Podejrzewam infekcje - 100% CPU

stinx · 29 Listopada 2011

uzycie cpu 100%

Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

McAfee Scan and Repair 1.5.114

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

EasyCleaner

Adobe Flash Player 11.1.102.55

Mozilla Firefox (x86 pl..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Spybot Teatimer.exe is disabled!

``````````End of Log````````````

picasso · 29 Listopada 2011

W nazwiązaniu do tematu z Windows, to system zaraz po zrzuceniu z Recovery Samsunga? Wygląd systemu daleki od "fabrycznego"... Jest tu infekcja, jest również zestaw wpisów sugerujący błędne wpisy dla folderów powłoki, gdyż OTL pokazuje zawartość katalogów kont, co nie powinno mieć miejsca:

O4 - Startup: C:\Users\All Users\48c00000-bc68-4722-f308-feccb1613f9c [2011-07-04 07:06:35 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Application Data [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\bdinstall.bin ()

O4 - Startup: C:\Users\All Users\BitDefender [2011-07-04 06:58:10 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2010-12-17 16:35:49 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Dane aplikacji [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Desktop [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Documents [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Dokumenty [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\ezsidmv.dat ()

O4 - Startup: C:\Users\All Users\Favorites [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Menu Start [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Microsoft [2010-12-17 17:10:03 | 000,000,000 | --SD | M]

O4 - Startup: C:\Users\All Users\Nero [2011-11-28 08:28:31 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\NTUSER.DAT ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT.LOG1 ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT.LOG2 ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06da-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06da-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06da-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06e8-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06e8-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06e8-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\All Users\Pulpit [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Skype [2010-12-13 20:53:18 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011-11-29 13:43:20 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Start Menu [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Szablony [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Templates [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Ulubione [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\AppData [2009-07-14 03:37:05 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Users\Default\Application Data [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Cookies [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Dane aplikacji [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Desktop [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Documents [2010-12-13 20:27:07 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Downloads [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Favorites [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Links [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Local Settings [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Menu Start [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Moje dokumenty [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Music [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\My Documents [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\NetHood [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\NTUSER.DAT ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Default\Pictures [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\PrintHood [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Recent [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Saved Games [2009-07-14 03:04:25 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Default\SendTo [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Start Menu [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Szablony [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Templates [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Ustawienia lokalne [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Videos [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\AppData [2010-12-13 20:28:48 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Users\Natalka\Contacts [2010-12-13 20:28:55 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Desktop [2011-11-29 13:42:15 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Documents [2011-07-04 09:57:23 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Downloads [2011-11-29 13:51:19 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Favorites [2010-12-17 16:37:14 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Links [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Music [2011-04-18 18:38:36 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\NTUSER.DAT ()

O4 - Startup: C:\Users\Natalka\ntuser.dat.LOG1 ()

O4 - Startup: C:\Users\Natalka\ntuser.dat.LOG2 ()

O4 - Startup: C:\Users\Natalka\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()

O4 - Startup: C:\Users\Natalka\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Natalka\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Natalka\ntuser.ini ()

O4 - Startup: C:\Users\Natalka\Pictures [2011-02-16 01:37:40 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Saved Games [2011-01-03 23:23:10 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Natalka\Searches [2011-02-17 13:09:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Start Menu [2011-07-02 12:01:08 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Natalka\Videos [2011-02-28 19:47:47 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Desktop [2011-11-28 08:27:50 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Documents [2010-12-13 20:27:07 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Downloads [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Favorites [2009-07-14 03:04:25 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Libraries [2010-12-13 20:27:08 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Music [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\NTUSER.DAT ()

O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG1 ()

O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG2 ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06e4-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06e4-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06e4-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06f2-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06f2-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06f2-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Public\Pictures [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Recorded TV [2011-01-11 13:22:00 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Videos [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001..\Run: [Gpmimo] C:\Users\Natalka\AppData\Roaming\Gpmimo.exe (	 )
O4 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001..\Run: [Vomimd] C:\Users\Natalka\AppData\Roaming\Vomimd.exe ()
 
:Files
C:\Users\Natalka\AppData\Roaming\3620.exe
C:\Users\Natalka\AppData\Roaming\2963.exe
 
:Commands
[emptytemp]

Klik w Wykonaj skrypt. Log z tego działania zaprezentujesz w punkcie 3.

2. Przez Panel sterowania odinstaluj śmieci sponsoringowe: Ask Toolbar i DAEMON Tools Toolbar.

3. Wytwórz nowy log z OTL, ale na warunku dostosowanym. Uruchom OTL w sekcji Własne opcje skanowania / skrypt wklej:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Klik w Skanuj (a nie Wykonaj skrypt!).

