Skocz do zawartości

Zarchiwizowany

Ten temat jest archiwizowany i nie można dodawać nowych odpowiedzi.

talpin

Rozwiązany: Skróty na pendrivie i innych urządzeniach przenośnych

Polecane posty

Witam mam problem, na moim pendrivie pojawiają się skróty, co nie co o tym czytałem jednak jestem kompletnie zielony w tych sprawach i chciałbym żeby ktoś mi pomógł :rolleyes:

OTL :

OTL logfile created on: 2010-09-23 09:41:07 - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = Z:\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148,92 Gb Total Space | 121,29 Gb Free Space | 81,45% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 7,45 Gb Total Space | 7,45 Gb Free Space | 99,99% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive S: | 24,41 Gb Total Space | 5,00 Gb Free Space | 20,48% Space Free | Partition Type: NTFS

Drive T: | 24,41 Gb Total Space | 5,00 Gb Free Space | 20,48% Space Free | Partition Type: NTFS

Drive Z: | 44,07 Gb Total Space | 1,10 Gb Free Space | 2,49% Space Free | Partition Type: NTFS

Computer Name: NTB004

Current User Name: kprzydryga

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-09-23 09:40:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- Z:\Pobieranie\OTL.exe

PRC - [2010-09-23 09:20:55 | 000,262,144 | RHS- | M] () -- C:\Documents and Settings\kprzydryga\siakoa.exe

PRC - [2010-09-16 11:41:44 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010-09-16 11:41:39 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010-08-23 14:00:01 | 000,058,024 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe

PRC - [2010-08-16 10:07:09 | 000,783,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fssm32.exe

PRC - [2010-08-16 10:07:09 | 000,492,200 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe

PRC - [2010-07-16 08:05:16 | 000,365,248 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsav32.exe

PRC - [2010-06-10 08:13:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe

PRC - [2010-06-10 08:12:57 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe

PRC - [2010-04-01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2009-12-11 18:37:36 | 000,301,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSM32.EXE

PRC - [2009-12-11 18:37:36 | 000,186,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSMA32.EXE

PRC - [2009-12-11 18:37:34 | 000,088,688 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Common\FSHDLL32.EXE

PRC - [2009-12-11 18:36:20 | 000,522,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\FWES\program\fsdfwd.exe

PRC - [2009-12-11 18:35:18 | 000,219,760 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe

PRC - [2009-01-30 00:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008-02-28 15:31:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

PRC - [2008-02-28 15:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe

PRC - [2008-02-22 13:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

PRC - [2007-12-05 18:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe

PRC - [2007-11-08 23:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

PRC - [2007-09-07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

PRC - [2007-07-25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

PRC - [2007-07-25 17:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2007-07-25 17:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

PRC - [2007-07-25 17:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2007-07-25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

PRC - [2007-07-25 17:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

PRC - [2007-07-25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2006-12-19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

PRC - [2006-03-04 17:40:30 | 000,882,176 | ---- | M] () -- C:\Program Files\Kalendarz XP\Kalendarz.exe

PRC - [2004-03-04 17:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

========== Modules (SafeList) ==========

MOD - [2010-09-23 09:40:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- Z:\Pobieranie\OTL.exe

MOD - [2010-08-04 08:47:04 | 000,435,760 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\ExploitShield\fseshook.dll

MOD - [2010-06-10 08:13:01 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\LMIRfsClientNP.dll

MOD - [2009-12-11 18:37:50 | 000,256,624 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure\Spam Control\fsscoepl.dll

MOD - [2009-12-11 18:37:36 | 000,148,592 | ---- | M] (F-Secure Corporation) -- c:\Program Files\F-Secure\Common\FSMA32.DLL

MOD - [2009-12-11 18:37:34 | 000,174,704 | ---- | M] (F-Secure Corporation) -- c:\Program Files\F-Secure\Common\FSPMAPI.DLL

MOD - [2008-04-14 19:20:41 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll

MOD - [2008-04-14 19:20:41 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll

MOD - [2008-04-14 19:20:41 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll

MOD - [2008-04-14 19:20:40 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll

MOD - [2008-04-14 19:20:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll

MOD - [2008-04-14 19:20:21 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll

MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\fahngog.dll -- (EjOvbfyoseo)

SRV - File not found [Disabled | Stopped] -- -- (aspnet_stateRpcSs)

SRV - [2010-08-23 14:00:01 | 000,058,024 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)

SRV - [2010-06-14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010-06-10 08:13:10 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)

SRV - [2009-12-11 18:37:36 | 000,186,992 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA)

SRV - [2009-12-11 18:36:20 | 000,522,864 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)

SRV - [2009-12-11 18:35:18 | 000,219,760 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)

SRV - [2008-02-28 15:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2008-02-22 13:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)

SRV - [2007-12-05 18:24:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)

SRV - [2007-11-08 23:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)

SRV - [2007-09-13 15:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)

SRV - [2007-09-07 18:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)

SRV - [2007-08-31 18:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)

SRV - [2007-07-25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2007-07-25 17:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2007-07-25 17:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2007-07-25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2006-12-19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)

