Skocz do zawartości


Zdjęcie

Logi - Aktywowanie okien i programów po przejechaniu kursorem

Rozpoczęty przez jakub995 , 18 12 2012 11:50

  • Zamknięty Temat jest zamknięty
10 odpowiedzi w tym temacie

#1 jakub995

jakub995

    Obserwator

  • 6 postów

Napisano 18 12 2012 - 11:50

Mam następujący problem ; Pewnego dnia ściągnąłem link poprzez e-mail od kolegi z pewną bazą danych po jakiś 5 miutach laptop zaczął szaleć
aktywowało się mnóstwo okien i programów . Następnie odłączyłem neta(przynajmniej dało się jakoś ogarnąć co się dzieje na pulpicie), włączyłem w trybie awaryjnym co nie zmieniło postaci rzeczy, udało mi się przeprowadzić skan ale niczego nie wykrył, teraz już mniej więcej sobie radzę za pomocą klawiatury jak się gdzieś dostać ale co zrobić z tą aktywacją poprzez kursor. Ogólnie rzecz biorąc to jestem laikiem w tych sprawach zawsze brat coś kminił ale teraz muszę sam se rade dać

  • 0

#2 pawel315

pawel315

    Uzależniony od forum

  • 1 553 postów

Napisano 18 12 2012 - 12:28

właśnie dlatego tak ochoczo nie klikamy w linki w e-mailu
A teraz daj logi z OTL'a ->/Zasady-zakladania-tematow-z-logami-t37796/

  • 0

#3 jakub995

jakub995

    Obserwator

  • 6 postów

Napisano 18 12 2012 - 13:27

Najszybcej będę mógł to zrobić ok 16:30. Aktualnie pisze przez innego kompa a dopiero o rzeczonej godzinie bedę miał pena i zgram te programy na laptopa żeby wykonać te logi, bo gdybym tam neta załączył to nijak coś zrobić
  • 0

#4 pawel315

pawel315

    Uzależniony od forum

  • 1 553 postów

Napisano 18 12 2012 - 16:29

to poczekam :)
  • 0

#5 jakub995

jakub995

    Obserwator

  • 6 postów

Napisano 18 12 2012 - 19:54

OTL Extras logfile created on: 2012-12-18 18:03:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Hanna\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,83% Memory free
3,84 Gb Paging File | 3,39 Gb Available in Paging File | 88,09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27,95 Gb Total Space | 17,97 Gb Free Space | 64,32% Space Free | Partition Type: NTFS
Drive D: | 27,93 Gb Total Space | 27,64 Gb Free Space | 98,96% Space Free | Partition Type: FAT32
Drive E: | 650,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 7,47 Gb Total Space | 0,22 Gb Free Space | 2,99% Space Free | Partition Type: NTFS
Drive G: | 19,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: X-397C000E44DE4 | User Name: Hanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1482476501-1767777339-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5432:TCP" = 5432:TCP:*:Enabled:Varico PostgreSQL
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\CrossLoop\vncviewer.exe" = C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\CrossLoop\tvnserver.exe" = C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\CrossLoop\tvnserver.exe:*:Enabled:tvnserver.exe -- (GlavSoft LLC.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.0 - Polish
"{ADD5600C-CEBF-4A9C-B4E8-4AB734B96FD9}_is1" = Varico PostgreSQL 1.1.0.3
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{E33DB440-A008-4928-8A4E-5FC5ADDED608}" = OpenOffice.org 2.4
"{EEE90C2D-8ACE-4007-9CF6-B07D0516F6B9}" = Intel® PRO Network Connections 12.0.40.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"2BFA56D22F9A1E3382C6C22AC377F97932ABB3FD" = Windows Driver Package - Intel (NETw4x32) net (11/27/2007 11.5.0.36)
"AA50C5938456EF4A1C98D24E2FB458C653208D15" = Windows Driver Package - Intel net (11/27/2007 11.5.0.36)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALLPlayer_is1" = ALLPlayer V4.X
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem
"CrossLoop_is1" = CrossLoop 2.82
"DAEMON Tools Lite" = DAEMON Tools Lite
"DRUKI IPS_is1" = DRUKI IPS
"EFD65E7CD7A28D00217941F33C5CA55964F96136" = Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37)
"FBDBServer_1_5_is1" = Firebird 1.5.6
"Gadu-Gadu 10" = Gadu-Gadu 10
"HDMI" = Intel® Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)
"Mała Księgowość Rzeczpospolitej" = Mała Księgowość Rzeczpospolitej
"Mozilla Firefox 17.0.1 (x86 pl)" = Mozilla Firefox 17.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VATowiec Komplet_is1" = VATowiec 3.91
"Winamp" = Winamp (remove only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012-12-17 17:32:56 | Computer Name = X-397C000E44DE4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd faktura.exe, wersja 1.0.26.0, moduł powodujący
błąd kernel32.dll, wersja 5.1.2600.2180, adres błędu 0x0001eb33.

Error - 2012-12-17 17:32:56 | Computer Name = X-397C000E44DE4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd faktura.exe, wersja 1.0.26.0, moduł powodujący
błąd kernel32.dll, wersja 5.1.2600.2180, adres błędu 0x0001eb33.

Error - 2012-12-17 17:32:57 | Computer Name = X-397C000E44DE4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd faktura.exe, wersja 1.0.26.0, moduł powodujący
błąd kernel32.dll, wersja 5.1.2600.2180, adres błędu 0x0001eb33.

Error - 2012-12-17 17:32:57 | Computer Name = X-397C000E44DE4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd faktura.exe, wersja 1.0.26.0, moduł powodujący
błąd kernel32.dll, wersja 5.1.2600.2180, adres błędu 0x0001eb33.

Error - 2012-12-17 17:32:57 | Computer Name = X-397C000E44DE4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd faktura.exe, wersja 1.0.26.0, moduł powodujący
błąd kernel32.dll, wersja 5.1.2600.2180, adres błędu 0x0001eb33.

Error - 2012-12-17 17:32:57 | Computer Name = X-397C000E44DE4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd faktura.exe, wersja 1.0.26.0, moduł powodujący
błąd kernel32.dll, wersja 5.1.2600.2180, adres błędu 0x0001eb33.

Error - 2012-12-17 17:32:58 | Computer Name = X-397C000E44DE4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd faktura.exe, wersja 1.0.26.0, moduł powodujący
błąd kernel32.dll, wersja 5.1.2600.2180, adres błędu 0x0001eb33.

Error - 2012-12-17 17:32:59 | Computer Name = X-397C000E44DE4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd faktura.exe, wersja 1.0.26.0, moduł powodujący
błąd kernel32.dll, wersja 5.1.2600.2180, adres błędu 0x0001eb33.

