Wczoraj moją pracę długo pisaną zaatakował wirus. Objawiło to się tym, że jak chciałam wysłać to przy ładowaniu pliku pojawiał się komunikat, że wykryto wirusa. Plik otwiera się, ale ewidentnie coś jest nie tak. Skanowałam komputer i pliki Avasetm, Kasperkym, ESET i nic to nie Witam. Temat z tym problem pewnie już wielokrotnie się pojawiał, ale ja też nie mogę sobie z nim poradzić. Chodzi o "coś" co tworzy jakieś skróty na pendrivach które podłączę do komputera. Robią się one nawet zaraz po formatowaniu, więc to chyba nie w pendrivie siedzi. Proszę o pomoc. Dołączam lo Witam. Przywlokłem do domu na pendrivie niechciany prezent od uczelni (pewnie za wyniki w nauce). Jest to wirus, który utworzył na pendrivie skrót do tegoż pendriva, a pliki, które miałem na dysku widać dopiero kiedy wejdę w ten skrót (niestety wiąże się to też z zainfekowaniem komputera). Pliki te najprawdopodobniej cash. Wirus, który tworzy skróty Witam, otóż od pewnego czasu na każdym urządzeniu, które podłącze do komputera tworzą się skróty do plików. przeskanowałem komputer adw cleanerem ale nic nie wykrywa, avast to samo, lecz jak podłącze pendrive i zacznę coś na niego kopiować to tworzą się skróty do folderów na tym urządzeniu i avast wysyła powiadomienia o zagrożeniu i przenosi do kwarantanny. Nic to nie zmienia, gdyż po każdym razie jak plik przeniesiony jest do kwarantanny tworzy się kolejny skrót tego pliku itd... Wirus ten siedzi mi na komputerze i nie wiem czy nie siedzi też na 2 penach i karcie pamięci, które podłączałem do komputera. Próbowałem to jakoś usunąć na własną rękę ale nie za bardzo daje rade, mógłby mi ktoś pomóc i wytłumaczyć krok po kroku co robić, aby się pozbyć tego? Załączniki Logi z OTL ( KiB) Ściągnięto 29 razy Strenght ~user Posty: 6Dołączenie: 02 Cze 2015, 20:02 E-mail Wirus, który tworzy skróty przez ordynat 02 Cze 2015, 20:48 O4 - HKCU..\Run: [home] //B "C:\Users\Arek\AppData\Roaming\ File not found[2015-04-15 19:44:01 | 000,238,264 | -HS- | C] () -- C:\Users\Arek\AppData\Roaming\ infekcja skrótowa jest na dysku twardym (na penach pewnie też)1) Użyj USBFix z opcji CLEAN raport z tego Zrób logi z FRST > skanem zaznacz "Additional". ordynat ~user Posty: 4755Dołączenie: 02 Kwi 2010, 11:18Pochwały: 863 E-mail Wirus, który tworzy skróty przez ordynat 02 Cze 2015, 21:31 Hmm, USBFix niczego nie usuwał, a mimo to na dysku twardym nie ma pliku wiem, jak na penach, bo log z USBFix'a wygląda na niecały, brak dolnej Notatnik i wklej w nim:HKLM-x32\...\RunOnce: [] => [X]HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction C:\Program Files (x86)\Pando Networks\Media Booster\ No FileS3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\ [X]C:\Program Files\Enigma Software GroupC:\ProgramData\boost_interprocessEmptyTemp:Plik zapisz pod nazwą i umieść obok Uruchom FRST i kliknij przycisk Fix. Zrób log z USBFix, z opcji LISTING.. ordynat ~user Posty: 4755Dołączenie: 02 Kwi 2010, 11:18Pochwały: 863 E-mail Wirus, który tworzy skróty przez Strenght 02 Cze 2015, 22:42 Hmm, skrypt wkleiłem i wykonałem polecenie dotyczące go. USBfix dalej wywala error podczas próby skanowania usb. W załączniku prtsc tego błędu. Teraz po podłączeniu pena avast już nie wywala żadnych alertów i jak próbowałem coś skopiować na pena to jak narazie nie utworzyły się żadne skróty, co było wcześniej automatyczne. Załączniki ( KiB) Obejrzany 7164 razy Strenght ~user Posty: 6Dołączenie: 02 Cze 2015, 20:02 E-mail Wirus, który tworzy skróty przez ordynat 02 Cze 2015, 23:05 Taki błąd pojawia się, gdy podczas ściągania i używania USBFix'a nie był wyłączony nie tworzą się już skróty, to chyba infekcji już nie ma..W USBFix kliknij na przycisk Notatnik i wklej w nim:DeleteQuarantine: Plik zapisz pod nazwą i umieść obok FRST. Uruchom FRST i kliknij w SHIFT+DEL usuń pozostały folder C:\FRST. ordynat ~user Posty: 4755Dołączenie: 02 Kwi 2010, 11:18Pochwały: 863 E-mail Wirus, który tworzy skróty przez Strenght 02 Cze 2015, 23:15 Wyłączyłem antywirusa i utworzyłem logi z USBfix. Jeszcze pozostaje kwestia karty pamięci, na której mam zdjęcia i nie chce jej formatować, niestety dostęp do niej będę miał dopiero jutro. Nie wiem tylko, czy jak ją podłącze to znowu nie zawirusuje komputera. Załączniki UsbFix [Listing 3] ( KiB) Ściągnięto 20 razy Strenght ~user Posty: 6Dołączenie: 02 Cze 2015, 20:02 E-mail Wirus, który tworzy skróty przez ordynat 03 Cze 2015, 07:35 Na "F" i "G" wszystko wygląda wiem tylko, czy jak ją podłącze to znowu nie zawirusuje widzę, że USBFix, podczas użycia z opcji CLEAN, nie zdążył postawić obiektów zaporowych " więc możliwość zainfekowania jest bardzo przecież i tak kiedyś podepniesz tę kartę, więc lepiej to zrobić od podpięciu spróbujesz użyć USBFix z opcji też, na wszelki wypadek, log z OTL, by sprawdzić, czy na dysku twardym nie pojawił się plik infekcji.. ordynat ~user Posty: 4755Dołączenie: 02 Kwi 2010, 11:18Pochwały: 863 E-mail Wirus, który tworzy skróty przez ordynat 05 Cze 2015, 14:19 Jest OTL i w oknie Własne opcje skanowania/Skrypt wklej to::OTLFF - "V9"FF - "V9"O4 - HKLM..\RunOnce: [] File not found:Commands[emptytemp]Kliknij w Wykonaj OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego USBFix kliknij na przycisk UNINSTALL..Autor postu otrzymał pochwałę ordynat ~user Posty: 4755Dołączenie: 02 Kwi 2010, 11:18Pochwały: 863 E-mail Wirus, który tworzy skróty przez KPRR 23 Cze 2015, 16:14 Witam Mam bardzo podobny problem jak kolega który utworzył wątek. znajomy przyniósł do mnie pendrive na którym był skrót i od tego czasu zaczęły się problem z pendrivi-ami na których zawsze tworzy się skrót do niego. Czytając przypadek kolegi zeskanowałem wszystko OTL , USBFix i FRST ale nie jestem pewny czy to pomogło jeśli mógłbym prosić kolegów bardziej doświadczonych o analizę Log i ewentualne wytłumaczenie jak to naprawić to byłbym Załączniki ( KiB) Ściągnięto 16 razy ( KiB) Ściągnięto 15 razy ( KiB) Ściągnięto 22 razy ( KiB) Ściągnięto 23 razy KPRR ~user Posty: 6Dołączenie: 23 Cze 2015, 12:12 E-mail Powróć do Bezpieczeństwo Kto jest na forum Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 4 gości [b] logfile created on: 2013-10-31 14:26:02 - Run 1OTL by OldTimer - Version Folder = C:\Users\asus\Downloads Starter Edition (Version = - Type = NTWorkstationInternet Explorer (Version = 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1011,94 Mb Total Physical Memory | 232,36 Mb Available Physical Memory | 22,96% Memory free2,07 Gb Paging File | 0,29 Gb Available in Paging File | 13,81% Paging File freePaging file location(s): ?:\ [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 131,98 Gb Total Space | 99,71 Gb Free Space | 75,55% Space Free | Partition Type: NTFSDrive D: | 166,01 Gb Total Space | 131,48 Gb Free Space | 79,20% Space Free | Partition Type: NTFSDrive E: | 16,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ASUS-KOMPUTER | User Name: asus | Logged in as Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-10-31 14:25:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\asus\Downloads\OTL (1).exePRC - [2013-10-31 12:36:45 | 000,065,824 | ---- | M] (BatBrowse) -- C:\Program Files\BatBrowse\bin\ - [2013-10-30 19:51:29 | 000,151,552 | ---- | M] () -- C:\Windows\ - [2013-10-30 19:51:29 | 000,008,192 | ---- | M] () -- C:\Windows\System32\ - [2013-10-29 21:22:58 | 000,143,488 | ---- | M] () -- c:\Program Files\Optimizer Pro\ - [2013-10-29 20:05:59 | 001,706,064 | ---- | M] (Wsys Co., Ltd.) -- C:\ProgramData\eSafe\ - [2013-10-23 20:52:09 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\ - [2013-10-22 20:29:14 | 000,065,824 | ---- | M] (BatBrowse) -- C:\Program Files\BatBrowse\ - [2013-10-09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\ - [2013-08-09 18:36:35 | 000,815,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ - [2013-07-17 19:48:11 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ - [2013-07-17 19:35:48 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ - [2013-07-17 19:35:37 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ - [2013-07-12 20:19:07 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ - [2013-01-04 03:59:29 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ - [2012-04-20 12:00:28 | 003,351,872 | ---- | M] () -- C:\Program Files\Plus Internet\Plus - [2011-03-14 16:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DataCardService\ - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\ - [2009-08-18 17:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\ - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ - [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\ [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-10-17 12:10:20 | 002,869,720 | ---- | M] () -- c:\Program Files\Optimizer Pro\ - [2013-10-09 01:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\ - [2013-10-09 01:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\ - [2013-10-09 01:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\ - [2013-10-09 01:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\ - [2013-10-09 01:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\ - [2013-10-09 01:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\ - [2012-04-20 12:00:28 | 003,351,872 | ---- | M] () -- C:\Program Files\Plus Internet\Plus - [2012-04-20 12:00:18 | 001,101,824 | ---- | M] () -- C:\Program