.

stinx · 29 Listopada 2011

to inny komputer

OTL logfile created on: 2011-11-29 16:32:46 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Natalka\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,99 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,76% Memory free

3,98 Gb Paging File | 2,97 Gb Available in Paging File | 74,58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 55,82 Gb Total Space | 32,72 Gb Free Space | 58,61% Space Free | Partition Type: NTFS

Drive D: | 54,51 Gb Total Space | 4,85 Gb Free Space | 8,89% Space Free | Partition Type: NTFS

Computer Name: NATALUS | User Name: Natalka | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-11-29 13:51:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Natalka\Downloads\OTL.exe

PRC - [2011-11-28 08:20:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011-09-23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe

PRC - [2010-12-21 22:29:43 | 011,539,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe

PRC - [2009-10-28 12:43:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011-11-29 12:01:25 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2011-11-28 08:20:49 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2009-10-28 12:43:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

MOD - [2009-10-20 18:15:24 | 000,212,992 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\gglog.dll

MOD - [2009-10-20 18:15:24 | 000,023,040 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\ggcrypto.dll

MOD - [2009-10-20 18:15:24 | 000,012,800 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\ggipc.dll

MOD - [2009-10-20 18:15:22 | 000,352,256 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\ggcommon.dll

MOD - [2009-10-20 18:15:22 | 000,118,784 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\ggipcradioproxy.dll

MOD - [2009-09-23 15:05:02 | 000,970,752 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtNetwork4.dll

MOD - [2009-09-23 15:04:58 | 002,195,456 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtCore4.dll

MOD - [2009-09-23 15:04:56 | 011,677,696 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtWebKit4.dll

MOD - [2009-09-23 15:04:52 | 008,024,064 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtGui4.dll

MOD - [2009-09-23 15:04:50 | 000,393,216 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtXml4.dll

MOD - [2009-09-23 15:04:50 | 000,299,008 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\QtSvg4.dll

MOD - [2009-09-23 15:04:14 | 000,303,104 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qtiff4.dll

MOD - [2009-09-23 15:04:14 | 000,018,432 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qsvg4.dll

MOD - [2009-09-23 15:04:12 | 000,274,432 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qmng4.dll

MOD - [2009-09-23 15:04:12 | 000,143,360 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qjpeg4.dll

MOD - [2009-09-23 15:04:12 | 000,023,552 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\imageformats\qgif4.dll

MOD - [2009-09-23 15:04:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\zlib1.dll

========== Win32 Services (SafeList) ==========

SRV - [2011-09-23 18:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2011-04-06 15:40:00 | 000,694,864 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe -- (McAfee ScanAndRepair Svc)

SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011-07-04 07:30:44 | 000,080,816 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\SetupInformation\{5A2935F1-137E-454C-B4F8-C379709449E9}\bdselfpr.sys -- (bdselfpr)

DRV - [2010-12-17 16:36:29 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010-11-09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)

DRV - [2010-11-03 11:38:12 | 000,306,104 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)

DRV - [2010-07-09 13:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)

DRV - [2010-07-09 13:08:14 | 000,327,368 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)

DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009-07-13 23:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/

IE - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Natalka\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Natalka\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-11-28 08:20:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-07-04 08:56:16 | 000,000,000 | ---D | M]

[2010-12-17 16:37:10 | 000,002,059 | ---- | M] () -- \Users\Natalka\AppData\Roaming\Mozilla\Firefox\Profiles\ifkl300j.default\searchplugins\daemon-search.xml

[2011-06-29 23:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010-12-13 20:53:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

() (No name found) -- C:\USERS\NATALKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IFKL300J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011-11-28 08:20:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011-04-06 15:40:00 | 000,182,936 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMcAfeeSRPlgn.dll

[2011-10-04 05:21:32 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2011-10-04 05:21:32 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2011-10-04 05:21:32 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2011-10-04 05:21:32 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2011-10-04 05:21:32 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2011-10-04 05:21:32 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Natalka\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Natalka\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Natalka\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: McAfeeScanAndRepair (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMcAfeeSRPlgn.dll

CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Natalka\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\All Users\48c00000-bc68-4722-f308-feccb1613f9c [2011-07-04 07:06:35 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Application Data [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\bdinstall.bin ()

