Skocz do zawartości
kaminskowo

Ukrywanie folderów - dysk przenośny, pendrive

Rekomendowane odpowiedzi

Witam,

 

na wstępie chciałabym z góry podziękować wszystkim osobom, które będą w stanie mi pomóc:

 

- posiadam dysk zewnętrzny na którym mam 600 gb rozmaitych danych, pewnego dnia, po podpięciu dysku, wszystkie foldery

pokazały się jako SKRóTY, dostęp do wszystkich folderów był możliwy po użyciu paska z adresem - np. F:// aga itp.

- wirus, prawdopodobnie konczy się na .INK - ponieważ folder aga.INK absolutnie się nie otwierał, a juz np. aga po wpisaniu

w pasku normalnie działał

- dane na dysku na pewno są, ponieważ dysk jest zapełniony przy sprawdzeniu własciwosci

- skanowałam komputer avastem i microsoft essentials - nic nie wykryło JEDNAK teraz na dysku foldery nie są w formie skrótów,

a POAJWIAJA SIĘ JAKO FOLDERY UKRYTE, na moim komputerze są blade, a po podpięciu do innego komputera po prostu ich nie ma,

- opcja POKZ UKRYTE FOLDERY na moim komputerze jest włączona.

- zrobiłam LOGA przy pomocy programu FIXUSB dołączam w pliku

- za kazdym razem kiedy wkładam inną pamięc przenosna do mojego komputera pamięć ulega SKRóTOWI lub ukryciu...

- miesiac temu robilam reinstalke systemu (problem wystepowal juz prze reinstalacja) po ponownym zainstalowaniu systemu nadal ten wirus jest chyba na moim

komputerze....

 

proszę o pomoc,

dziekuje, Aga.

log_hijack.txt

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
- posiadam dysk zewnętrzny na którym mam 600 gb rozmaitych danych, pewnego dnia, po podpięciu dysku, wszystkie foldery

pokazały się jako SKRóTY, dostęp do wszystkich folderów był możliwy po użyciu paska z adresem - np. F:// aga itp.

- wirus, prawdopodobnie konczy się na .INK - ponieważ folder aga.INK absolutnie się nie otwierał, a juz np. aga po wpisaniu

w pasku normalnie działał

- dane na dysku na pewno są, ponieważ dysk jest zapełniony przy sprawdzeniu własciwosci

- skanowałam komputer avastem i microsoft essentials - nic nie wykryło JEDNAK teraz na dysku foldery nie są w formie skrótów,

a POAJWIAJA SIĘ JAKO FOLDERY UKRYTE, na moim komputerze są blade, a po podpięciu do innego komputera po prostu ich nie ma,

 

To jest infekcja, która ukrywa właściwe pliki i foldery na dysku przez atrybuty HS (ukryty systemowy), a na podstawie nazw tych plików / folderów tworzy skróty infekcji (to są pliki o rozszerzeniu LNK a nie INK). To co wystarczy zrobić, to skasować owe skróty plus zdjąć atrybuty z folderów. Operacja wielokrotnie prowadzona na forum i otrzymasz takie instrukcje, gdy otrzymam komplet danych.

 

- opcja POKZ UKRYTE FOLDERY na moim komputerze jest włączona.

 

Ta opcja nie wystarcza. Opcje widoku są dwie i musi być także odznaczona: Windows Explorer > Organizuj > Opcje folderów i wyszukiwania > Widok > Ukryj chronione pliki systemu operacyjnego

 

 

Ten log, który podałaś, jest nieodpowiedni. poproszę o log z USBFix z opcji Listing oraz o wymagany zasadami działu log poglądowy całego systemu z OTL.

 

 

 

.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi

Przesyłam log z USBFix:

