to mi wyskoczylo po restarcie kompa:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\wsctf.exe deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: grzesko
->Temp folder emptied: 1818394 bytes
->Temporary Internet Files folder emptied: 2022469 bytes
->Java cache emptied: 43056422 bytes
->Google Chrome cache emptied: 219276020 bytes
->Flash cache emptied: 52177 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352022 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 256,00 mb
OTL by OldTimer - Version 3.2.1.2 log created on 04182010_160021
Files\Folders moved on Reboot…
Registry entries deleted on Reboot…
log z OTL po normalnym scanie:
OTL logfile created on: 2010-04-18 16:10:18 - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Documents and Settings\grzesko\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 75,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 118,86 Gb Total Space | 4,74 Gb Free Space | 3,99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MACINTOSH
Current User Name: grzesko
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (All) ==========
PRC - [2010-04-18 15:58:52 | 000,562,176 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\grzesko\Pulpit\OTL.exe
PRC - [2010-04-04 07:42:51 | 000,036,272 | ---- | M] (Adobe Systems Incorporated) – C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2010-03-28 05:13:16 | 000,530,416 | ---- | M] (Google Inc.) – C:\Documents and Settings\grzesko\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
PRC - [2010-03-18 12:44:04 | 000,136,176 | ---- | M] (Google Inc.) – C:\Documents and Settings\grzesko\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010-03-10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) – C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009-11-11 10:57:36 | 001,451,520 | ---- | M] (Nokia) – C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009-10-27 09:26:36 | 000,657,408 | ---- | M] (Nokia) – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009-10-27 09:15:44 | 000,132,608 | ---- | M] (Nokia) – C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009-10-27 09:15:02 | 000,120,832 | ---- | M] (Nokia) – C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009-10-27 09:14:22 | 000,128,000 | ---- | M] (Nokia) – C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009-10-11 05:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-10-11 05:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-08-05 22:59:12 | 000,075,048 | ---- | M] (cyberlink) – C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2008-04-15 15:36:36 | 016,855,552 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\RTHDCPL.exe
PRC - [2008-04-15 15:34:38 | 000,249,856 | ---- | M] (Intel Corporation) – C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008-04-15 15:34:38 | 000,135,168 | ---- | M] (Intel Corporation) – C:\WINDOWS\system32\igfxtray.exe
PRC - [2008-04-15 15:34:37 | 000,159,744 | ---- | M] (Intel Corporation) – C:\WINDOWS\system32\hkcmd.exe
PRC - [2008-04-15 15:34:37 | 000,131,072 | ---- | M] (Intel Corporation) – C:\WINDOWS\system32\igfxpers.exe
PRC - [2008-04-14 22:51:52 | 000,218,112 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 22:51:50 | 000,126,464 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\wbem\wmiapsrv.exe
PRC - [2008-04-14 22:51:44 | 000,057,856 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-14 22:51:44 | 000,050,688 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\smss.exe
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [imgSVC]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-14 22:51:44 | 000,014,336 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\svchost.exe [bTHSVCS]
PRC - [2008-04-14 22:51:40 | 000,109,056 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\services.exe
PRC - [2008-04-14 22:51:40 | 000,033,280 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\rundll32.exe
PRC - [2008-04-14 22:51:32 | 000,070,144 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\NOTEPAD.EXE
PRC - [2008-04-14 22:51:24 | 000,013,312 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
PRC - [2008-04-14 22:51:12 | 000,006,144 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\csrss.exe
PRC - [2008-04-14 22:51:04 | 000,044,544 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\alg.exe
PRC - [2008-02-08 11:14:16 | 000,423,216 | ---- | M] (Apple Inc.) – C:\Program Files\Boot Camp\KbdMgr.exe
PRC - [2008-02-08 11:14:08 | 000,099,632 | ---- | M] (Apple Inc.) – C:\WINDOWS\system32\AppleTimeSrv.exe
PRC - [2008-02-08 11:14:02 | 000,132,400 | ---- | M] () – C:\WINDOWS\system32\AppleOSSMgr.exe
PRC - [2008-02-08 10:56:41 | 000,147,456 | ---- | M] (Apple Inc.) – C:\WINDOWS\system32\IRW.exe
PRC - [2008-01-31 14:01:38 | 000,159,744 | R— | M] (Brother Industries, Ltd.) – C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007-11-09 20:51:40 | 000,540,672 | ---- | M] (Brother Industries, Ltd.) – C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007-11-05 21:34:58 | 000,741,376 | ---- | M] (Brother Industries, Ltd.) – C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2007-10-11 20:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) – C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) – C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (All) ==========