Files\Plus Internet\ [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-10-31 12:36:45 | 000,065,824 | ---- | M] (BatBrowse) [Auto | Running] -- C:\Program Files\BatBrowse\bin\ -- (Util BatBrowse)SRV - [2013-10-30 19:51:29 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ -- (KMService)SRV - [2013-10-29 21:22:58 | 000,143,488 | ---- | M] () [Auto | Running] -- c:\Program Files\Optimizer Pro\ -- (ca82e1a5)SRV - [2013-10-29 20:05:59 | 001,706,064 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\ -- (WsysSvc)SRV - [2013-10-29 20:05:32 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand | Stopped] -- C:\Program Files\BonanzaDealsLive\Update\ -- (bonanzadealslivem)SRV - [2013-10-29 20:05:32 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto | Stopped] -- C:\Program Files\BonanzaDealsLive\Update\ -- (bonanzadealslive)SRV - [2013-10-23 20:52:09 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\ -- (APNMCP)SRV - [2013-10-22 20:29:14 | 000,065,824 | ---- | M] (BatBrowse) [Auto | Running] -- C:\Program Files\BatBrowse\ -- (Update BatBrowse)SRV - [2013-09-05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\ -- (SkypeUpdate)SRV - [2013-08-14 18:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\ -- (MozillaMaintenance)SRV - [2013-08-09 18:36:35 | 000,815,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\ -- (AntiVirWebService)SRV - [2013-07-17 19:48:11 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\ -- (AntiVirSchedulerService)SRV - [2013-07-17 19:35:48 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\ -- (AntiVirService)SRV - [2011-03-14 16:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\ -- ( - [2010-12-28 09:00:34 | 001,296,728 | ---- | M] ( [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\ -- (BITCOMET_HELPER_SERVICE)SRV - [2009-08-18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ -- (AsusService)SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\ -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2013-10-29 21:19:58 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\ -- (dtsoftbus01)DRV - [2013-08-22 17:39:49 | 000,088,840 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ -- (avgntflt)DRV - [2013-07-29 17:37:36 | 000,136,672 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ -- (avipbb)DRV - [2013-07-02 10:00:00 | 003,200,000 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (athr)DRV - [2013-03-20 15:11:44 | 001,349,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (igddim32)DRV - [2013-03-06 16:13:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ -- (avkmgr)DRV - [2012-08-27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ -- (ssmdrv)DRV - [2012-04-20 12:00:36 | 000,349,184 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (ewusbmbb)DRV - [2012-04-20 12:00:36 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (hwdatacard)DRV - [2012-04-20 12:00:36 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ -- (ew_hwusbdev)DRV - [2012-04-20 12:00:36 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (huawei_enumerator)DRV - [2012-04-20 12:00:36 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (ew_usbenumfilter)DRV - [2011-06-09 08:37:56 | 000,278,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (IntcDAud)DRV - [2010-09-27 15:23:56 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (L1C)DRV - [2009-07-20 17:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (kbfiltr)DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ -- (WinUsb) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}IE - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\..\SearchScopes\{513070F3-8723-4A78-B118-B375D04D0250}: "URL" = - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\..\SearchScopes\DBBEFE75D4EA4DD09FB71DF6B180D5D9: "URL" = - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - "Bing "FF - "Bing "FF - " - %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D: - "Bing "FF - " - - File not found FF - HKLM\Software\MozillaPlugins\@ C:\Program Files\Java\jre7\bin\dtplugin\ (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@ C:\Program Files\Java\jre7\bin\plugin2\ (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@ C:\Program Files\Mozilla Firefox\plugins\ (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@ C:\PROGRA~1\MICROS~2\Office14\ (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@ C:\PROGRA~1\MICROS~2\Office14\ (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@ Update;version=3: C:\Program Files\BonanzaDealsLive\Update\ (BonanzaDeals)FF - HKLM\Software\MozillaPlugins\@ Update;version=9: C:\Program Files\BonanzaDealsLive\Update\ (BonanzaDeals)FF - HKLM\Software\MozillaPlugins\@ Update;version=3: C:\Program Files\Google\Update\ (Google Inc.)FF - HKLM\Software\MozillaPlugins\@ Update;version=9: C:\Program Files\Google\Update\ (Google Inc.)FF - HKLM\Software\MozillaPlugins\@ C:\Program Files\VideoLAN\VLC\ (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox C:\Program Files\Mozilla Firefox\components [2013-10-30 20:06:40 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox C:\Program Files\Mozilla Firefox\plugins [2013-10-30 20:06:40 | 000,000,000 | ---D | M] [2013-10-29 12:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\Extensions[2013-10-29 20:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions[2013-10-30 20:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\ 20:06:40 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\ 20:05:08 | 000,000,000 | ---D | M] (BonanzaDeals) -- C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\ 20:29:14 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\firefox\profiles\{DefaultProfilesFolder}\extensions\firefox@ 20:52:51 | 001,048,572 | ---- | M] () (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\firefox\profiles\{DefaultProfilesFolder}\extensions\toolbar_AVIRA-V7@ 20:29:14 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\firefox\profiles\@ 20:46:39 | 000,002,273 | ---- | M] () -- C:\Users\asus\AppData\Roaming\mozilla\firefox\profiles\ 12:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions[2013-10-29 12:56:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2012-01-12 09:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\ 20:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\ [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Bing (Enabled)CHR - default_search_provider: search_url = - default_search_provider: suggest_url = - homepage: - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\ - Extension: Dokumenty Google = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\ - Extension: Dysk Google = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\ - Extension: YouTube = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\ - Extension: BatBrowse = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\ - Extension: No name found = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\ - Extension: Szukaj w Google = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\ - Extension: Nowa karta = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm\ - Extension: Babylon Toolbar = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\ - Extension: BonanzaDeals = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\ - Extension: Lightning Newtab = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\ - Extension: Chrome In-App Payments service = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\ - Extension: Gmail = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\ (Microsoft Corporation)O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\ (BitComet)O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\ (APN LLC.)O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ (Oracle Corporation)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O2 - BHO: (BatBrowse) - {b67b3dbb-c1c9-49d2-b016-2748b0b5017e} - C:\Program Files\BatBrowse\ (BatBrowse)O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\ (Microsoft Corporation)O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\ (Oracle Corporation)O2 - BHO: (BonanzaDeals) - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files\BonanzaDeals\ (BonanzaDeals)O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\ (APN LLC.)O3 - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\ (APN LLC.)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O4 - HKLM..\Run: [jafdeqiphm] //B "C:\Users\asus\AppData\Local\Temp\jafdeqiphm..vbs" File not foundO4 - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000..\Run: [GG] C:\Users\asus\AppData\Local\GG\Application\ (GG Network - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000..