Skocz do zawartości

Zarchiwizowany

Ten temat jest archiwizowany i nie można dodawać nowych odpowiedzi.

krych777

Rozwiązany: Problem z "wejsciem" na dysk

Przez krych777, w Programy

Polecane posty

krych777 Krasnolud

krych777

Napisano
Napisano

Mam taki problem otóż miałem antywirus AVG, dawniej wykrył mi wirusa,a teraz kiedy go usunąłem nie moe wejść na ten dysk.Na szczęście miałem skrot do folderu który się tam znajduje,weszlem usunalem autorun i dalo sie wlaczyc za pomoca PPM i otwórz ale już tak wszystkie dyski trzeba.F to jest dydk przenośny,u kuzyna dziala normalnie,przywrócilem autorun i znowu klapa.Co robic?Prosze o pomoc!!!

Link do komentarza
Udostępnij na innych stronach
krych777 Krasnolud

krych777

Napisano
  • Autor
Napisano

a jak to zrobic nie jestem specem

ok mam długie

Logfile of random's system information tool 1.06 (written by random/random)

Run by ABC at 2009-12-31 15:22:41

Microsoft Windows XP Home Edition Dodatek Service Pack 3

System drive C: has 22 GB (55%) free of 41 GB

Total RAM: 1533 MB (68% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - d:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-12 483422]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]

"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]

"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]

"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-11-26 1629480]

"csrss"=C:\WINDOWS\system\csrss.exe []

"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608]

"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]

"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"ares"=d:\Program Files\Ares\Ares.exe -h []

"ALLUpdate"=d:\Program Files\ALLPlayer\ALLUpdate.exe [2009-11-11 870400]

"uTorrent"=d:\Program Files\uTorrent\uTorrent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-11-26 1057064]

C:\Documents and Settings\ABC\Menu Start\Programy\Autostart

GM_DevUpdate.lnk - C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"F:\setup.exe"="F:\setup.exe:*:Enabled:setup.exe"

"C:\WINDOWS\system\csrss.exe"="C:\WINDOWS\system\csrss.exe:*:Enabled:csrss.exe"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"E:\CDS\Nero\Installation\SetupX.exe"="E:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"G:\setup.exe"="G:\setup.exe:*:Enabled:setup.exe"

"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33dbf3e2-a12f-11de-9b61-001676dfec2a}]

shell\AutoRun\command - SLATKO/torta.exe

shell\explore\command - SLATKO/torta.exe

shell\open\command - SLATKO/torta.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33dbf3ea-a12f-11de-9b61-001676dfec2a}]

shell\AutoRun\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f96ee8-b1ce-11de-9b91-806d6172696f}]

shell\AutoRun\command - E:\autorun.exe

======List of files/folders created in the last 1 months======

2009-12-31 15:22:41 ----D---- C:\rsit

2009-12-31 15:22:41 ----D---- C:\Program Files\trend micro

2009-12-30 13:06:40 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\Ubisoft

2009-12-30 13:04:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft

2009-12-28 16:30:15 ----D---- C:\Program Files\AGEIA Technologies

2009-12-21 19:13:44 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks

2009-12-21 18:04:39 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\Ascaron Entertainment

2009-12-12 10:43:02 ----D---- C:\WINDOWS\Imperial Glory

2009-12-12 10:36:14 ----D---- C:\Program Files\ALLConverter

======List of files/folders modified in the last 1 months======

2009-12-31 15:22:41 ----RD---- C:\Program Files

2009-12-31 15:20:48 ----D---- C:\WINDOWS\Temp

2009-12-31 15:20:10 ----D---- C:\WINDOWS

2009-12-31 15:18:54 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-12-31 15:17:47 ----HD---- C:\WINDOWS\inf

2009-12-31 15:17:46 ----D---- C:\WINDOWS\system32

2009-12-31 15:17:46 ----D---- C:\WINDOWS\Prefetch

2009-12-31 15:13:09 ----D---- C:\WINDOWS\SoftwareDistribution

2009-12-31 14:36:50 ----D---- C:\WINDOWS\system32\CatRoot2

2009-12-31 14:31:22 ----SD---- C:\WINDOWS\Tasks

2009-12-30 13:04:08 ----RSD---- C:\WINDOWS\assembly

2009-12-30 13:03:37 ----D---- C:\WINDOWS\system32\DirectX

2009-12-30 12:51:58 ----HD---- C:\Program Files\InstallShield Installation Information

2009-12-30 12:05:15 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

2009-12-30 09:03:22 ----A---- C:\WINDOWS\NeroDigital.ini

2009-12-29 19:48:11 ----SD---- C:\Documents and Settings\ABC\Dane aplikacji\Microsoft

2009-12-29 19:48:10 ----D---- C:\WINDOWS\system32\drivers

2009-12-29 19:47:43 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\avg9

2009-12-29 16:31:32 ----SHD---- C:\Documents and Settings\ABC\Dane aplikacji\.#

2009-12-28 20:52:03 ----A---- C:\WINDOWS\system32\PnkBstrA.exe

2009-12-28 20:44:52 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\uTorrent

2009-12-28 19:30:12 ----SHD---- C:\WINDOWS\Installer

2009-12-28 19:28:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2009-12-28 19:27:35 ----D---- C:\WINDOWS\system32\AGEIA

2009-12-26 11:35:37 ----D---- C:\Program Files\Mozilla Firefox

2009-12-24 21:26:20 ----D---- C:\WINDOWS\Minidump

2009-12-12 10:35:35 ----D---- C:\Program Files\NAPI-PROJEKT

2009-12-06 17:32:39 ----RSD---- C:\WINDOWS\Fonts

2009-12-02 14:43:27 ----A---- C:\WINDOWS\system32\H@tKeysH@@k.DLL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-11-26 36776]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-11-26 38440]

