox\Launcher\Inactivity.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2009-11-25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2009-11-25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2009-11-25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2009-11-25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2008-06-20 12:08:08 | 000,065,536 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)

SRV - [2007-08-08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2010-11-07 13:15:33 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009-12-20 15:34:18 | 000,138,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)

DRV - [2009-11-25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2009-11-25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2009-11-25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009-11-25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2009-11-25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2009-11-25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2009-06-03 22:05:26 | 001,570,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)

DRV - [2009-05-08 11:15:28 | 000,025,600 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AmUStor.sys -- (AmUStor)

DRV - [2009-04-01 04:55:20 | 000,019,200 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2009-04-01 04:33:56 | 000,324,608 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2009-03-30 10:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009-02-27 07:34:48 | 000,591,744 | R--- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GUCI_AVS.sys -- (GUCI_AVS)

DRV - [2009-01-22 09:25:26 | 000,120,064 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2008-11-11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2008-11-11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2008-11-11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)

DRV - [2008-11-03 08:03:28 | 000,013,880 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)

DRV - [2008-09-26 17:01:00 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008-08-05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008-04-15 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007-07-24 11:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)

DRV - [2006-12-17 16:11:58 | 000,007,680 | R--- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2006-03-01 19:53:54 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)

DRV - [2006-01-04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2004-05-27 18:13:04 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASNDIS5.SYS -- (ASNDIS5)

DRV - [2004-05-19 18:01:54 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)

DRV - [2003-12-08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)

DRV - [2003-12-08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)

DRV - [2003-09-23 11:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage = 

IE - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.tp.pl

IE - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Livebox\SearchURLHook\SearchPageURL.dll ()

IE - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.0.489.0\firefox\firefoxtoolbar\extensions

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-19 21:33:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-19 21:33:30 | 000,000,000 | ---D | M]


[2010-08-18 17:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dorota\Dane aplikacji\Mozilla\Extensions

[2010-10-24 16:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dorota\Dane aplikacji\Mozilla\Firefox\Profiles\4e9flvhh.default\extensions

[2011-01-13 22:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010-10-08 19:36:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010-10-08 19:36:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010-10-08 19:36:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010-07-12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

[2010-10-21 18:40:53 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-10-21 18:40:53 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-10-21 18:40:53 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-10-21 18:40:53 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-10-21 18:40:53 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-10-21 18:40:53 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2011-01-23 18:15:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\dorota\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)

O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)

O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\Livebox\SessionManager\SessionManager.exe (France Telecom SA)

O4 - HKLM..\Run: [Power4Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [Samsung Common SM] C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe (Samsung Electronics.)

O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()

O4 - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\FancyStart daemon.lnk = C:\WINDOWS\Installer\{60D6618B-153F-4353-8185-908E676E5888}\_DCE9A4DB2A5F2786140FA3.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\STK02N 2.4 PNP Monitor.lnk = C:\WINDOWS\STK02N\STK02NM.exe (Syntek Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-2052111302-1364589140-1177238915-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Funkcja Google Sidewiki - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\dorota\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\dorota\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-12-11 23:24:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2011-01-23 19:25:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dorota\Pulpit\OTL.exe

[2011-01-23 18:27:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011-01-23 18:04:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011-01-23 18:04:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011-01-23 18:04:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011-01-23 18:04:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011-01-23 18:04:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011-01-23 18:04:40 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011-01-23 17:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011-01-23 17:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dorota\Menu Start\Programy\HiJackThis

[2011-01-23 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline

[2011-01-21 23:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dorota\Dane aplikacji\WordToPDF

[2011-01-21 23:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\psconvert

[2011-01-21 23:23:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\psconv

[2011-01-21 20:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Turbo Pascal 7

[2011-01-21 20:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\TP

[2011-01-21 20:22:12 | 000,477,144 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe

[2011-01-21 20:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dorota\WINDOWS

[2011-01-21 19:28:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\dorota\Pulpit\TurboPascal-7.0

[2011-01-21 18:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dorota\.JavaBlock

[2011-01-17 15:05:34 | 000,000,000 | ---D | C] -- C:\system.sav

[2011-01-13 17:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PopCap Games

[2011-01-13 17:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games

[2011-01-06 14:41:22 | 000,000,000 | ---D | C] -- C:\Documents_and_Settings

[2011-01-06 14:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dorota\Dane aplikacji\Cream Software

[2010-12-27 14:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dorota\Pulpit\do pracy magisterskiej

[2009-12-12 00:22:09 | 000,013,880 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2011-01-23 19:25:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dorota\Pulpit\OTL.exe