Error - 2012-12-17 17:32:59 | Computer Name = X-397C000E44DE4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd faktura.exe, wersja 1.0.26.0, moduł powodujący
błąd kernel32.dll, wersja 5.1.2600.2180, adres błędu 0x0001eb33.

Error - 2012-12-17 17:33:00 | Computer Name = X-397C000E44DE4 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd faktura.exe, wersja 1.0.26.0, moduł powodujący
błąd kernel32.dll, wersja 5.1.2600.2180, adres błędu 0x0001eb33.

[ System Events ]
Error - 2012-12-18 12:33:33 | Computer Name = X-397C000E44DE4 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-18 12:34:04 | Computer Name = X-397C000E44DE4 | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DHCP zależy od usługi NetBios przez TCP/IP, której nie
można uruchomić z powodu następującego błędu: %%31

Error - 2012-12-18 12:34:04 | Computer Name = X-397C000E44DE4 | Source = Service Control Manager | ID = 7001
Description = Usługa Klient DNS zależy od usługi Sterownik protokołu TCP/IP, której
nie można uruchomić z powodu następującego błędu: %%31

Error - 2012-12-18 12:34:04 | Computer Name = X-397C000E44DE4 | Source = Service Control Manager | ID = 7001
Description = Usługa Pomoc TCP/IP NetBIOS zależy od usługi AFD, której nie można
uruchomić z powodu następującego błędu: %%31

Error - 2012-12-18 12:34:04 | Computer Name = X-397C000E44DE4 | Source = Service Control Manager | ID = 7001
Description = Usługa Usługi IPSEC zależy od usługi Sterownik IPSEC, której nie można
uruchomić z powodu następującego błędu: %%31

Error - 2012-12-18 12:34:04 | Computer Name = X-397C000E44DE4 | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego
lub systemowego: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv
Tcpip

Error - 2012-12-18 12:37:23 | Computer Name = X-397C000E44DE4 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-18 12:38:42 | Computer Name = X-397C000E44DE4 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
netman z argumentami „” w celu uruchomienia serwera: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2012-12-18 12:45:36 | Computer Name = X-397C000E44DE4 | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1084” podczas próby uruchomienia usługi
EventSystem z argumentami „” w celu uruchomienia serwera: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2012-12-18 12:46:56 | Computer Name = X-397C000E44DE4 | Source = PlugPlayManager | ID = 12
Description = Urządzenie 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
zniknęło z systemu bez uprzedniego przygotowania go do usunięcia.


< End of report >

OTL logfile created on: 2012-12-18 18:03:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Hanna\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,83% Memory free
3,84 Gb Paging File | 3,39 Gb Available in Paging File | 88,09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27,95 Gb Total Space | 17,97 Gb Free Space | 64,32% Space Free | Partition Type: NTFS
Drive D: | 27,93 Gb Total Space | 27,64 Gb Free Space | 98,96% Space Free | Partition Type: FAT32
Drive E: | 650,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 7,47 Gb Total Space | 0,22 Gb Free Space | 2,99% Space Free | Partition Type: NTFS
Drive G: | 19,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: X-397C000E44DE4 | User Name: Hanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-12-18 17:58:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hanna\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2012-11-22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe
PRC - [2012-11-22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe
PRC - [2012-11-15 18:14:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012-11-15 18:14:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012-01-06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\CrossLoop\CrossLoopService.exe
PRC - [2011-07-04 18:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-08-02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-01-14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009-10-06 01:05:06 | 001,532,000 | ---- | M] (The Firebird Project) -- d:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
PRC - [2009-10-06 01:05:06 | 000,065,536 | ---- | M] (The Firebird Project) -- d:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
PRC - [2009-02-03 03:23:38 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\Varico\VaricoPostgres\bin\pg_ctl.exe
PRC - [2009-02-03 03:22:04 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\Varico\VaricoPostgres\bin\postgres.exe
PRC - [2008-10-20 18:47:32 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008-10-20 18:47:30 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-04-02 03:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


========== Modules (No Company Name) ==========

MOD - [2012-11-15 21:03:12 | 014,586,808 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2011-07-04 18:46:20 | 000,217,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\gglog.dll
MOD - [2011-07-04 18:46:18 | 000,123,488 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipcradioproxy.dll
MOD - [2011-07-04 18:46:16 | 000,017,504 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipc.dll
MOD - [2011-07-04 18:46:12 | 000,027,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcrypto.dll
MOD - [2011-07-04 18:46:10 | 000,356,960 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcommon.dll
MOD - [2011-04-16 04:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll
MOD - [2011-02-17 10:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtScript4.dll
MOD - [2011-02-17 10:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtXml4.dll
MOD - [2011-02-17 10:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtSvg4.dll
MOD - [2011-02-17 10:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtNetwork4.dll
MOD - [2011-02-17 10:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtGui4.dll
MOD - [2011-02-17 10:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtCore4.dll
MOD - [2011-02-17 09:59:40 | 000,311,296 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qtiff4.dll
MOD - [2011-02-17 09:59:40 | 000,274,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qmng4.dll
MOD - [2011-02-17 09:59:40 | 000,143,360 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qjpeg4.dll
MOD - [2011-02-17 09:59:40 | 000,027,648 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qgif4.dll
MOD - [2011-02-17 09:59:40 | 000,018,944 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qsvg4.dll
MOD - [2011-02-17 09:59:32 | 000,059,904 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\zlib1.dll
MOD - [2010-06-17 15:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL
MOD - [2007-12-19 15:04:24 | 000,828,416 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.4\program\libxml2.dll
MOD - [2004-08-03 23:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003-04-02 03:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