========== Driver Services (SafeList) ==========

DRV - [2010-09-22 11:14:46 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010-09-15 11:08:32 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)

DRV - [2010-09-14 08:11:43 | 000,008,832 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)

DRV - [2010-08-31 11:25:51 | 000,041,624 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)

DRV - [2010-08-03 11:58:44 | 000,124,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)

DRV - [2010-06-10 08:13:01 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010-02-26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2010-02-26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2010-01-01 19:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV - [2009-12-11 18:37:16 | 000,068,080 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)

DRV - [2009-12-11 18:36:20 | 000,080,016 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)

DRV - [2009-12-11 18:35:22 | 000,039,792 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)

DRV - [2009-12-11 18:35:22 | 000,025,200 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)

DRV - [2008-10-19 22:05:27 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008-04-13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008-04-13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008-02-28 15:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2007-12-05 18:24:44 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2007-12-02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2007-12-02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2007-12-02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2007-11-28 17:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)

DRV - [2007-09-24 21:35:46 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007-09-10 10:55:00 | 000,161,280 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)

DRV - [2007-09-07 10:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)

DRV - [2007-09-06 10:18:40 | 000,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)

DRV - [2007-08-12 19:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Sterownik karty Intel®

DRV - [2007-07-23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)

DRV - [2007-07-23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2007-07-23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2007-07-23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2007-07-23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2007-07-23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2007-07-23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2007-07-23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2007-07-23 15:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

DRV - [2007-07-23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007-07-23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2007-07-23 15:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2007-05-29 16:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2007-05-18 12:45:40 | 005,707,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2007-04-26 15:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2007-04-26 15:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2007-04-26 15:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2007-04-26 15:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2007-04-26 15:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2007-04-26 15:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2007-04-26 15:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)

DRV - [2007-03-18 16:44:38 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2006-12-19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)

DRV - [2006-11-02 13:32:32 | 000,097,536 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01)

DRV - [2005-08-12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)

DRV - [2004-08-03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2001-10-26 17:58:28 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

DRV - [2001-08-17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001-08-17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001-08-17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001-08-17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001-08-17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001-08-17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001-08-17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001-08-17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001-08-17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001-08-17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001-08-17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001-08-17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001-08-17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001-08-17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=pl&s=bsd

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2

FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2

FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2010-09-08 08:02:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010-09-09 14:28:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-09-16 11:41:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-09-16 11:41:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-09-10 08:49:24 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010-09-09 14:28:03 | 000,000,000 | ---D | M]

[2009-12-31 13:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Mozilla\Extensions

[2009-12-31 13:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010-09-21 11:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Mozilla\Firefox\Profiles\7p2ybu7b.default\extensions

[2010-09-21 11:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Mozilla\Firefox\Profiles\7p2ybu7b.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2010-05-05 08:07:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Mozilla\Firefox\Profiles\7p2ybu7b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-08-18 11:02:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Mozilla\Firefox\Profiles\7p2ybu7b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010-09-23 08:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010-07-20 08:55:08 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-07-20 08:55:08 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2008-12-06 00:45:49 | 000,001,302 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-pl.xml

[2010-07-20 08:55:09 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-07-20 08:55:09 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-07-20 08:55:09 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-07-20 08:55:09 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)

O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [boaveo] C:\Documents and Settings\kprzydryga\boaveo.exe File not found

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [deiur] C:\Documents and Settings\kprzydryga\deiur.exe File not found

O4 - HKCU..\Run: [doiof] C:\Documents and Settings\kprzydryga\doiof.exe File not found

O4 - HKCU..\Run: [fauye] C:\Documents and Settings\kprzydryga\fauye.exe File not found

O4 - HKCU..\Run: [gtxuew] C:\Documents and Settings\kprzydryga\gtxuew.exe File not found

O4 - HKCU..\Run: [guoay] C:\Documents and Settings\kprzydryga\guoay.exe File not found

O4 - HKCU..\Run: [hiaqeaz] C:\Documents and Settings\kprzydryga\hiaqeaz.exe File not found

O4 - HKCU..\Run: [hskow] C:\Documents and Settings\kprzydryga\hskow.exe File not found

O4 - HKCU..\Run: [laaemac] C:\Documents and Settings\kprzydryga\laaemac.exe File not found

O4 - HKCU..\Run: [maetok] C:\Documents and Settings\kprzydryga\maetok.exe File not found

O4 - HKCU..\Run: [meeaneb] C:\Documents and Settings\kprzydryga\meeaneb.exe File not found

O4 - HKCU..\Run: [siakoa] C:\Documents and Settings\kprzydryga\siakoa.exe ()

O4 - HKCU..\Run: [taenol] C:\Documents and Settings\kprzydryga\taenol.exe File not found

O4 - HKCU..\Run: [voiofi] C:\Documents and Settings\kprzydryga\voiofi.exe File not found

O4 - HKCU..\Run: [yaoeqab] C:\Documents and Settings\kprzydryga\yaoeqab.exe File not found

