kaminskowo Opublikowano 22 Listopada 2011 Zgłoś Udostępnij Opublikowano 22 Listopada 2011 Witam, na wstępie chciałabym z góry podziękować wszystkim osobom, które będą w stanie mi pomóc: - posiadam dysk zewnętrzny na którym mam 600 gb rozmaitych danych, pewnego dnia, po podpięciu dysku, wszystkie foldery pokazały się jako SKRóTY, dostęp do wszystkich folderów był możliwy po użyciu paska z adresem - np. F:// aga itp. - wirus, prawdopodobnie konczy się na .INK - ponieważ folder aga.INK absolutnie się nie otwierał, a juz np. aga po wpisaniu w pasku normalnie działał - dane na dysku na pewno są, ponieważ dysk jest zapełniony przy sprawdzeniu własciwosci - skanowałam komputer avastem i microsoft essentials - nic nie wykryło JEDNAK teraz na dysku foldery nie są w formie skrótów, a POAJWIAJA SIĘ JAKO FOLDERY UKRYTE, na moim komputerze są blade, a po podpięciu do innego komputera po prostu ich nie ma, - opcja POKZ UKRYTE FOLDERY na moim komputerze jest włączona. - zrobiłam LOGA przy pomocy programu FIXUSB dołączam w pliku - za kazdym razem kiedy wkładam inną pamięc przenosna do mojego komputera pamięć ulega SKRóTOWI lub ukryciu... - miesiac temu robilam reinstalke systemu (problem wystepowal juz prze reinstalacja) po ponownym zainstalowaniu systemu nadal ten wirus jest chyba na moim komputerze.... proszę o pomoc, dziekuje, Aga. log_hijack.txt Odnośnik do komentarza
picasso Opublikowano 22 Listopada 2011 Zgłoś Udostępnij Opublikowano 22 Listopada 2011 - posiadam dysk zewnętrzny na którym mam 600 gb rozmaitych danych, pewnego dnia, po podpięciu dysku, wszystkie folderypokazały się jako SKRóTY, dostęp do wszystkich folderów był możliwy po użyciu paska z adresem - np. F:// aga itp. - wirus, prawdopodobnie konczy się na .INK - ponieważ folder aga.INK absolutnie się nie otwierał, a juz np. aga po wpisaniu w pasku normalnie działał - dane na dysku na pewno są, ponieważ dysk jest zapełniony przy sprawdzeniu własciwosci - skanowałam komputer avastem i microsoft essentials - nic nie wykryło JEDNAK teraz na dysku foldery nie są w formie skrótów, a POAJWIAJA SIĘ JAKO FOLDERY UKRYTE, na moim komputerze są blade, a po podpięciu do innego komputera po prostu ich nie ma, To jest infekcja, która ukrywa właściwe pliki i foldery na dysku przez atrybuty HS (ukryty systemowy), a na podstawie nazw tych plików / folderów tworzy skróty infekcji (to są pliki o rozszerzeniu LNK a nie INK). To co wystarczy zrobić, to skasować owe skróty plus zdjąć atrybuty z folderów. Operacja wielokrotnie prowadzona na forum i otrzymasz takie instrukcje, gdy otrzymam komplet danych. - opcja POKZ UKRYTE FOLDERY na moim komputerze jest włączona. Ta opcja nie wystarcza. Opcje widoku są dwie i musi być także odznaczona: Windows Explorer > Organizuj > Opcje folderów i wyszukiwania > Widok > Ukryj chronione pliki systemu operacyjnego Ten log, który podałaś, jest nieodpowiedni. poproszę o log z USBFix z opcji Listing oraz o wymagany zasadami działu log poglądowy całego systemu z OTL. . Odnośnik do komentarza
kaminskowo Opublikowano 22 Listopada 2011 Autor Zgłoś Udostępnij Opublikowano 22 Listopada 2011 Przesyłam log z USBFix: ############################## | UsbFix V 7.069 | [Listing] User: aga (Administrator) # AGA-KOMPUTER Updated 20/11/2011 by El Desaparecido Started at 22:54:55 | 22/11/2011 Website: http://eldesaparecido.com Suspicious file ? : http://eldesaparecido.com/support.php Contact: contact@eldesaparecido.com PC: Hewlett-Packard (HP Pavilion dv7 Notebook PC) (x64-based PC) # Notebook CPU: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz (2534) RAM -> [ Total : 4063 | Free : 2289 ] BIOS: Default System BIOS BOOT: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 8.0.7601.17514 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] AV: Microsoft Security Essentials [ Enabled | Updated ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Fixed drive # 146 Gb (44 Mb free - 30%) [] # NTFS D:\ -> Fixed drive # 142 Gb (19 Mb free - 13%) [] # NTFS E:\ -> CD-ROM F:\ -> Fixed drive # 932 Gb (295 Mb free - 32%) [Expansion Drive] # NTFS G:\ -> CD-ROM H:\ -> CD-ROM I:\ -> CD-ROM ################## | Listing | [19/10/2011 - 19:30:57 | SHD ] C:\$Recycle.Bin [14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings [29/10/2011 - 11:35:46 | D ] C:\hegames [22/11/2011 - 15:16:55 | ASH | 3195236352] C:\hiberfil.sys [19/10/2011 - 19:33:54 | D ] C:\Intel [23/10/2011 - 18:36:44 | RHD ] C:\MSOCache [22/11/2011 - 15:17:01 | ASH | 4260319232] C:\pagefile.sys [14/07/2009 - 04:20:08 | D ] C:\PerfLogs [22/11/2011 - 00:03:56 | RD ] C:\Program Files [22/11/2011 - 00:04:02 | RD ] C:\Program Files (x86) [06/11/2011 - 19:02:57 | HD ] C:\ProgramData [19/10/2011 - 19:30:29 | SHD ] C:\Recovery [24/10/2011 - 22:10:36 | D ] C:\swsetup [22/11/2011 - 00:24:32 | SHD ] C:\System Volume Information [27/10/2011 - 17:17:13 | D ] C:\totalcmd [22/11/2011 - 22:54:57 | D ] C:\UsbFix [22/11/2011 - 22:54:52 | A | 1929] C:\UsbFix.txt [19/10/2011 - 19:30:43 | RD ] C:\Users [22/11/2011 - 00:04:54 | D ] C:\Windows [19/10/2011 - 19:30:57 | SHD ] D:\$RECYCLE.BIN [19/10/2011 - 18:41:26 | RD ] D:\ASP III rok [05/08/2011 - 10:12:36 | A | 324374] D:\CV Patryk.pdf [19/10/2011 - 18:32:57 | RD ] D:\Downloads [23/07/2011 - 12:57:53 | D ] D:\dyplom [21/11/2011 - 14:53:58 | D ] D:\ID [24/10/2011 - 18:56:31 | A | 617] D:\ID — skrót.lnk [16/10/2010 - 17:36:02 | RAD ] D:\ikony [05/10/2011 - 12:29:21 | D ] D:\Jonathan Nangle [19/10/2011 - 18:32:22 | D ] D:\karta 5d [07/10/2011 - 14:54:19 | RHD ] D:\MSOCache [03/03/2011 - 18:51:49 | D ] D:\Nero Suite 10.0.13200.Ja.Cycuszek [01/01/1970 - 01:59:59 | A | 307981887] D:\Nero Suite 10.0.13200.Ja.Cycuszek.rar [16/10/2010 - 17:36:49 | RAD ] D:\pedzle photoshop [19/10/2011 - 18:25:19 | RD ] D:\Pobrane [19/10/2011 - 18:32:04 | D ] D:\Program Files (x86) [29/10/2011 - 11:35:35 | D ] D:\putt [13/10/2010 - 20:15:41 | SHD ] D:\System Volume Information [23/07/2011 - 22:58:02 | D ] D:\tutoriale [10/11/2011 - 17:02:41 | D ] D:\zdjęcia [21/11/2011 - 18:43:01 | SHD ] F:\$RECYCLE.BIN [05/10/2010 - 22:26:00 | SHD ] F:\ADOBE [22/11/2011 - 00:04:52 | SHD ] F:\Adobe CS5 Master Collection Retail For Windows [05/10/2011 - 12:17:24 | SHD ] F:\Aga [13/04/2011 - 12:49:13 | A | 26956] F:\aga i kaz..jpg [20/11/2011 - 14:05:26 | D ] F:\Agnieszka Kamińska pdf dyplomu do wysylki [20/11/2011 - 14:02:46 | D ] F:\Aiphira [05/10/2011 - 12:24:43 | SHD ] F:\albumy ŚLUBNE [05/10/2011 - 12:12:14 | SHD ] F:\catalystwww_kurs-catalyst(2) [30/11/2010 - 23:50:05 | A | 1145290946] F:\catalystwww_kurs-catalyst(2).zip [01/11/2010 - 21:43:08 | SHD ] F:\creativ [27/10/2011 - 21:33:04 | SHD ] F:\CV [23/07/2011 - 22:58:22 | SHD ] F:\Filmy [26/08/2011 - 23:53:44 | A | 30059013] F:\illustrator_cs5_help.pdf [26/08/2011 - 23:54:10 | A | 35398218] F:\indesign_cs5_help.pdf [23/07/2011 - 23:10:42 | SHD ] F:\Jonathan Nangle [21/11/2011 - 23:18:08 | D ] F:\Nero Autobackup [05/10/2011 - 12:12:11 | SHD ] F:\Noiseware Professional 4.2 32bit [27/10/2011 - 16:49:37 | A | 49510] F:\panel.jpg [30/04/2011 - 12:30:11 | SHD ] F:\pendrive [19/10/2011 - 18:28:28 | D ] F:\pomaranczowa choinka [05/10/2011 - 12:12:09 | SHD ] F:\Portable.Adobe.Illustrator.CS5.v15.0.0 [19/10/2011 - 21:16:51 | HD ] F:\RECYCLER [20/11/2011 - 14:02:45 | D ] F:\Rozalka i Józio [29/03/2010 - 03:42:52 | SHD ] F:\Seagate [27/10/2011 - 17:48:15 | D ] F:\shamrock [21/11/2011 - 15:16:52 | A | 36] F:\syncguid.dat [01/07/2010 - 10:30:56 | SHD ] F:\System Volume Information [19/10/2011 - 18:26:56 | A | 0] F:\System Volume Information.lnk [22/02/2011 - 00:01:12 | A | 1845773] F:\walentynki.jpg [27/10/2011 - 19:04:18 | D ] F:\Warszawa i Pokaz mody [14/08/2011 - 16:11:37 | SHD ] F:\wedding [05/10/2011 - 12:12:43 | SHD ] F:\wtyczki do Photoshopa [20/11/2011 - 14:02:47 | D ] F:\Zakochana [10/04/2009 - 02:52:04 | RA | 12292] G:\.DS_Store [30/04/2009 - 04:03:45 | RAD ] G:\.background [10/04/2009 - 02:59:38 | RA | 253] G:\.hidden [30/04/2009 - 03:57:32 | RA | 54544] G:\Autorun.exe [22/10/2008 - 00:48:37 | RA | 45] G:\Autorun.inf [30/04/2009 - 03:58:40 | RAD ] G:\Caches [30/04/2009 - 03:59:14 | RAD ] G:\Game [30/04/2009 - 03:58:40 | RAD ] G:\GameData [20/06/2008 - 02:06:56 | RA | 555520] G:\ISSetup.dll [25/05/2009 - 16:56:06 | RAD ] G:\Razor1911 [22/10/2008 - 00:48:38 | RA | 174684] G:\Sims3.ico [30/04/2009 - 04:03:35 | RA | 398608] G:\Sims3Setup.exe [30/04/2009 - 04:03:33 | RAD ] G:\Support [30/04/2009 - 04:03:37 | RAD ] G:\The SIMS(tm) 3 Install.app [30/04/2009 - 03:59:14 | RAD ] G:\Thumbnails [05/03/2009 - 21:33:50 | RA | 319488] G:\_Setup.dll [30/04/2009 - 03:58:00 | RA | 3204962] G:\data1.cab [30/04/2009 - 03:57:58 | RA | 195056] G:\data1.hdr [30/04/2009 - 04:03:29 | RA | 512] G:\data2.cab [12/08/2008 - 22:02:42 | RA | 10134] G:\eauninstall.ico [30/04/2009 - 04:03:46 | RAD ] G:\installer [30/04/2009 - 04:03:29 | RA | 25506] G:\layout.bin [03/10/2008 - 20:46:08 | RA | 164463] G:\setup.gif [30/04/2009 - 03:57:48 | RA | 707] G:\setup.ini [30/04/2009 - 03:57:38 | RA | 354226] G:\setup.inx [28/03/2009 - 07:29:46 | RA | 548828] G:\setup.isn [30/04/2009 - 03:57:12 | RA | 152] G:\skuversion.txt ################## | E.O.F | i log z programu OTL: OTL logfile created on: 2011-11-22 22:54:24 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\aga\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,97 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 56,61% Memory free 7,93 Gb Paging File | 5,89 Gb Available in Paging File | 74,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,39 Gb Total Space | 43,93 Gb Free Space | 30,01% Space Free | Partition Type: NTFS Drive D: | 141,60 Gb Total Space | 18,79 Gb Free Space | 13,27% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 294,51 Gb Free Space | 31,62% Space Free | Partition Type: NTFS Drive G: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: AGA-KOMPUTER | User Name: aga | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-11-22 22:54:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\aga\Downloads\OTL.exe PRC - [2011-11-09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2011-11-09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2011-08-17 08:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe PRC - [2011-08-17 08:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe PRC - [2011-07-04 18:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011-11-14 14:29:27 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011-10-26 09:10:46 | 000,420,920 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll MOD - [2011-10-26 09:10:45 | 003,702,840 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll MOD - [2011-10-26 09:09:24 | 000,518,712 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\libglesv2.dll MOD - [2011-10-26 09:09:23 | 000,112,696 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\libegl.dll MOD - [2011-10-26 09:09:09 | 000,122,952 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll MOD - [2011-10-26 09:09:07 | 000,222,280 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll MOD - [2011-10-26 09:09:06 | 001,745,992 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll MOD - [2011-07-04 18:46:20 | 000,217,696 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\gglog.dll MOD - [2011-07-04 18:46:18 | 000,123,488 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggipcradioproxy.dll MOD - [2011-07-04 18:46:16 | 000,017,504 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggipc.dll MOD - [2011-07-04 18:46:12 | 000,027,744 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggcrypto.dll MOD - [2011-07-04 18:46:10 | 000,356,960 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggcommon.dll MOD - [2011-04-16 04:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtWebKit4.dll MOD - [2011-02-17 10:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtScript4.dll MOD - [2011-02-17 10:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtXml4.dll MOD - [2011-02-17 10:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtSvg4.dll MOD - [2011-02-17 10:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtNetwork4.dll MOD - [2011-02-17 10:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtGui4.dll MOD - [2011-02-17 10:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtCore4.dll MOD - [2011-02-17 09:59:40 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qtiff4.dll MOD - [2011-02-17 09:59:40 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qmng4.dll MOD - [2011-02-17 09:59:40 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qjpeg4.dll MOD - [2011-02-17 09:59:40 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qgif4.dll MOD - [2011-02-17 09:59:40 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qsvg4.dll MOD - [2011-02-17 09:59:32 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\zlib1.dll MOD - [2010-01-30 01:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011-11-03 15:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV:[b]64bit:[/b] - [2011-04-27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:[b]64bit:[/b] - [2011-04-27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-05-26 13:30:04 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1dd7c6fad1048e9e\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2009-05-26 13:29:56 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1dd7c6fad1048e9e\AESTSr64.exe -- (AESTFilters) SRV - [2011-11-09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011-11-03 15:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV:[b]64bit:[/b] - [2011-10-22 19:56:37 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2011-08-02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2011-05-07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:[b]64bit:[/b] - [2011-04-27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:[b]64bit:[/b] - [2011-03-04 20:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-01-13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Sterownik karty Intel(R) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2009-06-10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel(R) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-26 13:30:10 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2009-04-29 06:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:[b]64bit:[/b] - [2008-08-06 02:29:26 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2008-07-20 18:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:[b]64bit:[/b] - [2008-01-18 10:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/mb59?u=92541723896572333 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\aga\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\aga\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\aga\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011-11-12 13:08:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-10-27 20:16:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010-10-01 17:44:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011-11-12 13:08:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-10-30 17:03:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-10-30 17:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aga\AppData\Roaming\mozilla\Extensions [2011-10-30 17:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011-09-29 08:30:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011-09-29 01:52:42 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2011-09-29 01:52:42 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2011-09-29 01:52:42 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2011-09-29 01:52:42 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2011-09-29 01:52:42 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-09-29 01:52:42 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Szcz\u0119\u015Bliwego Starego Miner = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahdmajpnpehigpjimeikadfnmoadbff\1.0.5_0\ CHR - Extension: Beat the Boot (by Google) = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidgmjkfmbhldhnhkopojimkhhhcpenl\1.0.0.0_0\ CHR - Extension: Angry Birds = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\ CHR - Extension: Linky = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknechokhjgchpodgplolmkgicojmgnd\1.0.2_0\ CHR - Extension: SmoothScroll = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn\1.0.6_0\ CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\ CHR - Extension: Gun Bros = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciamkmigckbgfajcieiflmkedohjjohh\2.0.0_0\ CHR - Extension: Google Tasks (by Google) = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\ CHR - Extension: MondoVeto - Zosta\u0144 weterynarzem = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecepiacjoadflhimmedofhplofenngif\1.1.0.1_0\ CHR - Extension: AdBlock = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.29_0\ CHR - Extension: LastPass = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.2_0\ CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\ CHR - Extension: Tom And Jery = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpiodclenogphmnljdhdobnlojbmljfj\1.0.1_0\ CHR - Extension: 1100AD - Online Multiplayer Browser Based Strategy Game = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibdllfemjmbopinlfkdbcielaihoagb\1.0.1_0\ CHR - Extension: Skyrama = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.1_0\ CHR - Extension: Cargo Bridge = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\ CHR - Extension: Flight Simulator = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcohjlfmcpocjbijmaleelejkmeobmnk\1.0_0\ CHR - Extension: Sprawdzanie poczty Google = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\ CHR - Extension: FastestChrome - Browse Faster = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.7.9_0\ CHR - Extension: FastestChrome - Browse Faster = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.8.0_0\ CHR - Extension: Cargo Bridge: Xmas level pack = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdcclndkdgngndhjfccoabooegcgamk\1.0.1_0\ CHR - Extension: Cork Board = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\omedpokkgakfifajbapagggilbcenaga\1.0_0\ O1 HOSTS File: ([2010-11-02 12:57:21 | 000,000,962 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found O2:[b]64bit:[/b] - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found O3:[b]64bit:[/b] - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.) O4 - HKLM..\RunOnce: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70ACF90E-7B28-44E1-BF2D-9540E825D56D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-04-30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008-10-22 00:48:37 | 000,000,045 | R--- | M] () - G:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{f5d7262f-fcde-11e0-9812-0021868b7add}\Shell - "" = AutoRun O33 - MountPoints2\{f5d7262f-fcde-11e0-9812-0021868b7add}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2009-04-30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-11-22 00:28:29 | 000,000,000 | ---D | C] -- C:\UsbFix [2011-11-22 00:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2011-11-22 00:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2011-11-21 13:36:40 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\czcionka [2011-11-17 23:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ANetChat [2011-11-13 14:18:11 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\miłość nie cukierki [2011-11-12 20:09:41 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\agrafa [2011-11-12 13:08:53 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011-11-12 13:08:29 | 000,000,000 | ---D | C] -- C:\Users\aga\Documents\ForceField Shared Files [2011-11-12 13:08:15 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\CheckPoint [2011-11-12 13:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2011-11-12 13:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2011-11-12 12:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint [2011-11-10 16:47:57 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\pozen [2011-11-08 22:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011-11-08 22:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011-11-06 19:03:00 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\Gadu-Gadu 10 [2011-11-06 19:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Gadu-Gadu 10 [2011-11-06 19:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gadu-Gadu 10 [2011-11-04 16:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imagenomic [2011-11-04 16:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Imagenomic [2011-11-04 16:20:29 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\Zdjecia [2011-11-03 21:21:19 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\off festiwal [2011-11-03 14:35:36 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\kartka [2011-11-03 12:11:21 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011-10-30 17:03:20 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\Mozilla [2011-10-30 17:03:20 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Local\Mozilla [2011-10-30 17:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011-10-30 13:45:59 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\Apple Computer [2011-10-30 13:45:59 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Local\Apple Computer [2011-10-30 13:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011-10-30 13:45:34 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll [2011-10-30 13:45:34 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll [2011-10-30 13:45:34 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2011-10-30 13:45:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2011-10-30 13:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011-10-30 13:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011-10-30 13:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011-10-30 13:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011-10-30 13:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2011-10-30 13:44:47 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Local\Apple [2011-10-30 13:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011-10-30 13:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2011-10-30 13:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011-10-30 13:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011-10-30 13:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011-10-30 13:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011-10-29 21:10:08 | 000,000,000 | ---D | C] -- C:\Users\aga\Documents\Electronic Arts [2011-10-29 20:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2011-10-29 20:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2011-10-29 17:45:17 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Local\My Games [2011-10-29 17:45:15 | 000,000,000 | ---D | C] -- C:\Users\aga\Documents\My Games [2011-10-29 17:19:42 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2011-10-29 17:19:42 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2011-10-29 17:19:41 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2011-10-29 17:19:41 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2011-10-29 17:19:40 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2011-10-29 17:19:40 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2011-10-29 17:19:37 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2011-10-29 17:19:37 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2011-10-29 17:19:36 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2011-10-29 17:19:36 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2011-10-29 17:19:36 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2011-10-29 17:19:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2011-10-29 17:19:34 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2011-10-29 17:19:34 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2011-10-29 17:19:34 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2011-10-29 17:19:34 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2011-10-29 17:19:34 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2011-10-29 17:19:34 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2011-10-29 17:19:34 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2011-10-29 17:19:32 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2011-10-29 17:19:32 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2011-10-29 17:19:32 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2011-10-29 17:19:32 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2011-10-29 17:19:32 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2011-10-29 17:19:32 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2011-10-29 17:19:32 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2011-10-29 17:19:32 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2011-10-29 17:19:31 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2011-10-29 17:19:31 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2011-10-29 17:19:31 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2011-10-29 17:19:31 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2011-10-29 17:19:31 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2011-10-29 17:19:31 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2011-10-29 17:19:29 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2011-10-29 17:19:29 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2011-10-29 17:19:29 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2011-10-29 17:19:29 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2011-10-29 17:19:28 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2011-10-29 17:19:28 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2011-10-29 17:19:28 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2011-10-29 17:19:28 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2011-10-29 17:19:28 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2011-10-29 17:19:28 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2011-10-29 17:19:28 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2011-10-29 17:19:28 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2011-10-29 17:19:27 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2011-10-29 17:19:27 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2011-10-29 17:19:27 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2011-10-29 17:19:27 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2011-10-29 17:19:27 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2011-10-29 17:19:27 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2011-10-29 17:19:26 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2011-10-29 17:19:26 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2011-10-29 17:19:25 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2011-10-29 17:19:25 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2011-10-29 17:19:25 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2011-10-29 17:19:25 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2011-10-29 17:19:24 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2011-10-29 17:19:24 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2011-10-29 17:19:24 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2011-10-29 17:19:24 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2011-10-29 17:19:24 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2011-10-29 17:19:24 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2011-10-29 17:19:24 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2011-10-29 17:19:24 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2011-10-29 17:19:23 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2011-10-29 17:19:23 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2011-10-29 17:19:22 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2011-10-29 17:19:22 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2011-10-29 17:19:22 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2011-10-29 17:19:22 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2011-10-29 17:19:22 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2011-10-29 17:19:22 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2011-10-29 17:19:21 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2011-10-29 17:19:21 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2011-10-29 17:19:21 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2011-10-29 17:19:21 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2011-10-29 17:19:20 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2011-10-29 17:19:20 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2011-10-29 17:19:20 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2011-10-29 17:19:20 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2011-10-29 17:19:19 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2011-10-29 17:19:19 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2011-10-29 17:19:19 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2011-10-29 17:19:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2011-10-29 17:19:18 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2011-10-29 17:19:18 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2011-10-29 17:19:17 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2011-10-29 17:19:17 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2011-10-29 17:19:16 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2011-10-29 17:19:16 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2011-10-29 17:19:16 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2011-10-29 17:19:16 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2011-10-29 17:19:16 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2011-10-29 17:19:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2011-10-29 17:19:15 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2011-10-29 17:19:15 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2011-10-29 17:19:14 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2011-10-29 17:19:14 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2011-10-29 17:19:14 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2011-10-29 17:19:14 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2011-10-29 17:19:14 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2011-10-29 17:19:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2011-10-29 17:19:14 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2011-10-29 17:19:14 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2011-10-29 17:19:13 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2011-10-29 17:19:13 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2011-10-29 17:19:13 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2011-10-29 17:19:13 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2011-10-29 17:19:12 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2011-10-29 17:19:12 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2011-10-29 17:19:12 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2011-10-29 17:19:12 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2011-10-29 17:19:12 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2011-10-29 17:19:12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2011-10-29 17:19:11 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2011-10-29 17:19:11 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2011-10-29 17:19:10 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2011-10-29 17:19:10 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2011-10-29 17:19:10 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2011-10-29 17:19:10 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2011-10-29 17:19:10 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2011-10-29 17:19:10 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2011-10-29 17:19:09 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2011-10-29 17:19:09 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2011-10-29 17:19:09 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2011-10-29 17:19:09 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2011-10-29 17:19:08 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2011-10-29 17:19:07 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2011-10-29 17:19:07 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2011-10-29 17:19:07 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2011-10-29 17:19:07 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2011-10-29 17:19:06 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2011-10-29 17:19:06 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2011-10-29 17:19:05 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2011-10-29 17:19:05 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2011-10-29 17:19:04 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2011-10-29 17:19:04 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2011-10-29 17:18:59 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2011-10-29 17:18:59 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2011-10-29 17:18:57 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2011-10-29 17:18:57 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2011-10-29 17:18:57 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2011-10-29 17:18:57 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2011-10-29 17:18:56 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2011-10-29 17:18:56 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2011-10-29 17:18:56 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2011-10-29 17:18:56 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2011-10-29 17:18:55 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2011-10-29 17:18:55 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2011-10-29 17:18:54 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2011-10-29 17:18:54 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2011-10-29 17:18:52 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2011-10-29 17:18:52 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2011-10-29 17:18:50 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2011-10-29 17:18:50 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2011-10-29 17:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V [2011-10-29 11:35:46 | 000,000,000 | ---D | C] -- C:\hegames [2011-10-29 11:35:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wing32.dll [2011-10-29 09:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2011-10-29 09:13:47 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\uTorrent [2011-10-29 09:13:47 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Local\uTorrent [2011-10-29 09:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011-10-29 09:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011-10-29 09:01:41 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011-10-29 09:01:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011-10-29 09:01:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011-10-29 09:01:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011-10-29 09:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011-10-29 01:28:23 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\ImgBurn [2011-10-29 01:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2011-10-29 01:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2011-10-28 23:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2011-10-28 23:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\i4j_jres [2011-10-28 22:53:47 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\FlashGet [2011-10-28 22:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet [2011-10-28 12:22:49 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Local\Unity [2011-10-28 11:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2011-10-28 11:59:56 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2011-10-28 11:59:55 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2011-10-28 11:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect [2011-10-28 11:59:18 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Detektor Winampa [2011-10-28 11:59:07 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\Winamp [2011-10-28 11:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2011-10-27 22:38:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2011-10-27 22:38:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2011-10-27 22:02:08 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011-10-27 20:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 [2011-10-27 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\wysyłka foto [2011-10-27 17:16:31 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander [2011-10-27 17:16:30 | 000,000,000 | ---D | C] -- C:\totalcmd [2011-10-27 17:16:30 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\GHISLER [2011-10-27 16:31:15 | 000,000,000 | ---D | C] -- C:\Users\aga\Application Data [2011-10-24 22:16:25 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\hpqLog [2011-10-24 22:15:59 | 001,919,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wdfcoinstaller01005.dll [2011-10-24 22:15:59 | 000,018,432 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys [2011-10-24 22:15:58 | 001,885,488 | R--- | C] (Hewlett-Packard Company) -- C:\Windows\SysWow64\BttnCmn.dll [2011-10-24 22:15:58 | 001,885,488 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysWow64\BttnCmns.dll [2011-10-24 22:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard [2011-10-24 22:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-11-22 22:51:49 | 001,538,624 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011-11-22 22:51:49 | 000,693,276 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2011-11-22 22:51:49 | 000,612,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011-11-22 22:51:49 | 000,133,638 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2011-11-22 22:51:49 | 000,105,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011-11-22 15:24:35 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-11-22 15:24:35 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-11-22 15:17:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-11-22 15:16:55 | 3195,236,352 | -HS- | M] () -- C:\hiberfil.sys [2011-11-22 00:04:16 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011-11-22 00:04:06 | 001,558,078 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011-11-20 00:20:38 | 001,884,828 | ---- | M] () -- C:\Users\aga\Desktop\screen_off_cinema1.pdf [2011-11-20 00:19:46 | 001,385,376 | ---- | M] () -- C:\Users\aga\Desktop\screen_off_cinema.pdf [2011-11-19 14:26:51 | 166,216,310 | ---- | M] () -- C:\Users\aga\Desktop\Agnieszka Kamińska.rar [2011-11-17 23:54:28 | 005,100,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011-11-17 23:42:55 | 009,269,248 | ---- | M] () -- C:\Users\aga\Desktop\loveeat.indd [2011-11-17 23:06:07 | 000,001,007 | ---- | M] () -- C:\Users\aga\Desktop\ANetChat.lnk [2011-11-14 14:29:27 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011-11-12 20:12:02 | 002,539,251 | ---- | M] () -- C:\Users\aga\Desktop\rysunek.jpg [2011-11-12 13:09:03 | 000,415,915 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011-11-06 19:02:57 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\OpenFM.lnk [2011-11-06 19:02:57 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2011-11-06 13:28:09 | 000,741,875 | ---- | M] () -- C:\Users\aga\Desktop\mrówki.jpg [2011-11-04 16:46:40 | 000,010,752 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll [2011-11-04 16:46:20 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Noiseware Professional Edition.lnk [2011-11-02 03:34:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3025311147-2508500377-963061551-1001UA.job [2011-10-30 13:45:57 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011-10-30 10:34:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3025311147-2508500377-963061551-1001Core.job [2011-10-29 20:40:44 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk [2011-10-29 17:41:53 | 000,000,918 | ---- | M] () -- C:\Users\aga\Desktop\Sid Meiers Civilization V.lnk [2011-10-29 11:35:46 | 000,000,173 | ---- | M] () -- C:\Windows\hegames.ini [2011-10-29 09:19:36 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2011-10-29 09:01:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011-10-29 09:01:33 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011-10-29 09:01:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011-10-29 09:01:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011-10-29 01:26:18 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2011-10-28 23:05:58 | 000,001,966 | ---- | M] () -- C:\Users\aga\Desktop\JDownloader.lnk [2011-10-27 17:16:31 | 000,000,668 | ---- | M] () -- C:\Users\aga\Desktop\Total Commander.lnk [2011-10-24 22:10:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01000.Wdf [2011-10-24 18:56:31 | 000,000,617 | ---- | M] () -- C:\Users\aga\Desktop\ID.lnk [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-11-22 00:04:16 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2011-11-22 00:04:06 | 001,558,078 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011-11-22 00:03:59 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011-11-20 00:20:30 | 001,884,828 | ---- | C] () -- C:\Users\aga\Desktop\screen_off_cinema1.pdf [2011-11-20 00:19:39 | 001,385,376 | ---- | C] () -- C:\Users\aga\Desktop\screen_off_cinema.pdf [2011-11-19 14:25:37 | 166,216,310 | ---- | C] () -- C:\Users\aga\Desktop\Agnieszka Kamińska.rar [2011-11-17 23:06:07 | 000,001,007 | ---- | C] () -- C:\Users\aga\Desktop\ANetChat.lnk [2011-11-12 20:12:00 | 