R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-31 271360]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-31 18048]

R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]

R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-16 7729568]

R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-12 1550613]

R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-11-26 118952]

S3 GMFilter;GMFilter HID Filter Driver; C:\WINDOWS\system32\DRIVERS\GMFilter.sys [2004-12-30 19840]

S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-12-05 79136]

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]

R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-28 75064]

R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-30 189184]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]

R2 STacSV;Audio Service; c:\program files\idt\intelxpv_v103\wdm\STacSV.exe [2009-03-12 254036]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Link do komentarza
Udostępnij na innych stronach
Sevard Balrog

Sevard

Napisano
Napisano

Otwórz notatnik, wklej do niego to co poniżej

Windows Registry Editor Version 5.00


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33dbf3e2-a12f-11de-9b61-001676dfec2a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33dbf3ea-a12f-11de-9b61-001676dfec2a}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f96ee8-b1ce-11de-9b91-806d6172696f}]

zapisz to jako fix.reg i uruchom.

Po tym zabiegu zresetuj komputer i powinno być ok. Poza tym przeskanuj kompa za pomocą Malwarebytes' Anti-Malware (tak na wypadek, gdyby AVG wcześniej coś zostawił), wklej na forum loga, który zostanie utworzony po zakończeniu skanowania.

Ja później sprawdzę dokładniej logi, i zobaczę czy jeszcze coś w systemie nie zostało.

Link do komentarza
Udostępnij na innych stronach
krych777 Krasnolud

krych777

Napisano
  • Autor
Napisano
Pomaga, albo rozwala system. Z tego powodu należy go raczej używać w ostateczności. Sprawdź jeszcze, czy bezpośrednio na dyskach nie ma plików autorun.inf (mogą być ukryte i oznaczone jako systemowe).

autorun jesy bezposrednio tylko na F ktory wogole sie nie wlacza a D i Ctylko za PPM i otworz a w Malwarebytes znalzlo juz dwie infekcje

teraz juz wogole nawet za skrotem folderu z niego nie moge wejsc na F

Edit:juz moge

zaraz dam logi

Link do komentarza
Udostępnij na innych stronach
krych777 Krasnolud

krych777

Napisano
  • Autor
Napisano

OTL logfile created on: 2009-12-31 17:05:32 - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\ABC\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 40,00 Gb Total Space | 21,65 Gb Free Space | 54,11% Space Free | Partition Type: NTFS

Drive D: | 146,30 Gb Total Space | 74,07 Gb Free Space | 50,63% Space Free | Partition Type: NTFS

Drive E: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive F: | 298,09 Gb Total Space | 14,31 Gb Free Space | 4,80% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ABC-938AE3E0079

Current User Name: ABC

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009-12-31 15:56:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ABC\Pulpit\OTL.exe

PRC - [2009-12-30 14:55:16 | 01,389,904 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2009-12-30 12:05:15 | 00,189,184 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe

PRC - [2009-12-28 20:52:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe

PRC - [2009-09-13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2009-08-17 02:03:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

PRC - [2009-07-02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2009-03-12 11:53:46 | 00,483,422 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2009-03-12 11:53:46 | 00,254,036 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe

PRC - [2008-06-12 01:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

PRC - [2008-04-14 21:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-12-05 11:34:52 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2007-11-26 13:54:22 | 01,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

PRC - [2007-11-26 13:54:12 | 01,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

PRC - [2007-05-14 03:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe

PRC - [2007-03-14 20:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

PRC - [2004-12-27 02:26:06 | 00,045,056 | ---- | M] () -- C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe

PRC - [2004-04-13 05:07:18 | 00,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

========== Modules (SafeList) ==========

MOD - [2009-12-31 15:56:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ABC\Pulpit\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-12-30 12:05:15 | 00,189,184 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)

SRV - [2009-12-28 20:52:03 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)

SRV - [2009-08-17 02:03:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)

SRV - [2009-07-02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009-03-12 11:53:46 | 00,254,036 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe -- (STacSV)

SRV - [2007-12-05 11:34:52 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)

SRV - [2007-11-26 13:54:12 | 01,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2007-09-17 08:36:18 | 00,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)

SRV - [2007-06-27 17:04:00 | 00,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2007-05-14 03:54:36 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)

SRV - [2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009-10-31 14:06:42 | 00,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2009-10-31 14:06:41 | 00,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009-08-16 23:57:00 | 07,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009-06-18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)

DRV - [2009-03-12 11:53:46 | 01,550,613 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2008-04-13 21:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2008-04-13 21:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007-11-26 13:54:12 | 00,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)

DRV - [2007-11-26 13:54:12 | 00,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)

DRV - [2007-11-26 13:54:02 | 00,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2007-11-16 10:55:00 | 00,165,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®

DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2006-03-26 13:22:14 | 00,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2006-03-13 10:38:23 | 00,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2006-03-02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2005-10-13 14:46:08 | 00,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x)

DRV - [2005-08-10 15:06:28 | 00,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

DRV - [2004-12-30 11:00:44 | 00,019,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GMFilter.sys -- (GMFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 218.171.240.121:8088

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.startup.homepage: "http://www.battlefieldheroes.com/"

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.1.110

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5

FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.5

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-26 15:10:09 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-20 15:41:54 | 00,000,000 | ---D | M]

[2009-09-14 07:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Extensions

[2009-12-21 19:25:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\bnzsord1.default\extensions