O4 - HKCU..\Run: [znkour] C:\Documents and Settings\kprzydryga\znkour.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://10.3.2.101:4343/officescan/console/...ll/WinNTChk.cab (ObjWinNTCheck Class)

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://10.3.2.101:4343/officescan/console/...stall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://10.3.2.101:4343/officescan/console/.../RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.3.2.101 194.204.152.34

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kamien.kppsp.local

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\dell.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp

O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004-09-20 11:19:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009-01-12 11:53:55 | 000,002,268 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]

O32 - Unable to obtain root file information for disk E:\

O33 - MountPoints2\{017e586c-92c7-11dd-ba28-002186463545}\Shell\AutoRun\command - "" = E:\qxbx9blb.com -- File not found

O33 - MountPoints2\{017e586c-92c7-11dd-ba28-002186463545}\Shell\explore\Command - "" = E:\qxbx9blb.com -- File not found

O33 - MountPoints2\{017e586c-92c7-11dd-ba28-002186463545}\Shell\open\Command - "" = E:\qxbx9blb.com -- File not found

O33 - MountPoints2\{045cfb41-c74d-11dd-ba8e-001d09dbc32a}\Shell\AutoRun\command - "" = E:\6fnlpetp.exe -- File not found

O33 - MountPoints2\{045cfb41-c74d-11dd-ba8e-001d09dbc32a}\Shell\explore\Command - "" = E:\6fnlpetp.exe -- File not found

O33 - MountPoints2\{045cfb41-c74d-11dd-ba8e-001d09dbc32a}\Shell\open\Command - "" = E:\6fnlpetp.exe -- File not found

O33 - MountPoints2\{129434e9-8fd7-11df-bd9e-002186463545}\Shell\AutoRun\command - "" = F:\Toshiba\Launcher\start.exe -- File not found

O33 - MountPoints2\{338afafb-c565-11df-bde7-002186463545}\Shell - "" = AutoRun

O33 - MountPoints2\{6a3940da-3be3-11df-bd13-002186463545}\Shell - "" = AutoRun

O33 - MountPoints2\{6a3940da-3be3-11df-bd13-002186463545}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{758f33c0-7843-11df-bd75-002186463545}\Shell - "" = AutoRun

O33 - MountPoints2\{894afda2-ca96-11dd-ba94-001d09dbc32a}\Shell - "" = AutoRun

O33 - MountPoints2\{c103f980-ec68-11dd-bad9-001d09dbc32a}\Shell - "" = AutoRun

O33 - MountPoints2\{d7b1222a-f749-11dd-bafb-bdd2003383ba}\Shell - "" = AutoRun

O33 - MountPoints2\{d7b1222a-f749-11dd-bafb-bdd2003383ba}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{eb268ba5-3bc1-11df-bd12-002186463545}\Shell\AutoRun\command - "" = E:\apj.exe -- File not found

O33 - MountPoints2\{ecaeb3f4-d7fe-11de-bc67-001f3ca3d406}\Shell - "" = AutoRun

O33 - MountPoints2\{ecaeb3f4-d7fe-11de-bc67-001f3ca3d406}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{ee71f42a-e08e-11dd-babb-001d09dbc32a}\Shell - "" = AutoRun

O33 - MountPoints2\{ee71f42b-e08e-11dd-babb-001d09dbc32a}\Shell\AutoRun\command - "" = F:\USBNB.exe -- File not found

O33 - MountPoints2\{f7f3e3b8-78e6-11dd-ba0a-002186463545}\Shell\AutoRun\command - "" = F:\USBNB.exe -- File not found

O33 - MountPoints2\{fa6e001c-5773-11df-bd3f-002186463545}\Shell\AutoRun\command - "" = l61yyp.exe

O33 - MountPoints2\{fa6e001c-5773-11df-bd3f-002186463545}\Shell\open\Command - "" = l61yyp.exe

O34 - HKLM BootExecute: (autocheck autochk /r \??\E:) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-09-22 13:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes

[2010-09-22 11:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft

[2010-09-22 11:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite

[2010-09-22 11:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\DAEMON Tools Lite

[2010-09-22 11:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite

[2010-09-22 08:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Procyon

[2010-09-21 12:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Malwarebytes

[2010-09-21 12:31:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-09-21 12:31:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-09-21 12:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2010-09-21 12:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010-09-21 11:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\GARMIN

[2010-09-16 09:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\McAfee

[2010-09-15 08:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\F-Secure

[2010-09-13 15:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Pulpit\Pokazy

[2010-09-09 15:07:43 | 000,000,000 | ---D | C] -- Z:\Ovi

[2010-09-09 15:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia

[2010-09-09 14:44:31 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll

[2010-09-09 14:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\Nokia

[2010-09-09 14:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne\Dane aplikacji\NokiaAccount

[2010-09-09 14:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne\Dane aplikacji\Nokia

[2010-09-09 14:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite

[2010-09-09 14:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Dane aplikacji\PC Suite

[2010-09-09 14:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia

[2010-09-09 14:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2010-09-09 14:27:50 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys

[2010-09-09 14:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution

[2010-09-09 14:27:27 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys

[2010-09-09 14:27:25 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys

[2010-09-09 14:27:24 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys

[2010-09-09 14:27:23 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys

[2010-09-09 14:27:22 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys

[2010-09-09 14:27:21 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll

[2010-09-09 14:27:21 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll

[2010-09-09 14:27:21 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys

[2010-09-09 14:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaInstallerCache

[2010-09-09 14:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia

[2010-09-06 09:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Pulpit\XM-06-09-210

[2010-08-31 08:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kprzydryga\Pulpit\APEL

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-09-23 09:26:48 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\sauee.sys

[2010-09-23 09:23:29 | 001,143,114 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-09-23 09:23:29 | 000,509,966 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2010-09-23 09:23:29 | 000,450,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-09-23 09:23:29 | 000,093,138 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2010-09-23 09:23:29 | 000,075,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-09-23 09:20:55 | 000,262,144 | RHS- | M] () -- C:\Documents and Settings\kprzydryga\siakoa.exe

[2010-09-23 09:19:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-09-23 09:18:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-09-23 09:18:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-09-23 09:18:36 | 2136,965,120 | -HS- | M] () -- C:\hiberfil.sys

[2010-09-23 09:17:50 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\kprzydryga\ntuser.dat

[2010-09-23 09:17:34 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\kprzydryga\ntuser.ini

[2010-09-22 13:23:28 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne.lnk

[2010-09-22 13:23:28 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Moje dokumenty.lnk

[2010-09-22 13:23:28 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Dane aplikacji.lnk

[2010-09-22 13:23:28 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\kprzydryga\IECompatCache.lnk

[2010-09-22 13:23:28 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\kprzydryga\New Folder.lnk

[2010-09-22 13:23:28 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Menu Start.lnk

[2010-09-22 13:23:28 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\kprzydryga\IETldCache.lnk

[2010-09-22 13:23:28 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\kprzydryga\PrintHood.lnk

[2010-09-22 13:23:28 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Passwords.lnk

[2010-09-22 13:23:28 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Documents.lnk

[2010-09-22 13:23:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Ulubione.lnk

[2010-09-22 13:23:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Szablony.lnk

[2010-09-22 13:23:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\kprzydryga\PrivacIE.lnk

[2010-09-22 13:23:28 | 000,000,166 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Pictures.lnk

[2010-09-22 13:23:28 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\kprzydryga\NetHood.lnk

[2010-09-22 13:23:28 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Cookies.lnk

[2010-09-22 13:23:28 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\kprzydryga\SendTo.lnk

[2010-09-22 13:23:28 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Recent.lnk

[2010-09-22 13:23:28 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Pulpit.lnk

[2010-09-22 13:23:28 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Video.lnk

[2010-09-22 13:23:28 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Music.lnk

[2010-09-22 13:23:28 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\kprzydryga\...lnk

[2010-09-22 13:23:28 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\kprzydryga\..lnk

[2010-09-22 13:17:48 | 000,000,126 | -HS- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib

[2010-09-22 13:16:59 | 000,000,858 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CloneDVD2.lnk

[2010-09-22 11:48:58 | 000,000,135 | RHS- | M] () -- C:\Documents and Settings\kprzydryga\autorun.inf

[2010-09-22 11:15:58 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CloneCD.lnk

[2010-09-22 11:14:46 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2010-09-22 10:31:53 | 004,274,418 | -H-- | M] () -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-09-21 13:17:52 | 000,282,624 | RHS- | M] () -- C:\Documents and Settings\kprzydryga\znkourx.exe

[2010-09-21 13:15:07 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-09-20 09:42:06 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\kprzydryga\vanat.exe

[2010-09-16 11:34:11 | 000,001,840 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-09-15 11:31:56 | 000,033,132 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Pulpit\VINIETY.docx

[2010-09-15 11:08:32 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys

[2010-09-14 08:11:43 | 000,008,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\wmiacpi.sys

[2010-09-09 14:44:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf

[2010-09-09 14:44:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010-09-09 14:30:35 | 000,001,794 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia Ovi Suite.lnk

[2010-09-06 13:53:16 | 000,000,099 | ---- | M] () -- C:\WINDOWS\WirelessFTP.INI

[2010-08-31 11:25:51 | 000,041,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys

[2010-08-27 14:17:02 | 003,192,320 | ---- | M] () -- C:\Documents and Settings\kprzydryga\Pulpit\instrukcja_WPiA_UŁ.doc

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-09-23 09:26:48 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\sauee.sys

[2010-09-23 09:20:55 | 000,262,144 | RHS- | C] () -- C:\Documents and Settings\kprzydryga\siakoa.exe

[2010-09-23 08:08:26 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\kprzydryga\vanat.exe

[2010-09-22 13:16:59 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CloneDVD2.lnk

[2010-09-22 11:49:36 | 000,000,126 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib

[2010-09-22 11:15:58 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CloneCD.lnk

[2010-09-22 11:14:45 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2010-09-22 08:04:24 | 000,282,624 | RHS- | C] () -- C:\Documents and Settings\kprzydryga\znkourx.exe

[2010-09-21 12:30:39 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\kprzydryga\New Folder.lnk