\Run: [jafdeqiphm] //B "C:\Users\asus\AppData\Local\Temp\jafdeqiphm..vbs" File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\ (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\ (Microsoft Corporation)O4 - Startup: C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jafdeqiphm..vbs ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\ ( - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\ ( - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O9 - Extra Button: Lync — kliknij, aby połączyć - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\ (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Lync — kliknij, aby połączyć - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\ (Microsoft Corporation)O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\ (BitComet)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{791D732C-4965-45EF-AAB6-01F59EE7AB09}: NameServer = - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91ED931D-1FA0-4342-9C78-FBEB1E73ED75}: DhcpNameServer = - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9395873D-2003-4DD0-A87D-F71CC554C87B}: NameServer = - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2819132-2600-4257-A030-89170F4FA88D}: NameServer = - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C77CBF32-AA94-4391-9C89-77DF46516AB1}: DhcpNameServer = - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\ (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\ (Skype Technologies)O20 - AppInit_DLLs: (c:\progra~1\optimi~1\optpro~ - c:\Program Files\Optimizer Pro\ ()O20 - HKLM Winlogon: Shell - ( - C:\Windows\ (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ - C:\Windows\System32\ (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - ( - C:\Windows\System32\ (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\ -- [ NTFS ]O32 - AutoRun File - [2011-03-14 23:32:10 | 000,436,768 | R--- | M] () - E:\ -- [ CDFS ]O32 - AutoRun File - [2012-03-20 10:04:10 | 000,000,051 | R--- | M] () - E:\ -- [ CDFS ]O33 - MountPoints2\{0772b686-4092-11e3-adbe-10bf489c2317}\Shell - "" = AutoRunO33 - MountPoints2\{0772b686-4092-11e3-adbe-10bf489c2317}\Shell\AutoRun\command - "" = F:\ - MountPoints2\{0772b68c-4092-11e3-adbe-10bf489c2317}\Shell - "" = AutoRunO33 - MountPoints2\{0772b68c-4092-11e3-adbe-10bf489c2317}\Shell\AutoRun\command - "" = G:\ - MountPoints2\{46f10716-4124-11e3-b892-10bf489c2317}\Shell - "" = AutoRunO33 - MountPoints2\{46f10716-4124-11e3-b892-10bf489c2317}\Shell\AutoRun\command - "" = E:\ -- [2011-03-14 23:32:10 | 000,436,768 | R--- | M] ()O33 - MountPoints2\{57c8bdc8-40d5-11e3-b21b-10bf489c2317}\Shell - "" = AutoRunO33 - MountPoints2\{57c8bdc8-40d5-11e3-b21b-10bf489c2317}\Shell\AutoRun\command - "" = F:\ - MountPoints2\{57c8bdc8-40d5-11e3-b21b-10bf489c2317}\Shell\configure\command - "" = F:\ - MountPoints2\{57c8bdc8-40d5-11e3-b21b-10bf489c2317}\Shell\install\command - "" = F:\ - MountPoints2\{65b01b74-40a0-11e3-8dc1-10bf489c2317}\Shell - "" = AutoRunO33 - MountPoints2\{65b01b74-40a0-11e3-8dc1-10bf489c2317}\Shell\AutoRun\command - "" = E:\ -- [2011-03-14 23:32:10 | 000,436,768 | R--- | M] ()O33 - MountPoints2\F\Shell - "" = AutoRunO33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\ - MountPoints2\G\Shell - "" = AutoRunO33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\ - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-10-31 13:06:00 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Adobe[2013-10-31 13:04:45 | 000,000,000 | --SD | C] -- C:\Users\asus\GG dysk[2013-10-31 13:03:56 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Macromedia[2013-10-31 12:59:51 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\GG[2013-10-31 12:59:37 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\GG[2013-10-30 20:07:17 | 000,000,000 | ---D | C] -- C:\Downloads[2013-10-30 20:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet[2013-10-30 20:06:29 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\BitComet[2013-10-30 20:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet[2013-10-30 19:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office[2013-10-30 09:22:33 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Media Player Classic[2013-10-29 23:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSnano[2013-10-29 23:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\KMSnano[2013-10-29 21:54:27 | 000,000,000 | ---D | C] -- C:\Users\asus\Documents\Niestandardowe szablony pakietu Office[2013-10-29 21:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013[2013-10-29 21:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER[2013-10-29 21:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ 21:36:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH[2013-10-29 21:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\ 21:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server[2013-10-29 21:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services[2013-10-29 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\asus\Documents\Optimizer Pro[2013-10-29 21:28:21 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Optimizer Pro[2013-10-29 21:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP[2013-10-29 21:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro 21:22:58 | 000,000,000 | ---D | C] -- C:\Users\asus\Local Settings[2013-10-29 21:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro[2013-10-29 21:22:31 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\BabSolution[2013-10-29 21:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon[2013-10-29 21:21:54 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Babylon[2013-10-29 21:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite[2013-10-29 21:19:58 | 000,243,128 | ---- | C] (Disc Soft Ltd) -- C:\Windows\System32\drivers\ 21:19:50 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\DAEMON Tools Lite[2013-10-29 21:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite[2013-10-29 21:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite[2013-10-29 20:46:02 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Skype[2013-10-29 20:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype[2013-10-29 20:45:27 | 000,000,000 | R--D | C] -- C:\Program Files\Skype[2013-10-29 20:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype[2013-10-29 20:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype[2013-10-29 20:21:29 | 000,000,000 | ---D | C] -- C:\Users\asus\Desktop\Dysk wymienny[2013-10-29 20:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\BatBrowse[2013-10-29 20:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe[2013-10-29 20:05:54 | 000,694,864 | ---- | C] (WilSys Co., Ltd.) -- C:\Users\asus\AppData\Roaming\ 20:05:37 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\BonanzaDealsLive[2013-10-29 20:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\BonanzaDealsLive[2013-10-29 20:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\BonanzaDealsLive[2013-10-29 20:05:12 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\FoxTab[2013-10-29 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals[2013-10-29 20:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\BonanzaDeals[2013-10-29 20:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Foxtab[2013-10-29 19:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome[2013-10-29 19:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Google[2013-10-29 19:51:37 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Google[2013-10-29 17:43:57 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\ElevatedDiagnostics[2013-10-29 13:10:59 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Plus Internet[2013-10-29 13:10:28 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\ 13:10:28 | 000,349,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,194,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,181,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,090,368 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plus Internet[2013-10-29 13:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Plus Internet[2013-10-29 13:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DataCardService[2013-10-29 13:02:08 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\vlc[2013-10-29 12:57:19 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Mozilla[2013-10-29 12:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN[2013-10-29 12:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla[2013-10-29 12:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service[2013-10-29 12:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox[2013-10-29 12:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN[2013-10-29 12:54:42 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW[2013-10-29 12:54:22 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Microsoft Help[2013-10-29 12:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office[2013-10-29 12:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help[2013-10-29 12:53:13 | 000,000,000 | RH-D | C] -- C:\MSOCache[2013-10-29 12:27:55 | 003,200,000 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\System32\drivers\ 12:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle[2013-10-29 12:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java[2013-10-29 12:22:36 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\AskPartnerNetwork[2013-10-29 12:11:38 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Avira[2013-10-29 12:08:26 | 000,066,144 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\ 12:07:48 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Mozilla[2013-10-29 12:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork[2013-10-29 12:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork[2013-10-29 12:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\APN[2013-10-29 12:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AzureWave[2013-10-29 