[2011-01-23 19:17:11 | 000,000,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2011-01-23 19:16:54 | 000,002,349 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\FancyStart daemon.lnk

[2011-01-23 19:16:48 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011-01-23 18:40:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011-01-23 18:15:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011-01-23 17:54:08 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\dorota\Pulpit\HiJackThis.lnk

[2011-01-23 17:27:34 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\dorota\Moje dokumenty\Zalacznik_nr_3.doc

[2011-01-23 17:27:20 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\dorota\Pulpit\Zalacznik_nr_2.doc

[2011-01-23 13:58:15 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{62787A67-CEBE-432C-A7CE-9E3B89D948BE}.job

[2011-01-22 17:34:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011-01-22 02:40:14 | 000,000,000 | ---- | M] () -- C:\TP02AB9A.$$$

[2011-01-21 23:23:09 | 000,000,164 | ---- | M] () -- C:\WINDOWS\System32\psconv.ini

[2011-01-21 23:13:16 | 000,014,833 | ---- | M] () -- C:\Documents and Settings\dorota\Moje dokumenty\opis źródłowy.docx

[2011-01-21 22:43:00 | 000,000,000 | ---- | M] () -- C:\TP16B827.$$$

[2011-01-21 22:42:46 | 000,000,000 | ---- | M] () -- C:\TP16B725.$$$

[2011-01-21 22:17:49 | 000,000,000 | ---- | M] () -- C:\TP164CAC.$$$

[2011-01-21 21:29:55 | 000,000,000 | ---- | M] () -- C:\TP15803D.$$$

[2011-01-21 21:00:52 | 000,000,000 | ---- | M] () -- C:\TP150450.$$$

[2011-01-21 20:43:07 | 000,000,000 | ---- | M] () -- C:\TP14B88F.$$$

[2011-01-21 20:22:42 | 000,000,000 | ---- | M] () -- C:\TP146175.$$$

[2011-01-21 00:03:20 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\dorota\Pulpit\pip.gov.pl - OCENA RYZYKA ZAWODOWEGO- Serwis informacyjny.url

[2011-01-18 00:21:37 | 000,057,344 | RHS- | M] () -- C:\WINDOWS\System32\smssk.dll

[2011-01-14 00:56:48 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\dorota\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-01-13 17:23:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat

[2011-01-13 17:23:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcinfot.dat

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2011-01-23 18:04:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011-01-23 18:04:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011-01-23 18:04:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011-01-23 18:04:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011-01-23 18:04:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011-01-23 17:53:57 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\dorota\Pulpit\HiJackThis.lnk

[2011-01-23 17:27:34 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\dorota\Moje dokumenty\Zalacznik_nr_3.doc

[2011-01-23 17:27:20 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\dorota\Pulpit\Zalacznik_nr_2.doc

[2011-01-22 02:40:14 | 000,000,000 | ---- | C] () -- C:\TP02AB9A.$$$

[2011-01-21 23:23:11 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll

[2011-01-21 23:23:09 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini

[2011-01-21 23:13:16 | 000,014,833 | ---- | C] () -- C:\Documents and Settings\dorota\Moje dokumenty\opis źródłowy.docx

[2011-01-21 22:43:00 | 000,000,000 | ---- | C] () -- C:\TP16B827.$$$

[2011-01-21 22:42:46 | 000,000,000 | ---- | C] () -- C:\TP16B725.$$$

[2011-01-21 22:17:49 | 000,000,000 | ---- | C] () -- C:\TP164CAC.$$$

[2011-01-21 21:29:55 | 000,000,000 | ---- | C] () -- C:\TP15803D.$$$

[2011-01-21 21:00:52 | 000,000,000 | ---- | C] () -- C:\TP150450.$$$

[2011-01-21 20:43:07 | 000,000,000 | ---- | C] () -- C:\TP14B88F.$$$

[2011-01-21 20:22:42 | 000,000,000 | ---- | C] () -- C:\TP146175.$$$

[2011-01-21 00:03:20 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\dorota\Pulpit\pip.gov.pl - OCENA RYZYKA ZAWODOWEGO- Serwis informacyjny.url

[2011-01-18 00:21:37 | 000,057,344 | RHS- | C] () -- C:\WINDOWS\System32\smssk.dll

[2011-01-13 17:23:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat

[2011-01-13 17:23:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat

[2010-12-04 17:52:26 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010-11-22 20:15:54 | 000,000,202 | ---- | C] () -- C:\WINDOWS\pdf2word.INI

[2010-11-21 13:20:17 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010-11-21 13:20:17 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010-11-21 13:20:16 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010-11-21 13:20:16 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010-11-21 13:20:15 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010-11-07 13:15:33 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2010-05-14 17:59:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\W2KUSBIF.DLL