[2010-09-21 12:30:39 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Passwords.lnk

[2010-09-21 12:30:39 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Documents.lnk

[2010-09-21 12:30:39 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Pictures.lnk

[2010-09-21 12:30:39 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Video.lnk

[2010-09-21 12:30:39 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Music.lnk

[2010-09-15 11:31:55 | 000,033,132 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Pulpit\VINIETY.docx

[2010-09-15 11:08:32 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys

[2010-09-14 08:11:43 | 000,008,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\wmiacpi.sys

[2010-09-13 08:12:22 | 000,000,186 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne

[2010-09-13 08:12:22 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\kprzydryga\wave_license.txt

[2010-09-13 08:12:22 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Moje dokumenty

[2010-09-13 08:12:22 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Dane aplikacji

[2010-09-13 08:12:22 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\kprzydryga\IECompatCache

[2010-09-13 08:12:22 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Menu Start

[2010-09-13 08:12:22 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\kprzydryga\IETldCache

[2010-09-13 08:12:22 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\kprzydryga\PrintHood

[2010-09-13 08:12:22 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Ulubione

[2010-09-13 08:12:22 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Szablony

[2010-09-13 08:12:22 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\kprzydryga\PrivacIE

[2010-09-13 08:12:22 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\kprzydryga\NetHood

[2010-09-13 08:12:22 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Cookies

[2010-09-13 08:12:22 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\kprzydryga\SendTo

[2010-09-13 08:12:22 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Recent

[2010-09-13 08:12:22 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Pulpit

[2010-09-13 08:12:22 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\kprzydryga\..

[2010-09-13 08:12:19 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\kprzydryga\.

[2010-09-13 08:12:18 | 000,000,135 | RHS- | C] () -- C:\Documents and Settings\kprzydryga\autorun.inf

[2010-09-09 14:44:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf

[2010-09-09 14:44:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010-09-09 14:30:35 | 000,001,794 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nokia Ovi Suite.lnk

[2010-08-27 14:17:01 | 003,192,320 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Pulpit\instrukcja_WPiA_UŁ.doc

[2010-02-24 15:00:10 | 000,041,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys

[2009-10-21 15:07:14 | 000,000,099 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI

[2009-08-20 09:16:00 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MARPLOT.INI

[2009-08-19 11:50:57 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\NOAA_32.DLL

[2009-08-19 11:50:57 | 000,048,640 | ---- | C] () -- C:\WINDOWS\NOAA_32.DLL

[2009-07-23 11:44:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll

[2009-03-31 19:58:06 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini

[2009-01-08 13:20:07 | 000,008,692 | ---- | C] () -- C:\WINDOWS\cfgms.ini

[2009-01-08 13:20:07 | 000,007,841 | ---- | C] () -- C:\WINDOWS\cfgspyms.ini

[2009-01-08 13:20:06 | 000,007,806 | ---- | C] () -- C:\WINDOWS\cfgms_ex.ini

[2009-01-06 13:47:18 | 000,013,633 | ---- | C] () -- C:\WINDOWS\cfgall.ini

[2008-10-05 12:19:31 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-09-02 14:07:57 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2008-09-02 14:07:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2008-09-02 13:56:14 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ricdb.ini

[2008-09-02 13:56:12 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini

[2008-09-02 13:52:11 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2008-09-02 13:52:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\kprzydryga\Ustawienia lokalne\Dane aplikacji\WavXMapDrive.bat

[2008-08-06 09:41:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2008-08-06 09:41:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008-08-06 09:38:43 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008-08-06 09:31:31 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll

[2008-08-06 09:28:57 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll

[2008-08-06 09:28:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll

[2008-08-06 08:58:46 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2008-08-06 08:58:46 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll

[2008-08-06 08:57:29 | 000,001,279 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2007-09-13 15:42:30 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll

[2007-09-13 15:42:30 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll

[2007-09-13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll

[2007-09-13 15:42:28 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll

[2007-09-13 15:42:28 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll

[2007-09-13 15:42:28 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll

[2007-09-13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll

[2007-09-13 15:42:26 | 000,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll

[2007-09-13 15:42:26 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll

[2007-09-13 15:42:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll

[2007-09-13 15:36:24 | 000,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll

[2007-09-12 16:05:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll

[2007-09-12 16:04:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll

[2007-09-12 16:04:26 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll

[2007-09-12 16:04:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll

[2007-09-12 16:03:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll

[2007-09-12 16:03:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll

[2007-09-12 16:03:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll

[2007-09-12 16:02:44 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll

[2007-09-12 16:02:22 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll

[2007-09-12 16:02:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll

[2007-09-10 10:53:26 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll

[2007-06-15 11:19:20 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll

[2006-08-14 12:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll

[2006-06-12 09:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll

[2005-09-02 15:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2005-07-22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2004-09-20 11:16:43 | 000,003,619 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004-09-10 14:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll

[2004-09-10 14:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

[2004-07-20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004-01-15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:E75C12AADDE59509

< End of report >

Link do komentarza
Udostępnij na innych stronach

No to na początek poproszę o kilka dokładniejszych logów.