[2009-12-20 14:05:04 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\bnzsord1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009-09-30 14:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\bnzsord1.default\extensions\battlefieldheroespatcher@ea.com

[2009-12-20 14:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\bnzsord1.default\extensions\illimitux@illimitux.net

[2009-12-01 18:20:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\bnzsord1.default\extensions\toolbar@ask.com

[2009-09-14 13:31:20 | 00,002,060 | ---- | M] () -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\bnzsord1.default\searchplugins\MyStart Search.xml

[2009-12-20 14:13:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009-07-30 23:44:16 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2009-07-30 23:44:16 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2009-07-30 23:44:16 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2009-07-30 23:44:16 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2009-07-30 23:44:16 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2009-07-30 23:44:16 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKCU..\Run: [ALLUpdate] d:\Program Files\ALLPlayer\ALLUpdate.exe ()

O4 - Startup: C:\Documents and Settings\ABC\Menu Start\Programy\Autostart\GM_DevUpdate.lnk = C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1257628082109 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-09-12 11:12:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008-03-28 21:09:19 | 00,131,720 | R--- | M] (InstallShield Software Corporation) - E:\autorun.exe -- [ UDF ]

O32 - AutoRun File - [2008-02-22 17:08:27 | 00,058,601 | R--- | M] () - E:\autorun.ico -- [ UDF ]

O32 - AutoRun File - [2008-02-22 17:08:27 | 00,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O32 - AutoRun File - [2008-02-22 17:08:44 | 00,000,382 | R--- | M] () - E:\autorun.ini -- [ UDF ]

O32 - AutoRun File - [2009-12-31 12:27:57 | 00,000,667 | ---- | M] () - F:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{33dbf3e2-a12f-11de-9b61-001676dfec2a}\Shell\AutoRun\command - "" = SLATKO/torta.exe

O33 - MountPoints2\{33dbf3e2-a12f-11de-9b61-001676dfec2a}\Shell\explore\command - "" = SLATKO/torta.exe

O33 - MountPoints2\{33dbf3e2-a12f-11de-9b61-001676dfec2a}\Shell\open\command - "" = SLATKO/torta.exe

O33 - MountPoints2\{e4f96ee8-b1ce-11de-9b91-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{e4f96ee8-b1ce-11de-9b91-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008-03-28 21:09:19 | 00,131,720 | R--- | M] (InstallShield Software Corporation)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009-12-31 16:35:02 | 02,304,561 | ---- | C] (Argente Software ) -- C:\Documents and Settings\ABC\Pulpit\Argente - Registry Cleaner 1.5.5.2.exe

[2009-12-31 15:56:10 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ABC\Pulpit\OTL.exe

[2009-12-31 15:55:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Dane aplikacji\Malwarebytes

[2009-12-31 15:54:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-12-31 15:54:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-12-31 15:54:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2009-12-31 15:22:41 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro

[2009-12-31 15:22:41 | 00,000,000 | ---D | C] -- C:\rsit

[2009-12-31 14:39:50 | 10,827,9664 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ABC\Pulpit\directx_aug2009_redist.exe

[2009-12-30 13:06:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Dane aplikacji\Ubisoft

[2009-12-30 13:04:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft

[2009-12-29 19:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-12-29 19:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-12-29 19:46:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2009-12-29 19:46:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[2009-12-28 16:30:15 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies

[2009-12-27 11:55:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Moje dokumenty\Two Worlds Saves

[2009-12-21 19:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks

[2009-12-21 19:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\TVU Networks

[2009-12-21 19:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\LocalLow

[2009-12-21 19:13:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\LocalLow

[2009-12-21 18:04:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Dane aplikacji\Ascaron Entertainment

[2009-12-20 14:21:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\dwhelper

[2009-12-12 10:43:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Imperial Glory

[2009-12-12 10:36:14 | 00,000,000 | ---D | C] -- C:\Program Files\ALLConverter

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009-12-31 17:04:07 | 00,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2009-12-31 17:04:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-12-31 17:04:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-12-31 17:03:23 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\ABC\NTUSER.DAT

[2009-12-31 17:03:17 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\ABC\ntuser.ini

[2009-12-31 17:01:47 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2009-12-31 17:01:00 | 00,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2009-12-31 16:58:08 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Argente - Registry Cleaner.lnk

[2009-12-31 16:35:42 | 02,304,561 | ---- | M] (Argente Software ) -- C:\Documents and Settings\ABC\Pulpit\Argente - Registry Cleaner 1.5.5.2.exe

[2009-12-31 15:56:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ABC\Pulpit\OTL.exe

[2009-12-31 15:55:02 | 00,000,562 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-12-31 15:35:28 | 00,000,413 | ---- | M] () -- C:\Documents and Settings\ABC\Pulpit\Fix.reg

[2009-12-31 15:22:08 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\ABC\Pulpit\RSIT.exe

[2009-12-31 15:12:30 | 10,827,9664 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ABC\Pulpit\directx_aug2009_redist.exe

[2009-12-31 13:44:06 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-12-30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-12-30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-12-30 13:03:32 | 00,000,877 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Assassin's Creed.lnk

[2009-12-30 12:05:15 | 00,189,184 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr

[2009-12-30 12:05:15 | 00,189,184 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2009-12-30 12:01:19 | 00,138,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009-12-30 09:37:11 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\PUTTY.RND

[2009-12-30 09:03:22 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-12-29 19:15:45 | 00,000,683 | ---- | M] () -- C:\Documents and Settings\ABC\Pulpit\Company of Heroes.lnk