12:05:33 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\InstallShield[2013-10-29 12:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira[2013-10-29 12:05:11 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ 12:05:09 | 000,136,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\ 12:05:09 | 000,088,840 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\ 12:05:09 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\ 12:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira[2013-10-29 12:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira[2013-10-29 12:03:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Atheros_L1e[2013-10-29 12:02:35 | 000,029,184 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\System32\ 12:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\EeePC[2013-10-29 12:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech[2013-10-29 12:01:25 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information[2013-10-29 12:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics[2013-10-29 12:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\NEC Electronics[2013-10-29 12:01:15 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\ 12:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Intel[2013-10-29 12:00:55 | 000,000,000 | ---D | C] -- C:\Intel[2013-10-29 12:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun[2013-10-29 12:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java[2013-10-29 12:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java[2013-10-29 11:59:49 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Downloaded Installations[2013-10-29 11:59:22 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Adobe[2013-10-29 11:59:11 | 000,068,208 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\ 11:58:59 | 004,881,704 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\System32\ 11:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe[2013-10-29 11:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe[2013-10-29 11:57:58 | 000,000,000 | -HSD | C] -- C:\Windows\Installer[2013-10-29 11:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack[2013-10-29 11:57:36 | 003,649,536 | ---- | C] (x264vfw project) -- C:\Windows\System32\ 11:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe[2013-10-29 11:57:34 | 000,122,880 | ---- | C] (fccHandler) -- C:\Windows\System32\ 11:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack[2013-10-29 11:57:22 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Programs[2013-10-29 11:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp[2013-10-29 11:57:14 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Winamp[2013-10-29 11:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp[2013-10-29 11:56:48 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\WinRAR[2013-10-29 11:56:48 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR[2013-10-29 11:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR[2013-10-29 11:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR[2013-10-29 11:10:41 | 000,000,000 | R--D | C] -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup[2013-10-29 11:10:41 | 000,000,000 | R--D | C] -- C:\Users\asus\Searches[2013-10-29 11:10:41 | 000,000,000 | R--D | C] -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools[2013-10-29 11:10:30 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Identities[2013-10-29 11:10:27 | 000,000,000 | R--D | C] -- C:\Users\asus\Contacts[2013-10-29 11:10:04 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\VirtualStore[2013-10-29 11:10:02 | 000,000,000 | --SD | C] -- C:\Users\asus\AppData\Roaming\Microsoft[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Videos[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Saved Games[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Pictures[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Music[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Links[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Favorites[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Downloads[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Documents[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Desktop[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Ustawienia lokalne[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\AppData\Local\Temporary Internet Files[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Szablony[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\SendTo[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Recent[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\PrintHood[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\NetHood[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Documents\Moje wideo[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Documents\Moje obrazy[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Moje dokumenty[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Documents\Moja muzyka[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Menu Start[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\AppData\Local\Historia[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Dane aplikacji[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\AppData\Local\Dane aplikacji[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Cookies[2013-10-29 11:10:02 | 000,000,000 | -H-D | C] -- C:\Users\asus\AppData[2013-10-29 11:10:02 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Temp[2013-10-29 11:10:02 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Microsoft[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\Recovery[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji[2013-10-29 11:05:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution[2013-10-29 11:03:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch[2013-10-29 11:02:34 | 000,000,000 | -HSD | C] -- C:\System Volume Information[2013-10-29 11:02:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-10-31 14:11:15 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\Bon 14:06:04 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\ 14:01:35 | 000,749,948 | ---- | M] () -- C:\Windows\System32\ 14:01:35 | 000,655,930 | ---- | M] () -- C:\Windows\System32\ 14:01:35 | 000,158,376 | ---- | M] () -- C:\Windows\System32\ 14:01:35 | 000,124,670 | ---- | M] () -- C:\Windows\System32\ 13:57:19 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\ 13:46:45 | 000,067,584 | --S- | M] () -- C:\Windows\ 12:29:27 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0- 12:29:27 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0- 12:20:00 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\ 12:20:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\Bonan 12:19:46 | 795,820,032 | -HS- | M] () -- C:\ 21:05:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\ 19:59:44 | 000,436,296 | ---- | M] () -- C:\Windows\System32\ 19:51:29 | 000,151,552 | ---- | M] () -- C:\Windows\ 19:51:29 | 000,008,192 | ---- | M] () -- C:\Windows\System32\ 21:19:58 | 000,243,128 | ---- | M] (Disc Soft Ltd) -- C:\Windows\System32\drivers\ 21:13:23 | 000,000,000 | ---- | M] () -- C:\Cookies[2013-10-29 21:05:11 | 000,362,029 | ---- | M] () -- C:\Windows\System32\ 20:04:51 | 000,364,318 | ---- | M] () -- C:\Users\asus\AppData\Local\ 13:12:22 | 000,000,734 | ---- | M] () -- C:\Users\asus\Desktop\ 13:10:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\ 12:39:12 | 000,015,098 | ---- | M] () -- C:\Windows\System32\ 12:07:36 | 000,066,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\ 12:03:07 | 000,001,769 | ---- | M] () -- C:\Windows\ 11:08:05 | 000,059,310 | ---- | M] () -- C:\Windows\System32\ 11:06:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\ 20:55:00 | 000,694,864 | ---- | M] (WilSys Co., Ltd.) -- C:\Users\asus\AppData\Roaming\ [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-10-31 12:59:49 | 000,001,108 | ---- | C] () -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ 21:05:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\ 19:52:17 | 000,151,552 | ---- | C] () -- C:\Windows\ 19:52:16 | 000,008,192 | ---- | C] () -- C:\Windows\System32\ 11:23:39 | 000,101,848 | -HS- | C] () -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jafdeqiphm..vbs[2013-10-29 21:13:23 | 000,000,000 | ---- | C] () -- C:\Cookies[2013-10-29 21:05:11 | 000,362,029 | ---- | C] () -- C:\Windows\System32\ 20:06:40 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\Bon 20:06:33 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\Bonan 20:05:15 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\ 20:04:57 | 000,364,318 | ---- | C] () -- C:\Users\asus\AppData\Local\ 19:52:42 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\ 19:52:31 | 000,001,028 | ---- | C] () -- C:\Windows\tasks\ 13:12:22 | 000,000,734 | ---- | C] () -- C:\Users\asus\Desktop\ 13:10:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\ 12:56:55 | 000,001,319 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla 12:39:12 | 000,015,098 | ---- | C] () -- C:\Windows\System32\ 12:02:35 | 000,219,136 | ---- | C] () -- C:\Windows\System32\ 12:02:34 | 000,025,616 | ---- | C] () -- C:\Windows\ 11:59:46 | 000,001,769 | ---- | C] () -- C:\Windows\ 11:59:11 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\ 11:58:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 11:57:36 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\ 11:57:35 | 000,650,752 | ---- | C] () -- C:\Windows\System32\ 11:57:35 | 000,243,200 | ---- | C] () -- C:\Windows\System32\ 11:57:34 | 000,217,176 | ---- | C] () -- C:\Windows\System32\ 11:57:31 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ 11:10:43 | 000,001,623 | ---- | C] () -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet 11:06:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\ 11:02:34 | 795,820,032 | -HS- | C] () -- C:\ 15:11:44 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\ 15:11:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\ [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\ -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\ -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\system32\wbem\ -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013-10-29 21:22:34 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\BabSolution[2013-10-29 21:21:54 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\Babylon[2013-10-30 20:07:37 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\BitComet[2013-10-29 21:22:24 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\DAEMON Tools Lite[2013-10-29 20:05:12 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\FoxTab[2013-10-31 13:22:05 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\GG[2013-10-29 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\Optimizer Pro[2013-10-29 13:11:13 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\Plus Internet [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color][2013-10-31 13:40:28 | 104,348,737 | ---- | M] ()(C:\Windows\System32\???a) -- C:\Windows\System32\帵a[2013-10-31 13:40:28 | 000,000,000 | ---- | C] ()(C:\Windows\System32\???a) -- C:\Windows\System32\帵a [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720"[b]EXTRAS:[/b]"OTL logfile created on: 2013-10-31 14:26:02 - Run 1OTL by OldTimer - Version Folder = C:\Users\asus\Downloads Starter Edition (Version = - Type = NTWorkstationInternet Explorer (Version = 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1011,94 Mb Total Physical Memory | 232,36 Mb Available Physical Memory | 22,96% Memory free2,07 Gb Paging File | 0,29 Gb Available in Paging File | 13,81% Paging File freePaging file location(s): ?:\ [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 131,98 Gb Total Space | 99,71 Gb Free Space | 75,55% Space Free | Partition Type: NTFSDrive D: | 166,01 Gb Total Space | 131,48 Gb Free Space | 79,20% Space Free | Partition Type: NTFSDrive E: | 16,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ASUS-KOMPUTER | User Name: asus | Logged in as Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-10-31 14:25:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\asus\Downloads\OTL (1).exePRC - [2013-10-31 12:36:45 | 000,065,824 | ---- | M] (BatBrowse) -- C:\Program Files\BatBrowse\bin\ - [2013-10-30 19:51:29 | 000,151,552 | ---- | M] () -- C:\Windows\ - [2013-10-30 19:51:29 | 000,008,192 | ---- | M] () -- C:\Windows\System32\ - [2013-10-29 21:22:58 | 000,143,488 | ---- | M] () -- c:\Program Files\Optimizer Pro\ - [2013-10-29 20:05:59 | 001,706,064 | ---- | M] (Wsys Co., Ltd.) -- C:\ProgramData\eSafe\ - [2013-10-23 20:52:09 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\ - [2013-10-22 20:29:14 | 000,065,824 | ---- | M] (BatBrowse) -- C:\Program Files\BatBrowse\ - [2013-10-09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\ - [2013-08-09 18:36:35 | 000,815,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ - [2013-07-17 19:48:11 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ - [2013-07-17 19:35:48 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ - [2013-07-17 19:35:37 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ - [2013-07-12 20:19:07 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ - [2013-01-04 03:59:29 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ - [2012-04-20 12:00:28 | 003,351,872 | ---- | M] () -- C:\Program Files\Plus Internet\Plus - [2011-03-14 16:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DataCardService\ - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\ - [2009-08-18 17:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\ - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ - [2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\ [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-10-17 12:10:20 | 002,869,720 | ---- | M] () -- c:\Program Files\Optimizer Pro\ - [2013-10-09 01:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\ - [2013-10-09 01:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\ - [2013-10-09 01:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\ - [2013-10-09 01:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\ - [2013-10-09 01:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\ - [2013-10-09 01:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\ - [2012-04-20 12:00:28 | 003,351,872 | ---- | M] () -- C:\Program Files\Plus Internet\Plus - [2012-04-20 12:00:18 | 001,101,824 | ---- | M] () -- C:\Program Files\Plus Internet\ [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-10-31 12:36:45 | 000,065,824 | ---- | M] (BatBrowse) [Auto | Running] -- C:\Program Files\BatBrowse\bin\ -- (Util BatBrowse)SRV - [2013-10-30 19:51:29 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ -- (KMService)SRV - [2013-10-29 21:22:58 | 000,143,488 | ---- | M] () [Auto | Running] -- c:\Program Files\Optimizer Pro\ -- (ca82e1a5)SRV - [2013-10-29 20:05:59 | 001,706,064 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\ -- (WsysSvc)SRV - [2013-10-29 20:05:32 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand | Stopped] -- C:\Program Files\BonanzaDealsLive\Update\ -- (bonanzadealslivem)SRV - [2013-10-29 20:05:32 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto | Stopped] -- C:\Program Files\BonanzaDealsLive\Update\ -- (bonanzadealslive)SRV - [2013-10-23 20:52:09 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\ -- (APNMCP)SRV - [2013-10-22 20:29:14 | 000,065,824 | ---- | M] (BatBrowse) [Auto | Running] -- C:\Program Files\BatBrowse\ -- (Update BatBrowse)SRV - [2013-09-05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\ -- (SkypeUpdate)SRV - [2013-08-14 18:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\ -- (MozillaMaintenance)SRV - [2013-08-09 18:36:35 | 000,815,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\ -- (AntiVirWebService)SRV - [2013-07-17 19:48:11 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\ -- (AntiVirSchedulerService)SRV - [2013-07-17 19:35:48 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\ -- (AntiVirService)SRV - [2011-03-14 16:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\ -- ( - [2010-12-28 09:00:34 | 001,296,728 | ---- | M] ( [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\ -- (BITCOMET_HELPER_SERVICE)SRV - [2009-08-18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ -- (AsusService)SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\ -- (WinDefend) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2013-10-29 21:19:58 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\ -- (dtsoftbus01)DRV - [2013-08-22 17:39:49 | 000,088,840 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ -- (avgntflt)DRV - [2013-07-29 17:37:36 | 000,136,672 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ -- (avipbb)DRV - [2013-07-02 10:00:00 | 003,200,000 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (athr)DRV - [2013-03-20 15:11:44 | 001,349,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (igddim32)DRV - [2013-03-06 16:13:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ -- (avkmgr)DRV - [2012-08-27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ -- (ssmdrv)DRV - [2012-04-20 12:00:36 | 000,349,184 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (ewusbmbb)DRV - [2012-04-20 12:00:36 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (hwdatacard)DRV - [2012-04-20 12:00:36 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ -- (ew_hwusbdev)DRV - [2012-04-20 12:00:36 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (huawei_enumerator)DRV - [2012-04-20 12:00:36 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (ew_usbenumfilter)DRV - [2011-06-09 08:37:56 | 000,278,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (IntcDAud)DRV - [2010-09-27 15:23:56 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (L1C)DRV - [2009-07-20 17:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ -- (kbfiltr)DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ -- (WinUsb) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}IE - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\..\SearchScopes\{513070F3-8723-4A78-B118-B375D04D0250}: "URL" = - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\..