1. Jeśli masz programy emulujące napędy, to ściągnij program Defogger, uruchom go i wyłącz nim emulację napędów.

2. W OTL w sekcji Rejestr - skan dodatkowy zaznacz opcję Użyj filtrowania, poza tym pozaznaczaj również opcje Infekcja LOP - Sprawdzanie oraz Infekcja Purity - Sprawdzanie, Skanuj wszystkich użytkowników i kliknij skanuj.

3. Ściągnij program GMER. Nie zmieniaj żadnych opcji i kliknij przycisk Szukaj. Po zakończeniu pracy zostaniesz poinformowany, że log został zapisany w schowku. Otwórz notatnik, wklej go i zapisz na dysku.

Logi powstałe w krokach 2 oraz 3 (czyli dwa logi z OTL oraz log z GMERa) wrzuć na forum. Najlepiej jako załącznik do posta, albo na wklej.org i daj linki na forum.

W razie problemów z GMERem spróbuj go odpalić w trybie awaryjnym, jeśli i tam będzie sprawiał kłopoty, to daj znać.

Link do komentarza
Udostępnij na innych stronach

W takim razie zrób co następuje.

1. Ściągnij program RootRepeal.

2. Uruchom go. Przejdź do karty Report i kliknij opcję Scan.

3. W oknie, które się pojawi zaznacz wszystkie opcje.

4. W następnym oknie zaznacz tylko dysk systemowy.

5. Program będzie przechodził przez kolejne karty i będzie odnotowywał to co znajdzie.

6. Po zakończeniu skanowania pojawi się raport w oknie programu i równocześnie zostanie otwarty notatnik, w którym będziesz miał log.

To jest program, który wykrywa działania, które są charakterystyczne dla rootkitów. Jeśli jakieś rootkity są w systemie, to usuwanie innych rzeczy wcześniej nie ma sensu, więc konkretniejsze porady będę dawał, gdy będę miał komplet logów.

Link do komentarza
Udostępnij na innych stronach

Podepnij do komputera pendrive. Następnie uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

:Files
RECYCLER /alldrives
autorun.inf /alldrives
l61yyp.exe /alldrives
qxbx9blb.com /alldrives
6fnlpetp.exe /alldrives
apj.exe  /alldrives
reazi.exe /alldrives
C:\Documents and Settings\kprzydryga\reacos.exe
C:\Documents and Settings\kprzydryga\usnat.exe
reazix.exe /alldrives
C:\Documents and Settings\kprzydryga\reazi.exe
C:\Documents and Settings\kprzydryga\iuviq.exe
C:\Documents and Settings\kprzydryga\ceojow.exe
C:\Documents and Settings\kprzydryga\zoimop.exe
C:\Documents and Settings\kprzydryga\sutix.exe
C:\Documents and Settings\kprzydryga\cnet.exe
C:\Documents and Settings\kprzydryga\wum.exe
C:\Documents and Settings\kprzydryga\vanat.exe
C:\Documents and Settings\kprzydryga\imnat.exe

