krych777 Napisano Grudzień 31, 2009 Zgłoś Share Napisano Grudzień 31, 2009 Mam taki problem otóż miałem antywirus AVG, dawniej wykrył mi wirusa,a teraz kiedy go usunąłem nie moe wejść na ten dysk.Na szczęście miałem skrot do folderu który się tam znajduje,weszlem usunalem autorun i dalo sie wlaczyc za pomoca PPM i otwórz ale już tak wszystkie dyski trzeba.F to jest dydk przenośny,u kuzyna dziala normalnie,przywrócilem autorun i znowu klapa.Co robic?Prosze o pomoc!!! Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Grudzień 31, 2009 Zgłoś Share Napisano Grudzień 31, 2009 Przenoszę do programów. Daj log z RSITa, to się to naprawi. Link do komentarza Udostępnij na innych stronach More sharing options...
krych777 Napisano Grudzień 31, 2009 Autor Zgłoś Share Napisano Grudzień 31, 2009 a jak to zrobic nie jestem specem ok mam długie Logfile of random's system information tool 1.06 (written by random/random) Run by ABC at 2009-12-31 15:22:41 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 22 GB (55%) free of 41 GB Total RAM: 1533 MB (68% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - d:\Program Files\AVG\AVG9\avgssie.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-12 483422] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-11-26 1629480] "csrss"=C:\WINDOWS\system\csrss.exe [] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632] "MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "ares"=d:\Program Files\Ares\Ares.exe -h [] "ALLUpdate"=d:\Program Files\ALLPlayer\ALLUpdate.exe [2009-11-11 870400] "uTorrent"=d:\Program Files\uTorrent\uTorrent.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-11-26 1057064] C:\Documents and Settings\ABC\Menu Start\Programy\Autostart GM_DevUpdate.lnk - C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "F:\setup.exe"="F:\setup.exe:*:Enabled:setup.exe" "C:\WINDOWS\system\csrss.exe"="C:\WINDOWS\system\csrss.exe:*:Enabled:csrss.exe" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\CDS\Nero\Installation\SetupX.exe"="E:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "G:\setup.exe"="G:\setup.exe:*:Enabled:setup.exe" " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33dbf3e2-a12f-11de-9b61-001676dfec2a}] shell\AutoRun\command - SLATKO/torta.exe shell\explore\command - SLATKO/torta.exe shell\open\command - SLATKO/torta.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33dbf3ea-a12f-11de-9b61-001676dfec2a}] shell\AutoRun\command - setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f96ee8-b1ce-11de-9b91-806d6172696f}] shell\AutoRun\command - E:\autorun.exe ======List of files/folders created in the last 1 months====== 2009-12-31 15:22:41 ----D---- C:\rsit 2009-12-31 15:22:41 ----D---- C:\Program Files\trend micro 2009-12-30 13:06:40 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\Ubisoft 2009-12-30 13:04:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft 2009-12-28 16:30:15 ----D---- C:\Program Files\AGEIA Technologies 2009-12-21 19:13:44 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks 2009-12-21 18:04:39 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\Ascaron Entertainment 2009-12-12 10:43:02 ----D---- C:\WINDOWS\Imperial Glory 2009-12-12 10:36:14 ----D---- C:\Program Files\ALLConverter ======List of files/folders modified in the last 1 months====== 2009-12-31 15:22:41 ----RD---- C:\Program Files 2009-12-31 15:20:48 ----D---- C:\WINDOWS\Temp 2009-12-31 15:20:10 ----D---- C:\WINDOWS 2009-12-31 15:18:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-31 15:17:47 ----HD---- C:\WINDOWS\inf 2009-12-31 15:17:46 ----D---- C:\WINDOWS\system32 2009-12-31 15:17:46 ----D---- C:\WINDOWS\Prefetch 2009-12-31 15:13:09 ----D---- C:\WINDOWS\SoftwareDistribution 2009-12-31 14:36:50 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-31 14:31:22 ----SD---- C:\WINDOWS\Tasks 2009-12-30 13:04:08 ----RSD---- C:\WINDOWS\assembly 2009-12-30 13:03:37 ----D---- C:\WINDOWS\system32\DirectX 2009-12-30 12:51:58 ----HD---- C:\Program Files\InstallShield Installation Information 2009-12-30 12:05:15 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2009-12-30 09:03:22 ----A---- C:\WINDOWS\NeroDigital.ini 2009-12-29 19:48:11 ----SD---- C:\Documents and Settings\ABC\Dane aplikacji\Microsoft 2009-12-29 19:48:10 ----D---- C:\WINDOWS\system32\drivers 2009-12-29 19:47:43 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\avg9 2009-12-29 16:31:32 ----SHD---- C:\Documents and Settings\ABC\Dane aplikacji\.# 2009-12-28 20:52:03 ----A---- C:\WINDOWS\system32\PnkBstrA.exe 2009-12-28 20:44:52 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\uTorrent 2009-12-28 19:30:12 ----SHD---- C:\WINDOWS\Installer 2009-12-28 19:28:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-12-28 19:27:35 ----D---- C:\WINDOWS\system32\AGEIA 2009-12-26 11:35:37 ----D---- C:\Program Files\Mozilla Firefox 2009-12-24 21:26:20 ----D---- C:\WINDOWS\Minidump 2009-12-12 10:35:35 ----D---- C:\Program Files\NAPI-PROJEKT 2009-12-06 17:32:39 ----RSD---- C:\WINDOWS\Fonts 2009-12-02 14:43:27 ----A---- C:\WINDOWS\system32\H@tKeysH@@k.DLL ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-11-26 36776] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-11-26 38440] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-31 271360] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-31 18048] R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-16 7729568] R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-12 1550613] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-11-26 118952] S3 GMFilter;GMFilter HID Filter Driver; C:\WINDOWS\system32\DRIVERS\GMFilter.sys [2004-12-30 19840] S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-12-05 79136] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-28 75064] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-30 189184] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024] R2 STacSV;Audio Service; c:\program files\idt\intelxpv_v103\wdm\STacSV.exe [2009-03-12 254036] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Grudzień 31, 2009 Zgłoś Share Napisano Grudzień 31, 2009 Otwórz notatnik, wklej do niego to co poniżej Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33dbf3e2-a12f-11de-9b61-001676dfec2a}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33dbf3ea-a12f-11de-9b61-001676dfec2a}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f96ee8-b1ce-11de-9b91-806d6172696f}] zapisz to jako fix.reg i uruchom. Po tym zabiegu zresetuj komputer i powinno być ok. Poza tym przeskanuj kompa za pomocą Malwarebytes' Anti-Malware (tak na wypadek, gdyby AVG wcześniej coś zostawił), wklej na forum loga, który zostanie utworzony po zakończeniu skanowania. Ja później sprawdzę dokładniej logi, i zobaczę czy jeszcze coś w systemie nie zostało. Link do komentarza Udostępnij na innych stronach More sharing options...