\SearchScopes\DBBEFE75D4EA4DD09FB71DF6B180D5D9: "URL" = - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - "Bing "FF - "Bing "FF - " - %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D: - "Bing "FF - " - - File not found FF - HKLM\Software\MozillaPlugins\@ C:\Program Files\Java\jre7\bin\dtplugin\ (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@ C:\Program Files\Java\jre7\bin\plugin2\ (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@ C:\Program Files\Mozilla Firefox\plugins\ (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@ C:\PROGRA~1\MICROS~2\Office14\ (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@ C:\PROGRA~1\MICROS~2\Office14\ (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@ Update;version=3: C:\Program Files\BonanzaDealsLive\Update\ (BonanzaDeals)FF - HKLM\Software\MozillaPlugins\@ Update;version=9: C:\Program Files\BonanzaDealsLive\Update\ (BonanzaDeals)FF - HKLM\Software\MozillaPlugins\@ Update;version=3: C:\Program Files\Google\Update\ (Google Inc.)FF - HKLM\Software\MozillaPlugins\@ Update;version=9: C:\Program Files\Google\Update\ (Google Inc.)FF - HKLM\Software\MozillaPlugins\@ C:\Program Files\VideoLAN\VLC\ (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox C:\Program Files\Mozilla Firefox\components [2013-10-30 20:06:40 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox C:\Program Files\Mozilla Firefox\plugins [2013-10-30 20:06:40 | 000,000,000 | ---D | M] [2013-10-29 12:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\Extensions[2013-10-29 20:08:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions[2013-10-30 20:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\ 20:06:40 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\ 20:05:08 | 000,000,000 | ---D | M] (BonanzaDeals) -- C:\Users\asus\AppData\Roaming\mozilla\Firefox\Profiles\ 20:29:14 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\firefox\profiles\{DefaultProfilesFolder}\extensions\firefox@ 20:52:51 | 001,048,572 | ---- | M] () (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\firefox\profiles\{DefaultProfilesFolder}\extensions\toolbar_AVIRA-V7@ 20:29:14 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\asus\AppData\Roaming\mozilla\firefox\profiles\@ 20:46:39 | 000,002,273 | ---- | M] () -- C:\Users\asus\AppData\Roaming\mozilla\firefox\profiles\ 12:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions[2013-10-29 12:56:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2012-01-12 09:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\ 20:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\ [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Bing (Enabled)CHR - default_search_provider: search_url = - default_search_provider: suggest_url = - homepage: - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\ - Extension: Dokumenty Google = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\ - Extension: Dysk Google = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\ - Extension: YouTube = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\ - Extension: BatBrowse = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff\ - Extension: No name found = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\ - Extension: Szukaj w Google = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\ - Extension: Nowa karta = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchmpbaclbiioedakpcldenooikekokm\ - Extension: Babylon Toolbar = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\ - Extension: BonanzaDeals = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\ - Extension: Lightning Newtab = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\ - Extension: Chrome In-App Payments service = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\ - Extension: Gmail = C:\Users\asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\ (Microsoft Corporation)O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\ (BitComet)O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\ (APN LLC.)O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ (Oracle Corporation)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O2 - BHO: (BatBrowse) - {b67b3dbb-c1c9-49d2-b016-2748b0b5017e} - C:\Program Files\BatBrowse\ (BatBrowse)O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\ (Microsoft Corporation)O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\ (Oracle Corporation)O2 - BHO: (BonanzaDeals) - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files\BonanzaDeals\ (BonanzaDeals)O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\ (APN LLC.)O3 - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\ (APN LLC.)O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O4 - HKLM..\Run: [jafdeqiphm] //B "C:\Users\asus\AppData\Local\Temp\jafdeqiphm..vbs" File not foundO4 - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000..\Run: [GG] C:\Users\asus\AppData\Local\GG\Application\ (GG Network - HKU\S-1-5-21-2193076413-2474647909-3808862212-1000..\Run: [jafdeqiphm] //B "C:\Users\asus\AppData\Local\Temp\jafdeqiphm..vbs" File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\ (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\ (Microsoft Corporation)O4 - Startup: C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jafdeqiphm..vbs ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O8 - Extra context menu item: &P&obierz &za pomocą BitComet - C:\Program Files\BitComet\ ( - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\ ( - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O9 - Extra Button: Lync — kliknij, aby połączyć - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\ (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Lync — kliknij, aby połączyć - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\ (Microsoft Corporation)O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ (Microsoft Corporation)O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\ (BitComet)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\ (Avira Operations GmbH & Co. KG)O13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{791D732C-4965-45EF-AAB6-01F59EE7AB09}: NameServer = - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91ED931D-1FA0-4342-9C78-FBEB1E73ED75}: DhcpNameServer = - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9395873D-2003-4DD0-A87D-F71CC554C87B}: NameServer = - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2819132-2600-4257-A030-89170F4FA88D}: NameServer = - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C77CBF32-AA94-4391-9C89-77DF46516AB1}: DhcpNameServer = - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\ (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\ (Skype Technologies)O20 - AppInit_DLLs: (c:\progra~1\optimi~1\optpro~ - c:\Program Files\Optimizer Pro\ ()O20 - HKLM Winlogon: Shell - ( - C:\Windows\ (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ - C:\Windows\System32\ (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - ( - C:\Windows\System32\ (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\ -- [ NTFS ]O32 - AutoRun File - [2011-03-14 23:32:10 | 000,436,768 | R--- | M] () - E:\ -- [ CDFS ]O32 - AutoRun File - [2012-03-20 10:04:10 | 000,000,051 | R--- | M] () - E:\ -- [ CDFS ]O33 - MountPoints2\{0772b686-4092-11e3-adbe-10bf489c2317}\Shell - "" = AutoRunO33 - MountPoints2\{0772b686-4092-11e3-adbe-10bf489c2317}\Shell\AutoRun\command - "" = F:\ - MountPoints2\{0772b68c-4092-11e3-adbe-10bf489c2317}\Shell - "" = AutoRunO33 - MountPoints2\{0772b68c-4092-11e3-adbe-10bf489c2317}\Shell\AutoRun\command - "" = G:\ - MountPoints2\{46f10716-4124-11e3-b892-10bf489c2317}\Shell - "" = AutoRunO33 - MountPoints2\{46f10716-4124-11e3-b892-10bf489c2317}\Shell\AutoRun\command - "" = E:\ -- [2011-03-14 23:32:10 | 000,436,768 | R--- | M] ()O33 - MountPoints2\{57c8bdc8-40d5-11e3-b21b-10bf489c2317}\Shell - "" = AutoRunO33 - MountPoints2\{57c8bdc8-40d5-11e3-b21b-10bf489c2317}\Shell\AutoRun\command - "" = F:\ - MountPoints2\{57c8bdc8-40d5-11e3-b21b-10bf489c2317}\Shell\configure\command - "" = F:\ - MountPoints2\{57c8bdc8-40d5-11e3-b21b-10bf489c2317}\Shell\install\command - "" = F:\ - MountPoints2\{65b01b74-40a0-11e3-8dc1-10bf489c2317}\Shell - "" = AutoRunO33 - MountPoints2\{65b01b74-40a0-11e3-8dc1-10bf489c2317}\Shell\AutoRun\command - "" = E:\ -- [2011-03-14 23:32:10 | 000,436,768 | R--- | M] ()O33 - MountPoints2\F\Shell - "" = AutoRunO33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\ - MountPoints2\G\Shell - "" = AutoRunO33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\ - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-10-31 13:06:00 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Adobe[2013-10-31 13:04:45 | 000,000,000 | --SD | C] -- C:\Users\asus\GG dysk[2013-10-31 13:03:56 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Macromedia[2013-10-31 12:59:51 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\GG[2013-10-31 12:59:37 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\GG[2013-10-30 20:07:17 | 000,000,000 | ---D | C] -- C:\Downloads[2013-10-30 20:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet[2013-10-30 20:06:29 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\BitComet[2013-10-30 20:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet[2013-10-30 19:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office[2013-10-30 09:22:33 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Media Player Classic[2013-10-29 23:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSnano[2013-10-29 23:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\KMSnano[2013-10-29 21:54:27 | 000,000,000 | ---D | C] -- C:\Users\asus\Documents\Niestandardowe szablony pakietu