Witam moj problem wygląda następująco. Windows ładuje się bez zarzutu, zapraszamy i… lipa, pusty ekran + 2 okienka Moje dokumenty ;/ Dopiero gdy je wyłączę i wpisze nowy proces explorer.exe ikonki i pasek pojawiają się na ekranie. Pierwsze podejrzenie wirus, komp zeskanowany, znalazlo 4 zagrozenia i je zneutralizowano. Cóż niby problem da sie rozwiazac wpisujac ten nowy proses ale jest to uciazliwe i inni uzytkownicy maja problemy, prosze o parady 
No powodem może być infekcja dlatego podaj log OTL instrukcja i program tutaj otl-gmer-rsit-dds-inne-instrukcje-t370405.html
W okno Custom Scans/Fixes w OTL wklej:
Klikasz na Run Fix. Jeśli zajdzie taka potrzeba restartujesz komputer. Log z usuwania na forum
Następnie ponownie uruchamiasz OTL klikasz raz jeszcze Run Scan i dajesz nowy log na forum Czyli dwa logi jeden z usuwania drugi z nowego skanowania po usuwaniu.
Zrobilem jak mowiles byl restart na poczatku i od razu blad ze nie mozna odnales pliku OTL.exe, pulipt sie zaladowal ok wszystko jest, na pulpicie nie ma zadnego logu z usuwania, wiec sciagac jeszcze raz ten program ??
Powinien być w folderze C:_OTL ale uruchom OTL klikasz Runscan i daj nowego loga na forum
I dzieje się cos dziwnego, a mianowicie jak siedze w mozilli i np odswierze strone to mi sie otwieraja nowe okno mozilki z dwie kartami stron: http://www.ĝÓ5.com i http://www.xn–!-gda.com z bledem wczytywania strony, i nod32 alarmuje ze adres zostal zablokowany…
– Dodane 07.04.2010 (Śr) 17:22 –
z usunietych
Registry value HKEY_USERS\S-1-5-21-220523388-1958367476-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-220523388-1958367476-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully.
C:\WINDOWS\system32\sdra64.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DAEMON Tools-1033\ deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\sdra64.exe not found.
C:\Program Files\Ask.com folder moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\“Userinit”|“C:\WINDOWS\system32\userinit.exe,” /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 236043164 bytes
->Temporary Internet Files folder emptied: 22254904 bytes
->Java cache emptied: 26282362 bytes
->FireFox cache emptied: 90478220 bytes
->Flash cache emptied: 28999 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Kolend
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49554 bytes
User: Tomek
->Temp folder emptied: 269526018 bytes
->Temporary Internet Files folder emptied: 2638219 bytes
->Java cache emptied: 12118713 bytes
->FireFox cache emptied: 89127962 bytes
->Flash cache emptied: 23568 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1042161 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 715,00 mb
OTL by OldTimer - Version 3.2.1.0 log created on 04072010_170903
Pobierz OTL Uruchom klikasz Runscan i podaj nowy log na forum
OTL logfile created on: 10-04-07 17:24:21 - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Tomek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yy-MM-dd
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49,41 Gb Total Space | 11,15 Gb Free Space | 22,56% Space Free | Partition Type: NTFS
Drive D: | 99,64 Gb Total Space | 12,87 Gb Free Space | 12,92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: X-00742A248B314
Current User Name: Tomek
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (All) ==========
PRC - [2010-04-07 17:23:48 | 000,561,664 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Tomek\Pulpit\OTL.exe
PRC - [2010-04-06 22:19:42 | 000,524,632 | ---- | M] (Lavasoft) – C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010-04-06 22:19:39 | 001,029,456 | ---- | M] (Lavasoft) – C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010-04-03 00:17:48 | 000,910,296 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-02 20:19:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010-01-02 20:19:27 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-11-25 05:09:04 | 000,602,112 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) – C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009-11-16 09:03:32 | 002,054,360 | ---- | M] (ESET) – C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009-11-12 16:11:46 | 000,145,224 | ---- | M] (H+H Software GmbH) – C:\Program Files\Virtual CD v10\System\VC10SecS.exe
PRC - [2009-11-12 14:48:56 | 000,071,096 | ---- | M] () – C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009-09-10 15:45:00 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
PRC - [2009-09-10 15:45:00 | 000,510,464 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\winlogon.exe
PRC - [2009-09-10 15:45:00 | 000,227,840 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009-09-10 15:45:00 | 000,111,104 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\services.exe
PRC - [2009-09-10 15:45:00 | 000,070,144 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\notepad.exe
PRC - [2009-09-10 15:45:00 | 000,057,856 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\spoolsv.exe
PRC - [2009-09-10 15:45:00 | 000,050,688 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\smss.exe
PRC - [2009-09-10 15:45:00 | 000,044,544 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\alg.exe
PRC - [2009-09-10 15:45:00 | 000,016,896 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2009-09-10 15:45:00 | 000,015,360 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\ctfmon.exe
PRC - [2009-09-10 15:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [WUDFSERVICEGROUP]
PRC - [2009-09-10 15:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2009-09-10 15:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2009-09-10 15:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2009-09-10 15:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2009-09-10 15:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2009-09-10 15:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [imgSVC]
PRC - [2009-09-10 15:45:00 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2009-09-10 15:45:00 | 000,013,312 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\lsass.exe
PRC - [2009-09-10 15:45:00 | 000,006,144 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\csrss.exe
PRC - [2009-04-22 18:38:50 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) – C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009-04-22 18:37:16 | 000,065,536 | ---- | M] (ATI Technologies Inc.) – C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009-04-10 14:38:16 | 017,879,552 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\RTHDCPL.EXE
PRC - [2008-04-14 21:51:32 | 001,695,232 | ---- | M] (Microsoft Corporation) – C:\Program Files\Messenger\msmsgs.exe
PRC - [2007-08-15 09:49:26 | 000,063,040 | ---- | M] () – D:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
PRC - [2006-08-30 04:58:38 | 000,049,152 | R— | M] (ZSMCSNAP) – C:\WINDOWS\VMSnap3.EXE
PRC - [2006-06-28 11:54:06 | 000,049,152 | R— | M] (Vimicro) – C:\WINDOWS\Domino.EXE
PRC - [2004-03-23 13:06:12 | 000,888,832 | ---- | M] (THOMSON Telecom Belgium) – C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
PRC - [2003-06-20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) – C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (All) ==========
MOD - [2010-04-07 17:23:48 | 000,561,664 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Tomek\Pulpit\OTL.exe
MOD - [2010-02-25 08:13:02 | 000,919,040 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\wininet.dll
MOD - [2010-02-25 08:13:01 | 001,209,856 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\urlmon.dll
MOD - [2010-02-25 08:12:55 | 001,986,048 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\iertutil.dll
MOD - [2009-12-08 11:25:45 | 000,474,112 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\shlwapi.dll
MOD - [2009-09-10 15:45:00 | 008,490,496 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\shell32.dll
MOD - [2009-09-10 15:45:00 | 001,287,168 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\ole32.dll
MOD - [2009-09-10 15:45:00 | 001,054,208 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2009-09-10 15:45:00 | 001,020,416 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\kernel32.dll
MOD - [2009-09-10 15:45:00 | 000,997,888 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\setupapi.dll
MOD - [2009-09-10 15:45:00 | 000,732,672 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\userenv.dll
MOD - [2009-09-10 15:45:00 | 000,723,456 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\ntdll.dll
MOD - [2009-09-10 15:45:00 | 000,686,592 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\advapi32.dll
MOD - [2009-09-10 15:45:00 | 000,585,216 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\rpcrt4.dll
MOD - [2009-09-10 15:45:00 | 000,580,096 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\user32.dll
MOD - [2009-09-10 15:45:00 | 000,551,936 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\oleaut32.dll
MOD - [2009-09-10 15:45:00 | 000,343,040 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\msvcrt.dll
MOD - [2009-09-10 15:45:00 | 000,297,984 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\MSCTF.dll
MOD - [2009-09-10 15:45:00 | 000,286,720 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\gdi32.dll
MOD - [2009-09-10 15:45:00 | 000,280,064 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\comdlg32.dll
MOD - [2009-09-10 15:45:00 | 000,219,648 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\uxtheme.dll
MOD - [2009-09-10 15:45:00 | 000,185,344 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2009-09-10 15:45:00 | 000,177,152 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\MSCTFIME.IME
MOD - [2009-09-10 15:45:00 | 000,146,432 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\winspool.drv
MOD - [2009-09-10 15:45:00 | 000,144,384 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\imagehlp.dll
MOD - [2009-09-10 15:45:00 | 000,110,080 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\imm32.dll
MOD - [2009-09-10 15:45:00 | 000,084,992 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\olepro32.dll
MOD - [2009-09-10 15:45:00 | 000,067,584 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\srclient.dll
MOD - [2009-09-10 15:45:00 | 000,056,832 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\secur32.dll
MOD - [2009-09-10 15:45:00 | 000,023,552 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\normaliz.dll
MOD - [2009-09-10 15:45:00 | 000,023,040 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\psapi.dll
MOD - [2009-09-10 15:45:00 | 000,018,944 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\version.dll
========== Win32 Services (SafeList) ==========
SRV - [2010-04-06 22:19:39 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] – C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe – (Lavasoft Ad-Aware Service)
SRV - [2009-11-16 09:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] – C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe – (EhttpSrv)
SRV - [2009-11-16 09:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] – C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe – (ekrn)
SRV - [2009-11-12 16:11:46 | 000,145,224 | ---- | M] (H+H Software GmbH) [Auto | Running] – C:\Program Files\Virtual CD v10\System\VC10SecS.exe – (VC10SecS)
SRV - [2009-11-12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] – C:\Program Files\CDBurnerXP\NMSAccessU.exe – (NMSAccessU)
SRV - [2008-04-07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe – (ServiceLayer)
SRV - [2007-08-15 09:49:26 | 000,063,040 | ---- | M] () [Auto | Running] – D:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe – (PnkBstrA)
========== Driver Services (SafeList) ==========
DRV - [2010-04-03 10:13:05 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\atksgt.sys – (atksgt)
DRV - [2010-04-03 10:13:05 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\lirsgt.sys – (lirsgt)
DRV - [2010-01-29 12:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] – C:\Program Files\UltraISO\drivers\ISODrive.sys – (ISODrive)
DRV - [2009-11-25 05:50:16 | 004,463,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ati2mtag.sys – (ati2mtag)