krych777 Napisano Grudzień 31, 2009 Autor Zgłoś Share Napisano Grudzień 31, 2009 Zrobilem i jest To jest tak: D i C pokazyje sie wyszukiwanie (nie dysku tylko ten z pieskiem) F- otworz za pomoca i mam pytanie czy wlozenie plyty windowsa i klikniecie naprawy cos da? Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Grudzień 31, 2009 Zgłoś Share Napisano Grudzień 31, 2009 Nie, naprawa przywraca tylko pliki, nie wpływa na ustawienia, a tu jest coś z rejestrem. Daj log z Malwarebytes' Anti-Malware, świeży log z RSITa oraz log z OTLa. Link do komentarza Udostępnij na innych stronach More sharing options...
krych777 Napisano Grudzień 31, 2009 Autor Zgłoś Share Napisano Grudzień 31, 2009 czytalem w google o combofixie ze pomaga da cos? i jeszcze jedno bo AVG cos usunal z C i z F dawniej albo dal do kwarantanny. A przy deinstalacji usunąl te pliki Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Grudzień 31, 2009 Zgłoś Share Napisano Grudzień 31, 2009 Pomaga, albo rozwala system. Z tego powodu należy go raczej używać w ostateczności. Sprawdź jeszcze, czy bezpośrednio na dyskach nie ma plików autorun.inf (mogą być ukryte i oznaczone jako systemowe). Link do komentarza Udostępnij na innych stronach More sharing options...
krych777 Napisano Grudzień 31, 2009 Autor Zgłoś Share Napisano Grudzień 31, 2009 Pomaga, albo rozwala system. Z tego powodu należy go raczej używać w ostateczności. Sprawdź jeszcze, czy bezpośrednio na dyskach nie ma plików autorun.inf (mogą być ukryte i oznaczone jako systemowe). autorun jesy bezposrednio tylko na F ktory wogole sie nie wlacza a D i Ctylko za PPM i otworz a w Malwarebytes znalzlo juz dwie infekcje teraz juz wogole nawet za skrotem folderu z niego nie moge wejsc na F Edit:juz moge zaraz dam logi Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Grudzień 31, 2009 Zgłoś Share Napisano Grudzień 31, 2009 Czyli system jest nadal zainfekowany. Zobaczymy co na końcu powie Malwarebytes'. Czy mi się wydaje, czy masz dwa antywirusy (AVG i Microsoft Security Essentials)? Link do komentarza Udostępnij na innych stronach More sharing options...
krych777 Napisano Grudzień 31, 2009 Autor Zgłoś Share Napisano Grudzień 31, 2009 OTL logfile created on: 2009-12-31 17:05:32 - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\ABC\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 40,00 Gb Total Space | 21,65 Gb Free Space | 54,11% Space Free | Partition Type: NTFS Drive D: | 146,30 Gb Total Space | 74,07 Gb Free Space | 50,63% Space Free | Partition Type: NTFS Drive E: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 298,09 Gb Total Space | 14,31 Gb Free Space | 4,80% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ABC-938AE3E0079 Current User Name: ABC Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009-12-31 15:56:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ABC\Pulpit\OTL.exe PRC - [2009-12-30 14:55:16 | 01,389,904 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2009-12-30 12:05:15 | 00,189,184 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe PRC - [2009-12-28 20:52:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe PRC - [2009-09-13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009-08-17 02:03:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2009-07-02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009-03-12 11:53:46 | 00,483,422 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009-03-12 11:53:46 | 00,254,036 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe PRC - [2008-06-12 01:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe PRC - [2008-04-14 21:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-12-05 11:34:52 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2007-11-26 13:54:22 | 01,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe PRC - [2007-11-26 13:54:12 | 01,554,728 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe PRC - [2007-05-14 03:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe PRC - [2007-03-14 20:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe PRC - [2004-12-27 02:26:06 | 00,045,056 | ---- | M] () -- C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe PRC - [2004-04-13 05:07:18 | 00,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ========== Modules (SafeList) ========== MOD - [2009-12-31 15:56:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ABC\Pulpit\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009-12-30 12:05:15 | 00,189,184 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB) SRV - [2009-12-28 20:52:03 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA) SRV - [2009-08-17 02:03:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc) SRV - [2009-07-02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2009-03-12 11:53:46 | 00,254,036 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\IntelXPV_v103\WDM\stacsv.exe -- (STacSV) SRV - [2007-12-05 11:34:52 | 00,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007-11-26 13:54:12 | 01,554,728 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2007-09-17 08:36:18 | 00,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService) SRV - [2007-06-27 17:04:00 | 00,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007-05-14 03:54:36 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS) SRV - [2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2009-10-31 14:06:42 | 00,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009-10-31 14:06:41 | 00,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-08-16 23:57:00 | 07,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009-06-18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter) DRV - [2009-03-12 11:53:46 | 01,550,613 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2008-04-13 21:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-04-13 21:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007-11-26 13:54:12 | 00,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm) DRV - [2007-11-26 13:54:12 | 00,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007-11-26 13:54:02 | 00,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007-11-16 10:55:00 | 