:OTL
O4 - HKCU..\Run: [boaveo] C:\Documents and Settings\kprzydryga\boaveo.exe File not found
O4 - HKCU..\Run: [deiur] C:\Documents and Settings\kprzydryga\deiur.exe File not found
O4 - HKCU..\Run: [doiof] C:\Documents and Settings\kprzydryga\doiof.exe File not found
O4 - HKCU..\Run: [dtnuay] C:\Documents and Settings\kprzydryga\dtnuay.exe File not found
O4 - HKCU..\Run: [fauye] C:\Documents and Settings\kprzydryga\fauye.exe File not found
O4 - HKCU..\Run: [gtxuew] C:\Documents and Settings\kprzydryga\gtxuew.exe File not found
O4 - HKCU..\Run: [guoay] C:\Documents and Settings\kprzydryga\guoay.exe File not found
O4 - HKCU..\Run: [hiaqeaz] C:\Documents and Settings\kprzydryga\hiaqeaz.exe File not found
O4 - HKCU..\Run: [hskow] C:\Documents and Settings\kprzydryga\hskow.exe File not found
O4 - HKCU..\Run: [laaemac] C:\Documents and Settings\kprzydryga\laaemac.exe File not found
O4 - HKCU..\Run: [maetok] C:\Documents and Settings\kprzydryga\maetok.exe File not found
O4 - HKCU..\Run: [meeaneb] C:\Documents and Settings\kprzydryga\meeaneb.exe File not found
O4 - HKCU..\Run: [reazi] C:\Documents and Settings\kprzydryga\reazi.exe ()
O4 - HKCU..\Run: [siakoa] C:\Documents and Settings\kprzydryga\siakoa.exe File not found
O4 - HKCU..\Run: [taenol] C:\Documents and Settings\kprzydryga\taenol.exe File not found
O4 - HKCU..\Run: [tfvun] C:\Documents and Settings\kprzydryga\tfvun.exe File not found
O4 - HKCU..\Run: [voiofi] C:\Documents and Settings\kprzydryga\voiofi.exe File not found
O4 - HKCU..\Run: [yaoeqab] C:\Documents and Settings\kprzydryga\yaoeqab.exe File not found
O4 - HKCU..\Run: [yoavuok] C:\Documents and Settings\kprzydryga\yoavuok.exe File not found
O4 - HKCU..\Run: [zepeg] C:\Documents and Settings\kprzydryga\zepeg.exe File not found
O4 - HKCU..\Run: [znkour] C:\Documents and Settings\kprzydryga\znkour.exe File not found
O32 - AutoRun File - [2009-01-12 11:53:55 | 000,002,268 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O33 - MountPoints2\{017e586c-92c7-11dd-ba28-002186463545}\Shell\AutoRun\command - "" = E:\qxbx9blb.com -- File not found
O33 - MountPoints2\{017e586c-92c7-11dd-ba28-002186463545}\Shell\explore\Command - "" = E:\qxbx9blb.com -- File not found
O33 - MountPoints2\{017e586c-92c7-11dd-ba28-002186463545}\Shell\open\Command - "" = E:\qxbx9blb.com -- File not found
O33 - MountPoints2\{045cfb41-c74d-11dd-ba8e-001d09dbc32a}\Shell\AutoRun\command - "" = E:\6fnlpetp.exe -- File not found
O33 - MountPoints2\{045cfb41-c74d-11dd-ba8e-001d09dbc32a}\Shell\explore\Command - "" = E:\6fnlpetp.exe -- File not found
O33 - MountPoints2\{045cfb41-c74d-11dd-ba8e-001d09dbc32a}\Shell\open\Command - "" = E:\6fnlpetp.exe -- File not found
O33 - MountPoints2\{129434e9-8fd7-11df-bd9e-002186463545}\Shell\AutoRun\command - "" = F:\Toshiba\Launcher\start.exe -- File not found
O33 - MountPoints2\{338afafb-c565-11df-bde7-002186463545}\Shell - "" = AutoRun
O33 - MountPoints2\{6a3940da-3be3-11df-bd13-002186463545}\Shell - "" = AutoRun
O33 - MountPoints2\{6a3940da-3be3-11df-bd13-002186463545}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{758f33c0-7843-11df-bd75-002186463545}\Shell - "" = AutoRun
O33 - MountPoints2\{894afda2-ca96-11dd-ba94-001d09dbc32a}\Shell - "" = AutoRun
O33 - MountPoints2\{c103f980-ec68-11dd-bad9-001d09dbc32a}\Shell - "" = AutoRun
O33 - MountPoints2\{d7b1222a-f749-11dd-bafb-bdd2003383ba}\Shell - "" = AutoRun
O33 - MountPoints2\{d7b1222a-f749-11dd-bafb-bdd2003383ba}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{eb268ba5-3bc1-11df-bd12-002186463545}\Shell\AutoRun\command - "" = E:\apj.exe -- File not found
O33 - MountPoints2\{ecaeb3f4-d7fe-11de-bc67-001f3ca3d406}\Shell - "" = AutoRun
O33 - MountPoints2\{ecaeb3f4-d7fe-11de-bc67-001f3ca3d406}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ee71f42a-e08e-11dd-babb-001d09dbc32a}\Shell - "" = AutoRun
O33 - MountPoints2\{ee71f42b-e08e-11dd-babb-001d09dbc32a}\Shell\AutoRun\command - "" = F:\USBNB.exe -- File not found
O33 - MountPoints2\{f7f3e3b8-78e6-11dd-ba0a-002186463545}\Shell\AutoRun\command - "" = F:\USBNB.exe -- File not found
O33 - MountPoints2\{fa6e001c-5773-11df-bd3f-002186463545}\Shell\AutoRun\command - "" = l61yyp.exe
O33 - MountPoints2\{fa6e001c-5773-11df-bd3f-002186463545}\Shell\open\Command - "" = l61yyp.exe

:Commands
[clearallrestorepoints]
[emptyflash]
[emptytemp]

i kliknij Uruchom skrypt. Po restarcie otrzymasz log.

Otrzymany log wrzuć na forum, razem z nowymi logami z OTL wygenerowanymi w ten sam sposób co poprzednio.

Link do komentarza
Udostępnij na innych stronach

Podepnij do komputera pendrive. Następnie uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

