Skocz do zawartości

Podejrzewam infekcje - 100% CPU


Rekomendowane odpowiedzi

uzycie cpu 100%

 

Results of screen317's Security Check version 0.99.24

Windows 7 x86 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

McAfee Scan and Repair 1.5.114

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

EasyCleaner

Adobe Flash Player 11.1.102.55

Mozilla Firefox (x86 pl..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Spybot Teatimer.exe is disabled!

``````````End of Log````````````

 

Odnośnik do komentarza
Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.

W nazwiązaniu do tematu z Windows, to system zaraz po zrzuceniu z Recovery Samsunga? Wygląd systemu daleki od "fabrycznego"... Jest tu infekcja, jest również zestaw wpisów sugerujący błędne wpisy dla folderów powłoki, gdyż OTL pokazuje zawartość katalogów kont, co nie powinno mieć miejsca:

 

 

O4 - Startup: C:\Users\All Users\48c00000-bc68-4722-f308-feccb1613f9c [2011-07-04 07:06:35 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Application Data [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\bdinstall.bin ()

O4 - Startup: C:\Users\All Users\BitDefender [2011-07-04 06:58:10 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2010-12-17 16:35:49 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Dane aplikacji [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Desktop [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Documents [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Dokumenty [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\ezsidmv.dat ()

O4 - Startup: C:\Users\All Users\Favorites [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Menu Start [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Microsoft [2010-12-17 17:10:03 | 000,000,000 | --SD | M]

O4 - Startup: C:\Users\All Users\Nero [2011-11-28 08:28:31 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\NTUSER.DAT ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT.LOG1 ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT.LOG2 ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06da-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06da-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06da-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06e8-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06e8-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06e8-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\All Users\Pulpit [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Skype [2010-12-13 20:53:18 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011-11-29 13:43:20 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Start Menu [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Szablony [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Templates [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Ulubione [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\AppData [2009-07-14 03:37:05 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Users\Default\Application Data [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Cookies [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Dane aplikacji [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Desktop [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Documents [2010-12-13 20:27:07 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Downloads [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Favorites [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Links [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Local Settings [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Menu Start [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Moje dokumenty [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Music [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\My Documents [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\NetHood [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\NTUSER.DAT ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Default\Pictures [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\PrintHood [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Recent [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Saved Games [2009-07-14 03:04:25 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Default\SendTo [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Start Menu [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Szablony [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Templates [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Ustawienia lokalne [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Videos [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\AppData [2010-12-13 20:28:48 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Users\Natalka\Contacts [2010-12-13 20:28:55 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Desktop [2011-11-29 13:42:15 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Documents [2011-07-04 09:57:23 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Downloads [2011-11-29 13:51:19 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Favorites [2010-12-17 16:37:14 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Links [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Music [2011-04-18 18:38:36 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\NTUSER.DAT ()

O4 - Startup: C:\Users\Natalka\ntuser.dat.LOG1 ()

O4 - Startup: C:\Users\Natalka\ntuser.dat.LOG2 ()

O4 - Startup: C:\Users\Natalka\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()

O4 - Startup: C:\Users\Natalka\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Natalka\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Natalka\ntuser.ini ()

O4 - Startup: C:\Users\Natalka\Pictures [2011-02-16 01:37:40 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Saved Games [2011-01-03 23:23:10 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Natalka\Searches [2011-02-17 13:09:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Start Menu [2011-07-02 12:01:08 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Natalka\Videos [2011-02-28 19:47:47 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Desktop [2011-11-28 08:27:50 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Documents [2010-12-13 20:27:07 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Downloads [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Favorites [2009-07-14 03:04:25 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Libraries [2010-12-13 20:27:08 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Music [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\NTUSER.DAT ()

O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG1 ()

O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG2 ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06e4-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06e4-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06e4-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06f2-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06f2-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06f2-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Public\Pictures [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Recorded TV [2011-01-11 13:22:00 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Videos [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

 

 

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001..\Run: [Gpmimo] C:\Users\Natalka\AppData\Roaming\Gpmimo.exe (	 )
O4 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001..\Run: [Vomimd] C:\Users\Natalka\AppData\Roaming\Vomimd.exe ()
 
:Files
C:\Users\Natalka\AppData\Roaming\3620.exe
C:\Users\Natalka\AppData\Roaming\2963.exe
 
:Commands
[emptytemp]

 

Klik w Wykonaj skrypt. Log z tego działania zaprezentujesz w punkcie 3.