00,165,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel® DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2006-03-26 13:22:14 | 00,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2006-03-13 10:38:23 | 00,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2006-03-02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2005-10-13 14:46:08 | 00,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x) DRV - [2005-08-10 15:06:28 | 00,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2004-12-30 11:00:44 | 00,019,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GMFilter.sys -- (GMFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 218.171.240.121:8088 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search" FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search" FF - prefs.js..browser.startup.homepage: "http://www.battlefieldheroes.com/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.1.110 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716 FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.5 FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-26 15:10:09 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-20 15:41:54 | 00,000,000 | ---D | M] [2009-09-14 07:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Extensions [2009-12-21 19:25:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\bnzsord1.default\extensions [2009-12-20 14:05:04 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\bnzsord1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009-09-30 14:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\bnzsord1.default\extensions\battlefieldheroespatcher@ea.com [2009-12-20 14:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\bnzsord1.default\extensions\illimitux@illimitux.net [2009-12-01 18:20:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\bnzsord1.default\extensions\toolbar@ask.com [2009-09-14 13:31:20 | 00,002,060 | ---- | M] () -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\bnzsord1.default\searchplugins\MyStart Search.xml [2009-12-20 14:13:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009-07-30 23:44:16 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2009-07-30 23:44:16 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2009-07-30 23:44:16 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2009-07-30 23:44:16 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2009-07-30 23:44:16 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2009-07-30 23:44:16 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [ALLUpdate] d:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - Startup: C:\Documents and Settings\ABC\Menu Start\Programy\Autostart\GM_DevUpdate.lnk = C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1257628082109 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-09-12 11:12:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008-03-28 21:09:19 | 00,131,720 | R--- | M] (InstallShield Software Corporation) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2008-02-22 17:08:27 | 00,058,601 | R--- | M] () - E:\autorun.ico -- [ UDF ] O32 - AutoRun File - [2008-02-22 17:08:27 | 00,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2008-02-22 17:08:44 | 00,000,382 | R--- | M] () - E:\autorun.ini -- [ UDF ] O32 - AutoRun File - [2009-12-31 12:27:57 | 00,000,667 | ---- | M] () - F:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{33dbf3e2-a12f-11de-9b61-001676dfec2a}\Shell\AutoRun\command - "" = SLATKO/torta.exe O33 - MountPoints2\{33dbf3e2-a12f-11de-9b61-001676dfec2a}\Shell\explore\command - "" = SLATKO/torta.exe O33 - MountPoints2\{33dbf3e2-a12f-11de-9b61-001676dfec2a}\Shell\open\command - "" = SLATKO/torta.exe O33 - MountPoints2\{e4f96ee8-b1ce-11de-9b91-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{e4f96ee8-b1ce-11de-9b91-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008-03-28 21:09:19 | 00,131,720 | R--- | M] (InstallShield Software Corporation) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009-12-31 16:35:02 | 02,304,561 | ---- | C] (Argente Software ) -- C:\Documents and Settings\ABC\Pulpit\Argente - Registry Cleaner 1.5.5.2.exe [2009-12-31 15:56:10 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ABC\Pulpit\OTL.exe [2009-12-31 15:55:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Dane aplikacji\Malwarebytes [2009-12-31 15:54:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-12-31 15:54:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-12-31 15:54:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-12-31 15:22:41 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro [2009-12-31 15:22:41 | 00,000,000 | ---D | C] -- C:\rsit [2009-12-31 14:39:50 | 10,827,9664 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\ABC\Pulpit\directx_aug2009_redist.exe [2009-12-30 13:06:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Dane aplikacji\Ubisoft [2009-12-30 13:04:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft [2009-12-29 19:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-12-29 19:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-12-29 19:46:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-12-29 19:46:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2009-12-28 16:30:15 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2009-12-27 11:55:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Moje dokumenty\Two Worlds Saves [2009-12-21 19:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks [2009-12-21 19:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\TVU Networks [2009-12-21 19:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\LocalLow [2009-12-21 19:13:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\LocalLow [2009-12-21 18:04:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Dane aplikacji\Ascaron Entertainment [2009-12-20 14:21:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ABC\dwhelper [2009-12-12 10:43:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Imperial Glory [2009-12-12 10:36:14 | 00,000,000 | ---D | C] -- C:\Program Files\ALLConverter [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009-12-31 17:04:07 | 00,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2009-12-31 17:04:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-12-31 17:04:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-12-31 17:03:23 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\ABC\NTUSER.DAT [2009-12-31 17:03:17 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\ABC\ntuser.ini [2009-12-31 17:01:47 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009-12-31 17:01:00 | 00,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2009-12-31 16:58:08 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Argente - Registry Cleaner.lnk [2009-12-31 16:35:42 | 02,304,561 | ---- | M] (Argente Software ) -- C:\Documents and Settings\ABC\Pulpit\Argente - Registry Cleaner 1.5.5.2.exe [2009-12-31 15:56:18 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ABC\Pulpit\OTL.exe [2009-12-31 15:55:02 | 00,000,562 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-12-31 15:35:28 | 00,000,413 | ---- | M] () -- C:\Documents and Settings\ABC\Pulpit\Fix.reg [2009-12-31 15:22:08 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\ABC\Pulpit\RSIT.exe [2009-12-31 15:12:30 | 10,827,9664 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\ABC\Pulpit\directx_aug2009_redist.exe [2009-12-31 13:44:06 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-12-30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-12-30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-12-30 13:03:32 | 00,000,877 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Assassin's Creed.lnk [2009-12-30 12:05:15 | 00,189,184 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2009-12-30 12:05:15 | 00,189,184 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe [2009-12-30 12:01:19 | 00,138,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-12-30 09:37:11 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\PUTTY.RND [2009-12-30 09:03:22 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009-12-29 19:15:45 | 00,000,683 | ---- | M] () -- C:\Documents and Settings\ABC\Pulpit\Company of Heroes.lnk [2009-12-28 20:52:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe [2009-12-26 10:12:05 | 00,000,605 | ---- | M] () -- C:\Documents and Settings\ABC\Pulpit\Darkstar One.lnk [2009-12-16 18:09:29 | 03,214,974 | -H-- | M] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-12-07 07:29:58 | 00,048,520 | ---- | M] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-12-07 07:29:28 | 00,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-12-02 14:43:27 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2009-12-31 16:58:08 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Argente - Registry Cleaner.lnk [2009-12-31 15:55:02 | 00,000,562 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk [2009-12-31 15:35:28 | 00,000,413 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\Fix.reg [2009-12-31 15:21:58 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\RSIT.exe [2009-12-30 13:03:32 | 00,000,877 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Assassin's Creed.lnk [2009-12-30 09:26:40 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\PUTTY.RND [2009-12-29 19:15:45 | 00,000,683 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\Company of Heroes.lnk [2009-12-26 10:12:05 | 00,000,605 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\Darkstar One.lnk [2009-11-08 21:37:18 | 00,001,311 | ---- | C] () -- C:\WINDOWS\disney.ini [2009-11-08 21:37:07 | 00,000,201 | ---- | C] () -- C:\WINDOWS\disneysy.ini [2009-10-31 14:06:41 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009-10-31 14:06:41 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009-10-29 17:31:02 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\apache.dll [2009-10-24 09:55:41 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL [2009-10-24 06:44:41 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009-10-21 14:18:50 | 00,315,463 | ---- | C] () -- C:\WINDOWS\System32\GM2500F.dll [2009-10-21 14:18:50 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\GM2500.dll [2009-10-21 14:18:50 | 00,019,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\GMFilter.sys [2009-10-03 12:27:57 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-09-26 14:26:59 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\ABC\Dane aplikacji\PnkBstrK.sys [2009-09-23 19:23:17 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009-09-18 19:47:33 | 00,138,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009-09-14 19:25:05 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009-09-14 08:10:54 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-09-14 08:00:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-09-14 08:00:29 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-09-14 08:00:29 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-08-03 00:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009-08-02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009-08-02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009-08-02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008-02-05 12:28:20 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\setup.txt [2006-09-16 18:27:50 | 00,132,096 | ---- | C] () -- C:\WINDOWS\System32\gc.dll [2003-04-08 10:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI < End of report > OTL Extras logfile created on: 2009-12-31 17:05:32 - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\ABC\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 40,00 Gb Total Space | 21,65 Gb Free Space | 54,11% Space Free | Partition Type: NTFS Drive D: | 146,30 Gb Total Space | 74,07 Gb Free Space | 50,63% Space Free | Partition Type: NTFS Drive E: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 298,09 Gb Total Space | 14,31 Gb Free Space | 4,80% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] \Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0153A77C-A981-4A1F-BAA9-16A80FBC358A}" = Full Spectrum Warrior "{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Piraci z Karaibów - Na krańcu świata "{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III "{05058E2C-F4D0-4ECF-8B1F-F28D83C09425}" = Faces of War "{05381030-963D-4779-BECA-0D7D49268EDB}" = Płatnik 7.03.002 "{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War 1.6 Patch "{08F0DDCB-05C1-4A0E-B9E7-9EE077A2EDAD}" = Conflict Desert Storm II "{0C38DE0A-5FC3-47E8-9FD0-69B5DC75FFB7}" = CT Special Forces - Fire For Effect "{0D093D4A-C6F5-4258-8E13-94F8EA6C6A4C}" = PilotDown "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180" = Canon MP180 "{1369DDFE-DDF8-40BA-8A08-22AA9A12F2C6}" = Brothers In Arms Road to Hill 30 "{1596098A-FCEC-48F0-B7C7-08A31B771045}" = Nero 7 Essentials "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes "{1DC4E424-5D92-4C92-B1E1-4BE4318E7136}" = James Cameron's AVATAR: THE GAME (Demo) "{1ECB9828-38A7-424F-9280-730F11EBBB96}" = Titan Quest "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3514C22B-C3A9-41C6-A818-FAEF474CA879}_is1" = ALLConverter to iPhone "{46F86338-0AA1-4290-88E9-D91188217A07}_is1" = "Pierwsza Wojna Światowa" (Tylko usunięcie) "{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials "{555E63EF-4EB5-43E5-BEEF-9E2CD7BCEFA2}" = Intel® Network Connections 14.4.0.0 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10 "{6FB6D550-DDC4-4996-9CDF-91C34F0A4C4A}" = Gothic II - Noc Kruka "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War 1.7 Patch "{75443B81-E1FC-4D79-80C0-5F0DF2A7F897}" = Conflict Global Storm "{758A4269-70E5-4B11-B419-F692882408A9}" = Gothic "{7756D8A9-0774-11D7-B613-00A0C90176D7}" = Władca Pierścieni - Drużyna Pierścienia "{7A2F7270-5ECF-4A51-A309-1BCE25B47AF4}" = Helldorado "{7CE3498C-866B-427E-8273-9CA67B24BA01}" = Thief: Deadly Shadows "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8A9ECA20-88BF-4A36-B101-B00DAF07021B}" = Medieval Lords "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007 "{937F56D0-6415-4D3F-B33C-F63151F2F4C2}" = Gwiezdne Wilki "{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A958A40E-C25C-441A-A4A0-4638C873EB89}" = Stalingrad "{AC76BA86-7AD7-1045-7B44-A90000000001}" = Adobe Reader 9 - Polish "{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter i Zakon Feniksa? "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BBF51613-ACF3-4B1C-86E8-AD15BB431037}" = Tribes Zemsta "{BD2DD2FD-4F09-453E-8402-1D319BC30B68}" = Act of War - Złota Edycja "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1 "{CC81D2F6-2A84-4F6A-9A5F-8F8E170CE791}" = Stubbs the Zombie "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE977CAD-5230-4BFE-917B-091A4F08182B}" = Outfront - Na tyłach wroga "{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}" = Rise and Fall "{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}_is1" = Rise and Fall "{D1D72957-368A-404E-AD5C-604D32C2A9C3}" = Commandos Strike Force "{D25D5844-0975-4CB2-A853-6BD781F4435E}" = Call of Juarez "{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas "{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = Devil May Cry 4 "{D52D5D70-6F8F-4690-8559-18D5EAC8B19F}" = XIII "{D867D5F2-C2D1-406F-B9E4-D4D2BFB7AA0D}" = Ghost Recon Advanced Warfighter "{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E5B77685-3AEB-432D-8F73-29FEEEE89613}" = Twierdza Krzyżowiec "{E8A98F96-E98E-460A-B959-F454EC3CE6D8}" = Delta Force: Xtreme "{EA2EE1AC-D70F-42E2-920F-4C2423B60B9E}" = Darkstar One "{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire "{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict "{F7647952-5A46-4D27-8CC2-87098CC7ED31}" = PANZERS - Faza 2 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "Advent Rising - spolszczenie" = Advent Rising - spolszczenie "Airborne Troops/PL-Polish_is1" = Airborne Troops "ALLConverter to 3GP_is1" = ALLConverter to 3GP "ALLConverter to PSP_is1" = ALLConverter to PSP "ALLPlayer V3.4.6.2_is1" = ALLPlayer V3.X "ALLPlayer_is1" = ALLPlayer V4.X "America's Secret Operations/PL-Polish_is1" = America's Secret Operations "Any Video Converter_is1" = Any Video Converter 2.7.8 "Argente - Registry Cleaner_is1" = Argente - Registry Cleaner 1.5.5.2 "ArmA" = ArmA Uninstall "ArmA Queen's Gambit" = ArmA Queen's Gambit Uninstall "BadCopy Pro" = BadCopy Pro "Battlestrike - Force of Resistance/PL-Polish_is1" = Mortyr 3: Akcje Dywersyjne "BattlEye" = BattlEye Uninstall "Black out Saigon_is1" = Black out Saigon 1.4 "Blitzkrieg 2" = Blitzkrieg 2 "Breed" = Breed "BrothersInArmsEiB" = Brothers In Arms EiB "BrothersInArmsEIBSDK" = BiA Earned in Blood SDK "CDisplay_is1" = CDisplay 1.8 "Codec_is1" = Codec 8.3a "CommandMod" = Rendroc's CommandMod for Brothers In Arms: Earned In Blood "Conflict Desert Storm PL" = Conflict Desert Storm PL "Crack do Gothic 3" = Crack do Gothic 3 "Crashday_pl_is1" = Crashday v1.1 "Dark Sector/PL-Polish_is1" = Dark Sector "Desperados - Poszukiwany Żywy lub Martwy_is1" = Desperados 1.01 "DXIW_is1" = Deus Ex - Invisible War "EuroCopsPL_is1" = EuroCops v1.03 "FableTLCMod - Fable Explorer" = FableTLCMod - Fable Explorer "FFL_is1" = Code of Honor - Francuska Legia Cudzoziemska "H&D2_is1" = Hidden & Dangerous 2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Imperial Glory" = Imperial Glory "IncrediMail" = IncrediMail "InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War 1.6 Patch "InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War 1.7 Patch "InstallShield_{7CE3498C-866B-427E-8273-9CA67B24BA01}" = Thief: Deadly Shadows "InstallShield_{8A9ECA20-88BF-4A36-B101-B00DAF07021B}" = Medieval Lords "InstallShield_{937F56D0-6415-4D3F-B33C-F63151F2F4C2}" = Gwiezdne Wilki "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "InstallShield_{D25D5844-0975-4CB2-A853-6BD781F4435E}" = Call of Juarez "IrfanView" = IrfanView (remove only) "Joint Task Force_is1" = Joint Task Force "Knights of the Temple" = Knights of the Temple "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "midway_pl" = Combat Wings "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MTA: Race for San Andreas" = MTA: Race for San Andreas 1.1.1 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "OpenAL" = OpenAL "Pacific Storm - Allies_is1" = Pacific Storm - Allies "Panzer Claws" = Panzer Claws "Panzer Elite Action" = Panzer Elite Action "Pariah" = Pariah "Pogoda_is1" = Pogoda 1.61 "Port Royale 2" = Port Royale 2 "Psychotoxic" = Psychotoxic "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 1.9.0 "SAS Secure Tomorrow_is1" = SAS Secure Tomorrow (1.0) "SCAR/PL-Polish_is1" = SCAR "Sniper Elite PL_is1" = Sniper Elite PL "StarWolves (PL)_is1" = StarWolves "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 10700" = Speedball 2 - Tournament "SubEdit-Player_is1" = SubEdit-Player "Sudeki_is1" = Sudeki "Summer Athletics 2009/PL-Polish_is1" = Summer Athletics 2009 "THIV_is1" = The Hell in Vietnam "Two Worlds" = Two Worlds "UberSoldier" = UberSoldier "USB all-in-one game controller" = USB all-in-one game controller "WarCommander" = WarCommander "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "Wings of Honour - Battles of the Red Baron/PL-Polish_is1" = Wings of Honour: Battles of the Red Baron "WinRAR archiver" = Archiwizator WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Zdarzenie na morzu" = Zdarzenie na morzu ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (ABC) "Sins of a Solar Empire" = Sins of a Solar Empire ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2009-11-19 08:46:02 | Computer Name = ABC-938AE3E0079 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd isuspm.exe, wersja 3.0.100.1131, moduł powodujący błąd oleaut32.dll, wersja 5.1.2600.5512, adres błędu 0x000048a4. Error - 2009-11-20 16:12:58 | Computer Name = ABC-938AE3E0079 | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca steam.exe, wersja 1.0.0.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-11-24 10:38:33 | Computer Name = ABC-938AE3E0079 | Source = MSSecurityEssentials | ID = 5000 Description = Error - 2009-11-25 09:17:57 | Computer Name = ABC-938AE3E0079 | Source = ESENT | ID = 485 Description = wuauclt (3072) Próba usunięcia pliku "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja usuwania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2009-11-25 09:58:26 | Computer Name = ABC-938AE3E0079 | Source = ESENT | ID = 485 Description = wuauclt (1812) Próba usunięcia pliku "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" zakończyła się niepomyślnie z błędem systemowym 32 (0x00000020): "Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ". Operacja usuwania pliku zostanie zakończona z błędem -1032 (0xfffffbf8). Error - 2009-11-25 13:29:58 | Computer Name = ABC-938AE3E0079 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd t3main.exe, wersja 1.0.0.1, moduł powodujący błąd t3main.exe, wersja 1.0.0.1, adres błędu 0x003ad5ff. Error - 2009-11-26 03:32:17 | Computer Name = ABC-938AE3E0079 | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 0, P2 system file cache, P3 cacheflush, P4 2.0.6212.0, P5 microsoft antimalware, P6 1, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 2009-11-26 04:00:03 | Computer Name = ABC-938AE3E0079 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd isuspm.exe, wersja 3.0.100.1131, moduł powodujący błąd oleaut32.dll, wersja 5.1.2600.5512, adres błędu 0x000048a4. Error - 2009-11-26 05:58:31 | Computer Name = ABC-938AE3E0079 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd t3main.exe, wersja 1.0.0.1, moduł powodujący błąd t3main.exe, wersja 1.0.0.1, adres błędu 0x003be358. Error - 2009-11-26 07:44:57 | Computer Name = ABC-938AE3E0079 | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd isuspm.exe, wersja 3.0.100.1131, moduł powodujący błąd oleaut32.dll, wersja 5.1.2600.5512, adres błędu 0x000048a4. [ System Events ] Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023 Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023 Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023 Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023 Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023 Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023 Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-12-28 11:22:37 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7023 Description = Usługa Zarządzanie aplikacjami zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2009-12-29 14:20:31 | Computer Name = ABC-938AE3E0079 | Source = Microsoft Antimalware | ID = 1008 Description = %%861 has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...atid=2147625170 User: ABC-938AE3E0079\ABC Name: Backdoor:Win32/Ursap!rts ID: 2147625170 Severity: High Category: Backdoor Path: Action: %%809 Error Code: 0x80508023 Error description: The program could not find the spyware and other potentially unwanted software on this computer. Status: Signature Version: AV: 1.71.1473.0, AS: 1.71.1473.0 Engine Version: 1.1.5302.0 Error - 2009-12-29 14:43:56 | Computer Name = ABC-938AE3E0079 | Source = Service Control Manager | ID = 7031 Description = Usługa Zdalne wywoływanie procedur (RPC) niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom ponownie komputer. Error - 2009-12-30 03:52:55 | Computer Name = ABC-938AE3E0079 | Source = System Error | ID = 1003 Description = Kod błędu 000000ea, parametr 1 887dfbf0, parametr 2 89550d80, parametr 3 8977e9e0, parametr 4 00000001. < End of report > Czyli system jest nadal zainfekowany. Zobaczymy co na końcu powie Malwarebytes'. Czy mi się wydaje, czy masz dwa antywirusy (AVG i Microsoft Security Essentials)? tak zgadza sie bo avg nie moglem na poczatku odinstalowac i nie mialem na nim kontroli a teraz man tylko Essentialss Logfile of random's system information tool 1.06 (written by random/random) Run by ABC at 2009-12-31 17:17:05 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 22 GB (55%) free of 41 GB Total RAM: 1533 MB (58% free) ======Scheduled tasks folder====== C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-02 1175944] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-12 483422] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-11-26 1629480] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632] "MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "ALLUpdate"=d:\Program Files\ALLPlayer\ALLUpdate.exe [2009-11-11 870400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-11-26 1057064] C:\Documents and Settings\ABC\Menu Start\Programy\Autostart GM_DevUpdate.lnk - C:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\CDS\Nero\Installation\SetupX.exe"="E:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "G:\setup.exe"="G:\setup.exe:*:Enabled:setup.