MOD - [2010-04-18 15:58:52 | 000,562,176 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\grzesko\Pulpit\OTL.exe
MOD - [2008-04-14 22:51:58 | 000,146,432 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-14 22:50:58 | 000,580,096 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\user32.dll
MOD - [2008-04-14 22:50:58 | 000,219,648 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-14 22:50:58 | 000,067,584 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-14 22:50:58 | 000,018,944 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\version.dll
MOD - [2008-04-14 22:50:48 | 008,489,984 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-14 22:50:48 | 000,997,888 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-14 22:50:48 | 000,474,112 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-14 22:50:46 | 001,287,168 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-14 22:50:46 | 000,584,704 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-14 22:50:46 | 000,551,936 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-14 22:50:46 | 000,084,992 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-14 22:50:46 | 000,056,320 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\secur32.dll
MOD - [2008-04-14 22:50:46 | 000,023,040 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-14 22:50:40 | 000,343,040 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-14 22:50:36 | 001,018,368 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\kernel32.dll
MOD - [2008-04-14 22:50:32 | 000,285,184 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-14 22:50:32 | 000,185,344 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-14 22:50:14 | 000,280,064 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-14 22:50:00 | 000,686,592 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\advapi32.dll
MOD - [2008-04-14 22:49:16 | 000,714,240 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\ntdll.dll
MOD - [2008-04-14 22:29:10 | 001,054,208 | R— | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] – -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-10-27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe – (ServiceLayer)
SRV - [2008-02-08 11:14:08 | 000,099,632 | ---- | M] (Apple Inc.) [Auto | Running] – C:\WINDOWS\system32\AppleTimeSrv.exe – (AppleTimeSrv)
SRV - [2008-02-08 11:14:02 | 000,132,400 | ---- | M] () [Auto | Running] – C:\WINDOWS\system32\AppleOSSMgr.exe – (AppleOSSMgr)
========== Driver Services (SafeList) ==========
DRV - [2009-10-20 13:11:52 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] – C:\WINDOWS\system32\drivers\sptd.sys – (sptd)
DRV - [2009-10-06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys – (UsbserFilt)
DRV - [2009-10-06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ccdcmbo.sys – (nmwcdc)
DRV - [2009-10-06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ccdcmb.sys – (nmwcd)
DRV - [2009-10-06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\usbser_lowerflt.sys – (upperdev)
DRV - [2009-08-05 22:58:52 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/10/20 12:15:26] [Kernel | Auto | Running] – C:\Program Files\CyberLink\PowerDVD9\000.fcl – ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2008-08-26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\pccsmcfd.sys – (pccsmcfd)
DRV - [2008-04-15 15:36:37 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-04-15 15:34:41 | 005,851,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\igxpmp32.sys – (ialm)
DRV - [2008-04-15 15:30:29 | 000,019,968 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\KeyMagic.sys – (KeyMagic)
DRV - [2008-04-15 15:29:47 | 000,009,088 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\applebt.sys – (applebt)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\hdaudbus.sys – (HDAudBus)
DRV - [2008-02-08 11:00:34 | 000,255,232 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\yk51x86.sys – (yukonwxp)
DRV - [2008-02-08 10:58:26 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\BCMWL5.SYS – (BCM43XX)
DRV - [2008-02-08 10:57:29 | 000,017,664 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\iSightUP.sys – (iSightUpdate)
DRV - [2008-02-08 10:57:29 | 000,007,680 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\iSightFT.sys – (DevUpper)
DRV - [2008-02-08 10:57:16 | 000,035,072 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\aapltp.sys – (aapltp)
DRV - [2008-02-08 10:57:16 | 000,004,224 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\aapltctp.sys – (aapltctp)
DRV - [2008-02-08 10:56:56 | 000,005,504 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\KeyAgent.sys – (KeyAgent)
DRV - [2008-02-08 10:56:41 | 000,016,512 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\IRFilter.sys – (IRRemoteFlt)
DRV - [2008-02-08 10:55:48 | 000,006,528 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\MacHALDriver.sys – (MacHALDriver)
DRV - [2008-02-08 10:54:57 | 000,007,424 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\BthKicker.sys – (BthKicker)
DRV - [2004-10-15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\BrScnUsb.sys – (BrScnUsb)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyServer” = 127.0.0.1:8118
O1 HOSTS File: ([2001-10-26 19:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM…\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe (Apple Inc.)
O4 - HKLM…\Run: [bDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM…\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM…\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM…\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM…\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM…\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM…\Run: [iRW] C:\WINDOWS\system32\IRW.exe (Apple Inc.)
O4 - HKLM…\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM…\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM…\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKCU…\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU…\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2009-12-26 22:06:33 | 000,000,000 | —D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2009-12-26 22:06:33 | 000,000,000 | —D | M]
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\grzesko\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\grzesko\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-08-05 00:15:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM…comfile [open] – “%1” %*
O35 - HKLM…exefile [open] – “%1” %*
O37 - HKLM…com [@ = ComFile] – “%1” %*
O37 - HKLM…exe [@ = exefile] – “%1” %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-08-04 23:50:39 | 000,000,000 | —D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg: GoogleRdrNotify - hkey= - key= - C:\Program Files\BrainDotty\Google Reader Notifier\GoogleReaderNotifier.exe ()
MsConfig - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: RemoteControl9 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
MsConfig - State: “system.ini” - 0
MsConfig - State: “win.ini” - 0
MsConfig - State: “bootini” - 0
MsConfig - State: “services” - 0
MsConfig - State: “startup” - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
========== Files/Folders - Created Within 30 Days ==========
[2010-04-18 16:00:21 | 000,000,000 | —D | C] – C:_OTL
[2010-04-18 15:58:52 | 000,562,176 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\grzesko\Pulpit\OTL.exe
[2010-04-18 13:50:54 | 000,000,000 | -HSD | C] – C:\RECYCLER
[2010-04-18 13:14:06 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Pulpit\mv nora
[2010-04-17 17:26:44 | 000,051,232 | ---- | C] (gkweb) – C:\Documents and Settings\grzesko\Pulpit\wwdc_141_(dobreprogramy.pl).exe
[2010-04-16 13:38:07 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Pulpit\lagiat
[2010-04-15 20:54:17 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Pulpit\tapety_827
[2010-04-15 20:54:14 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Pulpit\tapety_8300_352
[2010-04-15 10:01:24 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Pulpit\volvo
[2010-04-14 21:43:34 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Dane aplikacji\Blackberry Desktop
[2010-04-14 20:35:33 | 000,000,000 | RH-D | C] – C:\Documents and Settings\grzesko\Moje dokumenty\Moje wideo
[2010-04-14 20:20:54 | 000,026,112 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\usbser.sys
[2010-04-14 19:55:49 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Moje dokumenty\NOkia E50
[2010-04-14 15:14:31 | 000,014,640 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010-04-14 15:13:28 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Dane aplikacji\Nokia
[2010-04-14 15:13:27 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Dane aplikacji\PC Suite
[2010-04-14 15:13:27 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-04-14 15:13:11 | 000,000,000 | —D | C] – C:\Program Files\Common Files\PCSuite
[2010-04-14 15:13:04 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Nokia
[2010-04-14 15:12:56 | 000,018,816 | ---- | C] (Nokia) – C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010-04-14 15:12:49 | 000,000,000 | —D | C] – C:\Program Files\PC Connectivity Solution