O4 - Startup: C:\Users\All Users\BitDefender [2011-07-04 06:58:10 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\DAEMON Tools Lite [2010-12-17 16:35:49 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Dane aplikacji [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Desktop [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Documents [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Dokumenty [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\ezsidmv.dat ()

O4 - Startup: C:\Users\All Users\Favorites [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Menu Start [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Microsoft [2010-12-17 17:10:03 | 000,000,000 | --SD | M]

O4 - Startup: C:\Users\All Users\Nero [2011-11-28 08:28:31 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\NTUSER.DAT ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT.LOG1 ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT.LOG2 ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06da-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06da-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06da-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06e8-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06e8-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\All Users\NTUSER.DAT{713a06e8-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\All Users\Pulpit [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Skype [2010-12-13 20:53:18 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2011-11-29 13:43:20 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Start Menu [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Szablony [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\TEMP [2011-11-29 16:21:24 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\All Users\Templates [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\All Users\Ulubione [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\AppData [2009-07-14 03:37:05 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Users\Default\Application Data [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Cookies [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Dane aplikacji [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Desktop [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Documents [2010-12-13 20:27:07 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Downloads [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Favorites [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Links [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\Local Settings [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Menu Start [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Moje dokumenty [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Music [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\My Documents [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\NetHood [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\NTUSER.DAT ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()

O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Default\Pictures [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Default\PrintHood [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Recent [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Saved Games [2009-07-14 03:04:25 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Default\SendTo [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Start Menu [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Szablony [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Templates [2009-07-14 05:53:55 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Ustawienia lokalne [2010-12-13 20:27:07 | 000,000,000 | -HSD | M]

O4 - Startup: C:\Users\Default\Videos [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\AppData [2010-12-13 20:28:48 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Users\Natalka\Contacts [2010-12-13 20:28:55 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Desktop [2011-11-29 13:42:15 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Documents [2011-11-29 14:18:14 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Downloads [2011-11-29 14:38:20 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Favorites [2010-12-17 16:37:14 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Links [2009-07-14 03:04:25 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Music [2011-04-18 18:38:36 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\NTUSER.DAT ()

O4 - Startup: C:\Users\Natalka\ntuser.dat.LOG1 ()

O4 - Startup: C:\Users\Natalka\ntuser.dat.LOG2 ()

O4 - Startup: C:\Users\Natalka\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()

O4 - Startup: C:\Users\Natalka\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Natalka\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Natalka\ntuser.ini ()

O4 - Startup: C:\Users\Natalka\Pictures [2011-02-16 01:37:40 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Saved Games [2011-01-03 23:23:10 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Natalka\Searches [2011-02-17 13:09:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Natalka\Start Menu [2011-07-02 12:01:08 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Natalka\Videos [2011-02-28 19:47:47 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Desktop [2011-11-29 16:18:14 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Documents [2010-12-13 20:27:07 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Downloads [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Favorites [2009-07-14 03:04:25 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Libraries [2010-12-13 20:27:08 | 000,000,000 | RH-D | M]

O4 - Startup: C:\Users\Public\Music [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\NTUSER.DAT ()

O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG1 ()