[2010-05-14 17:59:23 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\spusbif.dll

[2010-05-14 17:59:23 | 000,001,593 | ---- | C] () -- C:\WINDOWS\System32\portex16.dll

[2010-05-14 17:32:41 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\DscPnt.dll

[2010-05-14 17:32:41 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\spd__l.dll

[2010-02-26 16:32:20 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\dorota\Dane aplikacji\$_hpcst$.hpc

[2010-01-24 20:25:22 | 000,041,068 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll

[2010-01-24 14:01:52 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll

[2010-01-09 20:21:12 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log

[2009-12-21 20:55:44 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\dorota\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-12-20 15:29:13 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009-12-12 00:28:42 | 000,000,641 | R--- | C] () -- C:\WINDOWS\Remover.ini

[2009-12-12 00:28:40 | 000,002,107 | R--- | C] () -- C:\WINDOWS\System32\GUCI_AVS.ini

[2009-12-12 00:23:42 | 000,129,759 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2009-12-11 23:31:07 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\dorota\Ustawienia lokalne\Dane aplikacji\FASTWiz.log

[2008-12-01 18:32:32 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll

[1997-12-18 00:53:02 | 000,292,864 | ---- | C] () -- C:\WINDOWS\System32\libct.dll

[1997-12-18 00:45:36 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\libcs.dll


[color=#E56717]========== LOP Check ==========[/color]


[2009-12-12 00:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AmUStor

[2010-11-07 13:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2010-01-05 18:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla

[2010-11-22 20:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Smart Soft

[2010-01-05 18:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2011-01-08 12:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dorota\Dane aplikacji\Cream Software

[2010-11-07 13:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dorota\Dane aplikacji\DAEMON Tools Lite

[2010-11-22 20:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dorota\Dane aplikacji\Free PDF to Word Converter

[2010-01-05 18:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dorota\Dane aplikacji\Gadu-Gadu

[2010-01-05 18:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dorota\Dane aplikacji\Gadu-Gadu 10

[2010-01-09 14:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dorota\Dane aplikacji\ipla

[2009-12-20 15:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dorota\Dane aplikacji\Leadertech

[2010-05-09 18:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dorota\Dane aplikacji\Notepad++

[2010-05-16 19:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dorota\Dane aplikacji\progres

[2010-09-30 18:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dorota\Dane aplikacji\TeamViewer

[2011-01-14 14:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dorota\Dane aplikacji\uTorrent

[2011-01-21 23:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dorota\Dane aplikacji\WordToPDF

[2011-01-23 13:58:15 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{62787A67-CEBE-432C-A7CE-9E3B89D948BE}.job


[color=#E56717]========== Purity Check ==========[/color]




[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9


< End of report >

Dodane 23.01.2011 (N) 19:41

lub http://wklej.org/id/462895/txt/

#4

Usuń Combofix i pozostałości po nim tym http://oldtimer.geekstogo.com/OTC.exe

Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:

Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.

potem nowy log OTL robiony opcją Run Scan (Skanuj)

:slight_smile:

#5

nowy log

http://wklej.org/id/462949/txt/

Dodane 23.01.2011 (N) 20:30

i jeszcze mam pytanie bo ten sam plik przeniusł mi sie na dysk zewnetrzny i jak z niego usunac ten plik ???

#6

Teraz mówisz.Podepnij ten dysk i uruchom USBFix z funkcji Listing.USBFix-http://www.teamxscript.org/usbfixTelechargement.html

#7

proszę wkleić skrypt włącznie z dwukropkiem przed OTL

OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:

Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.

proszę o log po restarcie z usuwania

potem nowy log OTL robiony opcją Run Scan (Skanuj)

:slight_smile:

#8

UsbFix

http://wklej.org/id/462970/txt/

sorki przedchwila podpiołem dysk do lapka i zobaczyłem ze mam ten sam plik na nim :slight_smile:

#9

No to teraz w USBFix użyj funkcj Deletion i pokaż log.

#10

http://wklej.org/id/462991/txt/

nowy log usbfix

#11

No to teraz użyj skryptu od Leon$ i wklej go do OTL.Kliknij Wykonaj skrypt…Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

#12

log po restarcie

http://wklej.org/id/463024/txt/

lod po snaknie

http://wklej.org/id/463028/txt/

#13

W porządku.Usuń ręcznie ten plik C:\comment.htt

W OTL użyj opcji Sprzątanie a w USBFix Uninstall.

#14

adamik18 , proszę zapoznaj się z tą stroną oraz tym tematem, a następnie popraw tytuł tematu, używając przycisku ac7a4cd89050aa6e.gif