############################## | UsbFix V 7.069 | [Listing]
User: aga (Administrator) # AGA-KOMPUTER
Updated 20/11/2011 by El Desaparecido
Started at 22:54:55 | 22/11/2011
Website: http://eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com
PC: Hewlett-Packard (HP Pavilion dv7 Notebook PC) (x64-based PC) # Notebook
CPU: Intel(R) Core(TM)2 Duo CPU	 T9400  @ 2.53GHz (2534)
RAM -> [ Total : 4063 | Free : 2289 ]
BIOS: Default System BIOS
BOOT: Normal boot
OS: Microsoft Windows 7 Home Premium  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 8.0.7601.17514
SC: Security Center Service [ Enabled ]
WU: Windows Update Service [ Enabled ]
AV: Microsoft Security Essentials [ Enabled | Updated ]
FW: Windows FireWall Service [ Enabled ]
C:\ (%systemdrive%) -> Fixed drive # 146 Gb (44 Mb free - 30%) [] # NTFS
D:\ -> Fixed drive # 142 Gb (19 Mb free - 13%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Fixed drive # 932 Gb (295 Mb free - 32%) [Expansion Drive] # NTFS
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> CD-ROM
################## | Listing |
[19/10/2011 - 19:30:57 | SHD ]  C:\$Recycle.Bin
[14/07/2009 - 06:08:56 | SHD ]  C:\Documents and Settings
[29/10/2011 - 11:35:46 | D ]  C:\hegames
[22/11/2011 - 15:16:55 | ASH | 3195236352]  C:\hiberfil.sys
[19/10/2011 - 19:33:54 | D ]  C:\Intel
[23/10/2011 - 18:36:44 | RHD ]  C:\MSOCache
[22/11/2011 - 15:17:01 | ASH | 4260319232]  C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ]  C:\PerfLogs
[22/11/2011 - 00:03:56 | RD ]  C:\Program Files
[22/11/2011 - 00:04:02 | RD ]  C:\Program Files (x86)
[06/11/2011 - 19:02:57 | HD ]  C:\ProgramData
[19/10/2011 - 19:30:29 | SHD ]  C:\Recovery
[24/10/2011 - 22:10:36 | D ]  C:\swsetup
[22/11/2011 - 00:24:32 | SHD ]  C:\System Volume Information
[27/10/2011 - 17:17:13 | D ]  C:\totalcmd
[22/11/2011 - 22:54:57 | D ]  C:\UsbFix
[22/11/2011 - 22:54:52 | A | 1929]  C:\UsbFix.txt
[19/10/2011 - 19:30:43 | RD ]  C:\Users
[22/11/2011 - 00:04:54 | D ]  C:\Windows
[19/10/2011 - 19:30:57 | SHD ]  D:\$RECYCLE.BIN
[19/10/2011 - 18:41:26 | RD ]  D:\ASP III rok
[05/08/2011 - 10:12:36 | A | 324374]  D:\CV Patryk.pdf
[19/10/2011 - 18:32:57 | RD ]  D:\Downloads
[23/07/2011 - 12:57:53 | D ]  D:\dyplom
[21/11/2011 - 14:53:58 | D ]  D:\ID
[24/10/2011 - 18:56:31 | A | 617]  D:\ID — skrót.lnk
[16/10/2010 - 17:36:02 | RAD ]  D:\ikony
[05/10/2011 - 12:29:21 | D ]  D:\Jonathan Nangle
[19/10/2011 - 18:32:22 | D ]  D:\karta 5d
[07/10/2011 - 14:54:19 | RHD ]  D:\MSOCache
[03/03/2011 - 18:51:49 | D ]  D:\Nero Suite 10.0.13200.Ja.Cycuszek
[01/01/1970 - 01:59:59 | A | 307981887]  D:\Nero Suite 10.0.13200.Ja.Cycuszek.rar
[16/10/2010 - 17:36:49 | RAD ]  D:\pedzle photoshop
[19/10/2011 - 18:25:19 | RD ]  D:\Pobrane
[19/10/2011 - 18:32:04 | D ]  D:\Program Files (x86)
[29/10/2011 - 11:35:35 | D ]  D:\putt
[13/10/2010 - 20:15:41 | SHD ]  D:\System Volume Information
[23/07/2011 - 22:58:02 | D ]  D:\tutoriale
[10/11/2011 - 17:02:41 | D ]  D:\zdjęcia
[21/11/2011 - 18:43:01 | SHD ]  F:\$RECYCLE.BIN
[05/10/2010 - 22:26:00 | SHD ]  F:\ADOBE