[2009-12-28 20:52:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2009-12-26 10:12:05 | 00,000,605 | ---- | M] () -- C:\Documents and Settings\ABC\Pulpit\Darkstar One.lnk

[2009-12-16 18:09:29 | 03,214,974 | -H-- | M] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2009-12-07 07:29:58 | 00,048,520 | ---- | M] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2009-12-07 07:29:28 | 00,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-12-02 14:43:27 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009-12-31 16:58:08 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Argente - Registry Cleaner.lnk

[2009-12-31 15:55:02 | 00,000,562 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2009-12-31 15:35:28 | 00,000,413 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\Fix.reg

[2009-12-31 15:21:58 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\RSIT.exe

[2009-12-30 13:03:32 | 00,000,877 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Assassin's Creed.lnk

[2009-12-30 09:26:40 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\PUTTY.RND

[2009-12-29 19:15:45 | 00,000,683 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\Company of Heroes.lnk

[2009-12-26 10:12:05 | 00,000,605 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\Darkstar One.lnk

[2009-11-08 21:37:18 | 00,001,311 | ---- | C] () -- C:\WINDOWS\disney.ini

[2009-11-08 21:37:07 | 00,000,201 | ---- | C] () -- C:\WINDOWS\disneysy.ini

[2009-10-31 14:06:41 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2009-10-31 14:06:41 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2009-10-29 17:31:02 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\apache.dll

[2009-10-24 09:55:41 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL

[2009-10-24 06:44:41 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009-10-21 14:18:50 | 00,315,463 | ---- | C] () -- C:\WINDOWS\System32\GM2500F.dll

[2009-10-21 14:18:50 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\GM2500.dll

[2009-10-21 14:18:50 | 00,019,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\GMFilter.sys

[2009-10-03 12:27:57 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-09-26 14:26:59 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\ABC\Dane aplikacji\PnkBstrK.sys

[2009-09-23 19:23:17 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2009-09-18 19:47:33 | 00,138,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009-09-14 19:25:05 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-09-14 08:10:54 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009-09-14 08:00:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009-09-14 08:00:29 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-09-14 08:00:29 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009-08-03 00:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009-08-02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009-08-02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008-02-05 12:28:20 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\setup.txt

[2006-09-16 18:27:50 | 00,132,096 | ---- | C] () -- C:\WINDOWS\System32\gc.dll

[2003-04-08 10:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

OTL Extras logfile created on: 2009-12-31 17:05:32 - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\ABC\Pulpit

Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 40,00 Gb Total Space | 21,65 Gb Free Space | 54,11% Space Free | Partition Type: NTFS

Drive D: | 146,30 Gb Total Space | 74,07 Gb Free Space | 50,63% Space Free | Partition Type: NTFS

Drive E: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive F: | 298,09 Gb Total Space | 14,31 Gb Free Space | 4,80% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0153A77C-A981-4A1F-BAA9-16A80FBC358A}" = Full Spectrum Warrior

"{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Piraci z Karaibów - Na krańcu świata

"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III

"{05058E2C-F4D0-4ECF-8B1F-F28D83C09425}" = Faces of War

"{05381030-963D-4779-BECA-0D7D49268EDB}" = Płatnik 7.03.002

"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War 1.6 Patch

"{08F0DDCB-05C1-4A0E-B9E7-9EE077A2EDAD}" = Conflict Desert Storm II

"{0C38DE0A-5FC3-47E8-9FD0-69B5DC75FFB7}" = CT Special Forces - Fire For Effect

"{0D093D4A-C6F5-4258-8E13-94F8EA6C6A4C}" = PilotDown

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180" = Canon MP180

"{1369DDFE-DDF8-40BA-8A08-22AA9A12F2C6}" = Brothers In Arms Road to Hill 30

"{1596098A-FCEC-48F0-B7C7-08A31B771045}" = Nero 7 Essentials

"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes

"{1DC4E424-5D92-4C92-B1E1-4BE4318E7136}" = James Cameron's AVATAR: THE GAME (Demo)

"{1ECB9828-38A7-424F-9280-730F11EBBB96}" = Titan Quest

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3514C22B-C3A9-41C6-A818-FAEF474CA879}_is1" = ALLConverter to iPhone

"{46F86338-0AA1-4290-88E9-D91188217A07}_is1" = "Pierwsza Wojna Światowa" (Tylko usunięcie)

"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials

"{555E63EF-4EB5-43E5-BEEF-9E2CD7BCEFA2}" = Intel® Network Connections 14.4.0.0

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10

"{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}" = Gothic II - Noc Kruka

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War 1.7 Patch

"{75443B81-E1FC-4D79-80C0-5F0DF2A7F897}" = Conflict Global Storm

"{758A4269-70E5-4B11-B419-F692882408A9}" = Gothic

"{7756D8A9-0774-11D7-B613-00A0C90176D7}" = Władca Pierścieni - Drużyna Pierścienia

"{7A2F7270-5ECF-4A51-A309-1BCE25B47AF4}" = Helldorado

"{7CE3498C-866B-427E-8273-9CA67B24BA01}" = Thief: Deadly Shadows

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8A9ECA20-88BF-4A36-B101-B00DAF07021B}" = Medieval Lords

"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed

"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007

"{937F56D0-6415-4D3F-B33C-F63151F2F4C2}" = Gwiezdne Wilki

"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A958A40E-C25C-441A-A4A0-4638C873EB89}" = Stalingrad

"{AC76BA86-7AD7-1045-7B44-A90000000001}" = Adobe Reader 9 - Polish

"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter i Zakon Feniksa?

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{BBF51613-ACF3-4B1C-86E8-AD15BB431037}" = Tribes Zemsta

"{BD2DD2FD-4F09-453E-8402-1D319BC30B68}" = Act of War - Złota Edycja

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1

"{CC81D2F6-2A84-4F6A-9A5F-8F8E170CE791}" = Stubbs the Zombie

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE977CAD-5230-4BFE-917B-091A4F08182B}" = Outfront - Na tyłach wroga

"{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}" = Rise and Fall

"{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}_is1" = Rise and Fall

"{D1D72957-368A-404E-AD5C-604D32C2A9C3}" = Commandos Strike Force

"{D25D5844-0975-4CB2-A853-6BD781F4435E}" = Call of Juarez

"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas

"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = Devil May Cry 4

"{D52D5D70-6F8F-4690-8559-18D5EAC8B19F}" = XIII

"{D867D5F2-C2D1-406F-B9E4-D4D2BFB7AA0D}" = Ghost Recon Advanced Warfighter

"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E5B77685-3AEB-432D-8F73-29FEEEE89613}" = Twierdza Krzyżowiec

"{E8A98F96-E98E-460A-B959-F454EC3CE6D8}" = Delta Force: Xtreme

"{EA2EE1AC-D70F-42E2-920F-4C2423B60B9E}" = Darkstar One

"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire

"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict

"{F7647952-5A46-4D27-8CC2-87098CC7ED31}" = PANZERS - Faza 2

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player Plugin

"Advent Rising - spolszczenie" = Advent Rising - spolszczenie

"Airborne Troops/PL-Polish_is1" = Airborne Troops

"ALLConverter to 3GP_is1" = ALLConverter to 3GP

"ALLConverter to PSP_is1" = ALLConverter to PSP

"ALLPlayer V3.4.6.2_is1" = ALLPlayer V3.X

"ALLPlayer_is1" = ALLPlayer V4.X

"America's Secret Operations/PL-Polish_is1" = America's Secret Operations

"Any Video Converter_is1" = Any Video Converter 2.7.8

"Argente - Registry Cleaner_is1" = Argente - Registry Cleaner 1.5.5.2

"ArmA" = ArmA Uninstall

"ArmA Queen's Gambit" = ArmA Queen's Gambit Uninstall

"BadCopy Pro" = BadCopy Pro

"Battlestrike - Force of Resistance/PL-Polish_is1" = Mortyr 3: Akcje Dywersyjne

"BattlEye" = BattlEye Uninstall

"Black out Saigon_is1" = Black out Saigon 1.4

"Blitzkrieg 2" = Blitzkrieg 2

"Breed" = Breed

"BrothersInArmsEiB" = Brothers In Arms EiB

"BrothersInArmsEIBSDK" = BiA Earned in Blood SDK

"CDisplay_is1" = CDisplay 1.8

"Codec_is1" = Codec 8.3a

"CommandMod" = Rendroc's CommandMod for Brothers In Arms: Earned In Blood

"Conflict Desert Storm PL" = Conflict Desert Storm PL

"Crack do Gothic 3" = Crack do Gothic 3

"Crashday_pl_is1" = Crashday v1.1

"Dark Sector/PL-Polish_is1" = Dark Sector

"Desperados - Poszukiwany Żywy lub Martwy_is1" = Desperados 1.01

"DXIW_is1" = Deus Ex - Invisible War

"EuroCopsPL_is1" = EuroCops v1.03

"FableTLCMod - Fable Explorer" = FableTLCMod - Fable Explorer

"FFL_is1" = Code of Honor - Francuska Legia Cudzoziemska

"H&D2_is1" = Hidden & Dangerous 2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Imperial Glory" = Imperial Glory

"IncrediMail" = IncrediMail

"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War 1.6 Patch

"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War 1.7 Patch

"InstallShield_{7CE3498C-866B-427E-8273-9CA67B24BA01}" = Thief: Deadly Shadows

"InstallShield_{8A9ECA20-88BF-4A36-B101-B00DAF07021B}" = Medieval Lords

"InstallShield_{937F56D0-6415-4D3F-B33C-F63151F2F4C2}" = Gwiezdne Wilki

"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters

"InstallShield_{D25D5844-0975-4CB2-A853-6BD781F4435E}" = Call of Juarez

"IrfanView" = IrfanView (remove only)

"Joint Task Force_is1" = Joint Task Force

"Knights of the Temple" = Knights of the Temple

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Essentials" = Microsoft Security Essentials

"midway_pl" = Combat Wings

"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MTA: Race for San Andreas" = MTA: Race for San Andreas 1.1.1

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"OpenAL" = OpenAL

"Pacific Storm - Allies_is1" = Pacific Storm - Allies

"Panzer Claws" = Panzer Claws

"Panzer Elite Action" = Panzer Elite Action

"Pariah" = Pariah

"Pogoda_is1" = Pogoda 1.61

"Port Royale 2" = Port Royale 2

"Psychotoxic" = Psychotoxic

"PunkBusterSvc" = PunkBuster Services

"RealAlt_is1" = Real Alternative 1.9.0

"SAS Secure Tomorrow_is1" = SAS Secure Tomorrow (1.0)

"SCAR/PL-Polish_is1" = SCAR

"Sniper Elite PL_is1" = Sniper Elite PL

"StarWolves (PL)_is1" = StarWolves

"Steam App 10180" = Call of Duty: Modern Warfare 2

"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer

"Steam App 10700" = Speedball 2 - Tournament

"SubEdit-Player_is1" = SubEdit-Player

"Sudeki_is1" = Sudeki

"Summer Athletics 2009/PL-Polish_is1" = Summer Athletics 2009

"THIV_is1" = The Hell in Vietnam

"Two Worlds" = Two Worlds

"UberSoldier" = UberSoldier

"USB all-in-one game controller" = USB all-in-one game controller

"WarCommander" = WarCommander

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"Wings of Honour - Battles of the Red Baron/PL-Polish_is1" = Wings of Honour: Battles of the Red Baron

"WinRAR archiver" = Archiwizator WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Zdarzenie na morzu" = Zdarzenie na morzu

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City

"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (ABC)

"Sins of a Solar Empire" = Sins of a Solar Empire

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2009-11-19 08:46:02 | Computer Name = ABC-938AE3E0079 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd isuspm.exe, wersja 3.0.100.1131, moduł powodujący

błąd oleaut32.dll, wersja 5.1.2600.5512, adres błędu 0x000048a4.

Error - 2009-11-20 16:12:58 | Computer Name = ABC-938AE3E0079 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca steam.exe, wersja 1.0.0.0, moduł zawieszenia

hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-11-24 10:38:33 | Computer Name = ABC-938AE3E0079 | Source = MSSecurityEssentials | ID = 5000

Description =

Error - 2009-11-25 09:17:57 | Computer Name = ABC-938AE3E0079 | Source = ESENT | ID = 485

Description = wuauclt (3072) Próba usunięcia pliku "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"

zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może

uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja

usuwania pliku zostanie zakończona z błędem -1032 (0xfffffbf8).

Error - 2009-11-25 09:58:26 | Computer Name = ABC-938AE3E0079 | Source = ESENT | ID = 485

Description = wuauclt (1812) Próba usunięcia pliku "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"

zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może

uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja

usuwania pliku zostanie zakończona z błędem -1032 (0xfffffbf8).

Error - 2009-11-25 13:29:58 | Computer Name = ABC-938AE3E0079 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd t3main.exe, wersja 1.0.0.1, moduł powodujący

błąd t3main.exe, wersja 1.0.0.1, adres błędu 0x003ad5ff.

Error - 2009-11-26 03:32:17 | Computer Name = ABC-938AE3E0079 | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 0, P2 system file cache, P3 cacheflush,

P4 2.0.6212.0, P5 microsoft antimalware, P6 1, P7 unspecified, P8 NIL, P9 NIL, P10

NIL.

Error - 2009-11-26 04:00:03 | Computer Name = ABC-938AE3E0079 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd isuspm.exe, wersja 3.0.100.1131, moduł powodujący

błąd oleaut32.dll, wersja 5.1.2600.5512, adres błędu 0x000048a4.

Error - 2009-11-26 05:58:31 | Computer Name = ABC-938AE3E0079 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd t3main.exe, wersja 1.0.0.1, moduł powodujący

błąd t3main.exe, wersja 1.0.0.1, adres błędu 0x003be358.

Error - 2009-11-26 07:44:57 | Computer Name = ABC-938AE3E0079 | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd isuspm.exe, wersja 3.0.100.1131, moduł powodujący

błąd oleaut32.dll, wersja 5.1.2600.5512, adres błędu 0x000048a4.

[ System Events ]

Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

błąd: %%126

Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

błąd: %%126

Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

błąd: %%126

Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

błąd: %%126

Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

błąd: %%126

Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

błąd: %%126

Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023

Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący

błąd: %%126

Error - 2009-12-29 14:20:31 | Computer Name = ABC-938AE3E0079 | Source = Microsoft Antimalware | ID = 1008

Description = %%861 has encountered an error when taking action on spyware or other

potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...atid=2147625170

User:

ABC-938AE3E0079\ABC Name: Backdoor:Win32/Ursap!rts ID: 2147625170 Severity: High Category:

Backdoor Path: Action: %%809 Error Code: 0x80508023 Error description: The program

could not find the spyware and other potentially unwanted software on this computer.

Status: Signature Version: AV: 1.71.1473.0, AS: 1.71.1473.0 Engine Version: 1.1.5302.0

Error - 2009-12-29 14:43:56 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7031

Description = Usługa Zdalne wywoływanie procedur (RPC) niespodziewanie zakończyła

pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca

czynność korekcyjna: Uruchom ponownie komputer.

Error - 2009-12-30 03:52:55 | Computer Name = ABC-938AE3E0079 | Source = System Error | ID = 1003

Description = Kod błędu 000000ea, parametr 1 887dfbf0, parametr 2 89550d80, parametr

3 8977e9e0, parametr 4 00000001.

< End of report >

Czyli system jest nadal zainfekowany. Zobaczymy co na końcu powie Malwarebytes'.

Czy mi się wydaje, czy masz dwa antywirusy (AVG i Microsoft Security Essentials)?

tak zgadza sie bo avg nie moglem na poczatku odinstalowac i nie mialem na nim kontroli a teraz man tylko Essentialss

Logfile of random's system information tool 1.06 (written by random/random)

Run by ABC at 2009-12-31 17:17:05

Microsoft Windows XP Home Edition Dodatek Service Pack 3

System drive C: has 22 GB (55%) free of 41 GB

Total RAM: 1533 MB (58% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-12 483422]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]

"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]

"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]

"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-11-26 1629480]

"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608]

"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]

"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"ALLUpdate"=d:\Program Files\ALLPlayer\ALLUpdate.exe [2009-11-11 870400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-11-26 1057064]