 

2. Przez Panel sterowania odinstaluj śmieci sponsoringowe: Ask Toolbar i DAEMON Tools Toolbar.

 

3. Wytwórz nowy log z OTL, ale na warunku dostosowanym. Uruchom OTL w sekcji Własne opcje skanowania / skrypt wklej:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

 

Klik w Skanuj (a nie Wykonaj skrypt!).

 

 

 

.

Odnośnik do komentarza

to inny komputer

 

OTL logfile created on: 2011-11-29 16:32:46 - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Natalka\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

1,99 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,76% Memory free

3,98 Gb Paging File | 2,97 Gb Available in Paging File | 74,58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 55,82 Gb Total Space | 32,72 Gb Free Space | 58,61% Space Free | Partition Type: NTFS

Drive D: | 54,51 Gb Total Space | 4,85 Gb Free Space | 8,89% Space Free | Partition Type: NTFS

 

Computer Name: NATALUS | User Name: Natalka | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011-11-29 13:51:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Natalka\Downloads\OTL.exe

PRC - [2011-11-28 08:20:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011-09-23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe

PRC - [2010-12-21 22:29:43 | 011,539,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe

PRC - [2009-10-28 12:43:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011-11-29 12:01:25 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2011-11-28 08:20:49 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2009-10-28 12:43:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

MOD - [2009-10-20 18:15:24 | 000,212,992 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\gglog.dll

MOD - [2009-10-20 18:15:24 | 000,023,040 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\ggcrypto.dll

MOD - [2009-10-20 18:15:24 | 000,012,800 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\ggipc.dll

MOD - [2009-10-20 18:15:22 | 000,352,256 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\ggcommon.dll

MOD - [2009-10-20 18:15:22 | 000,118,784 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\ggipcradioproxy.dll

MOD - [2009-09-23 15:05:02 | 000,970,752 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtNetwork4.dll

MOD - [2009-09-23 15:04:58 | 002,195,456 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtCore4.dll

MOD - [2009-09-23 15:04:56 | 011,677,696 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtWebKit4.dll

MOD - [2009-09-23 15:04:52 | 008,024,064 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtGui4.dll

MOD - [2009-09-23 15:04:50 | 000,393,216 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtXml4.dll

MOD - [2009-09-23 15:04:50 | 000,299,008 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtSvg4.dll

MOD - [2009-09-23 15:04:14 | 000,303,104 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qtiff4.dll

MOD - [2009-09-23 15:04:14 | 000,018,432 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qsvg4.dll

MOD - [2009-09-23 15:04:12 | 000,274,432 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qmng4.dll

MOD - [2009-09-23 15:04:12 | 000,143,360 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qjpeg4.dll

MOD - [2009-09-23 15:04:12 | 000,023,552 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qgif4.dll

MOD - [2009-09-23 15:04:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\zlib1.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011-09-23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2011-04-06 15:40:00 | 000,694,864 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe -- (McAfee ScanAndRepair Svc)

SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011-07-04 07:30:44 | 000,080,816 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\bdselfpr.sys -- (bdselfpr)

DRV - [2010-12-17 16:36:29 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010-11-09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)

DRV - [2010-11-03 11:38:12 | 000,306,104 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)

DRV - [2010-07-09 13:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)

DRV - [2010-07-09 13:08:14 | 000,327,368 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)

DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009-07-13 23:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/

IE - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Natalka\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Natalka\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-11-28 08:20:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-07-04 08:56:16 | 000,000,000 | ---D | M]

 

[2010-12-17 16:37:10 | 000,002,059 | ---- | M] () -- \Users\Natalka\AppData\Roaming\Mozilla\Firefox\Profiles\ifkl300j.default\searchplugins\daemon-search.xml

[2011-06-29 23:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010-12-13 20:53:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

() (No name found) -- C:\USERS\NATALKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IFKL300J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011-11-28 08:20:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011-04-06 15:40:00 | 000,182,936 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMcAfeeSRPlgn.dll

[2011-10-04 05:21:32 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2011-10-04 05:21:32 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2011-10-04 05:21:32 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2011-10-04 05:21:32 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2011-10-04 05:21:32 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2011-10-04 05:21:32 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Natalka\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Natalka\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Natalka\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: McAfeeScanAndRepair (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMcAfeeSRPlgn.dll

CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Natalka\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\All Users\48c00000-bc68-4722-f308-feccb1613f9c [2011-07-04 07:06:35 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Application Data [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\bdinstall.bin ()

O4 - Startup: C:\Users\All Users\BitDefender [2011-07-04 06:58:10 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2010-12-17 16:35:49 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Dane aplikacji [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Desktop [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Documents [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Dokumenty [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\ezsidmv.dat ()

O4 - Startup: C:\Users\All Users\Favorites [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Menu Start [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Microsoft [2010-12-17 17:10:03 | 000,000,000 | --SD | M]

O4 - Startup: C:\Users\All Users\Nero [2011-11-28 08:28:31 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\NTUSER.DAT ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT.LOG1 ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT.LOG2 ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06da-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06da-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06da-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06e8-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06e8-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06e8-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\All Users\Pulpit [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Skype [2010-12-13 20:53:18 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011-11-29 13:43:20 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Start Menu [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Szablony [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\TEMP [2011-11-29 16:21:24 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Templates [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Ulubione [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\AppData [2009-07-14 03:37:05 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Users\Default\Application Data [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Cookies [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Dane aplikacji [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Desktop [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Documents [2010-12-13 20:27:07 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Downloads [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Favorites [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Links [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Local Settings [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Menu Start [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Moje dokumenty [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Music [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\My Documents [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\NetHood [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\NTUSER.DAT ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Default\Pictures [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\PrintHood [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Recent [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Saved Games [2009-07-14 03:04:25 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Default\SendTo [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Start Menu [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Szablony [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Templates [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Ustawienia lokalne [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Videos [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\AppData [2010-12-13 20:28:48 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Users\Natalka\Contacts [2010-12-13 20:28:55 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Desktop [2011-11-29 13:42:15 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Documents [2011-11-29 14:18:14 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Downloads [2011-11-29 14:38:20 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Favorites [2010-12-17 16:37:14 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Links [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Music [2011-04-18 18:38:36 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\NTUSER.DAT ()

O4 - Startup: C:\Users\Natalka\ntuser.dat.LOG1 ()

O4 - Startup: C:\Users\Natalka\ntuser.dat.LOG2 ()

O4 - Startup: C:\Users\Natalka\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()

O4 - Startup: C:\Users\Natalka\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Natalka\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Natalka\ntuser.ini ()

O4 - Startup: C:\Users\Natalka\Pictures [2011-02-16 01:37:40 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Saved Games [2011-01-03 23:23:10 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Natalka\Searches [2011-02-17 13:09:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Start Menu [2011-07-02 12:01:08 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Natalka\Videos [2011-02-28 19:47:47 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Desktop [2011-11-29 16:18:14 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Documents [2010-12-13 20:27:07 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Downloads [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Favorites [2009-07-14 03:04:25 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Libraries [2010-12-13 20:27:08 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Music [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\NTUSER.DAT ()