[22/11/2011 - 00:04:52 | SHD ]  F:\Adobe CS5 Master Collection Retail For Windows
[05/10/2011 - 12:17:24 | SHD ]  F:\Aga
[13/04/2011 - 12:49:13 | A | 26956]  F:\aga i kaz..jpg
[20/11/2011 - 14:05:26 | D ]  F:\Agnieszka Kamińska pdf dyplomu do wysylki
[20/11/2011 - 14:02:46 | D ]  F:\Aiphira
[05/10/2011 - 12:24:43 | SHD ]  F:\albumy ŚLUBNE
[05/10/2011 - 12:12:14 | SHD ]  F:\catalystwww_kurs-catalyst(2)
[30/11/2010 - 23:50:05 | A | 1145290946]  F:\catalystwww_kurs-catalyst(2).zip
[01/11/2010 - 21:43:08 | SHD ]  F:\creativ
[27/10/2011 - 21:33:04 | SHD ]  F:\CV
[23/07/2011 - 22:58:22 | SHD ]  F:\Filmy
[26/08/2011 - 23:53:44 | A | 30059013]  F:\illustrator_cs5_help.pdf
[26/08/2011 - 23:54:10 | A | 35398218]  F:\indesign_cs5_help.pdf
[23/07/2011 - 23:10:42 | SHD ]  F:\Jonathan Nangle
[21/11/2011 - 23:18:08 | D ]  F:\Nero Autobackup
[05/10/2011 - 12:12:11 | SHD ]  F:\Noiseware Professional 4.2 32bit
[27/10/2011 - 16:49:37 | A | 49510]  F:\panel.jpg
[30/04/2011 - 12:30:11 | SHD ]  F:\pendrive
[19/10/2011 - 18:28:28 | D ]  F:\pomaranczowa choinka
[05/10/2011 - 12:12:09 | SHD ]  F:\Portable.Adobe.Illustrator.CS5.v15.0.0
[19/10/2011 - 21:16:51 | HD ]  F:\RECYCLER
[20/11/2011 - 14:02:45 | D ]  F:\Rozalka i Józio
[29/03/2010 - 03:42:52 | SHD ]  F:\Seagate
[27/10/2011 - 17:48:15 | D ]  F:\shamrock
[21/11/2011 - 15:16:52 | A | 36]  F:\syncguid.dat
[01/07/2010 - 10:30:56 | SHD ]  F:\System Volume Information
[19/10/2011 - 18:26:56 | A | 0]  F:\System Volume Information.lnk
[22/02/2011 - 00:01:12 | A | 1845773]  F:\walentynki.jpg
[27/10/2011 - 19:04:18 | D ]  F:\Warszawa i Pokaz mody
[14/08/2011 - 16:11:37 | SHD ]  F:\wedding
[05/10/2011 - 12:12:43 | SHD ]  F:\wtyczki do Photoshopa
[20/11/2011 - 14:02:47 | D ]  F:\Zakochana
[10/04/2009 - 02:52:04 | RA | 12292]  G:\.DS_Store
[30/04/2009 - 04:03:45 | RAD ]  G:\.background
[10/04/2009 - 02:59:38 | RA | 253]  G:\.hidden
[30/04/2009 - 03:57:32 | RA | 54544]  G:\Autorun.exe
[22/10/2008 - 00:48:37 | RA | 45]  G:\Autorun.inf
[30/04/2009 - 03:58:40 | RAD ]  G:\Caches
[30/04/2009 - 03:59:14 | RAD ]  G:\Game
[30/04/2009 - 03:58:40 | RAD ]  G:\GameData
[20/06/2008 - 02:06:56 | RA | 555520]  G:\ISSetup.dll
[25/05/2009 - 16:56:06 | RAD ]  G:\Razor1911
[22/10/2008 - 00:48:38 | RA | 174684]  G:\Sims3.ico
[30/04/2009 - 04:03:35 | RA | 398608]  G:\Sims3Setup.exe
[30/04/2009 - 04:03:33 | RAD ]  G:\Support
[30/04/2009 - 04:03:37 | RAD ]  G:\The SIMS(tm) 3 Install.app
[30/04/2009 - 03:59:14 | RAD ]  G:\Thumbnails
[05/03/2009 - 21:33:50 | RA | 319488]  G:\_Setup.dll
[30/04/2009 - 03:58:00 | RA | 3204962]  G:\data1.cab
[30/04/2009 - 03:57:58 | RA | 195056]  G:\data1.hdr
[30/04/2009 - 04:03:29 | RA | 512]  G:\data2.cab
[12/08/2008 - 22:02:42 | RA | 10134]  G:\eauninstall.ico
[30/04/2009 - 04:03:46 | RAD ]  G:\installer
[30/04/2009 - 04:03:29 | RA | 25506]  G:\layout.bin
[03/10/2008 - 20:46:08 | RA | 164463]  G:\setup.gif
[30/04/2009 - 03:57:48 | RA | 707]  G:\setup.ini
[30/04/2009 - 03:57:38 | RA | 354226]  G:\setup.inx
[28/03/2009 - 07:29:46 | RA | 548828]  G:\setup.isn
[30/04/2009 - 03:57:12 | RA | 152]  G:\skuversion.txt
################## | E.O.F |