Office[2013-10-29 21:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013[2013-10-29 21:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER[2013-10-29 21:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ 21:36:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH[2013-10-29 21:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\ 21:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server[2013-10-29 21:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services[2013-10-29 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\asus\Documents\Optimizer Pro[2013-10-29 21:28:21 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Optimizer Pro[2013-10-29 21:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP[2013-10-29 21:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro 21:22:58 | 000,000,000 | ---D | C] -- C:\Users\asus\Local Settings[2013-10-29 21:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro[2013-10-29 21:22:31 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\BabSolution[2013-10-29 21:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon[2013-10-29 21:21:54 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Babylon[2013-10-29 21:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite[2013-10-29 21:19:58 | 000,243,128 | ---- | C] (Disc Soft Ltd) -- C:\Windows\System32\drivers\ 21:19:50 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\DAEMON Tools Lite[2013-10-29 21:19:43 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite[2013-10-29 21:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite[2013-10-29 20:46:02 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Skype[2013-10-29 20:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype[2013-10-29 20:45:27 | 000,000,000 | R--D | C] -- C:\Program Files\Skype[2013-10-29 20:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype[2013-10-29 20:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype[2013-10-29 20:21:29 | 000,000,000 | ---D | C] -- C:\Users\asus\Desktop\Dysk wymienny[2013-10-29 20:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\BatBrowse[2013-10-29 20:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe[2013-10-29 20:05:54 | 000,694,864 | ---- | C] (WilSys Co., Ltd.) -- C:\Users\asus\AppData\Roaming\ 20:05:37 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\BonanzaDealsLive[2013-10-29 20:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\BonanzaDealsLive[2013-10-29 20:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\BonanzaDealsLive[2013-10-29 20:05:12 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\FoxTab[2013-10-29 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals[2013-10-29 20:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\BonanzaDeals[2013-10-29 20:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Foxtab[2013-10-29 19:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome[2013-10-29 19:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Google[2013-10-29 19:51:37 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Google[2013-10-29 17:43:57 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\ElevatedDiagnostics[2013-10-29 13:10:59 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Plus Internet[2013-10-29 13:10:28 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\ 13:10:28 | 000,349,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,194,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,181,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,090,368 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:10:28 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ 13:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plus Internet[2013-10-29 13:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Plus Internet[2013-10-29 13:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DataCardService[2013-10-29 13:02:08 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\vlc[2013-10-29 12:57:19 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Mozilla[2013-10-29 12:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN[2013-10-29 12:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla[2013-10-29 12:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service[2013-10-29 12:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox[2013-10-29 12:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN[2013-10-29 12:54:42 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW[2013-10-29 12:54:22 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Microsoft Help[2013-10-29 12:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office[2013-10-29 12:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help[2013-10-29 12:53:13 | 000,000,000 | RH-D | C] -- C:\MSOCache[2013-10-29 12:27:55 | 003,200,000 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\System32\drivers\ 12:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle[2013-10-29 12:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java[2013-10-29 12:22:36 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\AskPartnerNetwork[2013-10-29 12:11:38 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Avira[2013-10-29 12:08:26 | 000,066,144 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\ 12:07:48 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Mozilla[2013-10-29 12:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork[2013-10-29 12:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork[2013-10-29 12:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\APN[2013-10-29 12:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AzureWave[2013-10-29 12:05:33 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\InstallShield[2013-10-29 12:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira[2013-10-29 12:05:11 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ 12:05:09 | 000,136,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\ 12:05:09 | 000,088,840 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\ 12:05:09 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\ 12:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira[2013-10-29 12:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira[2013-10-29 12:03:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\Atheros_L1e[2013-10-29 12:02:35 | 000,029,184 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\System32\ 12:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\EeePC[2013-10-29 12:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech[2013-10-29 12:01:25 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information[2013-10-29 12:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics[2013-10-29 12:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\NEC Electronics[2013-10-29 12:01:15 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\ 12:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\Intel[2013-10-29 12:00:55 | 000,000,000 | ---D | C] -- C:\Intel[2013-10-29 12:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun[2013-10-29 12:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java[2013-10-29 12:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java[2013-10-29 11:59:49 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Downloaded Installations[2013-10-29 11:59:22 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Adobe[2013-10-29 11:59:11 | 000,068,208 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\ 11:58:59 | 004,881,704 | ---- | C] (ELAN Microelectronics Corp.) -- C:\Windows\System32\ 11:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe[2013-10-29 11:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe[2013-10-29 11:57:58 | 000,000,000 | -HSD | C] -- C:\Windows\Installer[2013-10-29 11:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack[2013-10-29 11:57:36 | 003,649,536 | ---- | C] (x264vfw project) -- C:\Windows\System32\ 11:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe[2013-10-29 11:57:34 | 000,122,880 | ---- | C] (fccHandler) -- C:\Windows\System32\ 11:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack[2013-10-29 11:57:22 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Programs[2013-10-29 11:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp[2013-10-29 11:57:14 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Winamp[2013-10-29 11:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp[2013-10-29 11:56:48 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\WinRAR[2013-10-29 11:56:48 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR[2013-10-29 11:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR[2013-10-29 11:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR[2013-10-29 11:10:41 | 000,000,000 | R--D | C] -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup[2013-10-29 11:10:41 | 000,000,000 | R--D | C] -- C:\Users\asus\Searches[2013-10-29 11:10:41 | 000,000,000 | R--D | C] -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools[2013-10-29 11:10:30 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Roaming\Identities[2013-10-29 11:10:27 | 000,000,000 | R--D | C] -- C:\Users\asus\Contacts[2013-10-29 11:10:04 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\VirtualStore[2013-10-29 11:10:02 | 000,000,000 | --SD | C] -- C:\Users\asus\AppData\Roaming\Microsoft[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Videos[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Saved