DRV - [2009-11-16 09:06:50 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\epfwtdir.sys – (epfwtdir)
DRV - [2009-11-16 09:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\ehdrv.sys – (ehdrv)
DRV - [2009-11-16 08:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] – C:\WINDOWS\system32\drivers\eamon.sys – (eamon)
DRV - [2009-11-12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\StarOpen.sys – (StarOpen)
DRV - [2009-11-09 10:55:58 | 000,183,832 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\vdrv1000.sys – (vdrv1000)
DRV - [2009-09-10 15:45:00 | 000,215,856 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\Si3132r5.sys – (Si3132r5)
DRV - [2009-09-10 15:45:00 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\Si3531.sys – (Si3531)
DRV - [2009-09-10 15:45:00 | 000,195,072 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Stopped] – C:\WINDOWS\system32\drivers\Si3114r5.sys – (Si3114r5)
DRV - [2009-09-10 15:45:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\hdaudbus.sys – (HDAudBus)
DRV - [2009-09-10 15:45:00 | 000,074,672 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\si3132.sys – (Si3132)
DRV - [2009-09-10 15:45:00 | 000,069,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\si3124.sys – (Si3124)
DRV - [2009-09-10 15:45:00 | 000,062,336 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\drivers\si3112.sys – (Si3112)
DRV - [2009-07-03 16:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] – C:\WINDOWS\system32\DRIVERS\Lbd.sys – (Lbd)
DRV - [2009-06-02 15:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\AtiHdmi.sys – (AtiHdmiService)
DRV - [2009-04-14 17:09:56 | 005,069,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-11-06 14:10:34 | 000,018,432 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\HH10Help.sys – (HH10Help.sys)
DRV - [2008-08-05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Ambfilt.sys – (Ambfilt)
DRV - [2007-10-12 16:32:28 | 000,255,232 | ---- | M] (Marvell) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\yk51x86.sys – (yukonwxp)
DRV - [2007-09-17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\pccsmcfd.sys – (pccsmcfd)
DRV - [2006-12-01 08:23:58 | 000,392,122 | R— | M] (Vimicro Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\usbVM303.sys – (ZSMC303)
DRV - [2006-09-24 15:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] – C:\WINDOWS\system32\speedfan.sys – (speedfan)
DRV - [2006-04-25 04:57:42 | 000,428,160 | R— | M] (Vimicro Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\vmfilter303.sys – (vmfilter303)
DRV - [2006-01-04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Monfilt.sys – (Monfilt)
DRV - [2003-12-08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\alcan5wn.sys – (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003-12-08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\alcaudsl.sys – (alcaudsl)
DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] – C:\WINDOWS\system32\giveio.sys – (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://scanonlineonline.info/antivirus/ … =20435&ref
IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://scanonlineonline.info/antivirus/ … =20435&ref
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-21-220523388-1958367476-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15161&l=dis
IE - HKU\S-1-5-21-220523388-1958367476-1417001333-1003…\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
IE - HKU\S-1-5-21-220523388-1958367476-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
========== FireFox ==========
FF - prefs.js…browser.search.defaultengine: “Ask.com”
FF - prefs.js…browser.search.defaultenginename: “Ask.com”
FF - prefs.js…browser.search.order.1: “Ask.com”
FF - prefs.js…browser.search.selectedEngine: “Google”
FF - prefs.js…browser.search.useDBForOrder: true
FF - prefs.js…browser.startup.homepage: “http://www.onet.pl”
FF - prefs.js…extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js…extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js…extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js…extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js…keyword.URL: “http://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_US&q=”
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\Components: C:\Program Files\Mozilla Firefox\components [2010-04-03 00:17:52 | 000,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-03 00:17:52 | 000,000,000 | —D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-04-06 22:59:13 | 000,000,000 | —D | M]
[2010-02-10 18:27:58 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Extensions
[2010-04-07 16:30:48 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions
[2010-02-10 18:28:27 | 000,000,000 | —D | M] (Microsoft .NET Framework Assistant) – C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions{20a82645-c095-46ed-80e3-08825760534b}
[2010-03-09 19:15:48 | 000,000,000 | —D | M] (BitComet Video Downloader) – C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010-03-20 23:47:25 | 000,000,000 | —D | M] (DownloadHelper) – C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-04-06 21:29:46 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\DTToolbar@toolbarnet.com-trash
[2010-04-06 21:29:46 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\radiobar@toolbar
[2010-04-03 09:11:40 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com
[2010-04-03 09:11:44 | 000,002,426 | ---- | M] () – C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\searchplugins\askcom.xml
[2010-04-03 17:44:49 | 000,002,055 | ---- | M] () – C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\searchplugins\daemon-search.xml
[2010-04-04 16:07:40 | 000,001,589 | ---- | M] () – C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\searchplugins\web-search.xml
[2010-04-07 17:14:38 | 000,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions
[2008-11-11 09:38:54 | 000,663,552 | ---- | M] (BitComet) – C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010-03-16 21:50:20 | 000,002,767 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-16 21:50:20 | 000,001,406 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-16 21:50:20 | 000,000,917 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-16 21:50:20 | 000,000,858 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-16 21:50:20 | 000,001,183 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-16 21:50:20 | 000,001,683 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2009-09-10 15:45:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Catcher Class) - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM…\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM…\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU.DEFAULT…\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-18…\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM…\Run: [Domino] C:\WINDOWS\Domino.EXE (Vimicro)
O4 - HKLM…\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM…\Run: [speedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM…\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM…\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE (ZSMCSNAP)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\explorer.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1958367476-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra ‘Tools’ menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s … wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM…comfile [open] – “%1” %*
O35 - HKLM…exefile [open] – “%1” %*
O37 - HKLM…com [@ = comfile] – “%1” %*
O37 - HKLM…exe [@ = exefile] – “%1” %*
========== Files/Folders - Created Within 30 Days ==========
[2010-04-07 17:23:25 | 000,561,664 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\Tomek\Pulpit\OTL.exe
[2010-04-07 17:09:03 | 000,000,000 | —D | C] – C:_OTL
[2010-04-06 23:01:24 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\ESET
[2010-04-06 22:59:12 | 000,000,000 | —D | C] – C:\Program Files\ESET
[2010-04-06 22:59:12 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-04-06 22:21:02 | 000,064,160 | ---- | C] (Lavasoft AB) – C:\WINDOWS\System32\drivers\Lbd.sys
[2010-04-06 22:18:50 | 000,000,000 | -H-D | C] – C:\Documents and Settings\All Users\Dane aplikacji{EF63305C-BAD7-4144-9208-D65528260864}
[2010-04-06 22:18:45 | 000,000,000 | —D | C] – C:\Program Files\Lavasoft
[2010-04-06 22:18:45 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
[2010-04-06 22:00:51 | 060,857,536 | ---- | C] (Lavasoft ) – C:\Documents and Settings\Tomek\Pulpit\Ad-AwareAE.exe
[2010-04-06 21:56:25 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Pulpit\Nowy folder
[2010-04-06 21:29:45 | 000,000,000 | --SD | C] – C:\Documents and Settings\Tomek\Dane aplikacji\Virtual CD v10
[2010-04-04 15:05:47 | 000,183,832 | ---- | C] (H+H Software GmbH) – C:\WINDOWS\System32\drivers\vdrv1000.sys
[2010-04-04 15:05:47 | 000,018,432 | ---- | C] (H+H Software GmbH) – C:\WINDOWS\System32\drivers\HH10Help.sys
[2010-04-04 15:05:45 | 000,000,000 | --SD | C] – C:\Documents and Settings\All Users\Dokumenty\Virtual CDs
[2010-04-04 15:05:45 | 000,000,000 | --SD | C] – C:\Documents and Settings\All Users\Dokumenty\Virtual CD v10
[2010-04-04 15:05:35 | 001,843,200 | ---- | C] (NCT Company Ltd.) – C:\WINDOWS\System32\NCTAudioFile2.dll
[2010-04-04 15:05:35 | 000,315,392 | ---- | C] (NCT Company Ltd.) – C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2010-04-04 15:05:32 | 000,000,000 | —D | C] – C:\Program Files\Virtual CD v10
[2010-04-04 13:31:51 | 000,721,904 | ---- | C] (Duplex Secure Ltd.) – C:\WINDOWS\System32\drivers\sptd.sys
[2010-04-03 20:58:13 | 000,000,000 | —D | C] – C:\WINDOWS\System32\NtmsData
[2010-04-03 19:45:34 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dokumenty\AlawarWrapper
[2010-04-03 19:45:34 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2010-04-03 19:45:29 | 000,000,000 | —D | C] – C:\Program Files\Pykam.pl
[2010-04-03 19:33:51 | 000,000,000 | —D | C] – C:\Inetpub
[2010-04-03 17:44:53 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\AskToolbar
[2010-04-03 17:44:02 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Dane aplikacji\DAEMON Tools Lite
[2010-04-03 17:44:00 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-04-03 10:13:47 | 000,000,000 | —D | C] – C:\Program Files\NVIDIA Corporation
[2010-04-03 00:24:20 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Moje dokumenty\Downloads
[2010-04-03 00:20:23 | 000,000,000 | —D | C] – C:\Program Files\uTorrent
[2010-04-03 00:19:47 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Dane aplikacji\uTorrent
[2010-03-29 20:07:13 | 000,000,000 | —D | C] – C:\Program Files\FreeGamePick.com
[2010-03-26 16:52:06 | 000,000,000 | -H-D | C] – C:\Documents and Settings\Tomek\InstallAnywhere
[2010-03-25 22:53:24 | 000,000,000 | —D | C] – C:\Program Files\Battleships
[2010-03-23 22:25:00 | 000,000,000 | —D | C] – C:\Program Files\screenmate
[2010-03-23 19:48:58 | 000,000,000 | —D | C] – C:\MOPYFISH
[2010-03-23 19:44:03 | 000,054,272 | ---- | C] ( Microsoft Corporation) – C:\WINDOWS\System32\SOFTBTTN.OCX
[2010-03-23 19:44:03 | 000,025,088 | ---- | C] (Mark Holman) – C:\WINDOWS\System32\GRADIENT.OCX
[2010-03-23 19:43:40 | 000,071,680 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\ST5UNST.EXE
[2010-03-23 19:43:40 | 000,029,696 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\VB5StKit.dll
[2010-03-22 19:47:27 | 000,000,000 | —D | C] – C:\Program Files\eMaskotka - PiS
[2010-03-22 14:12:28 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Dane aplikacji\ChomikBox
[2010-03-22 14:00:09 | 000,000,000 | —D | C] – C:\Program Files\ChomikBox
[2010-03-20 23:48:12 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\dwhelper
[2010-03-20 23:34:07 | 000,000,000 | —D | C] – C:\Program Files\Moyea
[2010-03-20 23:29:19 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Moje dokumenty\Downloaded FLV
[2010-03-20 23:29:18 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Dane aplikacji\Moyea
[2010-03-20 21:23:36 | 000,356,352 | ---- | C] (eSellerate Inc.) – C:\WINDOWS\eSellerateEngine.dll