[2010-04-14 15:12:43 | 000,022,016 | ---- | C] (Nokia) – C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010-04-14 15:12:43 | 000,007,936 | ---- | C] (Nokia) – C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010-04-14 15:12:43 | 000,007,936 | ---- | C] (Nokia) – C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010-04-14 15:12:42 | 001,112,288 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2010-04-14 15:12:42 | 000,660,480 | ---- | C] (Nokia) – C:\WINDOWS\System32\nmwcdcocls.dll
[2010-04-14 15:12:42 | 000,017,664 | ---- | C] (Nokia) – C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010-04-14 15:12:39 | 000,091,136 | ---- | C] (Nokia) – C:\WINDOWS\System32\nmwcdcls.dll
[2010-04-14 15:12:39 | 000,000,000 | —D | C] – C:\Program Files\Nokia
[2010-04-14 15:11:57 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-04-14 13:59:35 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Dane aplikacji\Research In Motion
[2010-04-13 23:29:29 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Research In Motion
[2010-04-13 23:29:27 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Roxio Shared
[2010-04-13 23:29:15 | 000,000,000 | —D | C] – C:\Program Files\Research In Motion
[2010-04-13 23:29:15 | 000,000,000 | —D | C] – C:\Program Files\Common Files\Research In Motion
[2010-04-13 23:11:52 | 000,000,000 | —D | C] – C:\WINDOWS\SxsCaPendDel
[2010-04-09 21:23:47 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Pulpit\VA-Dirty_Dancing-_Legacy_Edition_-OST-2007-SAW
[2010-04-09 21:23:39 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Pulpit\Dirty Dancing- Ultimate Dirty Dancing SOUNDTRACK(THENEWS)
[2010-04-02 04:42:33 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Silverlight
[2010-03-27 22:44:31 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Moje dokumenty\DVDFab
[2010-03-27 22:44:25 | 000,000,000 | —D | C] – C:\Program Files\DVDFab 7
[2010-03-27 00:17:52 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Pulpit\LICENCJAT
[2010-03-23 16:18:24 | 000,000,000 | —D | C] – C:\Documents and Settings\grzesko\Pulpit\fuerteventura
[2010-01-16 15:50:34 | 000,000,000 | —D | M] – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2010-01-16 15:50:20 | 000,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-08-06 18:03:02 | 000,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple
[2009-08-05 00:18:53 | 000,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-08-05 00:15:40 | 000,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
========== Files - Modified Within 30 Days ==========
[2010-04-18 16:01:54 | 000,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT
[2010-04-18 16:01:52 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2010-04-18 16:00:47 | 006,029,312 | -H-- | M] () – C:\Documents and Settings\grzesko\NTUSER.DAT
[2010-04-18 16:00:47 | 000,000,188 | -HS- | M] () – C:\Documents and Settings\grzesko\ntuser.ini
[2010-04-18 16:00:24 | 000,490,866 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat
[2010-04-18 16:00:24 | 000,432,690 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat
[2010-04-18 16:00:24 | 000,084,078 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat
[2010-04-18 16:00:24 | 000,067,646 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat
[2010-04-18 16:00:23 | 001,087,636 | ---- | M] () – C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-18 15:58:52 | 000,562,176 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\grzesko\Pulpit\OTL.exe
[2010-04-18 15:56:48 | 000,193,776 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-18 15:49:00 | 000,001,140 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1500820517-1801674531-1003UA.job
[2010-04-18 11:49:01 | 000,001,088 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1500820517-1801674531-1003Core.job
[2010-04-18 10:55:49 | 000,029,696 | ---- | M] () – C:\Documents and Settings\grzesko\Pulpit\STRESZCZENIE.doc
[2010-04-18 10:55:44 | 000,037,376 | ---- | M] () – C:\Documents and Settings\grzesko\Pulpit\WzorOkladkiIOswiadczenie.doc
[2010-04-17 20:49:26 | 000,000,227 | ---- | M] () – C:\WINDOWS\system.ini