C:\Documents and Settings\ABC\Menu Start\Programy\Autostart

GM_DevUpdate.lnk - C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"E:\CDS\Nero\Installation\SetupX.exe"="E:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"G:\setup.exe"="G:\setup.exe:*:Enabled:setup.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33dbf3e2-a12f-11de-9b61-001676dfec2a}]

shell\AutoRun\command - SLATKO/torta.exe

shell\explore\command - SLATKO/torta.exe

shell\open\command - SLATKO/torta.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f96ee8-b1ce-11de-9b91-806d6172696f}]

shell\AutoRun\command - E:\autorun.exe

======List of files/folders created in the last 1 months======

2009-12-31 15:55:04 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\Malwarebytes

2009-12-31 15:54:57 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

2009-12-31 15:22:41 ----D---- C:\rsit

2009-12-31 15:22:41 ----D---- C:\Program Files\trend micro

2009-12-30 13:06:40 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\Ubisoft

2009-12-30 13:04:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft

2009-12-28 16:30:15 ----D---- C:\Program Files\AGEIA Technologies

2009-12-21 19:13:44 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks

2009-12-21 18:04:39 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\Ascaron Entertainment

2009-12-12 10:43:02 ----D---- C:\WINDOWS\Imperial Glory

2009-12-12 10:36:14 ----D---- C:\Program Files\ALLConverter

======List of files/folders modified in the last 1 months======

2009-12-31 17:16:36 ----D---- C:\WINDOWS\Temp

2009-12-31 17:11:14 ----D---- C:\WINDOWS\Prefetch

2009-12-31 17:09:13 ----SD---- C:\WINDOWS\Tasks

2009-12-31 17:08:19 ----D---- C:\WINDOWS\system32\CatRoot2

2009-12-31 17:03:19 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-12-31 15:54:59 ----D---- C:\WINDOWS\system32\drivers

2009-12-31 15:22:41 ----RD---- C:\Program Files

2009-12-31 15:20:10 ----D---- C:\WINDOWS

2009-12-31 15:17:47 ----HD---- C:\WINDOWS\inf

2009-12-31 15:17:46 ----D---- C:\WINDOWS\system32

2009-12-31 15:13:09 ----D---- C:\WINDOWS\SoftwareDistribution

2009-12-30 13:04:22 ----D---- C:\WINDOWS\system32\DirectX

2009-12-30 13:04:08 ----RSD---- C:\WINDOWS\assembly

2009-12-30 12:51:58 ----HD---- C:\Program Files\InstallShield Installation Information

2009-12-30 12:05:15 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

2009-12-30 09:03:22 ----A---- C:\WINDOWS\NeroDigital.ini

2009-12-29 19:48:11 ----SD---- C:\Documents and Settings\ABC\Dane aplikacji\Microsoft

2009-12-29 19:47:43 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\avg9

2009-12-29 16:31:32 ----SHD---- C:\Documents and Settings\ABC\Dane aplikacji\.#

2009-12-28 20:52:03 ----A---- C:\WINDOWS\system32\PnkBstrA.exe

2009-12-28 20:44:52 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\uTorrent

2009-12-28 19:30:12 ----SHD---- C:\WINDOWS\Installer

2009-12-28 19:28:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2009-12-28 19:27:35 ----D---- C:\WINDOWS\system32\AGEIA

2009-12-26 11:35:37 ----D---- C:\Program Files\Mozilla Firefox

2009-12-24 21:26:20 ----D---- C:\WINDOWS\Minidump

2009-12-12 10:35:35 ----D---- C:\Program Files\NAPI-PROJEKT

2009-12-06 17:32:39 ----RSD---- C:\WINDOWS\Fonts

2009-12-02 14:43:27 ----A---- C:\WINDOWS\system32\H@tKeysH@@k.DLL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-11-26 36776]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-11-26 38440]

R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-31 271360]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-31 18048]

R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]

R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-16 7729568]

R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-12 1550613]

R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-11-26 118952]

S3 GMFilter;GMFilter HID Filter Driver; C:\WINDOWS\system32\DRIVERS\GMFilter.sys [2004-12-30 19840]

S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-12-05 79136]

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]

R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-28 75064]

R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-30 189184]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]

R2 STacSV;Audio Service; c:\program files\idt\intelxpv_v103\wdm\STacSV.exe [2009-03-12 254036]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

A teraz daje loga z malware (nie dalem usun wirusy)

Malwarebytes' Anti-Malware 1.43

Wersja bazy definicji: 3458

Windows 5.1.2600 Dodatek Service Pack 3

Internet Explorer 7.0.5730.13

2009-12-31 17:39:01

mbam-log-2009-12-31 (17-38-58).txt

Typ skanowania: Pełne skanowanie (C:\|)

Przeskanowane obiekty: 167389

Upłynęło: 33 minute(s), 3 second(s)

Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 0

Zainfekowane wartości rejestru: 0

Zainfekowane pliki rejestru: 3

Zainfekowane foldery: 0

Zainfekowane pliki: 3

Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:

(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:

(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Zainfekowane foldery:

(Nie wykryto groźnych plików)

Zainfekowane pliki:

C:\System Volume Information\_restore{1A91FA87-5582-4B29-ADCE-D6022102DC53}\RP162\A0042113.exe (Malware.Packer) -> No action taken.

C:\System Volume Information\_restore{1A91FA87-5582-4B29-ADCE-D6022102DC53}\RP180\A0046424.exe (Malware.Packer) -> No action taken.

C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.

Link do komentarza
Udostępnij na innych stronach
Sevard Balrog

Sevard

Napisano
Napisano

No tak, zapomniałem wcześniej o enterach.

Otwórz notatnik, wklej do niego to co poniżej

Windows Registry Editor Version 5.00


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33dbf3ea-a12f-11de-9b61-001676dfec2a}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f96ee8-b1ce-11de-9b91-806d6172696f}]

zapisz to jako fix.reg i uruchom. I tym razem powinno być ok.