[2010-03-20 21:21:52 | 000,000,000 | —D | C] – C:\Program Files\Common Files\DeskShare Shared
[2010-03-20 21:21:51 | 000,258,352 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\Unicows.dll
[2010-03-20 21:21:51 | 000,224,016 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\TABCTL32.OCX
[2010-03-20 21:21:51 | 000,140,288 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\COMDLG32.OCX
[2010-03-20 21:21:48 | 000,000,000 | —D | C] – C:\Program Files\Deskshare
[2010-03-20 14:15:38 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\MotionDSP
[2010-03-20 13:41:52 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\MotionDSP
[2010-03-20 13:41:47 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-03-20 13:41:43 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Dane aplikacji\MotionDSP
[2010-03-20 00:52:33 | 000,000,000 | —D | C] – C:\Program Files\E.M. PowerPoint Video Converter
[2010-03-20 00:24:06 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Dane aplikacji\GeoVid
[2010-03-20 00:23:38 | 001,712,128 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\gdiplus.dll
[2010-03-20 00:23:38 | 001,047,552 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\mfc71u.dll
[2010-03-20 00:23:38 | 000,089,088 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\atl71.dll
[2010-03-20 00:23:38 | 000,060,416 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dsetup.dll
[2010-03-20 00:23:35 | 000,000,000 | —D | C] – C:\Program Files\Common Files\GeoVid
[2010-03-20 00:23:35 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\GeoVid
[2010-03-20 00:23:33 | 000,000,000 | —D | C] – C:\Program Files\GeoVid
[2010-03-19 23:22:14 | 000,000,000 | —D | C] – C:\Program Files\Powerpoint-PPT to AVI-GIF Converter
[2010-03-19 21:03:08 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
[2010-03-19 20:15:06 | 000,000,000 | —D | C] – C:\videooutput
[2010-03-19 20:15:04 | 000,139,264 | ---- | C] (http://www.xvid.org) – C:\WINDOWS\System32\xvid.ax
[2010-03-19 20:15:04 | 000,000,000 | —D | C] – C:\Program Files\Smallvideosoft
[2010-03-19 20:10:01 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Moje dokumenty\My Downloaded Video
[2010-03-19 19:52:39 | 000,000,000 | —D | C] – C:\Program Files\Nuclear Coffee
[2010-03-14 00:07:54 | 000,000,000 | RH-D | C] – C:\Documents and Settings\Tomek\Recent
[2010-03-12 21:27:55 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Moje dokumenty\EA Games
[2010-03-12 21:25:07 | 000,000,000 | —D | C] – C:\WINDOWS\System32\LogFiles
[2010-03-12 19:06:49 | 000,000,000 | —D | C] – C:\Program Files\AGEIA Technologies
[2010-03-12 19:06:31 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Wise Installation Wizard
[2010-03-12 17:22:32 | 000,000,000 | —D | C] – C:\Program Files\SpeedFan
[2010-03-12 17:19:38 | 000,000,000 | —D | C] – C:\Program Files\Lavalys
[2010-03-10 20:26:06 | 000,000,000 | —D | C] – C:\Program Files\MSECache
[2010-03-10 17:59:14 | 000,000,000 | —D | C] – C:\Program Files\Metin2_PL
[2010-03-09 18:07:31 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek.gstreamer-0.10
[2010-03-09 16:31:53 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Dane aplikacji\OpenFM
[2010-03-08 18:30:32 | 000,000,000 | —D | C] – C:\Program Files\UltraISO
[2010-03-08 18:30:32 | 000,000,000 | —D | C] – C:\Documents and Settings\Tomek\Moje dokumenty\My ISO Files
[2010-03-08 18:30:32 | 000,000,000 | —D | C] – C:\Program Files\Common Files\EZB Systems
[2009-12-21 21:46:30 | 000,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-12-21 21:46:30 | 000,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-12-21 21:46:30 | 000,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-12-21 21:46:30 | 000,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[1 C:\Documents and Settings\Tomek\Moje dokumenty*.tmp files -> C:\Documents and Settings\Tomek\Moje dokumenty*.tmp ->]
========== Files - Modified Within 30 Days ==========
[2010-04-07 17:23:48 | 000,561,664 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Tomek\Pulpit\OTL.exe
[2010-04-07 17:15:27 | 001,097,086 | ---- | M] () – C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-07 17:15:27 | 000,493,834 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat
[2010-04-07 17:15:27 | 000,435,568 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat
[2010-04-07 17:15:27 | 000,085,032 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat
[2010-04-07 17:15:27 | 000,068,272 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat
[2010-04-07 17:12:38 | 000,067,872 | ---- | M] () – C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-04-07 17:11:27 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2010-04-07 17:11:22 | 000,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT
[2010-04-07 17:11:18 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2010-04-07 17:11:14 | 000,266,208 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-07 17:10:33 | 003,932,160 | ---- | M] () – C:\Documents and Settings\Tomek\ntuser.dat
[2010-04-07 17:10:31 | 000,000,292 | -HS- | M] () – C:\Documents and Settings\Tomek\ntuser.ini
[2010-04-07 13:25:32 | 000,000,600 | ---- | M] () – C:\Documents and Settings\Tomek\PUTTY.RND
[2010-04-07 00:13:46 | 000,001,006 | ---- | M] () – C:\WINDOWS\win.ini
[2010-04-07 00:13:46 | 000,000,227 | ---- | M] () – C:\WINDOWS\system.ini
[2010-04-07 00:13:46 | 000,000,151 | -HS- | M] () – C:\boot.ini
[2010-04-06 22:56:30 | 034,372,096 | ---- | M] () – C:\Documents and Settings\Tomek\Pulpit\eav_nt32_plk.msi
[2010-04-06 22:21:12 | 000,000,472 | ---- | M] () – C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-04-06 22:20:57 | 000,015,688 | ---- | M] () – C:\WINDOWS\System32\lsdelete.exe
[2010-04-06 22:18:50 | 000,000,867 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk
[2010-04-06 22:18:05 | 060,857,536 | ---- | M] (Lavasoft ) – C:\Documents and Settings\Tomek\Pulpit\Ad-AwareAE.exe
[2010-04-06 20:19:49 | 003,718,942 | -H-- | M] () – C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-04-06 15:48:14 | 000,048,128 | ---- | M] () – C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-04 16:14:30 | 000,022,016 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\Witam Serdecznie.doc