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33dbf3e2-a12f-11de-9b61-001676dfec2a}] shell\AutoRun\command - SLATKO/torta.exe shell\explore\command - SLATKO/torta.exe shell\open\command - SLATKO/torta.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f96ee8-b1ce-11de-9b91-806d6172696f}] shell\AutoRun\command - E:\autorun.exe ======List of files/folders created in the last 1 months====== 2009-12-31 15:55:04 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\Malwarebytes 2009-12-31 15:54:57 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2009-12-31 15:22:41 ----D---- C:\rsit 2009-12-31 15:22:41 ----D---- C:\Program Files\trend micro 2009-12-30 13:06:40 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\Ubisoft 2009-12-30 13:04:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft 2009-12-28 16:30:15 ----D---- C:\Program Files\AGEIA Technologies 2009-12-21 19:13:44 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks 2009-12-21 18:04:39 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\Ascaron Entertainment 2009-12-12 10:43:02 ----D---- C:\WINDOWS\Imperial Glory 2009-12-12 10:36:14 ----D---- C:\Program Files\ALLConverter ======List of files/folders modified in the last 1 months====== 2009-12-31 17:16:36 ----D---- C:\WINDOWS\Temp 2009-12-31 17:11:14 ----D---- C:\WINDOWS\Prefetch 2009-12-31 17:09:13 ----SD---- C:\WINDOWS\Tasks 2009-12-31 17:08:19 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-31 17:03:19 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-31 15:54:59 ----D---- C:\WINDOWS\system32\drivers 2009-12-31 15:22:41 ----RD---- C:\Program Files 2009-12-31 15:20:10 ----D---- C:\WINDOWS 2009-12-31 15:17:47 ----HD---- C:\WINDOWS\inf 2009-12-31 15:17:46 ----D---- C:\WINDOWS\system32 2009-12-31 15:13:09 ----D---- C:\WINDOWS\SoftwareDistribution 2009-12-30 13:04:22 ----D---- C:\WINDOWS\system32\DirectX 2009-12-30 13:04:08 ----RSD---- C:\WINDOWS\assembly 2009-12-30 12:51:58 ----HD---- C:\Program Files\InstallShield Installation Information 2009-12-30 12:05:15 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2009-12-30 09:03:22 ----A---- C:\WINDOWS\NeroDigital.ini 2009-12-29 19:48:11 ----SD---- C:\Documents and Settings\ABC\Dane aplikacji\Microsoft 2009-12-29 19:47:43 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\avg9 2009-12-29 16:31:32 ----SHD---- C:\Documents and Settings\ABC\Dane aplikacji\.# 2009-12-28 20:52:03 ----A---- C:\WINDOWS\system32\PnkBstrA.exe 2009-12-28 20:44:52 ----D---- C:\Documents and Settings\ABC\Dane aplikacji\uTorrent 2009-12-28 19:30:12 ----SHD---- C:\WINDOWS\Installer 2009-12-28 19:28:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-12-28 19:27:35 ----D---- C:\WINDOWS\system32\AGEIA 2009-12-26 11:35:37 ----D---- C:\Program Files\Mozilla Firefox 2009-12-24 21:26:20 ----D---- C:\WINDOWS\Minidump 2009-12-12 10:35:35 ----D---- C:\Program Files\NAPI-PROJEKT 2009-12-06 17:32:39 ----RSD---- C:\WINDOWS\Fonts 2009-12-02 14:43:27 ----A---- C:\WINDOWS\system32\H@tKeysH@@k.DLL ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-11-26 36776] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-11-26 38440] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-10-31 271360] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-10-31 18048] R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-16 7729568] R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-12 1550613] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-11-26 118952] S3 GMFilter;GMFilter HID Filter Driver; C:\WINDOWS\system32\DRIVERS\GMFilter.sys [2004-12-30 19840] S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-12-05 79136] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904] R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-28 75064] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-30 189184] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024] R2 STacSV;Audio Service; c:\program files\idt\intelxpv_v103\wdm\STacSV.exe [2009-03-12 254036] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- A teraz daje loga z malware (nie dalem usun wirusy) Malwarebytes' Anti-Malware 1.43 Wersja bazy definicji: 3458 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 7.0.5730.13 2009-12-31 17:39:01 mbam-log-2009-12-31 (17-38-58).txt Typ skanowania: Pełne skanowanie (C:\|) Przeskanowane obiekty: 167389 Upłynęło: 33 minute(s), 3 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 3 Zainfekowane foldery: 0 Zainfekowane pliki: 3 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\System Volume Information\_restore{1A91FA87-5582-4B29-ADCE-D6022102DC53}\RP162\A0042113.exe (Malware.Packer) -> No action taken. C:\System Volume Information\_restore{1A91FA87-5582-4B29-ADCE-D6022102DC53}\RP180\A0046424.exe (Malware.Packer) -> No action taken. C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Grudzień 31, 2009 Zgłoś Share Napisano Grudzień 31, 2009 No tak, zapomniałem wcześniej o enterach. Otwórz notatnik, wklej do niego to co poniżej Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33dbf3ea-a12f-11de-9b61-001676dfec2a}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4f96ee8-b1ce-11de-9b91-806d6172696f}] zapisz to jako fix.reg i uruchom. I tym razem powinno być ok. Na dysku F jest plik autorun.inf pozbądź się go, w następujący sposób: Ściągnij, rozpakuj i uruchom Avengera. Wklej do niego skrypt Files to delete: F:\autorun.inf i uruchom wykonywanie się skryptu. Malwarebytes' niech usunie to co znalazł. Link do komentarza Udostępnij na innych stronach More sharing options...
krych777 Napisano Grudzień 31, 2009 Autor Zgłoś Share Napisano Grudzień 31, 2009 a co z zakazonymi plikami Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Grudzień 31, 2009 Zgłoś Share Napisano Grudzień 31, 2009 Niech Malwarebytes' je usunie. Żaden z nich nie jest plikiem systemowym, ani czymś podobnym. Ich usunięcie niczym nie grozi. Link do komentarza Udostępnij na innych stronach More sharing options...