002,539,251 | ---- | C] () -- C:\Users\aga\Desktop\rysunek.jpg [2011-11-12 13:08:23 | 000,415,915 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011-11-09 00:03:56 | 009,269,248 | ---- | C] () -- C:\Users\aga\Desktop\loveeat.indd [2011-11-06 19:02:57 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\OpenFM.lnk [2011-11-06 19:02:57 | 000,001,003 | ---- | C] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk [2011-11-06 19:02:31 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu 10.lnk [2011-11-06 13:28:07 | 000,741,875 | ---- | C] () -- C:\Users\aga\Desktop\mrówki.jpg [2011-11-04 16:46:40 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2011-11-04 16:46:20 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Noiseware Professional Edition.lnk [2011-10-30 17:03:16 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011-10-30 13:45:57 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011-10-30 13:44:46 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011-10-29 20:40:44 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk [2011-10-29 17:20:47 | 000,000,918 | ---- | C] () -- C:\Users\aga\Desktop\Sid Meiers Civilization V.lnk [2011-10-29 11:35:44 | 000,000,173 | ---- | C] () -- C:\Windows\hegames.ini [2011-10-29 09:19:36 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2011-10-29 01:26:18 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2011-10-29 01:26:18 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2011-10-28 23:05:58 | 000,001,966 | ---- | C] () -- C:\Users\aga\Desktop\JDownloader.lnk [2011-10-28 23:05:58 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk [2011-10-28 23:05:58 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2011-10-27 20:17:48 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk [2011-10-27 20:17:48 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk [2011-10-27 17:16:31 | 000,000,668 | ---- | C] () -- C:\Users\aga\Desktop\Total Commander.lnk [2011-10-27 17:16:31 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF [2011-10-27 17:16:31 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF [2011-10-27 17:16:31 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF [2011-10-27 17:16:31 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF [2011-10-27 17:16:30 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF [2011-10-27 17:16:30 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF [2011-10-27 17:16:30 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF [2011-10-24 22:10:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01000.Wdf [2011-10-24 18:56:33 | 000,000,617 | ---- | C] () -- C:\Users\aga\Desktop\ID.lnk [2011-10-23 21:04:46 | 000,001,456 | ---- | C] () -- C:\Users\aga\AppData\Local\Adobe Save for Web 12.0 Prefs [2009-07-14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009-07-14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009-07-14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > Odnośnik do komentarza
picasso Opublikowano 22 Listopada 2011 Zgłoś Udostępnij Opublikowano 22 Listopada 2011 Proszę używaj Załączników jako metody prezentacji długich logów. I to nie jest kompletny log z OTL, brakuje Extras (opcja "Rejestr - skan dodatkowy" nie została ustawiona na "Użyj filtrowania"). Infekcji w systemie nie widzę (tu tylko będę usuwać szczątki po WebRep Avasta), a na urządzeniu pozostał już tylko jeden LNK oraz ukryte prawie wszystkie foldery. Prewencyjnie usunę z urządzenia także wszystkie "Kosze". 1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej: :Files rd /s /q F:\$RECYCLE.BIN /C rd /s /q F:\RECYCLER /C del /q "F:\System Volume Information.lnk" /C attrib /d /s -s -h F:\* /C :OTL O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKLM..\RunOnce: [] File not found :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="about:blank" Rozpocznij przez Wykonaj skrypt. Z tej operacji powstanie log. 2. Do oceny wystarczy tylko ów log z wynikami usuwania oraz nowy log z USBFix z opcji Listing. . Odnośnik do komentarza
kaminskowo Opublikowano 23 Listopada 2011 Autor Zgłoś Udostępnij Opublikowano 23 Listopada 2011 Witam w załączeniu log. skrypt wykonałam. jednego nie moge zalaczyc wiec przesylame w kodzie( 11232011_151807.log Nie masz uprawnień do wysyłania tego typu plików): s========== FILES ========== [color=#A23BEC]< rd /s /q F:\$RECYCLE.BIN /C >[/color] C:\Users\aga\Downloads\cmd.bat deleted successfully. C:\Users\aga\Downloads\cmd.txt deleted successfully. [color=#A23BEC]< rd /s /q F:\RECYCLER /C >[/color] C:\Users\aga\Downloads\cmd.bat deleted successfully. C:\Users\aga\Downloads\cmd.txt deleted successfully. [color=#A23BEC]< del /q "F:\System Volume Information.lnk" /C >[/color] C:\Users\aga\Downloads\cmd.bat deleted successfully. C:\Users\aga\Downloads\cmd.txt deleted successfully. [color=#A23BEC]< attrib /d /s -s -h F:\* /C >[/color] Odmowa dost©pu - F:\System Volume Information C:\Users\aga\Downloads\cmd.bat deleted successfully. C:\Users\aga\Downloads\cmd.txt deleted successfully. ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully! OTL by OldTimer - Version 3.2.31.0 log created on 11232011_151807 UsbFix.txt Odnośnik do komentarza
picasso Opublikowano 23 Listopada 2011 Zgłoś Udostępnij Opublikowano 23 Listopada 2011 Nie możesz załączyć tego pliku, gdyż tylko pliki o rozszerzeniu *.TXT są akceptowane jako Załączniki tekstowe, wystarczy zmienić nazwę na *.LOG na *.TXT. Zadanie zostało pomyślnie wykonane, na urządzeniu nie widzę nic podejrzanego. Uruchom Sprzątanie w OTL. A że nie został podany log OTL Extras, to już na własną rękę sprawdź i wykonaj aktualizacje programów (na pewno IE wymaga aktualizacji IE8 > IE9, nawet jeśli w ogóle z niego nie korzystasz): INSTRUKCJE. . Odnośnik do komentarza
kaminskowo Opublikowano 24 Listopada 2011 Autor Zgłoś Udostępnij Opublikowano 24 Listopada 2011 Dziękuję Ci bardzo za pomoc, na dysku trzymałam swoje artystyczne wyposciny Dziękuję jeszcze raz ! Odnośnik do komentarza
Rekomendowane odpowiedzi