[2010-04-04 13:57:51 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) – C:\WINDOWS\System32\drivers\sptd.sys
[2010-04-04 13:39:28 | 000,026,923 | ---- | M] () – C:\Documents and Settings\Tomek\Pulpit\SPTD-162.rtf
[2010-04-03 19:45:38 | 000,004,096 | ---- | M] () – C:\WINDOWS\d3dx.dat
[2010-04-03 19:33:02 | 000,004,507 | ---- | M] () – C:\WINDOWS\imsins.BAK
[2010-04-03 19:08:34 | 000,000,085 | ---- | M] () – C:\WINDOWS\mopyfish.ini
[2010-04-03 18:56:55 | 000,000,163 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\fix.reg
[2010-04-03 14:04:40 | 000,096,512 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\atapi.sys
[2010-04-03 10:13:05 | 000,281,760 | ---- | M] () – C:\WINDOWS\System32\drivers\atksgt.sys
[2010-04-03 10:13:05 | 000,025,888 | ---- | M] () – C:\WINDOWS\System32\drivers\lirsgt.sys
[2010-04-01 22:40:16 | 000,001,602 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2010-03-27 22:58:41 | 011,123,246 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie3.wav
[2010-03-27 22:45:47 | 010,764,846 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie1.wav
[2010-03-27 22:35:22 | 027,161,646 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie.wav
[2010-03-27 22:34:06 | 003,225,646 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie2.wav
[2010-03-25 22:53:35 | 000,000,023 | ---- | M] () – C:\nxsystem.cfg
[2010-03-23 19:49:00 | 000,014,320 | ---- | M] () – C:\WINDOWS\MOPYFISH.SCR
[2010-03-23 19:49:00 | 000,010,944 | ---- | M] () – C:\WINDOWS\BYEFISH.EXE
[2010-03-23 19:48:48 | 000,000,048 | ---- | M] () – C:\WINDOWS\scmate.ini
[2010-03-21 21:25:56 | 153,165,824 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie1.avi
[2010-03-21 21:17:55 | 086,872,576 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie6.avi
[2010-03-21 21:13:20 | 000,021,573 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie5.wmv
[2010-03-21 21:10:35 | 066,659,840 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie.avi
[2010-03-21 20:52:59 | 136,390,656 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie5.avi
[2010-03-21 20:48:19 | 024,038,521 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie4.wmv
[2010-03-20 23:10:19 | 017,318,359 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie3.wmv
[2010-03-20 22:45:10 | 019,734,545 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie1.wmv
[2010-03-20 22:23:18 | 013,286,659 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie.wmv
[2010-03-20 21:23:36 | 000,356,352 | ---- | M] (eSellerate Inc.) – C:\WINDOWS\eSellerateEngine.dll
[2010-03-20 19:20:12 | 000,871,052 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\andrzej bogucki - trzej przyjaciele z boiska3.mp3
[2010-03-20 14:42:22 | 000,782,445 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\andrzej bogucki - trzej przyjaciele z boiska2.mp3
[2010-03-20 14:34:52 | 000,776,594 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\andrzej bogucki - trzej przyjaciele z boiska.mp3
[2010-03-20 00:52:38 | 000,000,749 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\E.M. PowerPoint Video Converter.lnk
[2010-03-20 00:36:32 | 001,471,766 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\Jagiellonia Białystok.avi
[2010-03-19 19:52:47 | 000,000,751 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\VideoGet.lnk
[2010-03-18 22:39:59 | 000,481,280 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\Jagiellonia Białystok.ppt
[2010-03-15 22:54:38 | 000,012,848 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\Bibliografia.docx
[2010-03-15 20:30:55 | 000,002,267 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-03-13 11:05:09 | 000,000,674 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Counter-Strike 1.6.lnk
[2010-03-13 11:05:09 | 000,000,655 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Half-Life.lnk
[2010-03-12 17:22:32 | 000,000,045 | ---- | M] () – C:\WINDOWS\System32\initdebug.nfo
[2010-03-10 21:29:44 | 000,015,500 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\11.docx
[2010-03-09 19:15:48 | 000,000,716 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\BitComet.lnk
[2010-03-08 18:00:24 | 000,000,528 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\cc_20100308_170003.reg
[2010-03-08 17:46:57 | 000,000,922 | ---- | M] () – C:\Documents and Settings\Tomek\Moje dokumenty\cc_20100308_164641.reg
[1 C:\Documents and Settings\Tomek\Moje dokumenty*.tmp files -> C:\Documents and Settings\Tomek\Moje dokumenty*.tmp ->]
========== Files Created - No Company Name ==========
[2010-04-06 23:04:38 | 000,000,151 | -HS- | C] () – C:\boot.ini
[2010-04-06 22:47:24 | 034,372,096 | ---- | C] () – C:\Documents and Settings\Tomek\Pulpit\eav_nt32_plk.msi
[2010-04-06 22:30:45 | 000,015,688 | ---- | C] () – C:\WINDOWS\System32\lsdelete.exe
[2010-04-06 22:21:12 | 000,000,472 | ---- | C] () – C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-04-06 22:18:50 | 000,000,867 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk
[2010-04-04 16:14:29 | 000,022,016 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\Witam Serdecznie.doc
[2010-04-04 13:39:27 | 000,026,923 | ---- | C] () – C:\Documents and Settings\Tomek\Pulpit\SPTD-162.rtf
[2010-04-03 19:45:38 | 000,004,096 | ---- | C] () – C:\WINDOWS\d3dx.dat
[2010-04-03 18:56:55 | 000,000,163 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\fix.reg
[2010-04-03 10:13:05 | 000,281,760 | ---- | C] () – C:\WINDOWS\System32\drivers\atksgt.sys
[2010-04-03 10:13:05 | 000,025,888 | ---- | C] () – C:\WINDOWS\System32\drivers\lirsgt.sys
[2010-04-02 00:25:18 | 000,004,507 | ---- | C] () – C:\WINDOWS\imsins.BAK
[2010-03-27 22:58:40 | 011,123,246 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie3.wav
[2010-03-27 22:45:46 | 010,764,846 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie1.wav
[2010-03-27 22:35:18 | 027,161,646 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie.wav