krych777 Napisano Grudzień 31, 2009 Autor Zgłoś Share Napisano Grudzień 31, 2009 avenger nie mogl usunac autorun i dalej jest tak samo, nie da sie wejsc na dysk normalnie a tresc autorun jest taka ;M=ős???čt??té?ě?üFLíwú?d????L??đ???y/??sÉÖÖd?đseAc???Â??č?dE-X?e?Ďí?ŕm????l?ú???Ňb?éEeÁF?}ĂÇ [autorun ;kÜE?ń<ýI,ý?%ě\? ;ř???Ř$?Ţm$??r?ů?Ę??^?|ćĎrW?dv?+??ţ˙á-Jw?ň?ĂőCň?M?wÍ?ĺs open=SLATKO/torta.exe ;ń?v?$Vt?úý ;??Z??N?xňF?<Z&?vYK?đ?x?aL??wT%?ô?wJ?>wröZ???mbń?bL@???ĘEđ?rÔ?Ú?s?QČ`??j(?č??ě?đ?a?Fm???yst? icon=%SystemRoot%\system32\SHELL32.dll,4 ;QĺRta??v?:ńts+/ŇĘ?ń?? action=Open folder to view files using Windows Explorer ;?ĺÚ?r?Â?Äú?dM shell\\open\\command=SLATKO/torta.exe ;?TQ?ŘXňŕmx?AÖŕ??w˙?Â?}?C|fěÖ?ěůoLa?ÁOev????Ý????ůýyv??Xlń??Rx?č??ë??XIMB?W?? shell\\explore\\command=SLATKO/torta.exe ;ŔěmJdO?dm?đń???? useautoplay=1 ;ř???Ř$?Ţm$??r?=K.??<nŕ÷ Mi sie wydaje ze AVG usunal plik i dlatego wyskakuje otworz za pomoca bo nie pliku w Windowsie odpowiedniego za to Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Grudzień 31, 2009 Zgłoś Share Napisano Grudzień 31, 2009 To spróbuj jeszcze tak: Uruchom wiersz poleceń (Start > Uruchom..., tam wpisujesz cmd). I następnie wpisujesz po kolei komendy: f: attrib -r -s -a -h autorun.inf del autorun.inf Jeśli i to nie pomoże, to spróbuj użyć killboxa z zaznaczoną opcją delete on reboot. Problem jest z dyskiem F:, tak? Link do komentarza Udostępnij na innych stronach More sharing options...
krych777 Napisano Grudzień 31, 2009 Autor Zgłoś Share Napisano Grudzień 31, 2009 To spróbuj jeszcze tak: Uruchom wiersz poleceń (Start > Uruchom..., tam wpisujesz cmd). I następnie wpisujesz po kolei komendy: f: attrib -r -s -a -h autorun.inf del autorun.inf Jeśli i to nie pomoże, to spróbuj użyć killboxa z zaznaczoną opcją delete on reboot. Problem jest z dyskiem F:, tak? Tak z F Ale na D i C tez normalnie sie nie da bo przekierowuje do wyszukiwarki Link do komentarza Udostępnij na innych stronach More sharing options...
mariusz1024 Napisano Grudzień 31, 2009 Zgłoś Share Napisano Grudzień 31, 2009 Ja bym radził zeskanować combofixem. Link do komentarza Udostępnij na innych stronach More sharing options...
krych777 Napisano Grudzień 31, 2009 Autor Zgłoś Share Napisano Grudzień 31, 2009 To spróbuj jeszcze tak: Uruchom wiersz poleceń (Start > Uruchom..., tam wpisujesz cmd). I następnie wpisujesz po kolei komendy: f: attrib -r -s -a -h autorun.inf del autorun.inf Jeśli i to nie pomoże, to spróbuj użyć killboxa z zaznaczoną opcją delete on reboot. Problem jest z dyskiem F:, tak? Tak z F Ale na D i C tez normalnie sie nie da bo przekierowuje do wyszukiwarki usunalem i na F: teraz jest to samo co na D: i C: Po 2-krotnym kliknieciu pojawia się wyszukiwakra plikow(z pieskiem)i aby wejsc PPM i otworz Ja bym radził zeskanować combofixem. ale podobno moze rozwalic system Link do komentarza Udostępnij na innych stronach More sharing options...
mariusz1024 Napisano Grudzień 31, 2009 Zgłoś Share Napisano Grudzień 31, 2009 Ja juz kilka razy używałem jak miałem problem i systemu mi jakoś nie rozwaliło. Link do komentarza Udostępnij na innych stronach More sharing options...
krych777 Napisano Grudzień 31, 2009 Autor Zgłoś Share Napisano Grudzień 31, 2009 to uzyc go czy nie ? czy najpierw zrobic naprawe windowsa? Link do komentarza Udostępnij na innych stronach More sharing options...
Cragir Napisano Grudzień 31, 2009 Zgłoś Share Napisano Grudzień 31, 2009 Combofix-a używaj tylko pod nadzorem osoby, która zna się narzeczy i w tym przypadku jeszcze nie jest tak źłe aby go użyć. Link do komentarza Udostępnij na innych stronach More sharing options...
krych777 Napisano Grudzień 31, 2009 Autor Zgłoś Share Napisano Grudzień 31, 2009 dzieki Cragir jednak go nie uzyje dzieki Cragir jednak go nie uzyje Sproboje naprawic system i mam prosbe jak to zrobic nie formatujac dyskow uzywajac plyty.Mam Windows Home Edition 2002 Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Grudzień 31, 2009 Zgłoś Share Napisano Grudzień 31, 2009 No, w końcu znalazłem. Spróbuj użyć tego. Do naprawy plików systemowych można spróbować użyć komendy sfc /scannow @mariusz1024 Jak chcesz to ryzykuj, ostatnio w Combofixie był np. bug, który w pewnych sytuacjach sprawiał, że część systemów po jego użyciu się nie bootowała. Z tego powodu Combofix był nawet niedostępny do pobrania z bleepingcomputer.com/, a to już o czymś według mnie świadczy. Oczywiście autor Combofixa dokłada wszelkich starań, żeby ten program nie sprawiał problemów, ale błędy mogą się zdarzyć każdemu. Combofix jest zaś programem o dużej sile rażenia, więc potencjalne błędy mogą być bardzo dotkliwe. Link do komentarza Udostępnij na innych stronach More sharing options...
krych777 Napisano Grudzień 31, 2009 Autor Zgłoś Share Napisano Grudzień 31, 2009 Dziękuje wszystkim bardzo za pomoc.Udało się.I życzę szczęśliwego nowego roku.Jeszcze raz bardzo dziękuje Sevard. Link do komentarza Udostępnij na innych stronach More sharing options...