i log z programu OTL:

OTL logfile created on: 2011-11-22 22:54:24 - Run 1
OTL by OldTimer - Version 3.2.31.0	 Folder = C:\Users\aga\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,97 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 56,61% Memory free
7,93 Gb Paging File | 5,89 Gb Available in Paging File | 74,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 43,93 Gb Free Space | 30,01% Space Free | Partition Type: NTFS
Drive D: | 141,60 Gb Total Space | 18,79 Gb Free Space | 13,27% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 294,51 Gb Free Space | 31,62% Space Free | Partition Type: NTFS
Drive G: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: AGA-KOMPUTER | User Name: aga | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011-11-22 22:54:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\aga\Downloads\OTL.exe
PRC - [2011-11-09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011-11-09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011-08-17 08:29:20 | 004,527,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2011-08-17 08:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011-07-04 18:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files (x86)\Gadu-Gadu 10\gg.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011-11-14 14:29:27 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011-10-26 09:10:46 | 000,420,920 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
MOD - [2011-10-26 09:10:45 | 003,702,840 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011-10-26 09:09:24 | 000,518,712 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\libglesv2.dll
MOD - [2011-10-26 09:09:23 | 000,112,696 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\libegl.dll
MOD - [2011-10-26 09:09:09 | 000,122,952 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011-10-26 09:09:07 | 000,222,280 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011-10-26 09:09:06 | 001,745,992 | ---- | M] () -- C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011-07-04 18:46:20 | 000,217,696 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\gglog.dll
MOD - [2011-07-04 18:46:18 | 000,123,488 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggipcradioproxy.dll
MOD - [2011-07-04 18:46:16 | 000,017,504 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggipc.dll
MOD - [2011-07-04 18:46:12 | 000,027,744 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggcrypto.dll
MOD - [2011-07-04 18:46:10 | 000,356,960 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\ggcommon.dll
MOD - [2011-04-16 04:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtWebKit4.dll
MOD - [2011-02-17 10:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtScript4.dll
MOD - [2011-02-17 10:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtXml4.dll
MOD - [2011-02-17 10:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtSvg4.dll
MOD - [2011-02-17 10:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtNetwork4.dll
MOD - [2011-02-17 10:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtGui4.dll
MOD - [2011-02-17 10:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\QtCore4.dll
MOD - [2011-02-17 09:59:40 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qtiff4.dll
MOD - [2011-02-17 09:59:40 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qmng4.dll
MOD - [2011-02-17 09:59:40 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qjpeg4.dll
MOD - [2011-02-17 09:59:40 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qgif4.dll
MOD - [2011-02-17 09:59:40 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\imageformats\qsvg4.dll
MOD - [2011-02-17 09:59:32 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Gadu-Gadu 10\zlib1.dll
MOD - [2010-01-30 01:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2011-11-03 15:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:[b]64bit:[/b] - [2011-04-27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2011-04-27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-05-26 13:30:04 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1dd7c6fad1048e9e\stacsv64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2009-05-26 13:29:56 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1dd7c6fad1048e9e\AESTSr64.exe -- (AESTFilters)
SRV - [2011-11-09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2011-11-03 15:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:[b]64bit:[/b] - [2011-10-22 19:56:37 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2011-08-02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011-05-07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:[b]64bit:[/b] - [2011-04-27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2011-03-04 20:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:[b]64bit:[/b] - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-01-13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Sterownik karty Intel(R)
DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation										    ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009-06-10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Sterownik karty Intel(R)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009-05-26 13:30:10 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009-04-29 06:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:[b]64bit:[/b] - [2008-08-06 02:29:26 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2008-07-20 18:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:[b]64bit:[/b] - [2008-01-18 10:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/mb59?u=92541723896572333
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]


FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\aga\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\aga\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\aga\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011-11-12 13:08:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-10-27 20:16:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010-10-01 17:44:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011-11-12 13:08:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-10-30 17:03:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011-10-30 17:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aga\AppData\Roaming\mozilla\Extensions
[2011-10-30 17:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011-09-29 08:30:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-09-29 01:52:42 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2011-09-29 01:52:42 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2011-09-29 01:52:42 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2011-09-29 01:52:42 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2011-09-29 01:52:42 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2011-09-29 01:52:42 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\aga\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Szcz\u0119\u015Bliwego Starego Miner = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahdmajpnpehigpjimeikadfnmoadbff\1.0.5_0\
CHR - Extension: Beat the Boot (by Google) = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidgmjkfmbhldhnhkopojimkhhhcpenl\1.0.0.0_0\
CHR - Extension: Angry Birds = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Linky = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknechokhjgchpodgplolmkgicojmgnd\1.0.2_0\
CHR - Extension: SmoothScroll = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn\1.0.6_0\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: Gun Bros = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciamkmigckbgfajcieiflmkedohjjohh\2.0.0_0\
CHR - Extension: Google Tasks (by Google) = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\
CHR - Extension: MondoVeto - Zosta\u0144 weterynarzem = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecepiacjoadflhimmedofhplofenngif\1.1.0.1_0\
CHR - Extension: AdBlock = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.29_0\
CHR - Extension: LastPass = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.2_0\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: Tom And Jery = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpiodclenogphmnljdhdobnlojbmljfj\1.0.1_0\
CHR - Extension: 1100AD - Online Multiplayer Browser Based Strategy Game = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\iibdllfemjmbopinlfkdbcielaihoagb\1.0.1_0\
CHR - Extension: Skyrama = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.1_0\
CHR - Extension: Cargo Bridge = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Flight Simulator = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcohjlfmcpocjbijmaleelejkmeobmnk\1.0_0\
CHR - Extension: Sprawdzanie poczty Google = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.7.9_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.8.0_0\
CHR - Extension: Cargo Bridge: Xmas level pack = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdcclndkdgngndhjfccoabooegcgamk\1.0.1_0\
CHR - Extension: Cork Board = C:\Users\aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\omedpokkgakfifajbapagggilbcenaga\1.0_0\

O1 HOSTS File: ([2010-11-02 12:57:21 | 000,000,962 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O1 - Hosts: 127.0.0.1				   activate.adobe.com
O1 - Hosts: 127.0.0.1				   practivate.adobe.com
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O2:[b]64bit:[/b] - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKLM..\RunOnce: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70ACF90E-7B28-44E1-BF2D-9540E825D56D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-04-30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008-10-22 00:48:37 | 000,000,045 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{f5d7262f-fcde-11e0-9812-0021868b7add}\Shell - "" = AutoRun
O33 - MountPoints2\{f5d7262f-fcde-11e0-9812-0021868b7add}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2009-04-30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011-11-22 00:28:29 | 000,000,000 | ---D | C] -- C:\UsbFix
[2011-11-22 00:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011-11-22 00:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011-11-21 13:36:40 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\czcionka
[2011-11-17 23:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ANetChat
[2011-11-13 14:18:11 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\miłość nie cukierki
[2011-11-12 20:09:41 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\agrafa
[2011-11-12 13:08:53 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011-11-12 13:08:29 | 000,000,000 | ---D | C] -- C:\Users\aga\Documents\ForceField Shared Files
[2011-11-12 13:08:15 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\CheckPoint
[2011-11-12 13:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011-11-12 13:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2011-11-12 12:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2011-11-10 16:47:57 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\pozen
[2011-11-08 22:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011-11-08 22:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011-11-06 19:03:00 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\Gadu-Gadu 10
[2011-11-06 19:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Gadu-Gadu 10
[2011-11-06 19:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gadu-Gadu 10
[2011-11-04 16:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imagenomic
[2011-11-04 16:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Imagenomic
[2011-11-04 16:20:29 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\Zdjecia
[2011-11-03 21:21:19 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\off festiwal
[2011-11-03 14:35:36 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\kartka
[2011-11-03 12:11:21 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011-10-30 17:03:20 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\Mozilla
[2011-10-30 17:03:20 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Local\Mozilla
[2011-10-30 17:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011-10-30 13:45:59 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\Apple Computer
[2011-10-30 13:45:59 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Local\Apple Computer
[2011-10-30 13:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011-10-30 13:45:34 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011-10-30 13:45:34 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011-10-30 13:45:34 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011-10-30 13:45:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011-10-30 13:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-10-30 13:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011-10-30 13:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-10-30 13:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011-10-30 13:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011-10-30 13:44:47 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Local\Apple
[2011-10-30 13:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011-10-30 13:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011-10-30 13:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011-10-30 13:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011-10-30 13:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011-10-30 13:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011-10-29 21:10:08 | 000,000,000 | ---D | C] -- C:\Users\aga\Documents\Electronic Arts
[2011-10-29 20:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2011-10-29 20:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011-10-29 17:45:17 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Local\My Games
[2011-10-29 17:45:15 | 000,000,000 | ---D | C] -- C:\Users\aga\Documents\My Games
[2011-10-29 17:19:42 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2011-10-29 17:19:42 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011-10-29 17:19:41 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2011-10-29 17:19:41 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2011-10-29 17:19:40 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2011-10-29 17:19:40 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2011-10-29 17:19:37 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2011-10-29 17:19:37 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2011-10-29 17:19:36 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011-10-29 17:19:36 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011-10-29 17:19:36 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2011-10-29 17:19:36 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2011-10-29 17:19:34 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2011-10-29 17:19:34 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2011-10-29 17:19:34 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2011-10-29 17:19:34 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2011-10-29 17:19:34 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2011-10-29 17:19:34 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2011-10-29 17:19:34 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2011-10-29 17:19:32 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2011-10-29 17:19:32 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2011-10-29 17:19:32 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2011-10-29 17:19:32 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2011-10-29 17:19:32 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2011-10-29 17:19:32 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011-10-29 17:19:32 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2011-10-29 17:19:32 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2011-10-29 17:19:31 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2011-10-29 17:19:31 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011-10-29 17:19:31 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2011-10-29 17:19:31 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011-10-29 17:19:31 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2011-10-29 17:19:31 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011-10-29 17:19:29 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2011-10-29 17:19:29 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011-10-29 17:19:29 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2011-10-29 17:19:29 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011-10-29 17:19:28 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2011-10-29 17:19:28 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011-10-29 17:19:28 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011-10-29 17:19:28 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2011-10-29 17:19:28 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2011-10-29 17:19:28 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011-10-29 17:19:28 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2011-10-29 17:19:28 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011-10-29 17:19:27 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2011-10-29 17:19:27 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011-10-29 17:19:27 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2011-10-29 17:19:27 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011-10-29 17:19:27 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011-10-29 17:19:27 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2011-10-29 17:19:26 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2011-10-29 17:19:26 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011-10-29 17:19:25 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2011-10-29 17:19:25 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011-10-29 17:19:25 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2011-10-29 17:19:25 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011-10-29 17:19:24 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2011-10-29 17:19:24 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011-10-29 17:19:24 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2011-10-29 17:19:24 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011-10-29 17:19:24 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011-10-29 17:19:24 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2011-10-29 17:19:24 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2011-10-29 17:19:24 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011-10-29 17:19:23 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2011-10-29 17:19:23 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011-10-29 17:19:22 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2011-10-29 17:19:22 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011-10-29 17:19:22 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011-10-29 17:19:22 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2011-10-29 17:19:22 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2011-10-29 17:19:22 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011-10-29 17:19:21 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2011-10-29 17:19:21 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011-10-29 17:19:21 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2011-10-29 17:19:21 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011-10-29 17:19:20 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2011-10-29 17:19:20 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011-10-29 17:19:20 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2011-10-29 17:19:20 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011-10-29 17:19:19 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2011-10-29 17:19:19 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011-10-29 17:19:19 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2011-10-29 17:19:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011-10-29 17:19:18 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2011-10-29 17:19:18 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011-10-29 17:19:17 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2011-10-29 17:19:17 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011-10-29 17:19:16 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2011-10-29 17:19:16 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011-10-29 17:19:16 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2011-10-29 17:19:16 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011-10-29 17:19:16 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2011-10-29 17:19:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011-10-29 17:19:15 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011-10-29 17:19:15 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011-10-29 17:19:14 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011-10-29 17:19:14 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011-10-29 17:19:14 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011-10-29 17:19:14 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011-10-29 17:19:14 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011-10-29 17:19:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011-10-29 17:19:14 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2011-10-29 17:19:14 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011-10-29 17:19:13 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011-10-29 17:19:13 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011-10-29 17:19:13 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011-10-29 17:19:13 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011-10-29 17:19:12 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011-10-29 17:19:12 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011-10-29 17:19:12 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011-10-29 17:19:12 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011-10-29 17:19:12 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011-10-29 17:19:12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011-10-29 17:19:11 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011-10-29 17:19:11 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011-10-29 17:19:10 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011-10-29 17:19:10 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011-10-29 17:19:10 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011-10-29 17:19:10 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011-10-29 17:19:10 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011-10-29 17:19:10 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011-10-29 17:19:09 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011-10-29 17:19:09 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011-10-29 17:19:09 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011-10-29 17:19:09 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011-10-29 17:19:08 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011-10-29 17:19:07 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011-10-29 17:19:07 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011-10-29 17:19:07 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011-10-29 17:19:07 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011-10-29 17:19:06 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011-10-29 17:19:06 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011-10-29 17:19:05 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011-10-29 17:19:05 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011-10-29 17:19:04 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011-10-29 17:19:04 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011-10-29 17:18:59 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011-10-29 17:18:59 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011-10-29 17:18:57 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011-10-29 17:18:57 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011-10-29 17:18:57 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011-10-29 17:18:57 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011-10-29 17:18:56 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011-10-29 17:18:56 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011-10-29 17:18:56 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011-10-29 17:18:56 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011-10-29 17:18:55 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011-10-29 17:18:55 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011-10-29 17:18:54 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011-10-29 17:18:54 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011-10-29 17:18:52 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011-10-29 17:18:52 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011-10-29 17:18:50 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011-10-29 17:18:50 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011-10-29 17:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2011-10-29 11:35:46 | 000,000,000 | ---D | C] -- C:\hegames
[2011-10-29 11:35:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wing32.dll
[2011-10-29 09:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011-10-29 09:13:47 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\uTorrent
[2011-10-29 09:13:47 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Local\uTorrent
[2011-10-29 09:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011-10-29 09:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011-10-29 09:01:41 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011-10-29 09:01:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011-10-29 09:01:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011-10-29 09:01:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011-10-29 09:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011-10-29 01:28:23 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\ImgBurn
[2011-10-29 01:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011-10-29 01:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011-10-28 23:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011-10-28 23:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\i4j_jres
[2011-10-28 22:53:47 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\FlashGet
[2011-10-28 22:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashGet
[2011-10-28 12:22:49 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Local\Unity
[2011-10-28 11:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011-10-28 11:59:56 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011-10-28 11:59:55 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011-10-28 11:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2011-10-28 11:59:18 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Detektor Winampa
[2011-10-28 11:59:07 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\Winamp
[2011-10-28 11:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011-10-27 22:38:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011-10-27 22:38:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011-10-27 22:02:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011-10-27 20:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2011-10-27 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\aga\Desktop\wysyłka foto
[2011-10-27 17:16:31 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
[2011-10-27 17:16:30 | 000,000,000 | ---D | C] -- C:\totalcmd
[2011-10-27 17:16:30 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\GHISLER
[2011-10-27 16:31:15 | 000,000,000 | ---D | C] -- C:\Users\aga\Application Data
[2011-10-24 22:16:25 | 000,000,000 | ---D | C] -- C:\Users\aga\AppData\Roaming\hpqLog
[2011-10-24 22:15:59 | 001,919,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wdfcoinstaller01005.dll
[2011-10-24 22:15:59 | 000,018,432 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys
[2011-10-24 22:15:58 | 001,885,488 | R--- | C] (Hewlett-Packard Company) -- C:\Windows\SysWow64\BttnCmn.dll
[2011-10-24 22:15:58 | 001,885,488 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysWow64\BttnCmns.dll
[2011-10-24 22:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2011-10-24 22:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011-11-22 22:51:49 | 001,538,624 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-11-22 22:51:49 | 000,693,276 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2011-11-22 22:51:49 | 000,612,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-11-22 22:51:49 | 000,133,638 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2011-11-22 22:51:49 | 000,105,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-11-22 15:24:35 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-11-22 15:24:35 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-11-22 15:17:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-11-22 15:16:55 | 3195,236,352 | -HS- | M] () -- C:\hiberfil.sys
[2011-11-22 00:04:16 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011-11-22 00:04:06 | 001,558,078 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-11-20 00:20:38 | 001,884,828 | ---- | M] () -- C:\Users\aga\Desktop\screen_off_cinema1.pdf
[2011-11-20 00:19:46 | 001,385,376 | ---- | M] () -- C:\Users\aga\Desktop\screen_off_cinema.pdf
[2011-11-19 14:26:51 | 166,216,310 | ---- | M] () -- C:\Users\aga\Desktop\Agnieszka Kamińska.rar
[2011-11-17 23:54:28 | 005,100,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011-11-17 23:42:55 | 009,269,248 | ---- | M] () -- C:\Users\aga\Desktop\loveeat.indd
[2011-11-17 23:06:07 | 000,001,007 | ---- | M] () -- C:\Users\aga\Desktop\ANetChat.lnk
[2011-11-14 14:29:27 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011-11-12 20:12:02 | 002,539,251 | ---- | M] () -- C:\Users\aga\Desktop\rysunek.jpg
[2011-11-12 13:09:03 | 000,415,915 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011-11-06 19:02:57 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\OpenFM.lnk
[2011-11-06 19:02:57 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk
[2011-11-06 13:28:09 | 000,741,875 | ---- | M] () -- C:\Users\aga\Desktop\mrówki.jpg
[2011-11-04 16:46:40 | 000,010,752 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011-11-04 16:46:20 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Noiseware Professional Edition.lnk
[2011-11-02 03:34:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3025311147-2508500377-963061551-1001UA.job
[2011-10-30 13:45:57 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-10-30 10:34:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3025311147-2508500377-963061551-1001Core.job
[2011-10-29 20:40:44 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011-10-29 17:41:53 | 000,000,918 | ---- | M] () -- C:\Users\aga\Desktop\Sid Meiers Civilization V.lnk
[2011-10-29 11:35:46 | 000,000,173 | ---- | M] () -- C:\Windows\hegames.ini
[2011-10-29 09:19:36 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011-10-29 09:01:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011-10-29 09:01:33 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011-10-29 09:01:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011-10-29 09:01:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011-10-29 01:26:18 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011-10-28 23:05:58 | 000,001,966 | ---- | M] () -- C:\Users\aga\Desktop\JDownloader.lnk
[2011-10-27 17:16:31 | 000,000,668 | ---- | M] () -- C:\Users\aga\Desktop\Total Commander.lnk
[2011-10-24 22:10:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01000.Wdf
[2011-10-24 18:56:31 | 000,000,617 | ---- | M] () -- C:\Users\aga\Desktop\ID.lnk
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-11-22 00:04:16 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011-11-22 00:04:06 | 001,558,078 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-11-22 00:03:59 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011-11-20 00:20:30 | 001,884,828 | ---- | C] () -- C:\Users\aga\Desktop\screen_off_cinema1.pdf
[2011-11-20 00:19:39 | 001,385,376 | ---- | C] () -- C:\Users\aga\Desktop\screen_off_cinema.pdf
[2011-11-19 14:25:37 | 166,216,310 | ---- | C] () -- C:\Users\aga\Desktop\Agnieszka Kamińska.rar
[2011-11-17 23:06:07 | 000,001,007 | ---- | C] () -- C:\Users\aga\Desktop\ANetChat.lnk
[2011-11-12 20:12:00 | 002,539,251 | ---- | C] () -- C:\Users\aga\Desktop\rysunek.jpg
[2011-11-12 13:08:23 | 000,415,915 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011-11-09 00:03:56 | 009,269,248 | ---- | C] () -- C:\Users\aga\Desktop\loveeat.indd
[2011-11-06 19:02:57 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\OpenFM.lnk
[2011-11-06 19:02:57 | 000,001,003 | ---- | C] () -- C:\Users\Public\Desktop\Gadu-Gadu 10.lnk
[2011-11-06 19:02:31 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadu-Gadu 10.lnk
[2011-11-06 13:28:07 | 000,741,875 | ---- | C] () -- C:\Users\aga\Desktop\mrówki.jpg
[2011-11-04 16:46:40 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011-11-04 16:46:20 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Noiseware Professional Edition.lnk
[2011-10-30 17:03:16 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011-10-30 13:45:57 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-10-30 13:44:46 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011-10-29 20:40:44 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2011-10-29 17:20:47 | 000,000,918 | ---- | C] () -- C:\Users\aga\Desktop\Sid Meiers Civilization V.lnk
[2011-10-29 11:35:44 | 000,000,173 | ---- | C] () -- C:\Windows\hegames.ini
[2011-10-29 09:19:36 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011-10-29 01:26:18 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011-10-29 01:26:18 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011-10-28 23:05:58 | 000,001,966 | ---- | C] () -- C:\Users\aga\Desktop\JDownloader.lnk
[2011-10-28 23:05:58 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2011-10-28 23:05:58 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011-10-27 20:17:48 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2011-10-27 20:17:48 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2011-10-27 17:16:31 | 000,000,668 | ---- | C] () -- C:\Users\aga\Desktop\Total Commander.lnk
[2011-10-27 17:16:31 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2011-10-27 17:16:31 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2011-10-27 17:16:31 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2011-10-27 17:16:31 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2011-10-27 17:16:30 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2011-10-27 17:16:30 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2011-10-27 17:16:30 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2011-10-24 22:10:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01000.Wdf
[2011-10-24 18:56:33 | 000,000,617 | ---- | C] () -- C:\Users\aga\Desktop\ID.lnk
[2011-10-23 21:04:46 | 000,001,456 | ---- | C] () -- C:\Users\aga\AppData\Local\Adobe Save for Web 12.0 Prefs
[2009-07-14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
< End of report >