:Files
RECYCLER /alldrives
autorun.inf /alldrives
niuawil.exe /alldrives
Z:\Documents.lnk
C:\Documents and Settings\kprzydryga\Video.lnk
C:\Documents and Settings\kprzydryga\Pictures.lnk
C:\Documents and Settings\kprzydryga\Music.lnk
C:\Documents and Settings\kprzydryga\Ustawienia lokalne.lnk
C:\Documents and Settings\kprzydryga\New Folder.lnk
C:\Documents and Settings\kprzydryga\Passwords.lnk
C:\Documents and Settings\kprzydryga\Documents.lnk
C:\Documents and Settings\kprzydryga\Ulubione.lnk
C:\Documents and Settings\kprzydryga\Szablony.lnk
C:\Documents and Settings\kprzydryga\PrivacIE.lnk
C:\Documents and Settings\kprzydryga\SendTo.lnk
C:\Documents and Settings\kprzydryga\Recent.lnk
C:\Documents and Settings\kprzydryga\Pulpit.lnk
C:\Documents and Settings\kprzydryga\PrintHood.lnk
C:\Documents and Settings\kprzydryga\Moje dokumenty.lnk
C:\Documents and Settings\kprzydryga\Dane aplikacji.lnk
C:\Documents and Settings\kprzydryga\IECompatCache.lnk
C:\Documents and Settings\kprzydryga\Menu Start.lnk
C:\Documents and Settings\kprzydryga\IETldCache.lnk
C:\Documents and Settings\kprzydryga\NetHood.lnk
C:\Documents and Settings\kprzydryga\Cookies.lnk
C:\Documents and Settings\kprzydryga\...lnk
C:\Documents and Settings\kprzydryga\..lnk
C:\Documents and Settings\kprzydryga\autorun.inf
Z:\STUDIA PODYPLOMOWE W ZAKRESIE CZYNNOŚCI.doc.lnk
Z:\Wyliczenie-konferencja.xls.lnk
Z:\Uwolnij się od toksyn.pdf.lnk
Z:\Wizytówki-wordRobert.doc.lnk
Z:\Wizytówki-word.doc.lnk
Z:\UDC Output Files.lnk
Z:\Pobieranie.lnk
Z:\New Folder.lnk
Z:\Passwords.lnk
Z:\Pictures.lnk
Z:\Mój dysk.lnk
Z:\Video.lnk
Z:\Music.lnk
Z:\Ovi.lnk
Z:\Instrukcja Archiwalna.doc.lnk
Z:\alatana i daszki.doc.lnk
Z:\Moje źródła danych.lnk
Z:\jeśli myślisz.doc.lnk
Z:\Moje obrazy.lnk
Z:\Moja muzyka.lnk
Z:\Moje wideo.lnk
Z:\Laurka.doc.lnk
Z:\Bluetooth.lnk
Z:\KOŚCIOŁY.lnk
Z:\...lnk
Z:\..lnk

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\fahngog.dll -- (EjOvbfyoseo)
O4 - HKU\S-1-5-21-626619946-1398307951-2697973786-1155..\Run: [guoajux] C:\Documents and Settings\kprzydryga\guoajux.exe File not found
O4 - HKU\S-1-5-21-626619946-1398307951-2697973786-1155..\Run: [niuagil] C:\Documents and Settings\kprzydryga\niuagil.exe File not found

:Commands
[emptyflash]
[emptytemp]

i kliknij Uruchom skrypt. Po restarcie otrzymasz log.

Otrzymany log wrzuć na forum, razem z nowymi logami z OTL wygenerowanymi w ten sam sposób co poprzednio.

Poza tym ściągnij jeszcze program USBFix. Uruchom go i kliknij opcję Research. Postępuj zgodnie z instrukcjami i po zakończeniu pracy zostanie wygenerowany log. Następnie uruchom program raz jeszcze i tym razem wybierz opcję Listing. Znowu po zakończeniu pracy zostanie otwarty log w notatniku.

Wrzuć na forum nowe logi z OTL, log z usuwania oraz logi z USBFix.

Link do komentarza
Udostępnij na innych stronach

No dobra, w OTL już nic nie widać. Widać natomiast pewne pozostałości w USBFix. Uruchom USBFix raz jeszcze i tym razem użyj opcji Deletion. Program po zakończeniu pracy otworzy dwa okna. Jeden, to okno notatnika z logiem i ten wklej na forum, drugie to strona Upload za pomocą której możesz przesłać autorowi zarażone pliki do analizy. Jest to krok opcjonalny. Usunięte pliki znajdują się w paczce C:\UsbFix_Upload_Me_(nazwa komputera).zip.

Poza zamieszczeniem loga z USBFix napisz jeszcze, czy występują jeszcze jakieś problemy.

Link do komentarza
Udostępnij na innych stronach

Czyli tak.

1. Podłącz pendrive i uruchom USBFix. Użyj dostępnej w tym narzędziu opcji Vaccinate. To sprawi, że wirusy nie będą mogły w przyszłości przenosić się z pomocą tego nośnika.

2. Ponownie uruchom USBFix i kliknij opcję Unistall. To usunie śmieci po działaniu tego programu.

3. Uruchom OTL i kliknij opcję Sprzątanie, to usunie pozostałości po działalności użytych programów.

4. Następnie uaktualnij do najnowszych wersji programy takie jak: Java, Adobe Flash, Adobe Reader.

5. Na koniec przeskanuj jeszcze dla pewności system skanerem online ESET Online Scanner.

Napisz na forum, czy wszystkie operacje się udały oraz, czy skaner Esset coś znalazł.

Link do komentarza
Udostępnij na innych stronach

Gość
Temat jest zablokowany i nie można w nim pisać.


  • Kto przegląda   0 użytkowników

    • Brak zalogowanych użytkowników przeglądających tę stronę.
×
×
  • Utwórz nowe...