Games[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Pictures[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Music[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Links[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Favorites[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Downloads[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Documents[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\Desktop[2013-10-29 11:10:02 | 000,000,000 | R--D | C] -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Ustawienia lokalne[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\AppData\Local\Temporary Internet Files[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Szablony[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\SendTo[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Recent[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\PrintHood[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\NetHood[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Documents\Moje wideo[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Documents\Moje obrazy[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Moje dokumenty[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Documents\Moja muzyka[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Menu Start[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\AppData\Local\Historia[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Dane aplikacji[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\AppData\Local\Dane aplikacji[2013-10-29 11:10:02 | 000,000,000 | -HSD | C] -- C:\Users\asus\Cookies[2013-10-29 11:10:02 | 000,000,000 | -H-D | C] -- C:\Users\asus\AppData[2013-10-29 11:10:02 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Temp[2013-10-29 11:10:02 | 000,000,000 | ---D | C] -- C:\Users\asus\AppData\Local\Microsoft[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Ulubione[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Szablony[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\Recovery[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Pulpit[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje wideo[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moje obrazy[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Moja muzyka[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Start[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty[2013-10-29 11:09:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dane aplikacji[2013-10-29 11:05:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution[2013-10-29 11:03:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch[2013-10-29 11:02:34 | 000,000,000 | -HSD | C] -- C:\System Volume Information[2013-10-29 11:02:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-10-31 14:11:15 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\Bon 14:06:04 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\ 14:01:35 | 000,749,948 | ---- | M] () -- C:\Windows\System32\ 14:01:35 | 000,655,930 | ---- | M] () -- C:\Windows\System32\ 14:01:35 | 000,158,376 | ---- | M] () -- C:\Windows\System32\ 14:01:35 | 000,124,670 | ---- | M] () -- C:\Windows\System32\ 13:57:19 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\ 13:46:45 | 000,067,584 | --S- | M] () -- C:\Windows\ 12:29:27 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0- 12:29:27 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0- 12:20:00 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\ 12:20:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\Bonan 12:19:46 | 795,820,032 | -HS- | M] () -- C:\ 21:05:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\ 19:59:44 | 000,436,296 | ---- | M] () -- C:\Windows\System32\ 19:51:29 | 000,151,552 | ---- | M] () -- C:\Windows\ 19:51:29 | 000,008,192 | ---- | M] () -- C:\Windows\System32\ 21:19:58 | 000,243,128 | ---- | M] (Disc Soft Ltd) -- C:\Windows\System32\drivers\ 21:13:23 | 000,000,000 | ---- | M] () -- C:\Cookies[2013-10-29 21:05:11 | 000,362,029 | ---- | M] () -- C:\Windows\System32\ 20:04:51 | 000,364,318 | ---- | M] () -- C:\Users\asus\AppData\Local\ 13:12:22 | 000,000,734 | ---- | M] () -- C:\Users\asus\Desktop\ 13:10:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\ 12:39:12 | 000,015,098 | ---- | M] () -- C:\Windows\System32\ 12:07:36 | 000,066,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\ 12:03:07 | 000,001,769 | ---- | M] () -- C:\Windows\ 11:08:05 | 000,059,310 | ---- | M] () -- C:\Windows\System32\ 11:06:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\ 20:55:00 | 000,694,864 | ---- | M] (WilSys Co., Ltd.) -- C:\Users\asus\AppData\Roaming\ [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-10-31 12:59:49 | 000,001,108 | ---- | C] () -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ 21:05:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\ 19:52:17 | 000,151,552 | ---- | C] () -- C:\Windows\ 19:52:16 | 000,008,192 | ---- | C] () -- C:\Windows\System32\ 11:23:39 | 000,101,848 | -HS- | C] () -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jafdeqiphm..vbs[2013-10-29 21:13:23 | 000,000,000 | ---- | C] () -- C:\Cookies[2013-10-29 21:05:11 | 000,362,029 | ---- | C] () -- C:\Windows\System32\ 20:06:40 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\Bon 20:06:33 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\Bonan 20:05:15 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\ 20:04:57 | 000,364,318 | ---- | C] () -- C:\Users\asus\AppData\Local\ 19:52:42 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\ 19:52:31 | 000,001,028 | ---- | C] () -- C:\Windows\tasks\ 13:12:22 | 000,000,734 | ---- | C] () -- C:\Users\asus\Desktop\ 13:10:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\ 12:56:55 | 000,001,319 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla 12:39:12 | 000,015,098 | ---- | C] () -- C:\Windows\System32\ 12:02:35 | 000,219,136 | ---- | C] () -- C:\Windows\System32\ 12:02:34 | 000,025,616 | ---- | C] () -- C:\Windows\ 11:59:46 | 000,001,769 | ---- | C] () -- C:\Windows\ 11:59:11 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\ 11:58:55 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 11:57:36 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\ 11:57:35 | 000,650,752 | ---- | C] () -- C:\Windows\System32\ 11:57:35 | 000,243,200 | ---- | C] () -- C:\Windows\System32\ 11:57:34 | 000,217,176 | ---- | C] () -- C:\Windows\System32\ 11:57:31 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ 11:10:43 | 000,001,623 | ---- | C] () -- C:\Users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet 11:06:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\ 11:02:34 | 795,820,032 | -HS- | C] () -- C:\ 15:11:44 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\ 15:11:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\ [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\ -- [2009-07-14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\ -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\system32\wbem\ -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013-10-29 21:22:34 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\BabSolution[2013-10-29 21:21:54 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\Babylon[2013-10-30 20:07:37 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\BitComet[2013-10-29 21:22:24 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\DAEMON Tools Lite[2013-10-29 20:05:12 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\FoxTab[2013-10-31 13:22:05 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\GG[2013-10-29 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\Optimizer Pro[2013-10-29 13:11:13 | 000,000,000 | ---D | M] -- C:\Users\asus\AppData\Roaming\Plus Internet [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color][2013-10-31 13:40:28 | 104,348,737 | ---- | M] ()(C:\Windows\System32\???a) -- C:\Windows\System32\帵a[2013-10-31 13:40:28 | 000,000,000 | ---- | C] ()(C:\Windows\System32\???a) -- C:\Windows\System32\帵a [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720" zapytał(a) o 19:16 Mam wirusa na pendrive , co zrobić ? mam tego wirusa i nie wiem jak go z pena usunąć , bo wyczyściłam go całego i nie wiem czy to coś dało ? pomożecie ? jak go usunąć ? Ostatnia data uzupełnienia pytania: 2010-09-23 19:18:18 Odpowiedzi C-Miki odpowiedział(a) o 19:22 Jeśli posiadasz antywirusa podłącz dysk przenośny do komputera następnie:1) Wejdź w antywirusa, wybierz dysk do skanowania i kliknij Kliknij w ikonę dysku i Skanuj. Dokładniej ci nie mogę powiedzieć. Gdy wyskoczy alarm o wirusie kliknij: Usuń, lub Napraw blocked odpowiedział(a) o 19:19 jak wchodzisz w mój komputer i podłączasz pena to on go widzi .klikasz na ikonke pena prawy i przeskanuj przez avasta [ o ile masz avasta a polecam go ściągnąć ] .Zobacz czy to coś da . blocked odpowiedział(a) o 19:21 to nie wirus , program antyeirusowy odczytuje niektóre pliki jako wirus , bez obawy blocked odpowiedział(a) o 22:06 sformatuj jeśli dalej bedzie wykrywało wirusy to nie masz się czego bać bo antywir źle odczytuje pliki EKSPERTDamiEn odpowiedział(a) o 21:26 Sformatuj PEndrive - napewno pomoze :) Uważasz, że ktoś się myli? lub

wirus który tworzy skróty na pendrivie