O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG1 ()

O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG2 ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06e4-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06e4-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06e4-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06f2-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06f2-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06f2-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Public\Pictures [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Recorded TV [2011-01-11 13:22:00 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Videos [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.33.64.2 212.33.64.18

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8CFCC82-26AB-4207-9264-71638F0527FC}: DhcpNameServer = 212.33.64.2 212.33.64.18

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{e4405030-ff08-11e0-af1a-001e3344c062}\Shell - "" = AutoRun

O33 - MountPoints2\{e4405030-ff08-11e0-af1a-001e3344c062}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011-11-29 16:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2011-11-29 16:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Regenerator

[2011-11-29 16:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Regenerator

[2011-11-29 15:50:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2011-11-29 15:47:03 | 000,000,000 | ---D | C] -- C:\_OTL

[2011-11-29 15:47:03 | 000,000,000 | ---D | C] -- \_OTL

[2011-11-29 12:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\ZAR

[2011-11-29 12:01:25 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011-11-28 10:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn

[2011-11-28 08:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero

[2011-11-28 08:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero

[2011-11-28 08:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nero

[2011-11-28 08:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero

[2011-11-28 08:26:20 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll

[2011-11-28 08:26:20 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll

[2011-11-28 08:26:19 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll

[2011-11-28 08:26:19 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll

[2011-11-28 08:26:19 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll

[2011-11-28 08:25:40 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll

[2011-11-28 08:25:04 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll

[2011-11-28 08:24:28 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll

[2011-11-28 08:23:56 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll

[2011-11-28 08:23:21 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll

[2011-11-28 07:55:50 | 000,000,000 | ---D | C] -- C:\Windows 7

[2011-11-28 07:55:50 | 000,000,000 | ---D | C] -- \Windows 7

[2011-11-07 20:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UFS Explorer

[2011-11-07 20:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\UFS Explorer

[2011-11-07 20:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

 

========== Files - Modified Within 30 Days ==========

 

[2011-11-29 16:32:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573019657-1483169811-3846911360-1001UA.job

[2011-11-29 16:18:29 | 000,687,828 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2011-11-29 16:18:29 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011-11-29 16:18:29 | 000,131,382 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2011-11-29 16:18:29 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011-11-29 16:18:14 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\HDD Regenerator.lnk

[2011-11-29 15:55:04 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011-11-29 15:55:04 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011-11-29 15:47:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011-11-29 15:47:47 | 1602,719,744 | -HS- | M] () -- C:\hiberfil.sys

[2011-11-29 12:01:25 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011-11-28 23:32:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573019657-1483169811-3846911360-1001Core.job

[2011-11-28 08:27:50 | 000,002,831 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk

[2011-11-07 20:48:32 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

 

========== Files Created - No Company Name ==========

 

[2011-11-29 16:18:14 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\HDD Regenerator.lnk

[2011-11-28 08:27:50 | 000,002,831 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk

[2011-11-08 23:27:44 | 000,001,066 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573019657-1483169811-3846911360-1001UA.job

[2011-11-08 23:27:43 | 000,001,014 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573019657-1483169811-3846911360-1001Core.job

[2011-11-07 20:48:32 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2011-07-04 06:58:03 | 000,572,597 | ---- | C] () -- C:\ProgramData\bdinstall.bin

[2011-02-15 13:46:27 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll

[2010-12-19 02:44:43 | 000,000,700 | ---- | C] () -- \BIOS Launcher.lnk

[2010-12-17 17:10:01 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI

[2010-12-13 21:26:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010-12-13 20:28:35 | 000,171,136 | RHS- | C] () -- \W7LDR

[2010-12-13 19:19:18 | 1602,719,744 | -HS- | C] () -- \hiberfil.sys

[2010-12-13 19:18:03 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK

[2010-12-13 19:18:02 | 000,383,562 | RHS- | C] () -- \bootmgr

[2010-09-08 10:46:42 | 004,497,993 | ---- | C] () -- C:\Windows\System32\libavcodec.dll

[2010-09-08 10:46:42 | 001,529,856 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll

[2010-09-08 10:46:42 | 001,212,665 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll

[2010-09-08 10:46:42 | 000,903,723 | ---- | C] () -- C:\Windows\System32\ff_x264.dll

[2010-09-08 10:46:42 | 000,880,220 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010-09-08 10:46:42 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll

[2010-09-08 10:46:42 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll

[2010-09-08 10:46:42 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll

[2010-09-08 10:46:42 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll

[2010-09-08 10:46:42 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll

[2010-09-08 10:46:42 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll

[2010-09-08 10:46:42 | 000,142,291 | ---- | C] () -- C:\Windows\System32\libmplayer.dll

[2010-09-08 10:46:42 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll

[2010-09-08 10:46:42 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll

[2010-09-08 10:46:42 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll

[2010-09-08 09:45:00 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll

[2010-09-08 09:09:46 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010-08-14 09:45:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll

[2010-08-14 09:45:10 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe

[2010-08-14 09:43:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll

[2010-08-14 09:43:42 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll

[2010-08-14 09:43:34 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll

[2010-08-14 09:43:22 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll

[2010-08-14 09:42:54 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe

[2010-08-14 09:42:48 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll

[2010-08-14 09:42:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll

[2010-08-14 09:42:06 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe

[2010-08-14 09:41:54 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll

[2010-08-14 09:40:02 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll

[2010-08-14 09:39:58 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll

[2009-08-11 22:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe

[2009-07-14 09:07:57 | 000,687,828 | ---- | C] () -- C:\Windows\System32\perfh015.dat

[2009-07-14 09:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat

[2009-07-14 09:07:57 | 000,131,382 | ---- | C] () -- C:\Windows\System32\perfc015.dat

[2009-07-14 09:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat

[2009-07-14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009-07-14 05:33:53 | 000,407,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009-07-14 03:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009-07-14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009-07-14 03:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009-07-14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009-07-14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009-07-14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009-07-14 03:04:04 | 000,000,010 | ---- | C] () -- \config.sys

[2009-07-14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009-07-14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009-07-13 23:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin

[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2009-06-07 17:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009-01-10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll

[2008-11-06 16:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2007-10-13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini

[2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

 

========== LOP Check ==========

 

[2011-07-04 07:06:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\48c00000-bc68-4722-f308-feccb1613f9c

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data

[2011-07-04 06:58:10 | 000,000,000 | ---D | M] -- C:\Users\All Users\BitDefender

[2010-12-17 16:35:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dane aplikacji

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumenty

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Menu Start

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Pulpit

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Szablony

[2011-11-29 16:21:24 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Ulubione

[2009-07-14 03:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Dane aplikacji

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop

[2010-12-13 20:27:07 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Menu Start

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Moje dokumenty

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent

[2009-07-14 03:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Szablony

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Ustawienia lokalne

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos

[2010-12-13 20:28:48 | 000,000,000 | -H-D | M] -- C:\Users\Natalka\AppData

[2010-12-13 20:28:55 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Contacts

[2011-11-29 13:42:15 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Desktop

[2011-11-29 14:18:14 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Documents

[2011-11-29 14:38:20 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Downloads

[2010-12-17 16:37:14 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Favorites

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Links

[2011-04-18 18:38:36 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Music

[2011-02-16 01:37:40 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Pictures

[2011-01-03 23:23:10 | 000,000,000 | ---D | M] -- C:\Users\Natalka\Saved Games

[2011-02-17 13:09:57 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Searches

[2011-07-02 12:01:08 | 000,000,000 | ---D | M] -- C:\Users\Natalka\Start Menu