[2010-03-27 22:34:06 | 003,225,646 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie2.wav
[2010-03-25 22:53:35 | 000,000,023 | ---- | C] () – C:\nxsystem.cfg
[2010-03-23 19:49:16 | 000,014,320 | ---- | C] () – C:\WINDOWS\MOPYFISH.SCR
[2010-03-23 19:49:16 | 000,010,944 | ---- | C] () – C:\WINDOWS\BYEFISH.EXE
[2010-03-23 19:48:58 | 000,000,085 | ---- | C] () – C:\WINDOWS\mopyfish.ini
[2010-03-23 19:48:48 | 000,000,048 | ---- | C] () – C:\WINDOWS\scmate.ini
[2010-03-21 21:24:23 | 153,165,824 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie1.avi
[2010-03-21 21:16:23 | 086,872,576 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie6.avi
[2010-03-21 21:13:19 | 000,021,573 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie5.wmv
[2010-03-21 21:09:27 | 066,659,840 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie.avi
[2010-03-21 20:51:15 | 136,390,656 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie5.avi
[2010-03-21 20:45:14 | 024,038,521 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie4.wmv
[2010-03-20 23:07:07 | 017,318,359 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie3.wmv
[2010-03-20 22:42:25 | 019,734,545 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie1.wmv
[2010-03-20 22:20:57 | 013,286,659 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\MyMovie.wmv
[2010-03-20 19:20:06 | 000,871,052 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\andrzej bogucki - trzej przyjaciele z boiska3.mp3
[2010-03-20 14:42:16 | 000,782,445 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\andrzej bogucki - trzej przyjaciele z boiska2.mp3
[2010-03-20 14:34:45 | 000,776,594 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\andrzej bogucki - trzej przyjaciele z boiska.mp3
[2010-03-20 00:52:38 | 000,000,749 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\E.M. PowerPoint Video Converter.lnk
[2010-03-20 00:36:29 | 001,471,766 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\Jagiellonia Białystok.avi
[2010-03-19 20:15:04 | 008,676,883 | ---- | C] () – C:\WINDOWS\System32\NCMedia2.dll
[2010-03-19 20:15:04 | 000,758,018 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll
[2010-03-19 20:15:04 | 000,180,224 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll
[2010-03-19 19:52:47 | 000,000,751 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\VideoGet.lnk
[2010-03-18 22:39:59 | 000,481,280 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\Jagiellonia Białystok.ppt
[2010-03-15 22:54:35 | 000,012,848 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\Bibliografia.docx
[2010-03-12 17:22:31 | 000,000,045 | ---- | C] () – C:\WINDOWS\System32\initdebug.nfo
[2010-03-10 20:12:31 | 000,015,500 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\11.docx
[2010-03-08 18:00:04 | 000,000,528 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\cc_20100308_170003.reg
[2010-03-08 17:46:43 | 000,000,922 | ---- | C] () – C:\Documents and Settings\Tomek\Moje dokumenty\cc_20100308_164641.reg
[2010-03-03 19:27:29 | 000,000,097 | ---- | C] () – C:\WINDOWS\System32\PICSDK.ini
[2010-02-26 22:23:09 | 000,000,600 | ---- | C] () – C:\Documents and Settings\Tomek\PUTTY.RND
[2010-02-26 21:01:20 | 000,000,421 | ---- | C] () – C:\WINDOWS\ODBC.INI
[2010-02-13 18:34:54 | 003,932,160 | ---- | C] () – C:\Documents and Settings\Tomek\ntuser.dat
[2010-02-13 18:10:00 | 000,002,528 | ---- | C] () – C:\Documents and Settings\Tomek\Dane aplikacji$_hpcst$.hpc
[2010-02-10 18:23:43 | 000,048,128 | ---- | C] () – C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-10 18:22:14 | 000,000,292 | -HS- | C] () – C:\Documents and Settings\Tomek\ntuser.ini
[2010-02-10 18:22:12 | 000,001,024 | -H-- | C] () – C:\Documents and Settings\Tomek\NTUSER.DAT.LOG
[2010-02-07 16:31:14 | 000,000,754 | ---- | C] () – C:\WINDOWS\WORDPAD.INI
[2009-12-26 14:16:24 | 000,024,576 | R— | C] () – C:\WINDOWS\VMPipe.dll
[2009-12-22 17:21:30 | 000,178,176 | ---- | C] () – C:\WINDOWS\System32\unrar.dll
[2009-12-21 22:19:57 | 000,005,606 | ---- | C] () – C:\WINDOWS\System32\stci.dll
[2007-10-25 18:26:10 | 000,007,168 | ---- | C] () – C:\WINDOWS\System32\drivers\StarOpen.sys
[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () – C:\WINDOWS\System32\OUTLPERF.INI
[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () – C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010-02-06 22:33:35 | 000,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 10
[2010-02-10 12:43:46 | 000,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\ipla
[2009-12-21 22:49:38 | 000,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu
[2010-02-07 12:17:03 | 000,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\OpenFM
[2010-01-09 22:14:12 | 000,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\PC Suite
[2010-01-09 22:10:44 | 000,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\Samsung
[2010-02-04 20:32:43 | 000,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\Sports Interactive
[2010-04-06 21:29:47 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\AlawarWrapper
[2010-02-27 14:37:17 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited
[2010-04-03 17:44:08 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-03-09 19:26:46 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
[2010-03-03 21:28:55 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\EPSON
[2010-04-06 22:59:12 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-02-06 22:33:39 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-03-20 00:23:35 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\GeoVid
[2010-01-30 00:00:33 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2010-03-20 14:17:18 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\MotionDSP
[2010-03-26 22:33:31 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2010-01-09 22:14:13 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-02-04 20:38:58 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Sports Interactive
[2010-04-02 00:04:20 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2010-03-03 19:29:47 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\UDL