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi

Proszę używaj Załączników jako metody prezentacji długich logów. I to nie jest kompletny log z OTL, brakuje Extras (opcja "Rejestr - skan dodatkowy" nie została ustawiona na "Użyj filtrowania").

 

Infekcji w systemie nie widzę (tu tylko będę usuwać szczątki po WebRep Avasta), a na urządzeniu pozostał już tylko jeden LNK oraz ukryte prawie wszystkie foldery. Prewencyjnie usunę z urządzenia także wszystkie "Kosze".

 

 

1. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:Files
rd /s /q F:\$RECYCLE.BIN /C
rd /s /q F:\RECYCLER /C
del /q "F:\System Volume Information.lnk" /C
attrib /d /s -s -h F:\* /C
 
:OTL
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKLM..\RunOnce: []  File not found
 
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="about:blank"

 

Rozpocznij przez Wykonaj skrypt. Z tej operacji powstanie log.

 

2. Do oceny wystarczy tylko ów log z wynikami usuwania oraz nowy log z USBFix z opcji Listing.

 

 

 

.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi

Witam w załączeniu log. skrypt wykonałam. jednego nie moge zalaczyc wiec przesylame w kodzie(

11232011_151807.log

 

Nie masz uprawnień do wysyłania tego typu plików):

s========== FILES ==========
[color=#A23BEC]< rd /s /q F:\$RECYCLE.BIN /C >[/color]
C:\Users\aga\Downloads\cmd.bat deleted successfully.
C:\Users\aga\Downloads\cmd.txt deleted successfully.
[color=#A23BEC]< rd /s /q F:\RECYCLER /C >[/color]
C:\Users\aga\Downloads\cmd.bat deleted successfully.
C:\Users\aga\Downloads\cmd.txt deleted successfully.
[color=#A23BEC]< del /q "F:\System Volume Information.lnk" /C >[/color]
C:\Users\aga\Downloads\cmd.bat deleted successfully.
C:\Users\aga\Downloads\cmd.txt deleted successfully.
[color=#A23BEC]< attrib /d /s -s -h F:\* /C >[/color]
Odmowa dost©pu - F:\System Volume Information
C:\Users\aga\Downloads\cmd.bat deleted successfully.
C:\Users\aga\Downloads\cmd.txt deleted successfully.
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\\wrc@avast.com deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully!

OTL by OldTimer - Version 3.2.31.0 log created on 11232011_151807

UsbFix.txt

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi

Nie możesz załączyć tego pliku, gdyż tylko pliki o rozszerzeniu *.TXT są akceptowane jako Załączniki tekstowe, wystarczy zmienić nazwę na *.LOG na *.TXT.

 

Zadanie zostało pomyślnie wykonane, na urządzeniu nie widzę nic podejrzanego. Uruchom Sprzątanie w OTL. A że nie został podany log OTL Extras, to już na własną rękę sprawdź i wykonaj aktualizacje programów (na pewno IE wymaga aktualizacji IE8 > IE9, nawet jeśli w ogóle z niego nie korzystasz): INSTRUKCJE.

 

 

 

.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.

  • Ostatnio przeglądający   0 użytkowników

    Brak zarejestrowanych użytkowników przeglądających tę stronę.

×
×
  • Dodaj nową pozycję...