talpin Napisano Wrzesień 23, 2010 Zgłoś Share Napisano Wrzesień 23, 2010 Witam mam problem, na moim pendrivie pojawiają się skróty, co nie co o tym czytałem jednak jestem kompletnie zielony w tych sprawach i chciałbym żeby ktoś mi pomógł OTL : OTL logfile created on: 2010-09-23 09:41:07 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = Z:\Pobieranie Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148,92 Gb Total Space | 121,29 Gb Free Space | 81,45% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive S: | 24,41 Gb Total Space | 5,00 Gb Free Space | 20,48% Space Free | Partition Type: NTFS Drive T: | 24,41 Gb Total Space | 5,00 Gb Free Space | 20,48% Space Free | Partition Type: NTFS Drive Z: | 44,07 Gb Total Space | 1,10 Gb Free Space | 2,49% Space Free | Partition Type: NTFS Computer Name: NTB004 Current User Name: kprzydryga Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-09-23 09:40:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- Z:\Pobieranie\OTL.exe PRC - [2010-09-23 09:20:55 | 000,262,144 | RHS- | M] () -- C:\Documents and Settings\kprzydryga\siakoa.exe PRC - [2010-09-16 11:41:44 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-09-16 11:41:39 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-08-23 14:00:01 | 000,058,024 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe PRC - [2010-08-16 10:07:09 | 000,783,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe PRC - [2010-08-16 10:07:09 | 000,492,200 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe PRC - [2010-07-16 08:05:16 | 000,365,248 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe PRC - [2010-06-10 08:13:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe PRC - [2010-06-10 08:12:57 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe PRC - [2010-04-01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2009-12-11 18:37:36 | 000,301,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSM32.EXE PRC - [2009-12-11 18:37:36 | 000,186,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSMA32.EXE PRC - [2009-12-11 18:37:34 | 000,088,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSHDLL32.EXE PRC - [2009-12-11 18:36:20 | 000,522,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\program\fsdfwd.exe PRC - [2009-12-11 18:35:18 | 000,219,760 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe PRC - [2009-01-30 00:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008-02-28 15:31:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe PRC - [2008-02-28 15:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2008-02-22 13:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2007-12-05 18:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe PRC - [2007-11-08 23:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe PRC - [2007-09-07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe PRC - [2007-07-25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2007-07-25 17:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2007-07-25 17:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe PRC - [2007-07-25 17:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2007-07-25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2007-07-25 17:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2007-07-25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2006-12-19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe PRC - [2006-03-04 17:40:30 | 000,882,176 | ---- | M] () -- C:\Program Files\Kalendarz XP\Kalendarz.exe PRC - [2004-03-04 17:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe ========== Modules (SafeList) ========== MOD - [2010-09-23 09:40:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- Z:\Pobieranie\OTL.exe MOD - [2010-08-04 08:47:04 | 000,435,760 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ExploitShield\fseshook.dll MOD - [2010-06-10 08:13:01 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\LMIRfsClientNP.dll MOD - [2009-12-11 18:37:50 | 000,256,624 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Spam Control\fsscoepl.dll MOD - [2009-12-11 18:37:36 | 000,148,592 | ---- | M] (F-Secure Corporation) -- c:\Program Files\F-Secure\Common\FSMA32.DLL MOD - [2009-12-11 18:37:34 | 000,174,704 | ---- | M] (F-Secure Corporation) -- c:\Program Files\F-Secure\Common\FSPMAPI.DLL MOD - [2008-04-14 19:20:41 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll MOD - [2008-04-14 19:20:41 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll MOD - [2008-04-14 19:20:41 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll MOD - [2008-04-14 19:20:40 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll MOD - [2008-04-14 19:20:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll MOD - [2008-04-14 19:20:21 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\fahngog.dll -- (EjOvbfyoseo) SRV - File not found [Disabled | Stopped] -- -- (aspnet_stateRpcSs) SRV - [2010-08-23 14:00:01 | 000,058,024 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2010-06-14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010-06-10 08:13:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2009-12-11 18:37:36 | 000,186,992 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA) SRV - [2009-12-11 18:36:20 | 000,522,864 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD) SRV - [2009-12-11 18:35:18 | 000,219,760 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2008-02-28 15:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2008-02-22 13:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC) SRV - [2007-12-05 18:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV) SRV - [2007-11-08 23:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2007-09-13 15:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService) SRV - [2007-09-07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2007-08-31 18:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2007-07-25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel® SRV - [2007-07-25 17:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel® SRV - [2007-07-25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel® SRV - [2007-07-25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel® SRV - [2006-12-19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon) ========== Driver Services (SafeList) ========== DRV - [2010-09-22 11:14:46 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010-09-15 11:08:32 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi) DRV - [2010-09-14 08:11:43 | 000,008,832 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi) DRV - [2010-08-31 11:25:51 | 000,041,624 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts) DRV - [2010-08-03 11:58:44 | 000,124,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2010-06-10 08:13:01 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-02-26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010-02-26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010-01-01 19:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009-12-11 18:37:16 | 000,068,080 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2009-12-11 