możesz zastosować ten opis usuwanie Mbr.exe
wielkie dzięki. Wprawdzie MBR.EXE nie uporał się z problemem: na samym początku jakiś błąd w logu :
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: error reading MBR
Czy jest to jakiś powód do zmartwień ? Jednak wątek naprowadził mnie na rozwiązanie problemu :ściągnąłem
DrWebCureIt http://www.freedrweb.com/
który usunął trojana MBR'a :
Master Boot Record HDD1;;BackDoor.MaosBoot;Wyleczony.;
Wszystkim którzy pomogli lub starali się pomóc oczywiście "+" Dzięki
Profilaktycznie zapodaje jeszcze raz logi :
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:46:06, on 2008-06-26
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Gadu-Gadu\gg.exe
C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files (x86)\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8170 bytes
DSS- Kod: Zaznacz wszystko
Deckard's System Scanner v20071014.68
Run by Pita on 2008-06-26 13:47:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Pita.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:56, on 2008-06-26
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Gadu-Gadu\gg.exe
C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Pita\Desktop\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\Pita.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files (x86)\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8231 bytes
-- Files created between 2008-05-26 and 2008-06-26 -----------------------------
2008-06-26 12:53:35 66048 --a------ C:\mbr.exe
2008-06-25 20:52:15 0 d-------- C:\Program Files (x86)\Sun
2008-06-25 20:51:23 0 d-------- C:\Program Files (x86)\Java
2008-06-25 20:50:11 0 d-------- C:\Program Files (x86)\Common Files\Java
2008-06-25 20:13:46 0 d-------- C:\Program Files (x86)\SopCast
2008-06-25 17:04:21 0 d-------- C:\Program Files (x86)\Common Files\ABBYY
2008-06-25 17:01:46 0 d-------- C:\Users\All Users\ABBYY
2008-06-25 17:01:46 0 d-------- C:\Program Files (x86)\ABBYY FineReader 9.0
2008-06-25 16:58:35 0 d-------- C:\Program Files (x86)\FR90PE
2008-06-25 16:36:03 102400 --a------ C:\Windows\system32\tsccvid.dll <Not Verified; TechSmith Corporation; TechSmith Screen Capture Codec>
2008-06-25 16:35:50 5120 --a------ C:\Windows\system32\ff_vfw.dll
2008-06-25 16:35:49 0 d-------- C:\Program Files (x86)\ffdshow
2008-06-25 16:34:58 0 d-------- C:\Program Files (x86)\Common Files\PX Storage Engine
2008-06-25 16:34:50 0 d-------- C:\Program Files (x86)\DivX
2008-06-25 13:46:25 90112 --a------ C:\Windows\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-06-25 13:15:15 0 d-------- C:\Windows\PCHEALTH
2008-06-25 13:15:15 0 d-------- C:\Program Files (x86)\Microsoft.NET
2008-06-25 13:10:57 0 d-------- C:\Program Files (x86)\PowerISO
2008-06-25 11:55:49 0 d-------- C:\Program Files (x86)\DC++
2008-06-25 11:40:05 2560 --a------ C:\Windows\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-06-24 15:29:16 545 --a------ C:\Windows\UC.PIF
2008-06-24 15:29:16 545 --a------ C:\Windows\RAR.PIF
2008-06-24 15:29:16 545 --a------ C:\Windows\PKZIP.PIF
2008-06-24 15:29:16 545 --a------ C:\Windows\PKUNZIP.PIF
2008-06-24 15:29:16 545 --a------ C:\Windows\NOCLOSE.PIF
2008-06-24 15:29:16 545 --a------ C:\Windows\LHA.PIF
2008-06-24 15:29:16 545 --a------ C:\Windows\ARJ.PIF
2008-06-24 15:29:16 0 d-------- C:\Program Files (x86)\totalcmd
2008-06-24 14:57:45 0 d-------- C:\!KillBox
2008-06-24 14:20:51 0 d-------- C:\Program Files (x86)\Trend Micro
2008-06-24 13:36:12 0 d-------- C:\Users\All Users\ESET
2008-06-24 13:22:50 0 d-------- C:\Program Files (x86)\AnswerWorks 4.0
2008-06-24 13:21:45 0 d-------- C:\Users\All Users\Autodesk
2008-06-24 13:21:45 0 d-------- C:\Program Files (x86)\AutoCAD 2007
2008-06-24 13:20:18 0 d-------- C:\Program Files (x86)\Common Files\Autodesk Shared
2008-06-24 13:20:14 0 d-------- C:\Program Files (x86)\Autodesk
2008-06-24 12:59:03 0 d-------- C:\Users\All Users\FLEXnet
2008-06-24 12:52:10 0 d-------- C:\Users\All Users\Adobe
2008-06-24 12:51:47 0 d-------- C:\Program Files (x86)\Bonjour
2008-06-24 12:49:30 0 d-------- C:\Windows\system32\spool
2008-06-24 12:47:48 0 d-------- C:\Program Files (x86)\Common Files\Macrovision Shared
2008-06-24 12:47:22 0 d-------- C:\Program Files (x86)\Common Files\Adobe
2008-06-24 12:46:09 0 d-------- C:\Users\All Users\Real
2008-06-24 12:46:09 0 d-------- C:\Program Files (x86)\Real Alternative
2008-06-24 12:17:31 0 d-------- C:\Program Files (x86)\MarBit