[2011-02-28 19:47:47 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Videos

[2011-11-29 16:18:14 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop

[2010-12-13 20:27:07 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents

[2009-07-14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads

[2009-07-14 03:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites

[2010-12-13 20:27:08 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries

[2009-07-14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music

[2009-07-14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures

[2011-01-11 13:22:00 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV

[2009-07-14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos

[2011-11-05 15:24:06 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders >

"!Do not use this registry key" = Use the SHGetFolderPath or SHGetKnownFolderPath function instead

 

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders >

"AppData" = %USERPROFILE%\AppData\Roaming -- [2011-11-29 15:47:05 | 000,000,000 | ---D | M]

"Cache" = %USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files -- [2010-12-18 22:00:16 | 000,000,000 | -HSD | M]

"Cookies" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies -- [2011-11-29 12:39:07 | 000,000,000 | -HSD | M]

"Desktop" = %USERPROFILE%\Desktop -- [2011-11-29 13:42:15 | 000,000,000 | R--D | M]

"Favorites" = %USERPROFILE%\Favorites -- [2010-12-17 16:37:14 | 000,000,000 | R--D | M]

"History" = %USERPROFILE%\AppData\Local\Microsoft\Windows\History -- [2010-12-13 20:40:04 | 000,000,000 | -HSD | M]

"Local AppData" = %USERPROFILE%\AppData\Local -- [2011-11-29 16:17:52 | 000,000,000 | ---D | M]

"My Music" = %USERPROFILE%\Music -- [2011-04-18 18:38:36 | 000,000,000 | R--D | M]

"My Pictures" = %USERPROFILE%\Pictures -- [2011-02-16 01:37:40 | 000,000,000 | R--D | M]

"My Video" = %USERPROFILE%\Videos -- [2011-02-28 19:47:47 | 000,000,000 | R--D | M]

"NetHood" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts -- [2009-07-14 03:04:25 | 000,000,000 | ---D | M]

"Personal" = %USERPROFILE%\Documents -- [2011-11-29 14:18:14 | 000,000,000 | R--D | M]

"Programs" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -- [2011-11-28 10:03:57 | 000,000,000 | ---D | M]

"Recent" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent -- [2011-11-29 16:18:55 | 000,000,000 | R--D | M]

"SendTo" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo -- [2010-12-13 20:53:21 | 000,000,000 | R--D | M]

"Startup" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

"Start Menu" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu -- [2010-12-13 20:28:48 | 000,000,000 | R--D | M]

"Templates" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates -- [2009-07-14 03:04:25 | 000,000,000 | ---D | M]

"{374DE290-123F-4565-9164-39C4925E467B}" = %USERPROFILE%\Downloads -- [2011-11-29 14:38:20 | 000,000,000 | R--D | M]

"PrintHood" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -- [2009-07-14 03:04:34 | 000,000,000 | ---D | M]

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders >

"Common Desktop" = C:\Users\Public\Desktop -- [2011-11-29 16:18:14 | 000,000,000 | RH-D | M]

"Common Start Menu" = C:\ProgramData\Microsoft\Windows\Start Menu -- [2010-12-17 17:09:02 | 000,000,000 | R--D | M]

"CommonVideo" = C:\Users\Public\Videos -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"CommonPictures" = C:\Users\Public\Pictures -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"Common Programs" = C:\ProgramData\Microsoft\Windows\Start Menu\Programs -- [2011-11-29 16:18:14 | 000,000,000 | R--D | M]

"CommonMusic" = C:\Users\Public\Music -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"Common Administrative Tools" = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools -- [2010-12-13 19:23:23 | 000,000,000 | R--D | M]

"Common Startup" = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"Common Documents" = C:\Users\Public\Documents -- [2010-12-13 20:27:07 | 000,000,000 | R--D | M]

"OEM Links" = C:\ProgramData\OEM Links

"Common Templates" = C:\ProgramData\Microsoft\Windows\Templates -- [2009-07-14 03:04:25 | 000,000,000 | ---D | M]

"Common AppData" = C:\ProgramData -- [2011-11-29 16:19:26 | 000,000,000 | -H-D | M]

"Personal" = C:\Users\Natalka\Documents\ -- [2011-11-29 14:18:14 | 000,000,000 | R--D | M]

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders >

"Common Desktop" = %PUBLIC%\Desktop -- [2011-11-29 16:18:14 | 000,000,000 | RH-D | M]

"Common Documents" = %PUBLIC%\Documents -- [2010-12-13 20:27:07 | 000,000,000 | R--D | M]

"CommonPictures" = %PUBLIC%\Pictures -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"CommonMusic" = %PUBLIC%\Music -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"CommonVideo" = %PUBLIC%\Videos -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}" = %PUBLIC%\Downloads -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"Common Start Menu" = %ProgramData%\Microsoft\Windows\Start Menu -- [2010-12-17 17:09:02 | 000,000,000 | R--D | M]

"Common Programs" = %ProgramData%\Microsoft\Windows\Start Menu\Programs -- [2011-11-29 16:18:14 | 000,000,000 | R--D | M]

"Common Startup" = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"Common AppData" = %ProgramData% -- [2011-11-29 16:19:26 | 000,000,000 | -H-D | M]

"Common Templates" = %ProgramData%\Microsoft\Windows\Templates -- [2009-07-14 03:04:25 | 000,000,000 | ---D | M]

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 178 bytes -> C:\Users\All Users\TEMP:1AAB2E68

@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:1AAB2E68

 

< End of report >

 

 

 

a co do mojego samsunga to go teraz skanuje HDD regeneratorem może coś naprawi

Odnośnik do komentarza

Skrypt wykonany prawidłowo. Natomiast, wedle spodziewań, jest tu ogołocona zawartość klucza HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, dlatego OTL pokazuje te nieprawidłowości z folderami powłoki.

 

1. Korekta dla folderów powłoki. Otwórz Notatnik i wklej w nim:

 

Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"="Use the SHGetFolderPath or SHGetKnownFolderPath function instead"
"AppData"="C:\\Users\\Natalka\\AppData\\Roaming"
"Local AppData"="C:\\Users\\Natalka\\AppData\\Local"
"My Video"="C:\\Users\\Natalka\\Videos"
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Libraries"
"My Pictures"="C:\\Users\\Natalka\\Pictures"
"Desktop"="C:\\Users\\Natalka\\Desktop"
"History"="C:\\Users\\Natalka\\AppData\\Local\\Microsoft\\Windows\\History"
"NetHood"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts"
"{56784854-C6CB-462B-8169-88E350ACB882}"="C:\\Users\\Natalka\\Contacts"
"Cookies"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Cookies"
"Favorites"="C:\\Users\\Natalka\\Favorites"
"SendTo"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\SendTo"
"Start Menu"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu"
"My Music"="C:\\Users\\Natalka\\Music"
"Programs"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs"
"Recent"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Recent"
"CD Burning"="C:\\Users\\Natalka\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn"
"PrintHood"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts"
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"="C:\\Users\\Natalka\\Searches"
"{374DE290-123F-4565-9164-39C4925E467B}"="C:\\Users\\Natalka\\Downloads"
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"="C:\\Users\\Natalka\\AppData\\LocalLow"
"Startup"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup"
"Administrative Tools"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools"
"Personal"="C:\\Users\\Natalka\\Documents"
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"="C:\\Users\\Natalka\\Links"
"Cache"="C:\\Users\\Natalka\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"
"Templates"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Templates"
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"="C:\\Users\\Natalka\\Saved Games"
"Fonts"="C:\\Windows\\Fonts"

 

Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG

 

Start > w polu szukania wpisz regedit > z prawokliku Uruchom jako Administrator > z menu Plik zaimportuj FIX.REG. Zresetuj system.

 

2. Poprawka na szczątki pasków adware. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:OTL

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185

[2010-12-17 16:37:10 | 000,002,059 | ---- | M] () -- \Users\Natalka\AppData\Roaming\Mozilla\Firefox\Profiles\ifkl300j.default\searchplugins\daemon-search.xml

O3 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

 

klik w Wykonaj skrypt.

 

3. Wykonaj nowy log z OTL opcją Skanuj oraz log z AD-Remover z opcji Scan. Logi wstaw w Załączniki.

 

 

a co bys polecil

A co on jest taki zly ze moze zrobic jeszcze gorzej czy po prostu jest tylko wolny? ja go wybralem bo jest prosty w obsludze i nie trzeba nic robic i podobno naprawia sektory a nie zamyka (czy jakos tak to sie nazywa)

 

Wątek na temat dlaczego HDD Regenerator nie jest tu polecany: KLIK. Porządną diagnostykę robi się via MHDD: MHDD. Te zagadnienia proszę w osobnym temacie.

 

 

 

.

Odnośnik do komentarza

Ujawniło się więcej plików infekcji modelu C:\Users\Natalka\AppData\Roaming\cyfrylitery.exe

 

Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:Files
C:\Users\Natalka\AppData\Roaming\*.*
C:\Users\Natalka\AppData\Roaming\Mozilla\Firefox\Profiles\ifkl300j.default\searchplugins\daemon-search.xml
 
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]

 

Klik w Wykonaj skrypt. Zaprezentuj tylko log z wynikami usuwania.

 

 

 

 

.

Odnośnik do komentarza
========== FILES ==========

C:\Users\Natalka\AppData\Roaming\10A.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1142.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\12BE.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\13DB.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1556.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\15BD.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\161F.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\167E.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\17E4.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1969.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1A14.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1A45.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1B5D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1D56.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\2243.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\23AE.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\29B8.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\2B16.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\2B53.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\2FBB.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\2FC3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\321B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\34F8.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\352F.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\3693.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\3728.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\37C3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\37C4.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\3DFA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\3FE2.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\41C3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\43B4.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\440E.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4616.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4720.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\48D3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4BB8.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4BD6.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4C5D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4CCA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4EA0.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\4F06.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5197.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5208.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5976.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5A13.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5B88.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5E71.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5F4F.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\61F7.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\644E.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\64DA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\6A3B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\6C3E.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\6D06.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\6D83.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\6E4F.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\7010.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\71E8.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\7256.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\74B0.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\755.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\766B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\76EB.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\7729.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\7A33.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\7DCA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\8069.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\8184.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\8435.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\8451.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\8584.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\86DF.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\89A6.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\8FDF.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9290.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9471.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\953B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\953D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\95AE.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\975D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\99D7.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9B5A.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9BC6.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9C5D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9D48.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9EB1.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9F0C.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9F5B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9F93.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A005.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A10.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A1FE.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A2AA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A327.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A360.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A37F.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A711.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\A96D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A978.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AA14.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AA61.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AA71.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AB7B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AD9C.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\ADDB.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AE86.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AF15.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B1A3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B20.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B2BC.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B338.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B367.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B37.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B496.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\B4FD.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B692.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B6B2.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B72F.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B76E.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B838.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B9DC.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BA06.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BAD1.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BBC5.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BBE0.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BC75.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BCEA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BE12.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BE2.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BE41.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BF4A.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BF67.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BF97.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BFF8.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C082.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C248.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C2C3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C340.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C37D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C40B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C449.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C543.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C597.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\C7B3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C861.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\C928.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C996.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CA26.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CB3C.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CC0B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CC83.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CCC3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CDFA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CED5.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CEF2.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CF11.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CF1D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CFC5.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\D327.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\D364.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\D4CD.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\D53.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\D5E3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\D864.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\DA39.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\DDF0.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\DF39.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\DFD7.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\E060.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\E0BF.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\E1BC.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\E354.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\E36D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\E4C4.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\EBC6.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\EE27.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\F086.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\F189.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\F5D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\F69.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\FA55.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\FA99.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\FBA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\Mozilla\Firefox\Profiles\ifkl300j.default\searchplugins\daemon-search.xml moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

 

OTL by OldTimer - Version 3.2.31.0 log created on 11302011_084053

 

Odnośnik do komentarza

Mówiłam:

 

Przedstaw raport z wykrytymi zagrożeniami, o ile będą.

 

Tylko takie wyniki mnie interesują a nie cały raport z odczytami OK. Ten log usuwam i wnioskuję, że po prostu Kaspersky nic nie wykrył. Kasperskiego możesz odinstalować, o ile już to się nie stało (Kaspersky ulega usunięciu poprzez zamknięcie okna). Na zakończenie:

 

1. Należy się zająć aktualizacjami:

 

Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

 

Nie aktualizowany system (brak Service Packa), starsze wersje programów. Szczegóły aktualizacyjne: INSTRUKCJE.

 

2. Zainstalować pełnowartościowego antywirusa. Aktualnie system ma tylko wtyczkę McAfee ScanAndRepair. Można skromnie dorzucić darmowy prosty Microsoft Security Essentials.

 

 

Wypowiedz się wyraźnie, czy problem użycia 100% CPU nadal występuje?

 

 

 

.

Odnośnik do komentarza
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...