[2010-04-06 22:18:51 | 000,000,000 | -H-D | M] – C:\Documents and Settings\All Users\Dane aplikacji{EF63305C-BAD7-4144-9208-D65528260864}
[2010-02-23 15:29:00 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Ace
[2010-02-27 14:37:17 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Canneverbe Limited
[2010-03-22 14:20:50 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\ChomikBox
[2010-04-03 17:44:02 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\DAEMON Tools Lite
[2010-03-03 21:47:12 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\EPSON
[2010-02-10 21:19:55 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Gadu-Gadu 10
[2010-03-20 00:24:06 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\GeoVid
[2010-04-06 21:29:27 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\ipla
[2010-03-20 14:12:03 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\MotionDSP
[2010-03-20 23:51:54 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Moyea
[2010-03-03 21:29:54 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Nowe Gadu-Gadu
[2010-03-09 16:31:53 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\OpenFM
[2010-03-06 20:02:43 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Opera
[2010-02-13 18:10:03 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\PC Suite
[2010-03-09 19:30:16 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Samsung
[2010-02-13 16:35:16 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Sports Interactive
[2010-04-06 22:31:38 | 000,000,000 | —D | M] – C:\Documents and Settings\Tomek\Dane aplikacji\uTorrent
[2010-04-06 21:29:45 | 000,000,000 | --SD | M] – C:\Documents and Settings\Tomek\Dane aplikacji\Virtual CD v10
[2010-04-06 22:21:12 | 000,000,472 | ---- | M] () – C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 943 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:24721E3C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:94A19129
< End of report >
Usuń ten plik chyba nie będzie już potrzebny
W okno Custom Scans/Fixes w OTL wklej:
Klikasz na Run Fix. Jeśli zajdzie taka potrzeba restartujesz komputer. Log z usuwania na forum
Po tym Uruchom OTL klikasz CleanUp to usunie OTL z dysku
Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja
Pobierz Malwarebytes http://www.dobreprogramy.pl/Malwarebyte … 13117.html Wykonaj pełne skanowanie Usuń co znajdzie program daj log na forum
z usuwania\
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-220523388-1958367476-1417001333-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
Prefs.js: “Ask.com” removed from browser.search.defaultengine
Prefs.js: “Ask.com” removed from browser.search.defaultenginename
Prefs.js: “Ask.com” removed from browser.search.order.1
Prefs.js: toolbar@ask.com:3.6.6.117 removed from extensions.enabledItems
Prefs.js: “http://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15158&locale=en_US&q=” removed from keyword.URL
OTL by OldTimer - Version 3.2.1.0 log created on 04072010_173650
No OK wykonaj pozostałe zalecenia
Już zabieram sie za skan, nie smigal mi net przez chwilke, i tak jak mowilem cos jest z tym ze ciagle mi dwie stronki same wysakują ;/
– Dodane 07.04.2010 (Śr) 18:47 –
16 plikow znalazlo oto log:
Malwarebytes’ Anti-Malware 1.45
Wersja bazy: 3965
Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 8.0.6001.18702
10-04-07 18:45:56
mbam-log-2010-04-07 (18-45-56).txt
Typ skanowania: Pełne skanowanie (C:|D:|)
Przeskanowano obiektów: 186996
Upłynęło: 36 minut(y), 27 sekund(y)
Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 10
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 1
Zainfekowanych plików: 5
Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych kluczy rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\adtools, inc. (Adware.AdTools) -> No action taken.
Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)
Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)
Zainfekowanych folderów:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
Zainfekowanych plików:
D:\foto\hw\SS Wall v4.4.exe (Spyware.OnlineGames) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> No action taken.
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\explorer.exe (Trojan.Agent) -> No action taken.
pousuwac te pliki /??
Tak oraz dodatkowo
W okno Custom Scans/Fixes w OTL wklej:
Klikasz na Run Fix. Log z usuwania na forum
========== OTL ==========
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
Folder move failed. C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com\logs scheduled to be moved on reboot.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com\defaults folder moved successfully.
Folder move failed. C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com\datastore scheduled to be moved on reboot.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-03-Apr-2010-07-11-41-GMT folder moved successfully.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com\chrome folder moved successfully.
Folder move failed. C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com scheduled to be moved on reboot.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\searchplugins\daemon-search.xml moved successfully.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\searchplugins\web-search.xml moved successfully.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\DTToolbar@toolbarnet.com-trash\components folder moved successfully.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\DTToolbar@toolbarnet.com-trash folder moved successfully.
OTL by OldTimer - Version 3.2.1.0 log created on 04072010_191902
Files\Folders moved on Reboot…
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\trivicj9.default\extensions\toolbar@ask.com folder moved successfully.
Registry entries deleted on Reboot…
prosze bardzo
A masz jakiś pomysł na te dwie wyskakujące stronki, nie wiem co to za go**o bo antyvir to blokuje a to sie czesto wwala i wkurza ??
– Dodane 07.04.2010 (Śr) 19:57 –
Ok, problem już rozwiązany, wielkie dzięki za pomoc i poświęcenie czasu. Pozdrawiam 