========== Services (SafeList) ==========

SRV - [2012-12-06 12:51:35 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-11-22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012-11-22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012-11-15 18:14:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-11-15 18:14:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012-01-06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010-07-21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2009-10-06 01:05:06 | 001,532,000 | ---- | M] (The Firebird Project) [On_Demand | Running] -- d:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2009-10-06 01:05:06 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Running] -- d:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009-02-03 03:23:38 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\Varico\VaricoPostgres\bin\pg_ctl.exe -- (pgsql-8.3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-11-18 22:29:36 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-11-15 18:14:56 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012-11-15 18:14:56 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-06-17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010-06-17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010-06-02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010-06-02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010-06-02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007-11-26 23:37:00 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-1767777339-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012-12-05 00:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-06 12:51:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-11-15 18:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hanna\Dane aplikacji\Mozilla\Extensions
[2012-12-06 12:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-12-06 12:51:35 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-10-24 20:33:06 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-10-24 20:33:06 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-10-24 20:33:06 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-10-24 20:33:06 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-10-24 20:33:06 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-10-24 20:33:06 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-30 12:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe ()
O4 - HKU\S-1-5-21-1482476501-1767777339-1801674531-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-1482476501-1767777339-1801674531-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1482476501-1767777339-1801674531-1003..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - Startup: C:\Documents and Settings\Hanna\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1767777339-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1767777339-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3FBF821-4904-4763-9D4B-6AECB4650D23}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-11-14 01:17:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012-01-14 16:50:00 | 001,415,168 | R--- | M] (Us│ugi Informatyczne Andrzej Ciupi˝ski) - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2012-01-14 20:01:06 | 000,000,839 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell - "" = AutoRun
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\APPLET\COMMAND - "" = G:\Autorun.exe -- [2012-01-14 16:50:00 | 001,415,168 | R--- | M] (Us│ugi Informatyczne Andrzej Ciupi˝ski)
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2012-01-14 16:50:00 | 001,415,168 | R--- | M] (Us│ugi Informatyczne Andrzej Ciupi˝ski)
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\HTTPJL\COMMAND - "" = RUNDLL32.EXE URL.DLL,FileProtocolHandler http://www.jaslan.pl
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\HTTPRP\COMMAND - "" = RUNDLL32.EXE URL.DLL,FileProtocolHandler http://www.rp.pl/mala_ks
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\INSTALL\COMMAND - "" = G:\Setup.exe -- [2012-01-16 12:04:53 | 012,113,147 | R--- | M] ()
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\INSTRUKCJA\COMMAND - "" = HH.EXE INS.CHM
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\MAIL\COMMAND - "" = RUNDLL32.EXE URL.DLL,FileProtocolHandler mailto:biuro@jaslan.pl?Subject="Mała Księgowość Rzeczpospolitej" 2012
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-12-17 22:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Menu Start\Programy\Ewidencja Środków Trwałych Rzeczpospolitej
[2012-12-17 22:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
[2012-12-17 22:25:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Hanna\Moje dokumenty\Moje wideo
[2012-12-16 18:24:44 | 000,000,000 | ---D | C] -- C:\Instalki
[2012-12-10 22:06:40 | 000,000,000 | ---D | C] -- C:\MalaKsiegowosc
[2012-12-10 22:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\VATowiec
[2012-12-10 22:02:49 | 000,000,000 | ---D | C] -- C:\ARCHIWUM
[2012-12-10 22:02:17 | 000,000,000 | ---D | C] -- C:\BR
[2012-12-09 18:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\CrossLoop
[2012-12-09 18:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Menu Start\Programy\CrossLoop
[2012-12-09 18:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PostgreSQL 8.3
[2012-12-09 18:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Varico
[2012-12-09 13:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\firebird
[2012-12-09 13:04:18 | 000,548,864 | ---- | C] (Firebird Project) -- C:\WINDOWS\System32\FBCLIENT.DLL
[2012-12-08 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Pulpit\Praca
[2012-12-08 18:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\OpenOffice.org2
[2012-12-08 18:35:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\OpenOffice.org 2.4
[2012-12-08 18:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 2.4
[2012-12-08 18:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Pulpit\OpenOffice.org 2.4 (pl) Installation Files
[2012-12-07 23:44:53 | 000,000,000 | ---D | C] -- C:\inetpub
[2012-12-06 20:10:21 | 000,548,864 | ---- | C] (Firebird Project) -- C:\WINDOWS\System32\GDS32.DLL
[2012-12-06 20:10:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Firebird 1.5
[2012-12-06 20:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\LeftHand
[2012-12-06 20:07:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012-12-06 20:07:21 | 000,000,000 | ---D | C] -- C:\SB4
[2012-12-06 12:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-12-05 00:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\PDF Architect
[2012-12-05 00:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\APP_NAME_NON_STRING
[2012-12-05 00:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Moje dokumenty\PDF Architect Files
[2012-12-05 00:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PDF Architect
[2012-12-05 00:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Architect
[2012-12-05 00:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PDFCreator
[2012-12-05 00:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\pdfforge
[2012-12-05 00:06:00 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2012-12-05 00:06:00 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2012-12-05 00:06:00 | 000,088,576 | ---- | C] (pdfforge GbR) -- C:\WINDOWS\System32\pdfcmon.dll
[2012-12-05 00:05:58 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2012-12-05 00:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012-12-04 23:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\Clickteam
[2012-12-04 23:27:14 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2012-12-01 01:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Menu Start\Programy\Mała Księgowość Rzeczpospolitej
[2012-11-28 12:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\WINDOWS
[2012-11-28 12:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Formularze IPS
[2012-11-28 12:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\IPSPI
[2012-11-22 00:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight
[2012-11-22 00:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012-11-21 17:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\Gadu-Gadu 10
[2012-11-21 17:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2012-11-21 17:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2012-11-21 16:40:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2012-11-21 16:40:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2012-11-18 22:37:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2012-11-18 22:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Office
[2012-11-18 22:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012-11-18 22:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012-11-18 22:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012-11-18 22:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012-11-18 22:30:38 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012-11-18 22:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Lite
[2012-11-18 22:28:26 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012-11-18 22:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\DAEMON Tools Lite
[2012-11-18 22:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012-11-18 22:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2012-11-18 19:10:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-12-18 17:50:54 | 000,359,284 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012-12-18 17:50:54 | 000,314,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-12-18 17:50:54 | 000,051,166 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012-12-18 17:50:54 | 000,041,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-12-18 17:46:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-12-17 21:41:17 | 000,000,132 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2012-12-17 21:41:15 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-12-16 21:29:52 | 000,001,418 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business SB4.LNK
[2012-12-16 21:29:52 | 000,001,416 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business BISTRO MULTI SB4.LNK
[2012-12-16 21:29:52 | 000,001,394 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business BISTRO SB4.LNK
[2012-12-16 21:29:52 | 000,001,386 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business PALMTOPY SB4.LNK
[2012-12-16 18:19:04 | 000,035,401 | ---- | M] () -- C:\Documents and Settings\Hanna\Moje dokumenty\Zestawienie faktur.HTML
[2012-12-16 16:37:53 | 000,005,504 | ---- | M] () -- C:\Documents and Settings\Hanna\maw32.lc
[2012-12-15 20:05:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-12-11 16:36:20 | 000,212,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-12-10 22:02:50 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Przewoźnik.lnk
[2012-12-10 22:02:50 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Kadrowiec.lnk
[2012-12-10 22:02:50 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\VATowiec.lnk
[2012-12-10 22:02:50 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Spedytor.lnk
[2012-12-10 22:02:50 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Celin.lnk
[2012-12-10 13:56:24 | 000,009,396 | ---- | M] () -- C:\Documents and Settings\Hanna\Moje dokumenty\praca.odt
[2012-12-09 18:04:48 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\CrossLoop Connect.lnk
[2012-12-08 18:36:46 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Hanna\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
[2012-12-08 17:54:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Hanna\Moje dokumenty\~$rodowe.rtf
[2012-12-05 18:20:04 | 000,062,075 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\VZM-1_C(2)(2011).pdf
[2012-12-05 16:10:39 | 000,405,722 | ---- | M] () -- C:\Documents and Settings\Hanna\Moje dokumenty\Zwrot VAT za materiały budowlane. Odzyskasz pieniądze za parkiet, za farby - już nie - Prawo - Muratordom.mdi
[2012-12-05 00:21:30 | 000,062,710 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\VZM-1_B(4)(2011).pdf
[2012-12-05 00:07:16 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\PDF Architect.lnk
[2012-12-05 00:06:06 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\PDFCreator.lnk
[2012-12-01 01:03:08 | 000,000,335 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Mała Księgowość Rzeczpospolitej wersja sieciowa.lnk
[2012-12-01 01:03:08 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Mała Księgowość Rzeczpospolitej.lnk
[2012-12-01 01:03:08 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Oferty i Zamówienia Rzeczpospolitej.lnk
[2012-12-01 01:03:08 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Biuro Rachunkowe Rzeczpospolitej.lnk
[2012-11-28 12:09:21 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\DRUKI IPS.lnk
[2012-11-26 03:25:59 | 000,035,539 | ---- | M] () -- C:\Documents and Settings\Hanna\Moje dokumenty\WPŁATY ZA FAKTURY.rtf
[2012-11-21 17:22:05 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2012-11-21 17:22:05 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2012-11-19 00:53:21 | 000,134,432 | ---- | M] () -- C:\Documents and Settings\Hanna\Moje dokumenty\Ewidencja sprzedaży VAT 01.11.2012 - 30.11.2012.xml
[2012-11-18 22:37:50 | 000,000,421 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012-11-18 22:29:36 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012-11-18 22:28:27 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-12-16 18:19:04 | 000,035,401 | ---- | C] () -- C:\Documents and Settings\Hanna\Moje dokumenty\Zestawienie faktur.HTML
[2012-12-11 19:14:11 | 000,005,504 | ---- | C] () -- C:\Documents and Settings\Hanna\maw32.lc
[2012-12-10 22:02:50 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Przewoźnik.lnk
[2012-12-10 22:02:50 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Kadrowiec.lnk
[2012-12-10 22:02:50 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\VATowiec.lnk
[2012-12-10 22:02:50 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Spedytor.lnk
[2012-12-10 22:02:50 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Celin.lnk
[2012-12-10 13:53:13 | 000,009,396 | ---- | C] () -- C:\Documents and Settings\Hanna\Moje dokumenty\praca.odt
[2012-12-09 18:04:48 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\CrossLoop Connect.lnk
[2012-12-08 18:36:46 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\Hanna\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
[2012-12-08 17:54:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Hanna\Moje dokumenty\~$rodowe.rtf
[2012-12-06 20:07:31 | 000,001,418 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business SB4.LNK
[2012-12-06 20:07:31 | 000,001,416 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business BISTRO MULTI SB4.LNK
[2012-12-06 20:07:31 | 000,001,394 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business BISTRO SB4.LNK
[2012-12-06 20:07:31 | 000,001,386 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business PALMTOPY SB4.LNK
[2012-12-05 16:10:34 | 000,405,722 | ---- | C] () -- C:\Documents and Settings\Hanna\Moje dokumenty\Zwrot VAT za materiały budowlane. Odzyskasz pieniądze za parkiet, za farby - już nie - Prawo - Muratordom.mdi
[2012-12-05 13:55:19 | 000,062,075 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\VZM-1_C(2)(2011).pdf
[2012-12-05 00:21:28 | 000,062,710 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\VZM-1_B(4)(2011).pdf
[2012-12-05 00:07:16 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\PDF Architect.lnk
[2012-12-05 00:06:06 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\PDFCreator.lnk
[2012-12-01 01:03:08 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Mała Księgowość Rzeczpospolitej wersja sieciowa.lnk
[2012-12-01 01:03:08 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Mała Księgowość Rzeczpospolitej.lnk
[2012-12-01 01:03:08 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Oferty i Zamówienia Rzeczpospolitej.lnk
[2012-12-01 01:03:08 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Biuro Rachunkowe Rzeczpospolitej.lnk
[2012-11-28 12:09:21 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\DRUKI IPS.lnk
[2012-11-25 22:37:36 | 000,035,539 | ---- | C] () -- C:\Documents and Settings\Hanna\Moje dokumenty\WPŁATY ZA FAKTURY.rtf
[2012-11-21 17:22:05 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2012-11-21 17:22:05 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2012-11-21 17:21:43 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk
[2012-11-19 00:53:20 | 000,134,432 | ---- | C] () -- C:\Documents and Settings\Hanna\Moje dokumenty\Ewidencja sprzedaży VAT 01.11.2012 - 30.11.2012.xml
[2012-11-18 22:37:50 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012-11-18 22:28:27 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[2012-11-15 20:18:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWIZARD.INI
[2012-11-15 19:25:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2012-11-15 16:07:07 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-11-15 16:07:06 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2012-11-15 16:07:04 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012-11-15 16:07:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012-11-15 16:04:32 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012-11-15 15:43:51 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012-11-14 22:42:24 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2012-11-14 03:06:22 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-11-14 03:05:04 | 000,212,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-11-14 01:20:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-11-14 01:14:05 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2004-08-03 23:44:10 | 001,483,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004-08-03 23:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004-08-03 23:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-11-18 22:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2012-12-16 16:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\firebird
[2012-11-21 17:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2012-12-05 00:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\APP_NAME_NON_STRING
[2012-12-04 23:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\Clickteam
[2012-11-18 22:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\DAEMON Tools Lite
[2012-11-22 01:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\Gadu-Gadu 10
[2012-12-06 20:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\LeftHand
[2012-12-05 00:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\PDF Architect
[2012-12-05 00:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\pdfforge

========== Purity Check ==========



< End of report >
  • 0

#6 pawel315

pawel315

    Uzależniony od forum

  • 1 553 postów

Napisano 18 12 2012 - 19:57

dodaj mi jeszcze skana z USBfix ( opcja Listing ) ->/USBFix-t42061/
  • 0

#7 jakub995

jakub995

    Obserwator

  • 6 postów

Napisano 18 12 2012 - 20:00

OTL logfile created on: 2012-12-18 18:03:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Hanna\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,83% Memory free
3,84 Gb Paging File | 3,39 Gb Available in Paging File | 88,09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27,95 Gb Total Space | 17,97 Gb Free Space | 64,32% Space Free | Partition Type: NTFS
Drive D: | 27,93 Gb Total Space | 27,64 Gb Free Space | 98,96% Space Free | Partition Type: FAT32
Drive E: | 650,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 7,47 Gb Total Space | 0,22 Gb Free Space | 2,99% Space Free | Partition Type: NTFS
Drive G: | 19,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: X-397C000E44DE4 | User Name: Hanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-12-18 17:58:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hanna\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2012-11-22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe
PRC - [2012-11-22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe
PRC - [2012-11-15 18:14:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012-11-15 18:14:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012-01-06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\CrossLoop\CrossLoopService.exe
PRC - [2011-07-04 18:45:30 | 013,374,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-08-02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-01-14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009-10-06 01:05:06 | 001,532,000 | ---- | M] (The Firebird Project) -- d:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
PRC - [2009-10-06 01:05:06 | 000,065,536 | ---- | M] (The Firebird Project) -- d:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
PRC - [2009-02-03 03:23:38 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\Varico\VaricoPostgres\bin\pg_ctl.exe
PRC - [2009-02-03 03:22:04 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\Varico\VaricoPostgres\bin\postgres.exe
PRC - [2008-10-20 18:47:32 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008-10-20 18:47:30 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-04-02 03:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


========== Modules (No Company Name) ==========

MOD - [2012-11-15 21:03:12 | 014,586,808 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2011-07-04 18:46:20 | 000,217,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\gglog.dll
MOD - [2011-07-04 18:46:18 | 000,123,488 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipcradioproxy.dll
MOD - [2011-07-04 18:46:16 | 000,017,504 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggipc.dll
MOD - [2011-07-04 18:46:12 | 000,027,744 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcrypto.dll
MOD - [2011-07-04 18:46:10 | 000,356,960 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\ggcommon.dll
MOD - [2011-04-16 04:04:30 | 014,749,696 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll
MOD - [2011-02-17 10:00:28 | 001,781,760 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtScript4.dll
MOD - [2011-02-17 10:00:28 | 000,393,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtXml4.dll
MOD - [2011-02-17 10:00:28 | 000,327,680 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtSvg4.dll
MOD - [2011-02-17 10:00:26 | 001,044,480 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtNetwork4.dll
MOD - [2011-02-17 10:00:24 | 009,097,216 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtGui4.dll
MOD - [2011-02-17 10:00:24 | 002,560,000 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\QtCore4.dll
MOD - [2011-02-17 09:59:40 | 000,311,296 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qtiff4.dll
MOD - [2011-02-17 09:59:40 | 000,274,432 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qmng4.dll
MOD - [2011-02-17 09:59:40 | 000,143,360 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qjpeg4.dll
MOD - [2011-02-17 09:59:40 | 000,027,648 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qgif4.dll
MOD - [2011-02-17 09:59:40 | 000,018,944 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\imageformats\qsvg4.dll
MOD - [2011-02-17 09:59:32 | 000,059,904 | ---- | M] () -- C:\Program Files\Gadu-Gadu 10\zlib1.dll
MOD - [2010-06-17 15:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009-02-27 19:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL
MOD - [2007-12-19 15:04:24 | 000,828,416 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.4\program\libxml2.dll
MOD - [2004-08-03 23:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003-04-02 03:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


========== Services (SafeList) ==========

SRV - [2012-12-06 12:51:35 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-11-22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012-11-22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012-11-15 18:14:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012-11-15 18:14:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012-01-06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010-07-21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2009-10-06 01:05:06 | 001,532,000 | ---- | M] (The Firebird Project) [On_Demand | Running] -- d:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2009-10-06 01:05:06 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Running] -- d:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2009-02-03 03:23:38 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\Varico\VaricoPostgres\bin\pg_ctl.exe -- (pgsql-8.3)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-11-18 22:29:36 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-11-15 18:14:56 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012-11-15 18:14:56 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-06-17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010-06-17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010-06-02 14:49:20 | 000,993,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010-06-02 14:49:20 | 000,738,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010-06-02 14:49:18 | 000,217,016 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007-11-26 23:37:00 | 002,236,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-1767777339-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012-12-05 00:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-06 12:51:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-11-15 18:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hanna\Dane aplikacji\Mozilla\Extensions
[2012-12-06 12:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-12-06 12:51:35 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-10-24 20:33:06 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-10-24 20:33:06 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-10-24 20:33:06 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-10-24 20:33:06 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-10-24 20:33:06 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-10-24 20:33:06 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-30 12:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe ()
O4 - HKU\S-1-5-21-1482476501-1767777339-1801674531-1003..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKU\S-1-5-21-1482476501-1767777339-1801674531-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1482476501-1767777339-1801674531-1003..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - Startup: C:\Documents and Settings\Hanna\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1767777339-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1767777339-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3FBF821-4904-4763-9D4B-6AECB4650D23}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - about:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-11-14 01:17:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012-01-14 16:50:00 | 001,415,168 | R--- | M] (Us│ugi Informatyczne Andrzej Ciupi˝ski) - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2012-01-14 20:01:06 | 000,000,839 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell - "" = AutoRun
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\APPLET\COMMAND - "" = G:\Autorun.exe -- [2012-01-14 16:50:00 | 001,415,168 | R--- | M] (Us│ugi Informatyczne Andrzej Ciupi˝ski)
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2012-01-14 16:50:00 | 001,415,168 | R--- | M] (Us│ugi Informatyczne Andrzej Ciupi˝ski)
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\HTTPJL\COMMAND - "" = RUNDLL32.EXE URL.DLL,FileProtocolHandler http://www.jaslan.pl
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\HTTPRP\COMMAND - "" = RUNDLL32.EXE URL.DLL,FileProtocolHandler http://www.rp.pl/mala_ks
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\INSTALL\COMMAND - "" = G:\Setup.exe -- [2012-01-16 12:04:53 | 012,113,147 | R--- | M] ()
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\INSTRUKCJA\COMMAND - "" = HH.EXE INS.CHM
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\MAIL\COMMAND - "" = RUNDLL32.EXE URL.DLL,FileProtocolHandler mailto:biuro@jaslan.pl?Subject="Mała Księgowość Rzeczpospolitej" 2012
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-12-17 22:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Menu Start\Programy\Ewidencja Środków Trwałych Rzeczpospolitej
[2012-12-17 22:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
[2012-12-17 22:25:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Hanna\Moje dokumenty\Moje wideo
[2012-12-16 18:24:44 | 000,000,000 | ---D | C] -- C:\Instalki
[2012-12-10 22:06:40 | 000,000,000 | ---D | C] -- C:\MalaKsiegowosc
[2012-12-10 22:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\VATowiec
[2012-12-10 22:02:49 | 000,000,000 | ---D | C] -- C:\ARCHIWUM
[2012-12-10 22:02:17 | 000,000,000 | ---D | C] -- C:\BR
[2012-12-09 18:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Ustawienia lokalne\Dane aplikacji\CrossLoop
[2012-12-09 18:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Menu Start\Programy\CrossLoop
[2012-12-09 18:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PostgreSQL 8.3
[2012-12-09 18:01:53 | 000,000,000 | ---D | C] -- C:\Program Files\Varico
[2012-12-09 13:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\firebird
[2012-12-09 13:04:18 | 000,548,864 | ---- | C] (Firebird Project) -- C:\WINDOWS\System32\FBCLIENT.DLL
[2012-12-08 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Pulpit\Praca
[2012-12-08 18:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\OpenOffice.org2
[2012-12-08 18:35:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\OpenOffice.org 2.4
[2012-12-08 18:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 2.4
[2012-12-08 18:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Pulpit\OpenOffice.org 2.4 (pl) Installation Files
[2012-12-07 23:44:53 | 000,000,000 | ---D | C] -- C:\inetpub
[2012-12-06 20:10:21 | 000,548,864 | ---- | C] (Firebird Project) -- C:\WINDOWS\System32\GDS32.DLL
[2012-12-06 20:10:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Firebird 1.5
[2012-12-06 20:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\LeftHand
[2012-12-06 20:07:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012-12-06 20:07:21 | 000,000,000 | ---D | C] -- C:\SB4
[2012-12-06 12:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-12-05 00:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\PDF Architect
[2012-12-05 00:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\APP_NAME_NON_STRING
[2012-12-05 00:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Moje dokumenty\PDF Architect Files
[2012-12-05 00:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PDF Architect
[2012-12-05 00:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Architect
[2012-12-05 00:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PDFCreator
[2012-12-05 00:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\pdfforge
[2012-12-05 00:06:00 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2012-12-05 00:06:00 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2012-12-05 00:06:00 | 000,088,576 | ---- | C] (pdfforge GbR) -- C:\WINDOWS\System32\pdfcmon.dll
[2012-12-05 00:05:58 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2012-12-05 00:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012-12-04 23:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\Clickteam
[2012-12-04 23:27:14 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2012-12-01 01:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Menu Start\Programy\Mała Księgowość Rzeczpospolitej
[2012-11-28 12:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\WINDOWS
[2012-11-28 12:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Formularze IPS
[2012-11-28 12:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\IPSPI
[2012-11-22 00:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Silverlight
[2012-11-22 00:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012-11-21 17:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\Gadu-Gadu 10
[2012-11-21 17:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2012-11-21 17:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2012-11-21 16:40:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2012-11-21 16:40:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2012-11-18 22:37:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2012-11-18 22:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Microsoft Office
[2012-11-18 22:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012-11-18 22:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012-11-18 22:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012-11-18 22:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012-11-18 22:30:38 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012-11-18 22:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\DAEMON Tools Lite
[2012-11-18 22:28:26 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012-11-18 22:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hanna\Dane aplikacji\DAEMON Tools Lite