[2010-04-17 17:45:17 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2010-04-17 17:26:44 | 000,051,232 | ---- | M] (gkweb) – C:\Documents and Settings\grzesko\Pulpit\wwdc_141_(dobreprogramy.pl).exe
[2010-04-17 16:20:32 | 000,038,991 | ---- | M] () – C:\Documents and Settings\grzesko\Pulpit\a2ac5675b3.jpeg
[2010-04-16 13:37:23 | 000,448,000 | ---- | M] () – C:\Documents and Settings\grzesko\Pulpit\Grzegorz_konwertowanie.doc
[2010-04-15 21:18:57 | 000,019,968 | ---- | M] () – C:\Documents and Settings\grzesko\Pulpit\Nowy Dokument programu Microsoft Word.doc
[2010-04-15 18:03:00 | 000,000,284 | ---- | M] () – C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-04-15 15:23:21 | 000,154,112 | ---- | M] () – C:\Documents and Settings\grzesko\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-15 10:18:22 | 000,040,448 | ---- | M] () – C:\Documents and Settings\grzesko\Pulpit\Wzor_okladki_mgr.doc
[2010-04-15 10:18:13 | 000,048,640 | ---- | M] () – C:\Documents and Settings\grzesko\Pulpit\RegulaminProwadzeniaPisaniaIOcenyPracDyplomowych.doc
[2010-04-14 22:22:26 | 000,000,256 | ---- | M] () – C:\WINDOWS\System32\pool.bin
[2010-04-14 22:21:41 | 000,000,531 | ---- | M] () – C:\WINDOWS\win.ini
[2010-04-14 22:16:55 | 000,014,189 | ---- | M] () – C:\Documents and Settings\grzesko\Moje dokumenty\lista.csv
[2010-04-14 15:14:39 | 000,000,000 | -H-- | M] () – C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-04-14 15:14:37 | 000,000,000 | -H-- | M] () – C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-04-14 15:13:13 | 000,001,763 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk
[2010-04-14 14:09:51 | 000,706,891 | ---- | M] () – C:\Documents and Settings\grzesko\Moje dokumenty\LoaderBackup-(2010-04-14).ipd
[2010-04-13 23:29:31 | 000,001,729 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Desktop Manager.lnk
[2010-04-11 14:51:37 | 004,608,835 | ---- | M] () – C:\Documents and Settings\grzesko\Pulpit\rh+ - jezu, to znowu sie stalo.mp3
[2010-04-10 18:11:32 | 032,636,928 | ---- | M] () – C:\Documents and Settings\grzesko\Pulpit\Wideo001.3gp
[2010-04-09 18:41:01 | 000,014,625 | ---- | M] () – C:\Documents and Settings\grzesko\Pulpit\ściąga YKR.docx
[2010-04-09 18:41:00 | 000,013,426 | ---- | M] () – C:\Documents and Settings\grzesko\Pulpit\Ściąga na YOI.docx
[2010-04-09 09:36:24 | 000,000,411 | ---- | M] () – C:\WINDOWS\BRWMARK.INI
[2010-03-21 22:39:18 | 016,525,684 | ---- | M] () – C:\Documents and Settings\grzesko\Pulpit\CLIP0054.AVI
[2010-03-19 22:48:16 | 000,025,600 | ---- | M] () – C:\Documents and Settings\grzesko\Pulpit\OPINIA studencka adamczuk.doc
========== Files Created - No Company Name ==========
[2010-04-18 10:55:49 | 000,029,696 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\STRESZCZENIE.doc
[2010-04-18 10:55:44 | 000,037,376 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\WzorOkladkiIOswiadczenie.doc
[2010-04-17 20:44:34 | 000,261,632 | ---- | C] () – C:\WINDOWS\PEV.exe
[2010-04-17 20:44:34 | 000,077,312 | ---- | C] () – C:\WINDOWS\MBR.exe
[2010-04-17 16:20:32 | 000,038,991 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\a2ac5675b3.jpeg
[2010-04-15 21:18:50 | 000,019,968 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\Nowy Dokument programu Microsoft Word.doc
[2010-04-15 10:18:22 | 000,040,448 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\Wzor_okladki_mgr.doc
[2010-04-15 10:18:13 | 000,048,640 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\RegulaminProwadzeniaPisaniaIOcenyPracDyplomowych.doc
[2010-04-14 22:16:45 | 000,014,189 | ---- | C] () – C:\Documents and Settings\grzesko\Moje dokumenty\lista.csv
[2010-04-14 15:14:39 | 000,000,000 | -H-- | C] () – C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010-04-14 15:14:37 | 000,000,000 | -H-- | C] () – C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-04-14 15:13:13 | 000,001,763 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Nokia PC Suite.lnk
[2010-04-14 14:33:15 | 000,227,840 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\Czytaj WAZNE! 
[2010-04-14 14:09:51 | 000,706,891 | ---- | C] () – C:\Documents and Settings\grzesko\Moje dokumenty\LoaderBackup-(2010-04-14).ipd
[2010-04-14 13:59:40 | 000,000,256 | ---- | C] () – C:\WINDOWS\System32\pool.bin
[2010-04-13 23:29:31 | 000,001,729 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Desktop Manager.lnk
[2010-04-12 19:38:14 | 000,448,000 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\Grzegorz_konwertowanie.doc
[2010-04-11 14:47:44 | 004,608,835 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\rh+ - jezu, to znowu sie stalo.mp3
[2010-04-11 13:32:48 | 032,636,928 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\Wideo001.3gp
[2010-04-09 18:41:01 | 000,014,625 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\ściąga YKR.docx
[2010-04-09 18:41:00 | 000,013,426 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\Ściąga na YOI.docx
[2010-03-21 22:36:49 | 016,525,684 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\CLIP0054.AVI
[2010-03-19 22:48:16 | 000,025,600 | ---- | C] () – C:\Documents and Settings\grzesko\Pulpit\OPINIA studencka adamczuk.doc
[2009-10-25 23:39:29 | 000,000,034 | ---- | C] () – C:\WINDOWS\cdplayer.ini
[2009-09-21 23:43:11 | 000,117,392 | ---- | C] () – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2009-08-30 11:05:57 | 000,000,115 | ---- | C] () – C:\Documents and Settings\grzesko.asadminpass
[2009-08-30 11:05:48 | 000,000,771 | ---- | C] () – C:\Documents and Settings\grzesko.asadmintruststore
[2009-08-06 10:51:02 | 000,000,411 | ---- | C] () – C:\WINDOWS\BRWMARK.INI
[2009-08-06 10:45:33 | 000,000,114 | ---- | C] () – C:\WINDOWS\System32\BRLMW03A.INI
[2009-08-06 01:22:33 | 001,843,784 | ---- | C] () – C:\WINDOWS\System32\igklg400.dll
[2009-08-06 01:22:33 | 001,399,880 | ---- | C] () – C:\WINDOWS\System32\igklg450.dll
[2009-08-06 01:22:33 | 000,147,456 | ---- | C] () – C:\WINDOWS\System32\igfxCoIn_v4897.dll
[2009-08-06 01:22:33 | 000,104,636 | ---- | C] () – C:\WINDOWS\System32\igmedcompkrn.dll
[2009-08-06 01:08:00 | 000,106,496 | ---- | C] () – C:\WINDOWS\System32\BrMuSNMP.dll
[2009-08-06 01:06:32 | 000,031,567 | ---- | C] () – C:\WINDOWS\maxlink.ini
[2009-08-06 01:00:09 | 000,154,112 | ---- | C] () – C:\Documents and Settings\grzesko\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-06 00:54:52 | 000,000,421 | ---- | C] () – C:\WINDOWS\ODBC.INI
[2009-08-05 20:54:20 | 000,040,960 | ---- | C] () – C:\WINDOWS\System32\VPN.dll
[2009-08-05 00:36:59 | 000,910,464 | ---- | C] () – C:\WINDOWS\System32\igmedkrn.dll
[2009-08-05 00:36:59 | 000,204,800 | ---- | C] () – C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2009-08-05 00:24:16 | 000,001,024 | -H-- | C] () – C:\Documents and Settings\grzesko\ntuser.dat.LOG
[2009-08-05 00:24:16 | 000,000,188 | -HS- | C] () – C:\Documents and Settings\grzesko\ntuser.ini
[2009-08-05 00:24:15 | 006,029,312 | -H-- | C] () – C:\Documents and Settings\grzesko\NTUSER.DAT
========== LOP Check ==========
[2009-10-20 13:55:51 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2009-10-25 23:47:53 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Easy CD-DA Extractor
[2010-04-14 15:11:57 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-04-14 15:13:27 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-04-13 23:29:29 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Research In Motion
[2009-08-06 01:06:32 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft
[2010-02-06 00:02:12 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Temp
[2009-08-06 00:24:36 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Tlen.pl
[2010-01-15 21:40:10 | 000,000,000 | —D | M] – C:\Documents and Settings\grzesko\Dane aplikacji\Bidgood Svcs
[2010-04-14 21:43:34 | 000,000,000 | —D | M] – C:\Documents and Settings\grzesko\Dane aplikacji\Blackberry Desktop
[2009-10-20 13:57:00 | 000,000,000 | —D | M] – C:\Documents and Settings\grzesko\Dane aplikacji\DAEMON Tools Lite
[2009-08-06 00:23:53 | 000,000,000 | —D | M] – C:\Documents and Settings\grzesko\Dane aplikacji\Gadu-Gadu
[2009-11-14 18:33:43 | 000,000,000 | —D | M] – C:\Documents and Settings\grzesko\Dane aplikacji\GRaiN
[2010-04-14 21:49:24 | 000,000,000 | —D | M] – C:\Documents and Settings\grzesko\Dane aplikacji\Nokia
[2010-04-14 20:20:52 | 000,000,000 | —D | M] – C:\Documents and Settings\grzesko\Dane aplikacji\PC Suite
[2010-04-14 13:59:35 | 000,000,000 | —D | M] – C:\Documents and Settings\grzesko\Dane aplikacji\Research In Motion
[2010-04-18 11:27:13 | 000,000,000 | —D | M] – C:\Documents and Settings\grzesko\Dane aplikacji\Tlen.pl
[2010-04-02 15:08:18 | 000,000,000 | —D | M] – C:\Documents and Settings\grzesko\Dane aplikacji\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
%systemdrive%*.*
[2009-08-05 00:15:43 | 000,000,000 | ---- | M] () – C:\AUTOEXEC.BAT
[2008-11-30 11:48:08 | 000,008,712 | ---- | M] () – C:\bell.wav
[2009-08-05 00:08:12 | 000,000,211 | ---- | M] () – C:\Boot.bak
[2010-03-01 17:23:05 | 000,000,281 | RHS- | M] () – C:\boot.ini
[2001-07-22 02:13:54 | 000,004,952 | RHS- | M] () – C:\Bootfont.bin
[2004-08-04 00:00:14 | 000,262,400 | ---- | M] () – C:\cmldr
[2009-08-05 00:15:43 | 000,000,000 | ---- | M] () – C:\CONFIG.SYS
[2009-08-05 00:15:43 | 000,000,000 | RHS- | M] () – C:\IO.SYS
[2010-04-18 11:17:39 | 000,196,792 | ---- | M] () – C:\mksbasel.cpp.log
[2009-08-05 00:15:43 | 000,000,000 | RHS- | M] () – C:\MSDOS.SYS
[2008-04-13 22:13:04 | 000,047,564 | RHS- | M] () – C:\NTDETECT.COM
[2008-04-14 00:02:00 | 000,251,152 | RHS- | M] () – C:\ntldr
[2010-04-18 16:01:42 | 2110,492,672 | -HS- | M] () – C:\pagefile.sys
[2009-08-06 01:24:34 | 000,000,573 | ---- | M] () – C:\RHDSetup.log
MD5 for: AGP440.SYS
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file – C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
MD5 for: ATAPI.SYS
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file – C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 – C:\WINDOWS\ERDNT\cache\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 – C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 – C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 – C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 – C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
MD5 for: BEEP.SYS
[2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 – C:\WINDOWS\ERDNT\cache\beep.sys
[2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 – C:\WINDOWS\system32\dllcache\beep.sys
[2001-08-18 01:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 – C:\WINDOWS\system32\drivers\beep.sys
MD5 for: CDROM.SYS
[2008-04-14 23:09:56 | 020,110,420 | ---- | M] () .cab file – C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE – C:\WINDOWS\system32\drivers\cdrom.sys
MD5 for: NDIS.SYS
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D – C:\WINDOWS\ERDNT\cache\ndis.sys
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D – C:\WINDOWS\system32\dllcache\ndis.sys
[2008-04-14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D – C:\WINDOWS\system32\drivers\ndis.sys
MD5 for: USERINIT.EXE
[2008-04-14 22:51:46 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=2A5B37D520508BE6570A3EA79695F5B5 – C:\WINDOWS\ERDNT\cache\userinit.exe
[2008-04-14 22:51:46 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=2A5B37D520508BE6570A3EA79695F5B5 – C:\WINDOWS\system32\dllcache\userinit.exe
[2008-04-14 22:51:46 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=2A5B37D520508BE6570A3EA79695F5B5 – C:\WINDOWS\system32\userinit.exe
MD5 for: WINLOGON.EXE
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 – C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 – C:\WINDOWS\system32\dllcache\winlogon.exe
[2008-04-14 22:51:50 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 – C:\WINDOWS\system32\winlogon.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 113 bytes - C:\Documents and Settings\All Users\Dane aplikacji\Temp:1493A0EF
End of report
A jesli chodzi o pendrive’a i aparat… jak podlacze ktores z tych urzadzen do kompa, a sa one zainfekowane, to od razu zapewne przejdzie mi to na kompa ? i znowu od poczatku?