O4 - Startup: C:\Users\Public\NTUSER.DAT.LOG2 ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06e4-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06e4-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06e4-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06f2-97bd-11e0-af8a-001e3344c062}.TM.blf ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06f2-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000001.regtrans-ms ()

O4 - Startup: C:\Users\Public\NTUSER.DAT{713a06f2-97bd-11e0-af8a-001e3344c062}.TMContainer00000000000000000002.regtrans-ms ()

O4 - Startup: C:\Users\Public\Pictures [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Recorded TV [2011-01-11 13:22:00 | 000,000,000 | R--D | M]

O4 - Startup: C:\Users\Public\Videos [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.33.64.2 212.33.64.18

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8CFCC82-26AB-4207-9264-71638F0527FC}: DhcpNameServer = 212.33.64.2 212.33.64.18

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{e4405030-ff08-11e0-af1a-001e3344c062}\Shell - "" = AutoRun

O33 - MountPoints2\{e4405030-ff08-11e0-af1a-001e3344c062}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-11-29 16:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2011-11-29 16:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Regenerator

[2011-11-29 16:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\HDD Regenerator

[2011-11-29 15:50:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2011-11-29 15:47:03 | 000,000,000 | ---D | C] -- C:\_OTL

[2011-11-29 15:47:03 | 000,000,000 | ---D | C] -- \_OTL

[2011-11-29 12:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\ZAR

[2011-11-29 12:01:25 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011-11-28 10:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn

[2011-11-28 08:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero

[2011-11-28 08:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero

[2011-11-28 08:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Nero

[2011-11-28 08:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero

[2011-11-28 08:26:20 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll

[2011-11-28 08:26:20 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll

[2011-11-28 08:26:19 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll

[2011-11-28 08:26:19 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll

[2011-11-28 08:26:19 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll

[2011-11-28 08:25:40 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll

[2011-11-28 08:25:04 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll

[2011-11-28 08:24:28 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll

[2011-11-28 08:23:56 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll

[2011-11-28 08:23:21 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll

[2011-11-28 07:55:50 | 000,000,000 | ---D | C] -- C:\Windows 7

[2011-11-28 07:55:50 | 000,000,000 | ---D | C] -- \Windows 7

[2011-11-07 20:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UFS Explorer

[2011-11-07 20:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\UFS Explorer

[2011-11-07 20:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

========== Files - Modified Within 30 Days ==========

[2011-11-29 16:32:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573019657-1483169811-3846911360-1001UA.job

[2011-11-29 16:18:29 | 000,687,828 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2011-11-29 16:18:29 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011-11-29 16:18:29 | 000,131,382 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2011-11-29 16:18:29 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011-11-29 16:18:14 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\HDD Regenerator.lnk

[2011-11-29 15:55:04 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011-11-29 15:55:04 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011-11-29 15:47:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011-11-29 15:47:47 | 1602,719,744 | -HS- | M] () -- C:\hiberfil.sys

[2011-11-29 12:01:25 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011-11-28 23:32:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573019657-1483169811-3846911360-1001Core.job

[2011-11-28 08:27:50 | 000,002,831 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk

[2011-11-07 20:48:32 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk

========== Files Created - No Company Name ==========

[2011-11-29 16:18:14 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\HDD Regenerator.lnk

[2011-11-28 08:27:50 | 000,002,831 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 11.lnk

[2011-11-08 23:27:44 | 000,001,066 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573019657-1483169811-3846911360-1001UA.job

[2011-11-08 23:27:43 | 000,001,014 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2573019657-1483169811-3846911360-1001Core.job

[2011-11-07 20:48:32 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk

[2011-07-04 06:58:03 | 000,572,597 | ---- | C] () -- C:\ProgramData\bdinstall.bin

[2011-02-15 13:46:27 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll

[2010-12-19 02:44:43 | 000,000,700 | ---- | C] () -- \BIOS Launcher.lnk

[2010-12-17 17:10:01 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI

[2010-12-13 21:26:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010-12-13 20:28:35 | 000,171,136 | RHS- | C] () -- \W7LDR

[2010-12-13 19:19:18 | 1602,719,744 | -HS- | C] () -- \hiberfil.sys

[2010-12-13 19:18:03 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK

[2010-12-13 19:18:02 | 000,383,562 | RHS- | C] () -- \bootmgr

[2010-09-08 10:46:42 | 004,497,993 | ---- | C] () -- C:\Windows\System32\libavcodec.dll

[2010-09-08 10:46:42 | 001,529,856 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll

[2010-09-08 10:46:42 | 001,212,665 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll

[2010-09-08 10:46:42 | 000,903,723 | ---- | C] () -- C:\Windows\System32\ff_x264.dll

[2010-09-08 10:46:42 | 000,880,220 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010-09-08 10:46:42 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll

[2010-09-08 10:46:42 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll

[2010-09-08 10:46:42 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll

[2010-09-08 10:46:42 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll

[2010-09-08 10:46:42 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll

[2010-09-08 10:46:42 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll

[2010-09-08 10:46:42 | 000,142,291 | ---- | C] () -- C:\Windows\System32\libmplayer.dll

[2010-09-08 10:46:42 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll

[2010-09-08 10:46:42 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll

[2010-09-08 10:46:42 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll

[2010-09-08 09:45:00 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll

[2010-09-08 09:09:46 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010-08-14 09:45:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll

[2010-08-14 09:45:10 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe

[2010-08-14 09:43:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll

[2010-08-14 09:43:42 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll

[2010-08-14 09:43:34 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll

[2010-08-14 09:43:22 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll

[2010-08-14 09:42:54 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe

[2010-08-14 09:42:48 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll

[2010-08-14 09:42:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll

[2010-08-14 09:42:06 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe

[2010-08-14 09:41:54 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll

[2010-08-14 09:40:02 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll

[2010-08-14 09:39:58 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll

[2009-08-11 22:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe

[2009-07-14 09:07:57 | 000,687,828 | ---- | C] () -- C:\Windows\System32\perfh015.dat

[2009-07-14 09:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat

[2009-07-14 09:07:57 | 000,131,382 | ---- | C] () -- C:\Windows\System32\perfc015.dat

[2009-07-14 09:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat

[2009-07-14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009-07-14 05:33:53 | 000,407,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009-07-14 03:05:48 | 000,607,190 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009-07-14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009-07-14 03:05:48 | 000,103,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009-07-14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009-07-14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009-07-14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009-07-14 03:04:04 | 000,000,010 | ---- | C] () -- \config.sys

[2009-07-14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009-07-14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009-07-13 23:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin

[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2009-06-07 17:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009-01-10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll

[2008-11-06 16:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2007-10-13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini

[2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011-07-04 07:06:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\48c00000-bc68-4722-f308-feccb1613f9c

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data

[2011-07-04 06:58:10 | 000,000,000 | ---D | M] -- C:\Users\All Users\BitDefender

[2010-12-17 16:35:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dane aplikacji

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumenty

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Menu Start

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Pulpit

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Szablony

[2011-11-29 16:21:24 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Ulubione

[2009-07-14 03:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Dane aplikacji

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop

[2010-12-13 20:27:07 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Menu Start

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Moje dokumenty

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent

[2009-07-14 03:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Szablony

[2009-07-14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates

[2010-12-13 20:27:07 | 000,000,000 | -HSD | M] -- C:\Users\Default\Ustawienia lokalne

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos

[2010-12-13 20:28:48 | 000,000,000 | -H-D | M] -- C:\Users\Natalka\AppData

[2010-12-13 20:28:55 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Contacts

[2011-11-29 13:42:15 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Desktop

[2011-11-29 14:18:14 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Documents

[2011-11-29 14:38:20 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Downloads

[2010-12-17 16:37:14 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Favorites

[2009-07-14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Links

[2011-04-18 18:38:36 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Music

[2011-02-16 01:37:40 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Pictures

[2011-01-03 23:23:10 | 000,000,000 | ---D | M] -- C:\Users\Natalka\Saved Games

[2011-02-17 13:09:57 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Searches

[2011-07-02 12:01:08 | 000,000,000 | ---D | M] -- C:\Users\Natalka\Start Menu

[2011-02-28 19:47:47 | 000,000,000 | R--D | M] -- C:\Users\Natalka\Videos

[2011-11-29 16:18:14 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop

[2010-12-13 20:27:07 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents

[2009-07-14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads

[2009-07-14 03:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites

[2010-12-13 20:27:08 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries

[2009-07-14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music

[2009-07-14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures

[2011-01-11 13:22:00 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV

[2009-07-14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos

[2011-11-05 15:24:06 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders >

"!Do not use this registry key" = Use the SHGetFolderPath or SHGetKnownFolderPath function instead

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders >

"AppData" = %USERPROFILE%\AppData\Roaming -- [2011-11-29 15:47:05 | 000,000,000 | ---D | M]

"Cache" = %USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files -- [2010-12-18 22:00:16 | 000,000,000 | -HSD | M]

"Cookies" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies -- [2011-11-29 12:39:07 | 000,000,000 | -HSD | M]

"Desktop" = %USERPROFILE%\Desktop -- [2011-11-29 13:42:15 | 000,000,000 | R--D | M]

"Favorites" = %USERPROFILE%\Favorites -- [2010-12-17 16:37:14 | 000,000,000 | R--D | M]

"History" = %USERPROFILE%\AppData\Local\Microsoft\Windows\History -- [2010-12-13 20:40:04 | 000,000,000 | -HSD | M]

"Local AppData" = %USERPROFILE%\AppData\Local -- [2011-11-29 16:17:52 | 000,000,000 | ---D | M]

"My Music" = %USERPROFILE%\Music -- [2011-04-18 18:38:36 | 000,000,000 | R--D | M]

"My Pictures" = %USERPROFILE%\Pictures -- [2011-02-16 01:37:40 | 000,000,000 | R--D | M]

"My Video" = %USERPROFILE%\Videos -- [2011-02-28 19:47:47 | 000,000,000 | R--D | M]

"NetHood" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts -- [2009-07-14 03:04:25 | 000,000,000 | ---D | M]

"Personal" = %USERPROFILE%\Documents -- [2011-11-29 14:18:14 | 000,000,000 | R--D | M]

"Programs" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -- [2011-11-28 10:03:57 | 000,000,000 | ---D | M]

"Recent" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent -- [2011-11-29 16:18:55 | 000,000,000 | R--D | M]

"SendTo" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo -- [2010-12-13 20:53:21 | 000,000,000 | R--D | M]

"Startup" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

"Start Menu" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu -- [2010-12-13 20:28:48 | 000,000,000 | R--D | M]

"Templates" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates -- [2009-07-14 03:04:25 | 000,000,000 | ---D | M]

"{374DE290-123F-4565-9164-39C4925E467B}" = %USERPROFILE%\Downloads -- [2011-11-29 14:38:20 | 000,000,000 | R--D | M]

"PrintHood" = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -- [2009-07-14 03:04:34 | 000,000,000 | ---D | M]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders >

"Common Desktop" = C:\Users\Public\Desktop -- [2011-11-29 16:18:14 | 000,000,000 | RH-D | M]

"Common Start Menu" = C:\ProgramData\Microsoft\Windows\Start Menu -- [2010-12-17 17:09:02 | 000,000,000 | R--D | M]

"CommonVideo" = C:\Users\Public\Videos -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"CommonPictures" = C:\Users\Public\Pictures -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"Common Programs" = C:\ProgramData\Microsoft\Windows\Start Menu\Programs -- [2011-11-29 16:18:14 | 000,000,000 | R--D | M]

"CommonMusic" = C:\Users\Public\Music -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"Common Administrative Tools" = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools -- [2010-12-13 19:23:23 | 000,000,000 | R--D | M]

"Common Startup" = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"Common Documents" = C:\Users\Public\Documents -- [2010-12-13 20:27:07 | 000,000,000 | R--D | M]

"OEM Links" = C:\ProgramData\OEM Links

"Common Templates" = C:\ProgramData\Microsoft\Windows\Templates -- [2009-07-14 03:04:25 | 000,000,000 | ---D | M]

"Common AppData" = C:\ProgramData -- [2011-11-29 16:19:26 | 000,000,000 | -H-D | M]

"Personal" = C:\Users\Natalka\Documents\ -- [2011-11-29 14:18:14 | 000,000,000 | R--D | M]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders >

"Common Desktop" = %PUBLIC%\Desktop -- [2011-11-29 16:18:14 | 000,000,000 | RH-D | M]

"Common Documents" = %PUBLIC%\Documents -- [2010-12-13 20:27:07 | 000,000,000 | R--D | M]

"CommonPictures" = %PUBLIC%\Pictures -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"CommonMusic" = %PUBLIC%\Music -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"CommonVideo" = %PUBLIC%\Videos -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}" = %PUBLIC%\Downloads -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"Common Start Menu" = %ProgramData%\Microsoft\Windows\Start Menu -- [2010-12-17 17:09:02 | 000,000,000 | R--D | M]

"Common Programs" = %ProgramData%\Microsoft\Windows\Start Menu\Programs -- [2011-11-29 16:18:14 | 000,000,000 | R--D | M]

"Common Startup" = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup -- [2009-07-14 05:41:57 | 000,000,000 | R--D | M]

"Common AppData" = %ProgramData% -- [2011-11-29 16:19:26 | 000,000,000 | -H-D | M]

"Common Templates" = %ProgramData%\Microsoft\Windows\Templates -- [2009-07-14 03:04:25 | 000,000,000 | ---D | M]

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\Users\All Users\TEMP:1AAB2E68

@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:1AAB2E68

< End of report >

a co do mojego samsunga to go teraz skanuje HDD regeneratorem może coś naprawi

peter2012 · 29 Listopada 2011

a co do mojego samsunga to go teraz skanuje HDD regeneratorem może coś naprawi

Sorry że się wtrącę, ale HDDRegenerator to nie jest soft polecany przez społeczność forum

stinx · 29 Listopada 2011

a co bys polecil

A co on jest taki zly ze moze zrobic jeszcze gorzej czy po prostu jest tylko wolny? ja go wybralem bo jest prosty w obsludze i nie trzeba nic robic i podobno naprawia sektory a nie zamyka (czy jakos tak to sie nazywa)

picasso · 29 Listopada 2011

Skrypt wykonany prawidłowo. Natomiast, wedle spodziewań, jest tu ogołocona zawartość klucza HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, dlatego OTL pokazuje te nieprawidłowości z folderami powłoki.