[2012-11-18 22:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012-11-18 22:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2012-11-18 19:10:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-12-18 17:50:54 | 000,359,284 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2012-12-18 17:50:54 | 000,314,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-12-18 17:50:54 | 000,051,166 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2012-12-18 17:50:54 | 000,041,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-12-18 17:46:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-12-17 21:41:17 | 000,000,132 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2012-12-17 21:41:15 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-12-16 21:29:52 | 000,001,418 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business SB4.LNK
[2012-12-16 21:29:52 | 000,001,416 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business BISTRO MULTI SB4.LNK
[2012-12-16 21:29:52 | 000,001,394 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business BISTRO SB4.LNK
[2012-12-16 21:29:52 | 000,001,386 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business PALMTOPY SB4.LNK
[2012-12-16 18:19:04 | 000,035,401 | ---- | M] () -- C:\Documents and Settings\Hanna\Moje dokumenty\Zestawienie faktur.HTML
[2012-12-16 16:37:53 | 000,005,504 | ---- | M] () -- C:\Documents and Settings\Hanna\maw32.lc
[2012-12-15 20:05:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-12-11 16:36:20 | 000,212,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-12-10 22:02:50 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Przewoźnik.lnk
[2012-12-10 22:02:50 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Kadrowiec.lnk
[2012-12-10 22:02:50 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\VATowiec.lnk
[2012-12-10 22:02:50 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Spedytor.lnk
[2012-12-10 22:02:50 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Celin.lnk
[2012-12-10 13:56:24 | 000,009,396 | ---- | M] () -- C:\Documents and Settings\Hanna\Moje dokumenty\praca.odt
[2012-12-09 18:04:48 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\CrossLoop Connect.lnk
[2012-12-08 18:36:46 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Hanna\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
[2012-12-08 17:54:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Hanna\Moje dokumenty\~$rodowe.rtf
[2012-12-05 18:20:04 | 000,062,075 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\VZM-1_C(2)(2011).pdf
[2012-12-05 16:10:39 | 000,405,722 | ---- | M] () -- C:\Documents and Settings\Hanna\Moje dokumenty\Zwrot VAT za materiały budowlane. Odzyskasz pieniądze za parkiet, za farby - już nie - Prawo - Muratordom.mdi
[2012-12-05 00:21:30 | 000,062,710 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\VZM-1_B(4)(2011).pdf
[2012-12-05 00:07:16 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\PDF Architect.lnk
[2012-12-05 00:06:06 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\PDFCreator.lnk
[2012-12-01 01:03:08 | 000,000,335 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Mała Księgowość Rzeczpospolitej wersja sieciowa.lnk
[2012-12-01 01:03:08 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Mała Księgowość Rzeczpospolitej.lnk
[2012-12-01 01:03:08 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Oferty i Zamówienia Rzeczpospolitej.lnk
[2012-12-01 01:03:08 | 000,000,315 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\Biuro Rachunkowe Rzeczpospolitej.lnk
[2012-11-28 12:09:21 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Hanna\Pulpit\DRUKI IPS.lnk
[2012-11-26 03:25:59 | 000,035,539 | ---- | M] () -- C:\Documents and Settings\Hanna\Moje dokumenty\WPŁATY ZA FAKTURY.rtf
[2012-11-21 17:22:05 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2012-11-21 17:22:05 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2012-11-19 00:53:21 | 000,134,432 | ---- | M] () -- C:\Documents and Settings\Hanna\Moje dokumenty\Ewidencja sprzedaży VAT 01.11.2012 - 30.11.2012.xml
[2012-11-18 22:37:50 | 000,000,421 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012-11-18 22:29:36 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012-11-18 22:28:27 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-12-16 18:19:04 | 000,035,401 | ---- | C] () -- C:\Documents and Settings\Hanna\Moje dokumenty\Zestawienie faktur.HTML
[2012-12-11 19:14:11 | 000,005,504 | ---- | C] () -- C:\Documents and Settings\Hanna\maw32.lc
[2012-12-10 22:02:50 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Przewoźnik.lnk
[2012-12-10 22:02:50 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Kadrowiec.lnk
[2012-12-10 22:02:50 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\VATowiec.lnk
[2012-12-10 22:02:50 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Spedytor.lnk
[2012-12-10 22:02:50 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Celin.lnk
[2012-12-10 13:53:13 | 000,009,396 | ---- | C] () -- C:\Documents and Settings\Hanna\Moje dokumenty\praca.odt
[2012-12-09 18:04:48 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\CrossLoop Connect.lnk
[2012-12-08 18:36:46 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\Hanna\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
[2012-12-08 17:54:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Hanna\Moje dokumenty\~$rodowe.rtf
[2012-12-06 20:07:31 | 000,001,418 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business SB4.LNK
[2012-12-06 20:07:31 | 000,001,416 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business BISTRO MULTI SB4.LNK
[2012-12-06 20:07:31 | 000,001,394 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business BISTRO SB4.LNK
[2012-12-06 20:07:31 | 000,001,386 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Small Business PALMTOPY SB4.LNK
[2012-12-05 16:10:34 | 000,405,722 | ---- | C] () -- C:\Documents and Settings\Hanna\Moje dokumenty\Zwrot VAT za materiały budowlane. Odzyskasz pieniądze za parkiet, za farby - już nie - Prawo - Muratordom.mdi
[2012-12-05 13:55:19 | 000,062,075 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\VZM-1_C(2)(2011).pdf
[2012-12-05 00:21:28 | 000,062,710 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\VZM-1_B(4)(2011).pdf
[2012-12-05 00:07:16 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\PDF Architect.lnk
[2012-12-05 00:06:06 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\PDFCreator.lnk
[2012-12-01 01:03:08 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Mała Księgowość Rzeczpospolitej wersja sieciowa.lnk
[2012-12-01 01:03:08 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Mała Księgowość Rzeczpospolitej.lnk
[2012-12-01 01:03:08 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Oferty i Zamówienia Rzeczpospolitej.lnk
[2012-12-01 01:03:08 | 000,000,315 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\Biuro Rachunkowe Rzeczpospolitej.lnk
[2012-11-28 12:09:21 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Hanna\Pulpit\DRUKI IPS.lnk
[2012-11-25 22:37:36 | 000,035,539 | ---- | C] () -- C:\Documents and Settings\Hanna\Moje dokumenty\WPŁATY ZA FAKTURY.rtf
[2012-11-21 17:22:05 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2012-11-21 17:22:05 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2012-11-21 17:21:43 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Gadu-Gadu 10.lnk
[2012-11-19 00:53:20 | 000,134,432 | ---- | C] () -- C:\Documents and Settings\Hanna\Moje dokumenty\Ewidencja sprzedaży VAT 01.11.2012 - 30.11.2012.xml
[2012-11-18 22:37:50 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012-11-18 22:28:27 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\DAEMON Tools Lite.lnk
[2012-11-15 20:18:54 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWIZARD.INI
[2012-11-15 19:25:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2012-11-15 16:07:07 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-11-15 16:07:06 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2012-11-15 16:07:04 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012-11-15 16:07:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012-11-15 16:04:32 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012-11-15 15:43:51 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012-11-14 22:42:24 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2012-11-14 03:06:22 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012-11-14 03:05:04 | 000,212,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-11-14 01:20:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012-11-14 01:14:05 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2004-08-03 23:44:10 | 001,483,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004-08-03 23:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004-08-03 23:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-11-18 22:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2012-12-16 16:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\firebird
[2012-11-21 17:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2012-12-05 00:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\APP_NAME_NON_STRING
[2012-12-04 23:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\Clickteam
[2012-11-18 22:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\DAEMON Tools Lite
[2012-11-22 01:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\Gadu-Gadu 10
[2012-12-06 20:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\LeftHand
[2012-12-05 00:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\PDF Architect
[2012-12-05 00:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanna\Dane aplikacji\pdfforge

========== Purity Check ==========



< End of report >

Mam to wykonać dla tego pendrivea którym przenosiłem pliki?
  • 0

#8 pawel315

pawel315

    Uzależniony od forum

  • 1 553 postów

Napisano 18 12 2012 - 20:05

daj loga z USBfix
  • 0

#9 jakub995

jakub995

    Obserwator

  • 6 postów

Napisano 18 12 2012 - 20:07

############################## | UsbFix V 7.093 | [Listing]

User: abc (Administrator) # ABC-3BAC819E3B8
Updated 08/07/2012 by El Desaparecido
Started at 19:06:41 | 18/12/2012

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: Gigabyte Technology Co., Ltd. (M61PME-S2P) (X86-based PC) # Desktop Computer
CPU: AMD Athlon™ X4 620 Processor (2611)
RAM -> [Total : 3583 | Free : 2382]
BIOS: Award Modular BIOS v6.00PG
BOOT: Normal boot

OS: Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Dodatek Service Pack 3
WB: Windows Internet Explorer 6.0.2900.5512

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 98 Gb (163 Mb free - 0%) [] # NTFS
D:\ -> Fixed drive # 368 Gb (118 Mb free - 32%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 7 Gb (229 Mb free - 3%) [] # NTFS

################## | Listing |

[26/05/2011 - 10:02:10 | D ] C:\Autodesk
[25/05/2011 - 09:22:26 | A | 0] C:\AUTOEXEC.BAT
[30/07/2012 - 13:42:52 | RSH | 223] C:\boot.ini
[02/03/2006 - 13:00:00 | RASH | 4952] C:\Bootfont.bin
[12/12/2012 - 20:37:33 | D ] C:\Config.Msi
[25/05/2011 - 09:22:26 | A | 0] C:\CONFIG.SYS
[25/05/2011 - 10:15:28 | A | 206] C:\csb.log
[30/11/2012 - 00:09:53 | D ] C:\Documents and Settings
[30/03/2012 - 17:49:54 | D ] C:\Downloads
[24/08/2012 - 22:57:29 | D ] C:\GRY
[09/02/2012 - 23:12:09 | D ] C:\Infonetax
[01/11/2012 - 22:20:43 | D ] C:\Instalki
[05/10/2012 - 14:17:34 | A | 129654] C:\inv_oktodelete.bmp
[25/05/2011 - 09:22:26 | RASH | 0] C:\IO.SYS
[01/06/2011 - 16:58:48 | RA | 0] C:\logwmemory.bin
[25/05/2011 - 09:22:26 | RASH | 0] C:\MSDOS.SYS
[02/03/2006 - 13:00:00 | RASH | 47564] C:\NTDETECT.COM
[25/05/2011 - 20:01:33 | RASH | 251152] C:\ntldr
[18/12/2012 - 17:53:53 | ASH | 2145386496] C:\pagefile.sys
[12/12/2012 - 18:32:27 | RD ] C:\Program Files
[13/11/2011 - 09:35:23 | D ] C:\ProgramData
[23/07/2012 - 22:11:31 | SHD ] C:\RECYCLER
[25/05/2011 - 10:15:28 | A | 1530] C:\RHDSetup.log
[24/12/2011 - 08:14:26 | SHD ] C:\System Volume Information
[23/02/2012 - 01:57:22 | D ] C:\temp
[28/05/2011 - 16:16:35 | D ] C:\unitest
[18/12/2012 - 19:06:42 | D ] C:\UsbFix
[18/12/2012 - 19:06:42 | A | 786] C:\UsbFix.txt
[16/09/2012 - 20:46:41 | A | 341] C:\user.js
[11/12/2012 - 18:02:08 | D ] C:\WINDOWS
[08/07/2012 - 21:14:35 | D ] D:\AH
[24/05/2011 - 15:49:06 | D ] D:\Archiwizacja
[12/08/2012 - 22:49:43 | D ] D:\Documents and Settings
[03/12/2011 - 12:13:11 | D ] D:\Downloads
[11/11/2012 - 15:02:42 | D ] D:\GRY
[17/07/2011 - 16:16:31 | RD ] D:\Moje dokumenty
[07/02/2012 - 10:24:52 | D ] D:\Muzyka
[19/07/2011 - 14:58:15 | D ] D:\Program Files
[17/07/2011 - 16:05:12 | D ] D:\PROGRAMY
[25/05/2011 - 20:13:47 | SHD ] D:\RECYCLER
[24/07/2012 - 01:47:55 | SHD ] D:\System Volume Information
[07/02/2012 - 10:24:55 | D ] D:\Wideo
[15/11/2012 - 17:25:34 | A | 6811016] F:\77a224ww.exe
[15/11/2012 - 20:11:34 | A | 74593568] F:\79d179ww.exe
[15/11/2012 - 17:42:14 | A | 11197080] F:\7kra21ww.exe
[15/11/2012 - 17:15:26 | A | 10077032] F:\7kra26ww.exe
[15/11/2012 - 19:17:37 | A | 18257112] F:\7ld140ww.exe
[15/11/2012 - 19:18:28 | A | 54531016] F:\8.223.4.1-060504a-033176c-whql-lenovo.exe
[11/10/2012 - 17:38:53 | A | 119909912] F:\avg_free_x86_all_2013_2677a5774.exe
[15/10/2012 - 19:43:54 | D ] F:\Bartek
[17/10/2012 - 18:29:27 | D ] F:\dokumenty
[15/11/2012 - 17:33:26 | A | 1480728] F:\g1ku20ww.exe
[15/11/2012 - 20:52:01 | A | 870104] F:\kb888111xp1pl.exe
[01/01/1970 - 00:59:59 | N | 523812] F:\MM_PLAY_TIME.ini
[26/05/2011 - 13:21:56 | A | 152270734] F:\Office2003.rar
[15/11/2012 - 17:14:20 | A | 360952] F:\osfj08ww.exe
[15/11/2012 - 19:40:28 | A | 907848] F:\oss608ww.exe
[18/12/2012 - 17:24:38 | A | 602112] F:\OTL.exe
[13/10/2012 - 22:17:06 | D ] F:\scenarios
[20/11/2012 - 14:26:17 | A | 108032] F:\UMOWA.doc
[26/11/2012 - 09:26:20 | A | 46080] F:\UMOWA1.doc
[05/12/2012 - 00:25:10 | A | 62710] F:\VZM-1_B(4)(2011).pdf
[26/11/2012 - 06:40:52 | A | 155648] F:\Wycinek.shs
[01/01/1970 - 00:59:59 | D ] F:\Władca pierścieni
[14/12/2012 - 23:19:35 | D ] F:\[BEST-TORRENTS.NET] Epoka Lodowcowa 4

################## | E.O.F |
  • 0

#10 pawel315

pawel315

    Uzależniony od forum

  • 1 553 postów

Napisano 18 12 2012 - 20:16

Uruchom OTL w okienku Własne opcje skanowania/skrypt wklej: 
:OTL
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\HTTPJL\COMMAND - "" = RUNDLL32.EXE URL.DLL,FileProtocolHandler JasLAN - Usługi Informatyczne
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\HTTPRP\COMMAND - "" = RUNDLL32.EXE URL.DLL,FileProtocolHandler Ma a ksi gowo   "Rzeczpospolitej"
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\INSTALL\COMMAND - "" = G:\Setup.exe -- [2012-01-16 12:04:53 | 012,113,147 | R--- | M] ()
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\INSTRUKCJA\COMMAND - "" = HH.EXE INS.CHM
O33 - MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\Shell\MAIL\COMMAND - "" = RUNDLL32.EXE 

:Files
F:\77a224ww.exe
F:\79d179ww.exe
F:\7kra21ww.exe
F:\7kra26ww.exe
F:\7ld140ww.exe
F:\g1ku20ww.exe
F:\osfj08ww.exe
F:\oss608ww.exe

:Commands
[emptytemp]
Kliknij Wykonaj skrypt daj log z usuwania.
Następnie:

  • 0

#11 jakub995

jakub995

    Obserwator

  • 6 postów

Napisano 18 12 2012 - 21:13

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4772000a-318a-11e2-aa22-0018de9d1c77}\ not found.
File RUNDLL32.EXE URL.DLL,FileProtocolHandler JasLAN - Usługi Informatyczne not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4772000a-318a-11e2-aa22-0018de9d1c77}\ not found.
File RUNDLL32.EXE URL.DLL,FileProtocolHandler Ma a ksi gowo "Rzeczpospolitej" not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4772000a-318a-11e2-aa22-0018de9d1c77}\ not found.
File move failed. G:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4772000a-318a-11e2-aa22-0018de9d1c77}\ not found.
File HH.EXE INS.CHM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4772000a-318a-11e2-aa22-0018de9d1c77}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4772000a-318a-11e2-aa22-0018de9d1c77}\ not found.
C:\WINDOWS\System32\rundll32.exe moved successfully.
========== FILES ==========
File\Folder F:\77a224ww.exe not found.
File\Folder F:\79d179ww.exe not found.
File\Folder F:\7kra21ww.exe not found.
File\Folder F:\7kra26ww.exe not found.
File\Folder F:\7ld140ww.exe not found.
File\Folder F:\g1ku20ww.exe not found.
File\Folder F:\osfj08ww.exe not found.
File\Folder F:\oss608ww.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Hanna
->Temp folder emptied: 77873979 bytes
->Temporary Internet Files folder emptied: 22894304 bytes
->FireFox cache emptied: 67713155 bytes
->Flash cache emptied: 12750 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: varicopostgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2837232 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 140807 bytes
RecycleBin emptied: 5398382 bytes

Total Files Cleaned = 169,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12182012_194517

Files\Folders moved on Reboot...
File\Folder G:\Setup.exe not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Nie dziw się że tak długo ale zrobienie coś na tamtym kompie to jest jak chirurgiczna operacja

aha zrobiłem skan i nic nie wykryło
wysłać ci loga do tego?

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·