2008-06-24 12:10:24 0 d-------- C:\Downloads
2008-06-24 12:10:19 0 d-------- C:\Program Files (x86)\BitComet
2008-06-24 11:38:21 0 d-------- C:\Users\All Users\Winamp Toolbar
2008-06-24 11:38:21 0 d-------- C:\Program Files (x86)\Winamp Toolbar
2008-06-24 11:37:50 0 d-------- C:\Program Files (x86)\Winamp
2008-06-24 11:35:58 0 d-------- C:\Windows\system32\Macromed
2008-06-24 11:35:28 0 --a------ C:\Windows\nsreg.dat
2008-06-24 11:05:59 0 d-------- C:\Program Files (x86)\Gadu-Gadu
2008-06-24 10:24:14 0 d-------- C:\Program Files (x86)\ATI Technologies
2008-06-24 10:23:45 0 d--hs---- C:\Windows\Installer
2008-06-24 09:53:17 143360 -r------- C:\Windows\system32\xRaidAPI.dll <Not Verified; JMicron Technology Corp.; JMB36X RAID API Dynamic Link Library>
2008-06-24 09:53:16 1953792 -r------- C:\Windows\system32\xRaidSetup.exe <Not Verified; JMicron Technology Corp.; JMicron JMB36X RAID Configurer>
2008-06-24 09:53:16 0 d-------- C:\RaidTool
2008-06-24 09:53:00 0 d-------- C:\Windows\RaidTool
2008-06-24 09:50:08 0 d-------- C:\Program Files (x86)\Common Files\InstallShield
2008-06-24 09:49:53 39936 --a------ C:\Windows\system32\SFFXComm.dll <Not Verified; Sonic Focus, Inc.; Sonic Focus Effects>
2008-06-24 09:49:36 0 d-------- C:\Users\All Users\SonicFocus
2008-06-24 09:48:55 0 d-------- C:\Program Files (x86)\Analog Devices
2008-06-24 09:48:52 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information
2008-06-24 09:48:36 0 d-------- C:\Users\All Users\InstallShield
2008-06-24 09:47:01 0 d-------- C:\Windows\ASUSInstAll
2008-06-24 09:41:13 0 d-------- C:\Program Files (x86)\Intel
2008-06-24 09:41:06 0 d-------- C:\Intel
2008-06-24 09:40:17 10288 --a------ C:\Windows\system32\drivers\ASUSHWIO.SYS
2008-06-24 09:27:30 0 d--hs---- C:\Users\Default\Ustawienia lokalne
2008-06-24 09:27:30 0 d--hs---- C:\Users\Default\Szablony
2008-06-24 09:27:30 0 d--hs---- C:\Users\Default\Moje dokumenty
2008-06-24 09:27:30 0 d--hs---- C:\Users\Default\Menu Start
2008-06-24 09:27:30 0 d--hs---- C:\Users\Default\Dane aplikacji
2008-06-24 09:27:30 0 d--hs---- C:\Users\All Users\Ulubione
2008-06-24 09:27:30 0 d--hs---- C:\Users\All Users\Szablony
2008-06-24 09:27:30 0 d--hs---- C:\Users\All Users\Pulpit
2008-06-24 09:27:30 0 d--hs---- C:\Users\All Users\Menu Start
2008-06-24 09:27:30 0 d--hs---- C:\Users\All Users\Dokumenty
2008-06-24 09:27:30 0 d--hs---- C:\Users\All Users\Dane aplikacji
2008-06-24 00:52:52 0 d-------- C:\Windows\Panther
2008-06-23 23:57:16 0 d-------- C:\Windows\SoftwareDistribution
2008-06-23 23:56:01 0 d-------- C:\Windows\Debug
2008-06-23 23:56:01 0 d-------- C:\Windows\CSC
2008-06-23 23:54:43 0 d-------- C:\Windows\Prefetch
2008-06-23 23:54:33 0 d--hs---- C:\System Volume Information
2008-05-31 01:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 01:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 01:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
-- Find3M Report ---------------------------------------------------------------
2008-06-25 20:50:11 0 d-------- C:\Program Files (x86)\Common Files
2008-06-25 17:07:30 0 d-------- C:\Users\Pita\AppData\Roaming\ABBYY
2008-06-25 16:36:29 0 d-------- C:\Users\Pita\AppData\Roaming\DivX
2008-06-25 13:48:58 0 d-------- C:\Users\Pita\AppData\Roaming\AdobeUM
2008-06-25 13:48:31 0 d-------- C:\Users\Pita\AppData\Roaming\Adobe
2008-06-24 15:29:16 0 d-------- C:\Users\Pita\AppData\Roaming\GHISLER
2008-06-24 13:32:33 0 d-------- C:\Users\Pita\AppData\Roaming\Gadu-Gadu
2008-06-24 13:25:46 0 d-------- C:\Users\Pita\AppData\Roaming\Autodesk
2008-06-24 12:46:09 0 d-------- C:\Users\Pita\AppData\Roaming\Real
2008-06-24 11:53:50 0 d-------- C:\Users\Pita\AppData\Roaming\Winamp
2008-06-24 11:40:10 0 d-------- C:\Users\Pita\AppData\Roaming\Macromedia
2008-06-24 11:35:26 0 d-------- C:\Users\Pita\AppData\Roaming\Mozilla
2008-06-24 10:26:42 0 d-------- C:\Users\Pita\AppData\Roaming\ATI
2008-06-24 09:48:37 0 d-------- C:\Users\Pita\AppData\Roaming\InstallShield
2008-06-24 09:30:26 0 d-------- C:\Users\Pita\AppData\Roaming\Identities
2008-05-23 00:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-23 00:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-23 00:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-23 00:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
-- End of Deckard's System Scanner: finished at 2008-06-26 13:48:10 ------------
Z czego dać jeszcze loga ?
Może jakiś inny program ?
Jeszcze raz wszystkim dzięki za pomoc. PZDR