1. Korekta dla folderów powłoki. Otwórz Notatnik i wklej w nim:

Windows Registry Editor Version 5.00
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"="Use the SHGetFolderPath or SHGetKnownFolderPath function instead"
"AppData"="C:\\Users\\Natalka\\AppData\\Roaming"
"Local AppData"="C:\\Users\\Natalka\\AppData\\Local"
"My Video"="C:\\Users\\Natalka\\Videos"
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Libraries"
"My Pictures"="C:\\Users\\Natalka\\Pictures"
"Desktop"="C:\\Users\\Natalka\\Desktop"
"History"="C:\\Users\\Natalka\\AppData\\Local\\Microsoft\\Windows\\History"
"NetHood"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts"
"{56784854-C6CB-462B-8169-88E350ACB882}"="C:\\Users\\Natalka\\Contacts"
"Cookies"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Cookies"
"Favorites"="C:\\Users\\Natalka\\Favorites"
"SendTo"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\SendTo"
"Start Menu"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu"
"My Music"="C:\\Users\\Natalka\\Music"
"Programs"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs"
"Recent"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Recent"
"CD Burning"="C:\\Users\\Natalka\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn"
"PrintHood"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts"
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"="C:\\Users\\Natalka\\Searches"
"{374DE290-123F-4565-9164-39C4925E467B}"="C:\\Users\\Natalka\\Downloads"
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"="C:\\Users\\Natalka\\AppData\\LocalLow"
"Startup"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup"
"Administrative Tools"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools"
"Personal"="C:\\Users\\Natalka\\Documents"
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"="C:\\Users\\Natalka\\Links"
"Cache"="C:\\Users\\Natalka\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files"
"Templates"="C:\\Users\\Natalka\\AppData\\Roaming\\Microsoft\\Windows\\Templates"
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"="C:\\Users\\Natalka\\Saved Games"
"Fonts"="C:\\Windows\\Fonts"

Z menu Notatnika > Plik > Zapisz jako > Ustaw rozszerzenie na Wszystkie pliki > Zapisz jako FIX.REG

Start > w polu szukania wpisz regedit > z prawokliku Uruchom jako Administrator > z menu Plik zaimportuj FIX.REG. Zresetuj system.

2. Poprawka na szczątki pasków adware. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

:OTL

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185

[2010-12-17 16:37:10 | 000,002,059 | ---- | M] () -- \Users\Natalka\AppData\Roaming\Mozilla\Firefox\Profiles\ifkl300j.default\searchplugins\daemon-search.xml

O3 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKU\S-1-5-21-2573019657-1483169811-3846911360-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

klik w Wykonaj skrypt.

3. Wykonaj nowy log z OTL opcją Skanuj oraz log z AD-Remover z opcji Scan. Logi wstaw w Załączniki.

a co bys polecil
A co on jest taki zly ze moze zrobic jeszcze gorzej czy po prostu jest tylko wolny? ja go wybralem bo jest prosty w obsludze i nie trzeba nic robic i podobno naprawia sektory a nie zamyka (czy jakos tak to sie nazywa)

Wątek na temat dlaczego HDD Regenerator nie jest tu polecany: KLIK. Porządną diagnostykę robi się via MHDD: MHDD. Te zagadnienia proszę w osobnym temacie.

.

stinx · 29 Listopada 2011

co do samsunga - dobra jedzie juz mhdd od razu wlaczylem remap

picasso · 30 Listopada 2011

Ujawniło się więcej plików infekcji modelu C:\Users\Natalka\AppData\Roaming\cyfrylitery.exe

Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

:Files
C:\Users\Natalka\AppData\Roaming\*.*
C:\Users\Natalka\AppData\Roaming\Mozilla\Firefox\Profiles\ifkl300j.default\searchplugins\daemon-search.xml
 
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Klik w Wykonaj skrypt. Zaprezentuj tylko log z wynikami usuwania.

.