18:36:20 | 000,080,016 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW) DRV - [2009-12-11 18:35:22 | 000,039,792 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter) DRV - [2009-12-11 18:35:22 | 000,025,200 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer) DRV - [2008-10-19 22:05:27 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-04-13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008-04-13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-02-28 15:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2007-12-05 18:24:44 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007-12-02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007-12-02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007-12-02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007-11-28 17:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2) DRV - [2007-09-24 21:35:46 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007-09-10 10:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr) DRV - [2007-09-07 10:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV) DRV - [2007-09-06 10:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE) DRV - [2007-08-12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Sterownik karty Intel® DRV - [2007-07-23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM) DRV - [2007-07-23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM) DRV - [2007-07-23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2007-07-23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2007-07-23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2007-07-23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM) DRV - [2007-07-23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM) DRV - [2007-07-23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2007-07-23 15:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2007-07-23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007-07-23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2007-07-23 15:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2007-05-29 16:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007-05-18 12:45:40 | 005,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007-04-26 15:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007-04-26 15:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007-04-26 15:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2007-04-26 15:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2007-04-26 15:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007-04-26 15:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007-04-26 15:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2007-03-18 16:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006-12-19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND) DRV - [2006-11-02 13:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01) DRV - [2005-08-12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV) DRV - [2004-08-03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2001-10-26 17:58:28 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001-08-17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001-08-17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001-08-17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001-08-17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001-08-17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001-08-17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001-08-17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001-08-17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001-08-17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001-08-17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001-08-17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001-08-17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001-08-17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001-08-17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=pl&s=bsd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2 FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2010-09-08 08:02:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-09-09 14:28:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-09-16 11:41:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-09-16 11:41:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-09-10 08:49:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-09-09 14:28:03 | 000,000,000 | ---D | M] [2009-12-31 13:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Mozilla\Extensions [2009-12-31 13:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010-09-21 11:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Mozilla\Firefox\Profiles\7p2ybu7b.default\extensions [2010-09-21 11:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Mozilla\Firefox\Profiles\7p2ybu7b.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010-05-05 08:07:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Mozilla\Firefox\Profiles\7p2ybu7b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-08-18 11:02:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Mozilla\Firefox\Profiles\7p2ybu7b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010-09-23 08:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-07-20 08:55:08 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-07-20 08:55:08 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2008-12-06 00:45:49 | 000,001,302 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-pl.xml [2010-07-20 08:55:09 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-07-20 08:55:09 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-07-20 08:55:09 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-07-20 08:55:09 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP) O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [boaveo] C:\Documents and Settings\kprzydryga\boaveo.exe File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [deiur] C:\Documents and Settings\kprzydryga\deiur.exe File not found O4 - HKCU..\Run: [doiof] C:\Documents and Settings\kprzydryga\doiof.exe File not found O4 - HKCU..\Run: [fauye] C:\Documents and Settings\kprzydryga\fauye.exe File not found O4 - HKCU..\Run: [gtxuew] C:\Documents and Settings\kprzydryga\gtxuew.exe File not found O4 - HKCU..\Run: [guoay] C:\Documents and Settings\kprzydryga\guoay.exe File not found O4 - HKCU..\Run: [hiaqeaz] C:\Documents and Settings\kprzydryga\hiaqeaz.exe File not found O4 - HKCU..\Run: [hskow] C:\Documents and Settings\kprzydryga\hskow.exe File not found O4 - HKCU..\Run: [laaemac] C:\Documents and Settings\kprzydryga\laaemac.exe File not found O4 - HKCU..\Run: [maetok] C:\Documents and Settings\kprzydryga\maetok.exe File not found O4 - HKCU..\Run: [meeaneb] C:\Documents and Settings\kprzydryga\meeaneb.exe File not found O4 - HKCU..\Run: [siakoa] C:\Documents and Settings\kprzydryga\siakoa.exe () O4 - HKCU..\Run: [taenol] C:\Documents and Settings\kprzydryga\taenol.exe File not found O4 - HKCU..\Run: [voiofi] C:\Documents and Settings\kprzydryga\voiofi.exe File not found O4 - HKCU..\Run: [yaoeqab] C:\Documents and Settings\kprzydryga\yaoeqab.exe File not found O4 - HKCU..\Run: [znkour] C:\Documents and Settings\kprzydryga\znkour.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://10.3.2.101:4343/officescan/console/...ll/WinNTChk.cab (ObjWinNTCheck Class) O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://10.3.2.101:4343/officescan/console/...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://10.3.2.101:4343/officescan/console/.../RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.3.2.101 194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kamien.kppsp.local O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\dell.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004-09-20 11:19:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-01-12 11:53:55 | 000,002,268 | ---- | M] () - C:\autorun.PNF -- [ NTFS ] O32 - Unable to obtain root file information for disk E:\ O33 - MountPoints2\{017e586c-92c7-11dd-ba28-002186463545}\Shell\AutoRun\command - "" = E:\qxbx9blb.com -- File not found O33 - MountPoints2\{017e586c-92c7-11dd-ba28-002186463545}\Shell\explore\Command - "" = E:\qxbx9blb.com -- File not found O33 - MountPoints2\{017e586c-92c7-11dd-ba28-002186463545}\Shell\open\Command - "" = E:\qxbx9blb.com -- File not found O33 - MountPoints2\{045cfb41-c74d-11dd-ba8e-001d09dbc32a}\Shell\AutoRun\command - "" = E:\6fnlpetp.exe -- File not found O33 - MountPoints2\{045cfb41-c74d-11dd-ba8e-001d09dbc32a}\Shell\explore\Command - "" = E:\6fnlpetp.exe -- File not found O33 - MountPoints2\{045cfb41-c74d-11dd-ba8e-001d09dbc32a}\Shell\open\Command - "" = E:\6fnlpetp.exe -- File not found O33 - MountPoints2\{129434e9-8fd7-11df-bd9e-002186463545}\Shell\AutoRun\command - "" = F:\Toshiba\Launcher\start.exe -- File not found O33 - MountPoints2\{338afafb-c565-11df-bde7-002186463545}\Shell - "" = AutoRun O33 - MountPoints2\{6a3940da-3be3-11df-bd13-002186463545}\Shell - "" = AutoRun O33 - MountPoints2\{6a3940da-3be3-11df-bd13-002186463545}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{758f33c0-7843-11df-bd75-002186463545}\Shell - "" = AutoRun O33 - MountPoints2\{894afda2-ca96-11dd-ba94-001d09dbc32a}\Shell - "" = AutoRun O33 - MountPoints2\{c103f980-ec68-11dd-bad9-001d09dbc32a}\Shell - "" = AutoRun O33 - MountPoints2\{d7b1222a-f749-11dd-bafb-bdd2003383ba}\Shell - "" = AutoRun O33 - MountPoints2\{d7b1222a-f749-11dd-bafb-bdd2003383ba}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{eb268ba5-3bc1-11df-bd12-002186463545}\Shell\AutoRun\command - "" = E:\apj.exe -- File not found O33 - MountPoints2\{ecaeb3f4-d7fe-11de-bc67-001f3ca3d406}\Shell - "" = AutoRun O33 - MountPoints2\{ecaeb3f4-d7fe-11de-bc67-001f3ca3d406}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{ee71f42a-e08e-11dd-babb-001d09dbc32a}\Shell - "" = AutoRun O33 - MountPoints2\{ee71f42b-e08e-11dd-babb-001d09dbc32a}\Shell\AutoRun\command - "" = F:\USBNB.exe -- File not found O33 - MountPoints2\{f7f3e3b8-78e6-11dd-ba0a-002186463545}\Shell\AutoRun\command - "" = F:\USBNB.exe -- File not found O33 - MountPoints2\{fa6e001c-5773-11df-bd3f-002186463545}\Shell\AutoRun\command - "" = l61yyp.exe O33 - MountPoints2\{fa6e001c-5773-11df-bd3f-002186463545}\Shell\open\Command - "" = l61yyp.exe O34 - HKLM BootExecute: (autocheck autochk /r \??\E:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-09-22 13:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes [2010-09-22 11:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft [2010-09-22 11:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2010-09-22 11:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\DAEMON Tools Lite [2010-09-22 11:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-09-22 08:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Procyon [2010-09-21 12:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Malwarebytes [2010-09-21 12:31:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010-09-21 12:31:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010-09-21 12:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2010-09-21 12:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010-09-21 11:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\GARMIN [2010-09-16 09:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee [2010-09-15 08:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\F-Secure [2010-09-13 15:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Pulpit\Pokazy [2010-09-09 15:07:43 | 000,000,000 | ---D | C] -- Z:\Ovi [2010-09-09 15:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2010-09-09 14:44:31 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll [2010-09-09 14:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Nokia [2010-09-09 14:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne\Dane aplikacji\NokiaAccount [2010-09-09 14:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne\Dane aplikacji\Nokia [2010-09-09 14:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-09-09 14:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\PC Suite [2010-09-09 14:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2010-09-09 14:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2010-09-09 14:27:50 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2010-09-09 14:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010-09-09 14:27:27 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys [2010-09-09 14:27:25 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys [2010-09-09 14:27:24 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys [2010-09-09 14:27:23 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys [2010-09-09 14:27:22 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys [2010-09-09 14:27:21 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll [2010-09-09 14:27:21 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll [2010-09-09 14:27:21 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys [2010-09-09 14:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaInstallerCache [2010-09-09 14:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia [2010-09-06 09:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Pulpit\XM-06-09-210 [2010-08-31 08:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Pulpit\APEL [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010-09-23 09:26:48 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\sauee.sys [2010-09-23 09:23:29 | 001,143,114 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-09-23 09:23:29 | 000,509,966 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-09-23 09:23:29 | 000,450,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-09-23 09:23:29 | 000,093,138 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-09-23 09:23:29 | 000,075,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-09-23 09:20:55 | 000,262,144 | RHS- | M] () -- C:\Documents and Settings\kprzydryga\siakoa.exe [2010-09-23 09:19:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-09-23 09:18:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-09-23 09:18:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-09-23 09:18:36 | 2136,965,120 | -HS- | M] () -- C:\hiberfil.sys [2010-09-23 09:17:50 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\kprzydryga\ntuser.dat [2010-09-23 09:17:34 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\kprzydryga\ntuser.ini [2010-09-22 13:23:28 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne.lnk [2010-09-22 13:23:28 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Moje dokumenty.lnk [2010-09-22 13:23:28 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Dane aplikacji.lnk [2010-09-22 13:23:28 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\kprzydryga\IECompatCache.lnk [2010-09-22 13:23:28 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\kprzydryga\New Folder.lnk [2010-09-22 13:23:28 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Menu Start.lnk [2010-09-22 13:23:28 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\kprzydryga\IETldCache.lnk [2010-09-22 13:23:28 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\kprzydryga\PrintHood.lnk [2010-09-22 13:23:28 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Passwords.lnk [2010-09-22 13:23:28 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Documents.lnk [2010-09-22 13:23:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Ulubione.lnk [2010-09-22 13:23:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Szablony.lnk [2010-09-22 13:23:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\kprzydryga\PrivacIE.lnk [2010-09-22 13:23:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Pictures.lnk [2010-09-22 13:23:28 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\kprzydryga\NetHood.lnk [2010-09-22 13:23:28 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Cookies.lnk [2010-09-22 13:23:28 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\kprzydryga\SendTo.lnk [2010-09-22 13:23:28 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Recent.lnk [2010-09-22 13:23:28 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Pulpit.lnk [2010-09-22 13:23:28 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Video.lnk [2010-09-22 13:23:28 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Music.lnk [2010-09-22 13:23:28 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\kprzydryga\...lnk [2010-09-22 13:23:28 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\kprzydryga\..lnk [2010-09-22 13:17:48 | 000,000,126 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib [2010-09-22 13:16:59 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CloneDVD2.lnk [2010-09-22 11:48:58 | 000,000,135 | RHS- | M] () -- C:\Documents and Settings\kprzydryga\autorun.inf [2010-09-22 11:15:58 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CloneCD.lnk [2010-09-22 11:14:46 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-09-22 10:31:53 | 004,274,418 | -H-- | M] () -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-09-21 13:17:52 | 000,282,624 | RHS- | M] () -- C:\Documents and Settings\kprzydryga\znkourx.exe [2010-09-21 13:15:07 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-09-20 09:42:06 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\kprzydryga\vanat.exe [2010-09-16 11:34:11 | 000,001,840 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-09-15 11:31:56 | 000,033,132 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Pulpit\VINIETY.docx [2010-09-15 11:08:32 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys [2010-09-14 08:11:43 | 000,008,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\wmiacpi.sys [2010-09-09 14:44:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010-09-09 14:44:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010-09-09 14:30:35 | 000,001,794 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia Ovi Suite.lnk [2010-09-06 13:53:16 | 000,000,099 | ---- | M] () -- C:\WINDOWS\WirelessFTP.INI [2010-08-31 11:25:51 | 000,041,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2010-08-27 14:17:02 | 003,192,320 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Pulpit\instrukcja_WPiA_UŁ.doc [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010-09-23 09:26:48 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\sauee.sys [2010-09-23 09:20:55 | 000,262,144 | RHS- | C] () -- C:\Documents and Settings\kprzydryga\siakoa.exe [2010-09-23 08:08:26 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\kprzydryga\vanat.exe [2010-09-22 13:16:59 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CloneDVD2.lnk [2010-09-22 11:49:36 | 000,000,126 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib [2010-09-22 11:15:58 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CloneCD.lnk [2010-09-22 11:14:45 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010-09-22 08:04:24 | 000,282,624 | RHS- | C] () -- C:\Documents and Settings\kprzydryga\znkourx.exe [2010-09-21 12:30:39 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\kprzydryga\New Folder.lnk [2010-09-21 12:30:39 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Passwords.lnk [2010-09-21 12:30:39 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Documents.lnk [2010-09-21 12:30:39 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Pictures.lnk [2010-09-21 12:30:39 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Video.lnk [2010-09-21 12:30:39 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Music.lnk [2010-09-15 11:31:55 | 000,033,132 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Pulpit\VINIETY.docx [2010-09-15 11:08:32 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys [2010-09-14 08:11:43 | 000,008,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\wmiacpi.sys [2010-09-13 08:12:22 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne [2010-09-13 08:12:22 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\kprzydryga\wave_license.txt [2010-09-13 08:12:22 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Moje dokumenty [2010-09-13 08:12:22 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Dane aplikacji [2010-09-13 08:12:22 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\kprzydryga\IECompatCache [2010-09-13 08:12:22 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Menu Start [2010-09-13 08:12:22 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\kprzydryga\IETldCache [2010-09-13 08:12:22 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\kprzydryga\PrintHood [2010-09-13 08:12:22 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Ulubione [2010-09-13 08:12:22 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Szablony [2010-09-13 08:12:22 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\kprzydryga\PrivacIE [2010-09-13 08:12:22 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\kprzydryga\NetHood [2010-09-13 08:12:22 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Cookies [2010-09-13 08:12:22 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\kprzydryga\SendTo [2010-09-13 08:12:22 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Recent [2010-09-13 08:12:22 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Pulpit [2010-09-13 08:12:22 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\kprzydryga\.. [2010-09-13 08:12:19 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\kprzydryga\. [2010-09-13 08:12:18 | 000,000,135 | RHS- | C] () -- C:\Documents and Settings\kprzydryga\autorun.inf [2010-09-09 14:44:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2010-09-09 14:44:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010-09-09 14:30:35 | 000,001,794 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nokia Ovi Suite.lnk [2010-08-27 14:17:01 | 003,192,320 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Pulpit\instrukcja_WPiA_UŁ.doc [2010-02-24 15:00:10 | 000,041,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2009-10-21 15:07:14 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI [2009-08-20 09:16:00 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MARPLOT.INI [2009-08-19 11:50:57 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\NOAA_32.DLL [2009-08-19 11:50:57 | 000,048,640 | ---- | C] () -- C:\WINDOWS\NOAA_32.DLL [2009-07-23 11:44:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll [2009-03-31 19:58:06 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini [2009-01-08 13:20:07 | 000,008,692 | ---- | C] () -- C:\WINDOWS\cfgms.ini [2009-01-08 13:20:07 | 000,007,841 | ---- | C] () -- C:\WINDOWS\cfgspyms.ini [2009-01-08 13:20:06 | 000,007,806 | ---- | C] () -- C:\WINDOWS\cfgms_ex.ini [2009-01-06 13:47:18 | 000,013,633 | ---- | C] () -- C:\WINDOWS\cfgall.ini [2008-10-05 12:19:31 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-09-02 14:07:57 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008-09-02 14:07:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-09-02 13:56:14 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ricdb.ini [2008-09-02 13:56:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini [2008-09-02 13:52:11 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2008-09-02 13:52:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne\Dane aplikacji\WavXMapDrive.bat [2008-08-06 09:41:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2008-08-06 09:41:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008-08-06 09:38:43 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008-08-06 09:31:31 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll [2008-08-06 09:28:57 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll [2008-08-06 09:28:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll [2008-08-06 08:58:46 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2008-08-06 08:58:46 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll [2008-08-06 08:57:29 | 000,001,279 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2007-09-13 15:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll [2007-09-13 15:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll [2007-09-13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll [2007-09-13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll [2007-09-13 15:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll [2007-09-13 15:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll [2007-09-13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll [2007-09-13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll [2007-09-13 15:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll [2007-09-13 15:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll [2007-09-13 15:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll [2007-09-12 16:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll [2007-09-12 16:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll [2007-09-12 16:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll [2007-09-12 16:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll [2007-09-12 16:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll [2007-09-12 16:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll [2007-09-12 16:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll [2007-09-12 16:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll [2007-09-12 16:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll [2007-09-12 16:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll [2007-09-10 10:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll [2007-06-15 11:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll [2006-08-14 12:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll [2006-06-12 09:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll [2005-09-02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005-07-22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004-09-20 11:16:43 | 000,003,619 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004-09-10 14:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll [2004-09-10 14:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll [2004-07-20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004-01-15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\WINDOWS:E75C12AADDE59509 < End of report > Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Wrzesień 23, 2010 Zgłoś Share Napisano Wrzesień 23, 2010 No to na początek poproszę o kilka dokładniejszych logów. 1. Jeśli masz programy emulujące napędy, to ściągnij program Defogger, uruchom go i wyłącz nim emulację napędów. 2. W OTL w sekcji Rejestr - skan dodatkowy zaznacz opcję Użyj filtrowania, poza tym pozaznaczaj również opcje Infekcja LOP - Sprawdzanie oraz Infekcja Purity - Sprawdzanie, Skanuj wszystkich użytkowników i kliknij skanuj. 3. Ściągnij program GMER. Nie zmieniaj żadnych opcji i kliknij przycisk Szukaj. Po zakończeniu pracy zostaniesz poinformowany, że log został zapisany w schowku. Otwórz notatnik, wklej go i zapisz na dysku. Logi powstałe w krokach 2 oraz 3 (czyli dwa logi z OTL oraz log z GMERa) wrzuć na forum. Najlepiej jako załącznik do posta, albo na wklej.org i daj linki na forum. W razie problemów z GMERem spróbuj go odpalić w trybie awaryjnym, jeśli i tam będzie sprawiał kłopoty, to daj znać. Link do komentarza Udostępnij na innych stronach More sharing options...
talpin Napisano Wrzesień 24, 2010 Autor Zgłoś Share Napisano Wrzesień 24, 2010 Nie mam programu emulującego, pliki z OTL wysyłam, a GMER mi się zawiesza i wyskakuje błąd na niebieskim tle (tryb awaryjny).Extras.TxtOTL.Txt Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Wrzesień 24, 2010 Zgłoś Share Napisano Wrzesień 24, 2010 W takim razie zrób co następuje. 1. Ściągnij program RootRepeal. 2. Uruchom go. Przejdź do karty Report i kliknij opcję Scan. 3. W oknie, które się pojawi zaznacz wszystkie opcje. 4. W następnym oknie zaznacz tylko dysk systemowy. 5. Program będzie przechodził przez kolejne karty i będzie odnotowywał to co znajdzie. 6. Po zakończeniu skanowania pojawi się raport w oknie programu i równocześnie zostanie otwarty notatnik, w którym będziesz miał log. To jest program, który wykrywa działania, które są charakterystyczne dla rootkitów. Jeśli jakieś rootkity są w systemie, to usuwanie innych rzeczy wcześniej nie ma sensu, więc konkretniejsze porady będę dawał, gdy będę miał komplet logów. Link do komentarza Udostępnij na innych stronach More sharing options...
talpin Napisano Wrzesień 28, 2010 Autor Zgłoś Share Napisano Wrzesień 28, 2010 Podaje loga, sorki ale wcześniej nie miałem jak się odezwać.RootRepeal_report_09_28_10__08_14_52_.txt Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Wrzesień 28, 2010 Zgłoś Share Napisano Wrzesień 28, 2010 Teraz może nie masz oprogramowania emulującego, ale miałeś. Użyj programu Defogger i następnie wygeneruj nowe logi z RootRepeal, bo obecne są sfałszowane przez sterownik SPTD.sys. Link do komentarza Udostępnij na innych stronach More sharing options...
talpin Napisano Wrzesień 29, 2010 Autor Zgłoś Share Napisano Wrzesień 29, 2010 Nowy log.RootRepeal_report_09_29_10__08_38_02_.txt Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Wrzesień 29, 2010 Zgłoś Share Napisano Wrzesień 29, 2010 Podepnij do komputera pendrive. Następnie uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :Files RECYCLER /alldrives autorun.inf /alldrives l61yyp.exe /alldrives qxbx9blb.com /alldrives 6fnlpetp.exe /alldrives apj.exe /alldrives reazi.exe /alldrives C:\Documents and Settings\kprzydryga\reacos.exe C:\Documents and Settings\kprzydryga\usnat.exe reazix.exe /alldrives C:\Documents and Settings\kprzydryga\reazi.exe C:\Documents and Settings\kprzydryga\iuviq.exe C:\Documents and Settings\kprzydryga\ceojow.exe C:\Documents and Settings\kprzydryga\zoimop.exe C:\Documents and Settings\kprzydryga\sutix.exe C:\Documents and Settings\kprzydryga\cnet.exe C:\Documents and Settings\kprzydryga\wum.exe C:\Documents and Settings\kprzydryga\vanat.exe C:\Documents and Settings\kprzydryga\imnat.exe :OTL O4 - HKCU..\Run: [boaveo] C:\Documents and Settings\kprzydryga\boaveo.exe File not found O4 - HKCU..\Run: [deiur] C:\Documents and Settings\kprzydryga\deiur.exe File not found O4 - HKCU..\Run: [doiof] C:\Documents and Settings\kprzydryga\doiof.exe File not found O4 - HKCU..\Run: [dtnuay] C:\Documents and Settings\kprzydryga\dtnuay.exe File not found O4 - HKCU..\Run: [fauye] C:\Documents and Settings\kprzydryga\fauye.exe File not found O4 - HKCU..\Run: [gtxuew] C:\Documents and Settings\kprzydryga\gtxuew.exe File not found O4 - HKCU..\Run: [guoay] C:\Documents and Settings\kprzydryga\guoay.exe File not found O4 - HKCU..\Run: [hiaqeaz] C:\Documents and Settings\kprzydryga\hiaqeaz.exe File not found O4 - HKCU..\Run: [hskow] C:\Documents and Settings\kprzydryga\hskow.exe File not found O4 - HKCU..\Run: [laaemac] C:\Documents and Settings\kprzydryga\laaemac.exe File not found O4 - HKCU..\Run: [maetok] C:\Documents and Settings\kprzydryga\maetok.exe File not found O4 - HKCU..\Run: [meeaneb] C:\Documents and Settings\kprzydryga\meeaneb.exe File not found O4 - HKCU..\Run: [reazi] C:\Documents and Settings\kprzydryga\reazi.exe () O4 - HKCU..\Run: [siakoa] C:\Documents and Settings\kprzydryga\siakoa.exe File not found O4 - HKCU..\Run: [taenol] C:\Documents and Settings\kprzydryga\taenol.exe File not found O4 - HKCU..\Run: [tfvun] C:\Documents and Settings\kprzydryga\tfvun.exe File not found O4 - HKCU..\Run: [voiofi] C:\Documents and Settings\kprzydryga\voiofi.exe File not found O4 - HKCU..\Run: [yaoeqab] C:\Documents and Settings\kprzydryga\yaoeqab.exe File not found O4 - HKCU..\Run: [yoavuok] C:\Documents and Settings\kprzydryga\yoavuok.exe File not found O4 - HKCU..\Run: [zepeg] C:\Documents and Settings\kprzydryga\zepeg.exe File not found O4 - HKCU..\Run: [znkour] C:\Documents and Settings\kprzydryga\znkour.exe File not found O32 - AutoRun File - [2009-01-12 11:53:55 | 000,002,268 | ---- | M] () - C:\autorun.PNF -- [ NTFS ] O33 - MountPoints2\{017e586c-92c7-11dd-ba28-002186463545}\Shell\AutoRun\command - "" = E:\qxbx9blb.com -- File not found O33 - MountPoints2\{017e586c-92c7-11dd-ba28-002186463545}\Shell\explore\Command - "" = E:\qxbx9blb.com -- File not found O33 - MountPoints2\{017e586c-92c7-11dd-ba28-002186463545}\Shell\open\Command - "" = E:\qxbx9blb.com -- File not found O33 - MountPoints2\{045cfb41-c74d-11dd-ba8e-001d09dbc32a}\Shell\AutoRun\command - "" = E:\6fnlpetp.exe -- File not found O33 - MountPoints2\{045cfb41-c74d-11dd-ba8e-001d09dbc32a}\Shell\explore\Command - "" = E:\6fnlpetp.exe -- File not found O33 - MountPoints2\{045cfb41-c74d-11dd-ba8e-001d09dbc32a}\Shell\open\Command - "" = E:\6fnlpetp.exe -- File not found O33 - MountPoints2\{129434e9-8fd7-11df-bd9e-002186463545}\Shell\AutoRun\command - "" = F:\Toshiba\Launcher\start.exe -- File not found O33 - MountPoints2\{338afafb-c565-11df-bde7-002186463545}\Shell - "" = AutoRun O33 - MountPoints2\{6a3940da-3be3-11df-bd13-002186463545}\Shell - "" = AutoRun O33 - MountPoints2\{6a3940da-3be3-11df-bd13-002186463545}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{758f33c0-7843-11df-bd75-002186463545}\Shell - "" = AutoRun O33 - MountPoints2\{894afda2-ca96-11dd-ba94-001d09dbc32a}\Shell - "" = AutoRun O33 - MountPoints2\{c103f980-ec68-11dd-bad9-001d09dbc32a}\Shell - "" = AutoRun O33 - MountPoints2\{d7b1222a-f749-11dd-bafb-bdd2003383ba}\Shell - "" = AutoRun O33 - MountPoints2\{d7b1222a-f749-11dd-bafb-bdd2003383ba}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{eb268ba5-3bc1-11df-bd12-002186463545}\Shell\AutoRun\command - "" = E:\apj.exe -- File not found O33 - MountPoints2\{ecaeb3f4-d7fe-11de-bc67-001f3ca3d406}\Shell - "" = AutoRun O33 - MountPoints2\{ecaeb3f4-d7fe-11de-bc67-001f3ca3d406}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{ee71f42a-e08e-11dd-babb-001d09dbc32a}\Shell - "" = AutoRun O33 - MountPoints2\{ee71f42b-e08e-11dd-babb-001d09dbc32a}\Shell\AutoRun\command - "" = F:\USBNB.exe -- File not found O33 - MountPoints2\{f7f3e3b8-78e6-11dd-ba0a-002186463545}\Shell\AutoRun\command - "" = F:\USBNB.exe -- File not found O33 - MountPoints2\{fa6e001c-5773-11df-bd3f-002186463545}\Shell\AutoRun\command - "" = l61yyp.exe O33 - MountPoints2\{fa6e001c-5773-11df-bd3f-002186463545}\Shell\open\Command - "" = l61yyp.exe :Commands [clearallrestorepoints] [emptyflash] [emptytemp] i kliknij Uruchom skrypt. Po restarcie otrzymasz log. Otrzymany log wrzuć na forum, razem z nowymi logami z OTL wygenerowanymi w ten sam sposób co poprzednio. Link do komentarza Udostępnij na innych stronach More sharing options...
talpin Napisano Październik 1, 2010 Autor Zgłoś Share Napisano Październik 1, 2010 Powoli zaczyna to dobrze wyglądać, ale postępuje wg instrukcji i jeszcze to.Extras.TxtOTL.Txt10012010_085554.txt Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Październik 1, 2010 Zgłoś Share Napisano Październik 1, 2010 Podepnij do komputera pendrive. Następnie uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :Files RECYCLER /alldrives autorun.inf /alldrives niuawil.exe /alldrives Z:\Documents.lnk C:\Documents and Settings\kprzydryga\Video.lnk C:\Documents and Settings\kprzydryga\Pictures.lnk C:\Documents and Settings\kprzydryga\Music.lnk C:\Documents and Settings\kprzydryga\Ustawienia lokalne.lnk C:\Documents and Settings\kprzydryga\New Folder.lnk C:\Documents and Settings\kprzydryga\Passwords.lnk C:\Documents and Settings\kprzydryga\Documents.lnk C:\Documents and Settings\kprzydryga\Ulubione.lnk C:\Documents and Settings\kprzydryga\Szablony.lnk C:\Documents and Settings\kprzydryga\PrivacIE.lnk C:\Documents and Settings\kprzydryga\SendTo.lnk C:\Documents and Settings\kprzydryga\Recent.lnk C:\Documents and Settings\kprzydryga\Pulpit.lnk C:\Documents and Settings\kprzydryga\PrintHood.lnk C:\Documents and Settings\kprzydryga\Moje dokumenty.lnk C:\Documents and Settings\kprzydryga\Dane aplikacji.lnk C:\Documents and Settings\kprzydryga\IECompatCache.lnk C:\Documents and Settings\kprzydryga\Menu Start.lnk C:\Documents and Settings\kprzydryga\IETldCache.lnk C:\Documents and Settings\kprzydryga\NetHood.lnk C:\Documents and Settings\kprzydryga\Cookies.lnk C:\Documents and Settings\kprzydryga\...lnk C:\Documents and Settings\kprzydryga\..lnk C:\Documents and Settings\kprzydryga\autorun.inf Z:\STUDIA PODYPLOMOWE W ZAKRESIE CZYNNOŚCI.doc.lnk Z:\Wyliczenie-konferencja.xls.lnk Z:\Uwolnij się od toksyn.pdf.lnk Z:\Wizytówki-wordRobert.doc.lnk Z:\Wizytówki-word.doc.lnk Z:\UDC Output Files.lnk Z:\Pobieranie.lnk Z:\New Folder.lnk Z:\Passwords.lnk Z:\Pictures.lnk Z:\Mój dysk.lnk Z:\Video.lnk Z:\Music.lnk Z:\Ovi.lnk Z:\Instrukcja Archiwalna.doc.lnk Z:\alatana i daszki.doc.lnk Z:\Moje źródła danych.lnk Z:\jeśli myślisz.doc.lnk Z:\Moje obrazy.lnk Z:\Moja muzyka.lnk Z:\Moje wideo.lnk Z:\Laurka.doc.lnk Z:\Bluetooth.lnk Z:\KOŚCIOŁY.lnk Z:\...lnk Z:\..lnk :OTL SRV - File not found [Auto | Stopped] -- C:\Program Files\fahngog.dll -- (EjOvbfyoseo) O4 - HKU\S-1-5-21-626619946-1398307951-2697973786-1155..\Run: [guoajux] C:\Documents and Settings\kprzydryga\guoajux.exe File not found O4 - HKU\S-1-5-21-626619946-1398307951-2697973786-1155..\Run: [niuagil] C:\Documents and Settings\kprzydryga\niuagil.exe File not found :Commands [emptyflash] [emptytemp] i kliknij Uruchom skrypt. Po restarcie otrzymasz log. Otrzymany log wrzuć na forum, razem z nowymi logami z OTL wygenerowanymi w ten sam sposób co poprzednio. Poza tym ściągnij jeszcze program USBFix. Uruchom go i kliknij opcję Research. Postępuj zgodnie z instrukcjami i po zakończeniu pracy zostanie wygenerowany log. Następnie uruchom program raz jeszcze i tym razem wybierz opcję Listing. Znowu po zakończeniu pracy zostanie otwarty log w notatniku. Wrzuć na forum nowe logi z OTL, log z usuwania oraz logi z USBFix. Link do komentarza Udostępnij na innych stronach More sharing options...
talpin Napisano Październik 1, 2010 Autor Zgłoś Share Napisano Październik 1, 2010 Proszę bardzo.10012010_115529.txtExtras.TxtOTL.TxtUsbFix.txtUsbFixListing.txt Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Październik 1, 2010 Zgłoś Share Napisano Październik 1, 2010 No dobra, w OTL już nic nie widać. Widać natomiast pewne pozostałości w USBFix. Uruchom USBFix raz jeszcze i tym razem użyj opcji Deletion. Program po zakończeniu pracy otworzy dwa okna. Jeden, to okno notatnika z logiem i ten wklej na forum, drugie to strona Upload za pomocą której możesz przesłać autorowi zarażone pliki do analizy. Jest to krok opcjonalny. Usunięte pliki znajdują się w paczce C:\UsbFix_Upload_Me_(nazwa komputera).zip. Poza zamieszczeniem loga z USBFix napisz jeszcze, czy występują jeszcze jakieś problemy. Link do komentarza Udostępnij na innych stronach More sharing options...
talpin Napisano Październik 4, 2010 Autor Zgłoś Share Napisano Październik 4, 2010 Nie ma już żadnych problemów Bardzo dziękuję za pomoc UsbFix.txt Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Październik 4, 2010 Zgłoś Share Napisano Październik 4, 2010 Czyli tak. 1. Podłącz pendrive i uruchom USBFix. Użyj dostępnej w tym narzędziu opcji Vaccinate. To sprawi, że wirusy nie będą mogły w przyszłości przenosić się z pomocą tego nośnika. 2. Ponownie uruchom USBFix i kliknij opcję Unistall. To usunie śmieci po działaniu tego programu. 3. Uruchom OTL i kliknij opcję Sprzątanie, to usunie pozostałości po działalności użytych programów. 4. Następnie uaktualnij do najnowszych wersji programy takie jak: Java, Adobe Flash, Adobe Reader. 5. Na koniec przeskanuj jeszcze dla pewności system skanerem online ESET Online Scanner. Napisz na forum, czy wszystkie operacje się udały oraz, czy skaner Esset coś znalazł. Link do komentarza Udostępnij na innych stronach More sharing options...
talpin Napisano Październik 5, 2010 Autor Zgłoś Share Napisano Październik 5, 2010 Wszystkei operację zakończone sukcesem, skaner nic nie wykrył Czy to oznacza, że wszystko jest już tak jak powinno być ? Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Październik 5, 2010 Zgłoś Share Napisano Październik 5, 2010 Na to wygląda. Ja już w logach niczego złego nie widzę. Skanery też nic nie znajdują i objawy ustąpiły, więc najprawdopodobniej szkodniki zostały wytępione, choć 100% pewności nigdy mieć nie można. Link do komentarza Udostępnij na innych stronach More sharing options...
talpin Napisano Październik 6, 2010 Autor Zgłoś Share Napisano Październik 6, 2010 Jeszcze raz wielkie DZIĘKI Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Październik 6, 2010 Zgłoś Share Napisano Październik 6, 2010 Problem rozwiązany, więc temat zamykam.W razie potrzeby otwarcia tematu, proszę o kontakt przez PW. Link do komentarza Udostępnij na innych stronach More sharing options...