Na dysku F jest plik autorun.inf pozbądź się go, w następujący sposób:

Ściągnij, rozpakuj i uruchom Avengera.

Wklej do niego skrypt

Files to delete:

F:\autorun.inf

i uruchom wykonywanie się skryptu.

Malwarebytes' niech usunie to co znalazł.

Link do komentarza
Udostępnij na innych stronach
krych777 Krasnolud

krych777

Napisano
  • Autor
Napisano

avenger nie mogl usunac autorun i dalej jest tak samo, nie da sie wejsc na dysk normalnie

a tresc autorun jest taka

;M=ős???čt??té?ě?üFLíwú?d????L??đ???y/??sÉÖÖd?đseAc???Â??č?dE-X?e?Ďí?ŕm????l?ú???Ňb?éEeÁF?}ĂÇ

[autorun

;kÜE?ń<ýI,ý?%ě\?

;ř???Ř$?Ţm$??r?ů?Ę??^?|ćĎrW?dv?+??ţ˙á-Jw?ň?ĂőCň?M?wÍ?ĺs

open=SLATKO/torta.exe

;ń?v?$Vt?úý

;??Z??N?xňF?<Z&?vYK?đ?x?aL??wT%?ô?wJ?>wröZ???mbń?bL@???ĘEđ?rÔ?Ú?s?QČ`??j(?č??ě?đ?a?Fm???yst?

icon=%SystemRoot%\system32\SHELL32.dll,4

;QĺRta??v?:ńts+/ŇĘ?ń??

action=Open folder to view files using Windows Explorer

;?ĺÚ?r?Â?Äú?dM

shell\\open\\command=SLATKO/torta.exe

;?TQ?ŘXňŕmx?AÖŕ??w˙?Â?}?C|fěÖ?ěůoLa?ÁOev????Ý????ůýyv??Xlń??Rx?č??ë??XIMB?W??

shell\\explore\\command=SLATKO/torta.exe

;ŔěmJdO?dm?đń????

useautoplay=1

;ř???Ř$?Ţm$??r?=K.??<nŕ÷

Mi sie wydaje ze AVG usunal plik i dlatego wyskakuje otworz za pomoca bo nie pliku w Windowsie odpowiedniego za to

Link do komentarza
Udostępnij na innych stronach
Sevard Balrog

Sevard

Napisano
Napisano

To spróbuj jeszcze tak:

Uruchom wiersz poleceń (Start > Uruchom..., tam wpisujesz cmd).

I następnie wpisujesz po kolei komendy:

f:

attrib -r -s -a -h autorun.inf

del autorun.inf

Jeśli i to nie pomoże, to spróbuj użyć killboxa z zaznaczoną opcją delete on reboot.

Problem jest z dyskiem F:, tak?

Link do komentarza
Udostępnij na innych stronach
krych777 Krasnolud

krych777

Napisano
  • Autor
Napisano
To spróbuj jeszcze tak:

Uruchom wiersz poleceń (Start > Uruchom..., tam wpisujesz cmd).

I następnie wpisujesz po kolei komendy:

f:

attrib -r -s -a -h autorun.inf

del autorun.inf

Jeśli i to nie pomoże, to spróbuj użyć killboxa z zaznaczoną opcją delete on reboot.

Problem jest z dyskiem F:, tak?

Tak z F

Ale na D i C tez normalnie sie nie da bo przekierowuje do wyszukiwarki

Link do komentarza
Udostępnij na innych stronach
krych777 Krasnolud

krych777

Napisano
  • Autor
Napisano
To spróbuj jeszcze tak:

Uruchom wiersz poleceń (Start > Uruchom..., tam wpisujesz cmd).

I następnie wpisujesz po kolei komendy:

f:

attrib -r -s -a -h autorun.inf

del autorun.inf

Jeśli i to nie pomoże, to spróbuj użyć killboxa z zaznaczoną opcją delete on reboot.

Problem jest z dyskiem F:, tak?

Tak z F

Ale na D i C tez normalnie sie nie da bo przekierowuje do wyszukiwarki

usunalem i na F: teraz jest to samo co na D: i C:

Po 2-krotnym kliknieciu pojawia się wyszukiwakra plikow(z pieskiem)i aby wejsc PPM i otworz

Ja bym radził zeskanować combofixem.

ale podobno moze rozwalic system

Link do komentarza
Udostępnij na innych stronach
Sevard Balrog

Sevard

Napisano
Napisano

No, w końcu znalazłem.

Spróbuj użyć tego.

Do naprawy plików systemowych można spróbować użyć komendy

sfc /scannow

@mariusz1024 Jak chcesz to ryzykuj, ostatnio w Combofixie był np. bug, który w pewnych sytuacjach sprawiał, że część systemów po jego użyciu się nie bootowała. Z tego powodu Combofix był nawet niedostępny do pobrania z bleepingcomputer.com/, a to już o czymś według mnie świadczy. Oczywiście autor Combofixa dokłada wszelkich starań, żeby ten program nie sprawiał problemów, ale błędy mogą się zdarzyć każdemu. Combofix jest zaś programem o dużej sile rażenia, więc potencjalne błędy mogą być bardzo dotkliwe.

Link do komentarza
Udostępnij na innych stronach
Gość
Temat jest zablokowany i nie można w nim pisać.
Przejdź do listy tematów

  • Kto przegląda   0 użytkowników

    • Brak zalogowanych użytkowników przeglądających tę stronę.
×
×
  • Utwórz nowe...