stinx · 30 Listopada 2011

========== FILES ==========
C:\Users\Natalka\AppData\Roaming\10A.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1142.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\12BE.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\13DB.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1556.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\15BD.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\161F.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\167E.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\17E4.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1969.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1A14.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1A45.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1B5D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\1D56.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\2243.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\23AE.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\29B8.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\2B16.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\2B53.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\2FBB.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\2FC3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\321B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\34F8.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\352F.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\3693.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\3728.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\37C3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\37C4.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\3DFA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\3FE2.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\41C3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\43B4.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\440E.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4616.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4720.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\48D3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4BB8.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4BD6.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4C5D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4CCA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\4EA0.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\4F06.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5197.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5208.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5976.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5A13.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5B88.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5E71.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\5F4F.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\61F7.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\644E.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\64DA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\6A3B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\6C3E.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\6D06.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\6D83.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\6E4F.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\7010.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\71E8.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\7256.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\74B0.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\755.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\766B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\76EB.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\7729.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\7A33.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\7DCA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\8069.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\8184.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\8435.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\8451.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\8584.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\86DF.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\89A6.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\8FDF.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9290.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9471.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\953B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\953D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\95AE.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\975D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\99D7.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9B5A.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9BC6.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9C5D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9D48.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9EB1.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9F0C.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9F5B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\9F93.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A005.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A10.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A1FE.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A2AA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A327.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A360.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A37F.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A711.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\A96D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\A978.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AA14.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AA61.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AA71.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AB7B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AD9C.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\ADDB.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AE86.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\AF15.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B1A3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B20.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B2BC.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B338.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B367.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B37.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B496.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\B4FD.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B692.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B6B2.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B72F.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B76E.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B838.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\B9DC.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BA06.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BAD1.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BBC5.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BBE0.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BC75.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BCEA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BE12.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BE2.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BE41.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BF4A.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BF67.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BF97.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\BFF8.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C082.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C248.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C2C3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C340.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C37D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C40B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C449.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C543.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C597.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\C7B3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C861.tmp moved successfully.

C:\Users\Natalka\AppData\Roaming\C928.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\C996.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CA26.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CB3C.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CC0B.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CC83.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CCC3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CDFA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CED5.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CEF2.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CF11.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CF1D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\CFC5.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\D327.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\D364.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\D4CD.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\D53.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\D5E3.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\D864.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\DA39.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\DDF0.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\DF39.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\DFD7.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\E060.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\E0BF.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\E1BC.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\E354.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\E36D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\E4C4.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\EBC6.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\EE27.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\F086.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\F189.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\F5D.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\F69.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\FA55.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\FA99.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\FBA.exe moved successfully.

C:\Users\Natalka\AppData\Roaming\Mozilla\Firefox\Profiles\ifkl300j.default\searchplugins\daemon-search.xml moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

OTL by OldTimer - Version 3.2.31.0 log created on 11302011_084053

picasso · 30 Listopada 2011

Kolejne operacje do wykonania:

1. W OTL uruchom Sprzątanie.

2. Wyczyść foldery Przywracania systemu: INSTRUKCJE.

3. Przeskanuj ten system za pomocą Kaspersky Virus Removal Tool. Przedstaw raport z wykrytymi zagrożeniami, o ile będą.

.

stinx · 30 Listopada 2011

gotowe

Edytowane 1 Grudnia 2011 przez picasso
Zbędny log usuwam. //picasso

picasso · 1 Grudnia 2011

Mówiłam:

Przedstaw raport z wykrytymi zagrożeniami, o ile będą.

Tylko takie wyniki mnie interesują a nie cały raport z odczytami OK. Ten log usuwam i wnioskuję, że po prostu Kaspersky nic nie wykrył. Kasperskiego możesz odinstalować, o ile już to się nie stało (Kaspersky ulega usunięciu poprzez zamknięcie okna). Na zakończenie:

1. Należy się zająć aktualizacjami:

Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

Nie aktualizowany system (brak Service Packa), starsze wersje programów. Szczegóły aktualizacyjne: INSTRUKCJE.

2. Zainstalować pełnowartościowego antywirusa. Aktualnie system ma tylko wtyczkę McAfee ScanAndRepair. Można skromnie dorzucić darmowy prosty Microsoft Security Essentials.

Wypowiedz się wyraźnie, czy problem użycia 100% CPU nadal występuje?

.

stinx · 2 Grudnia 2011

juz jest normalnie, tylko po co aktualizowac

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

picasso · 2 Grudnia 2011

Przecież to system bez Service Packa, to co się mnie pytasz "po co". Zakreśliłam tę linię, by wyróżnić, że to jest goły Windows 7 bez głównej aktualizacji SP1. Wskazuje na to właśnie nagłówek OTL.

stinx · 8 Grudnia 2011

mozna zamknac

Zaloguj się

Podejrzewam infekcje - 100% CPU

Rekomendowane odpowiedzi

stinx

Odnośnik do komentarza

picasso

Odnośnik do komentarza

stinx

Odnośnik do komentarza

peter2012

Odnośnik do komentarza

stinx

Odnośnik do komentarza

picasso

Odnośnik do komentarza

stinx

Odnośnik do komentarza

picasso

Odnośnik do komentarza

stinx

Odnośnik do komentarza

picasso

Odnośnik do komentarza

stinx

Odnośnik do komentarza

picasso

Odnośnik do komentarza

stinx

Odnośnik do komentarza

picasso

Odnośnik do komentarza

stinx

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność