Skocz do zawartości

Zarchiwizowany

Ten temat jest archiwizowany i nie można dodawać nowych odpowiedzi.

Webikastrator

Nie mogę wejść na dyski D:, C:

Polecane posty

Oto log'i :

OTL:

OTL logfile created on: 2010-04-18 21:01:27 - Run 1

OTL by OldTimer - Version 3.2.1.2 Folder = C:\Documents and Settings\ABC\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 9,77 Gb Total Space | 2,09 Gb Free Space | 21,44% Space Free | Partition Type: NTFS

Drive D: | 27,52 Gb Total Space | 20,98 Gb Free Space | 76,22% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 465,76 Gb Total Space | 346,64 Gb Free Space | 74,42% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ABC-8D2A13DCB2F

Current User Name: ABC

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-04-18 21:01:15 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ABC\Pulpit\OTL.exe

PRC - [2010-04-01 12:55:25 | 000,187,392 | ---- | M] () -- C:\Documents and Settings\ABC\Moje dokumenty\System\winsystem.exe

PRC - [2010-04-01 12:55:25 | 000,187,392 | ---- | M] () -- C:\Documents and Settings\ABC\Menu Start\Programy\Autostart\winsystem.exe

PRC - [2010-03-28 02:24:40 | 000,016,896 | -HS- | M] () -- C:\WINDOWS\alg.exe

PRC - [2010-03-01 20:42:48 | 000,835,952 | ---- | M] (Opera Software) -- D:\programy\opera\opera.exe

PRC - [2008-04-15 00:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008-03-20 12:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- D:\programy\GADU GADU\Gadu-Gadu\gg.exe

PRC - [2008-02-20 12:08:46 | 000,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe

PRC - [2008-02-20 12:06:58 | 001,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe

PRC - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (SafeList) ==========

MOD - [2010-04-18 21:01:15 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ABC\Pulpit\OTL.exe

MOD - [2006-12-21 14:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- D:\programy\GADU GADU\Gadu-Gadu\ggwhook.dll

========== Win32 Services (SafeList) ==========

SRV - [2008-12-08 18:15:26 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)

SRV - [2008-02-20 12:14:52 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)

SRV - [2008-02-20 12:08:46 | 000,472,320 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)

SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2001-10-26 21:30:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)

========== Driver Services (SafeList) ==========

DRV - [2010-04-18 20:10:49 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2010-03-20 18:53:42 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2010-03-20 18:53:41 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2010-03-08 20:23:44 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009-09-28 01:12:21 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2009-08-21 22:24:10 | 000,057,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2009-03-25 15:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2009-01-13 13:10:08 | 005,015,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-10-30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2008-04-14 00:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008-02-20 12:11:14 | 000,054,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)

DRV - [2008-02-20 12:11:12 | 000,030,728 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)

DRV - [2008-02-20 12:11:08 | 000,071,176 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)

DRV - [2008-02-20 12:02:22 | 000,029,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)

DRV - [2008-02-20 12:01:30 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)

DRV - [2001-12-01 23:06:58 | 000,025,434 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

DRV - [2001-08-17 21:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Sterownik NT karty Realtek RTL8029(AS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66019

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66019

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english/

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.1.110

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com/english/"

FF - prefs.js..browser.search.selectedEngine: "MyStart Search"

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar_fs&search="

[2009-12-30 17:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Extensions

[2010-02-27 17:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\s7vqwjmf.default\extensions

[2010-04-15 19:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\s7vqwjmf.default\extensions\toolbar@ask.com

[2010-02-04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\s7vqwjmf.default\searchplugins\askcom.xml

[2010-03-08 20:29:15 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\s7vqwjmf.default\searchplugins\daemon-search.xml

[2010-03-22 19:25:26 | 000,002,060 | ---- | M] () -- C:\Documents and Settings\ABC\Dane aplikacji\Mozilla\Firefox\Profiles\s7vqwjmf.default\searchplugins\MyStart Search.xml

O1 HOSTS File: ([2010-02-12 22:03:50 | 000,161,317 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 abcsearch.com

O1 - Hosts: 127.0.0.1 admin.abcsearch.com

O1 - Hosts: 127.0.0.1 www3.abcsearch.com #[browseraid]

O1 - Hosts: 127.0.0.1 www.abcsearch.com

O1 - Hosts: 127.0.0.1 abc517.net #[Trojan.Mitglieder.H]

O1 - Hosts: 127.0.0.1 acestats.com

O1 - Hosts: 127.0.0.1 www.acestats.com

O1 - Hosts: 127.0.0.1 actualnames.com #[Parasite.ActualNames]

O1 - Hosts: 127.0.0.1 www.actualnames.com

O1 - Hosts: 127.0.0.1 ad-up.com

O1 - Hosts: 127.0.0.1 www.ad-up.com

O1 - Hosts: 127.0.0.1 adatom.com

O1 - Hosts: 127.0.0.1 aesp.adatom.com

O1 - Hosts: 127.0.0.1 adbest.com

O1 - Hosts: 127.0.0.1 adserv.adbonus.com

O1 - Hosts: 127.0.0.1 www.adbonus.com

O1 - Hosts: 127.0.0.1 www.adblaster2.info #[Restricted Zone site]

O1 - Hosts: 127.0.0.1 ad2.adcept.net

O1 - Hosts: 127.0.0.1 ad3.adcept.net

O1 - Hosts: 127.0.0.1 www.adcept.net

O1 - Hosts: 127.0.0.1 adcomplete.com

O1 - Hosts: 127.0.0.1 www.adcomplete.com

O1 - Hosts: 127.0.0.1 www.adcopy.info

O1 - Hosts: 127.0.0.1 ads.adcorps.com

O1 - Hosts: 4671 more lines...

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4 - HKLM..\Run: [Microsoft Error Reporting Service] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Windows RPC Service] C:\WINDOWS\alg.exe ()

O4 - HKCU..\Run: [AARC] C:\Documents and Settings\ABC\Moje dokumenty\System\winsystem.exe ()

O4 - HKCU..\Run: [ALLUpdate] D:\programy\allplayer\ALLPlayer\ALLUpdate.exe ()

O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe File not found

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\ABC\Menu Start\Programy\Autostart\HDDlife.lnk = F:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe (BinarySense, Inc.)

O4 - Startup: C:\Documents and Settings\ABC\Menu Start\Programy\Autostart\winsystem.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.34.252

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-8339725630-6796386393-539281440-9363\nissan.exe) - C:\RECYCLER\S-1-5-21-8339725630-6796386393-539281440-9363\nissan.exe File not found

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-12-30 17:11:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010-04-14 21:16:49 | 000,000,063 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-04-18 21:01:09 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ABC\Pulpit\OTL.exe

[2010-04-18 20:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Dane aplikacji\Malwarebytes

[2010-04-18 20:17:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-04-18 20:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2010-04-18 20:17:05 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-04-18 13:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Dane aplikacji\BinarySense

[2010-04-18 13:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BinarySense

[2010-04-18 12:46:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ABC\Recent

[2010-04-18 12:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2010-04-18 12:09:58 | 000,000,000 | ---D | C] -- C:\rsit

[2010-04-11 13:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment

[2010-04-11 13:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\Blizzard Entertainment

[2010-04-11 13:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard

[2010-04-06 10:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Dane aplikacji\Winamp

[2010-04-06 09:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Gadu-Gadu

[2010-04-01 18:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Moje dokumenty\BFBC2

[2010-04-01 13:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Moje dokumenty\System

[2010-04-01 12:32:03 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll

[2010-04-01 12:32:03 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll

[2010-04-01 12:32:02 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll

[2010-04-01 12:32:01 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll

[2010-04-01 12:32:01 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll

[2010-04-01 12:32:00 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll

[2010-04-01 12:31:59 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll

[2010-03-30 21:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Dane aplikacji\FOG Downloader

[2010-03-30 20:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi

[2010-03-27 12:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\LogMeIn Hamachi

[2010-03-22 19:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\IM

[2010-03-22 19:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\IM

[2010-03-22 19:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\IncrediMail

[2010-03-21 16:39:39 | 000,000,000 | ---D | C] -- C:\Program Files\HP_Vista_SF_Ph1

[2010-03-20 22:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Dane aplikacji\AnvSoft

[2010-03-20 11:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\Midway

[2010-01-02 13:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET

[2009-12-30 17:11:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-12-30 17:11:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2009-12-30 17:11:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-12-30 17:11:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-04-18 21:01:15 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ABC\Pulpit\OTL.exe

[2010-04-18 21:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010-04-18 20:17:11 | 000,000,466 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2010-04-18 20:10:54 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010-04-18 20:10:49 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys

[2010-04-18 20:10:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-04-18 20:10:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-04-18 19:22:47 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\ABC\NTUSER.DAT

[2010-04-18 13:46:23 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\ABC\Menu Start\Programy\Autostart\HDDlife.lnk

[2010-04-18 13:44:20 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Prototype.lnk

[2010-04-18 13:02:12 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\ABC\Pulpit\left4dead.lnk

[2010-04-18 12:09:31 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\ABC\Pulpit\RSIT.exe

[2010-04-18 12:07:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2010-04-18 12:07:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest

[2010-04-18 12:07:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2010-04-18 12:07:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2010-04-18 12:07:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2010-04-18 12:07:11 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest

[2010-04-17 21:24:38 | 000,000,575 | ---- | M] () -- C:\Documents and Settings\ABC\Pulpit\Wow.lnk

[2010-04-16 14:45:25 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\ABC\ntuser.ini

[2010-04-15 18:38:31 | 000,000,503 | ---- | M] () -- C:\Documents and Settings\ABC\Pulpit\xp_folder_open.vbs

[2010-04-14 21:16:49 | 000,000,063 | RHS- | M] () -- C:\autorun.inf

[2010-04-13 19:13:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-04-10 20:34:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010-04-09 21:28:29 | 000,459,948 | -H-- | M] () -- C:\Documents and Settings\ABC\Dane aplikacji\logs.dat

[2010-04-07 17:59:29 | 000,207,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-04-06 10:09:44 | 000,045,840 | ---- | M] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2010-04-06 08:55:36 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-04-05 18:09:43 | 000,017,408 | -HS- | M] () -- C:\WINDOWS\err32.exe

[2010-04-05 18:09:43 | 000,017,408 | -HS- | M] () -- C:\WINDOWS\eqjvaf.exe

[2010-04-05 17:57:00 | 000,017,408 | -HS- | M] () -- C:\WINDOWS\nmxpke.exe

[2010-04-05 17:20:41 | 000,017,408 | -HS- | M] () -- C:\WINDOWS\weszkb.exe

[2010-04-05 17:12:13 | 000,017,408 | -HS- | M] () -- C:\WINDOWS\bfxxdv.exe

[2010-04-05 13:27:01 | 000,017,408 | -HS- | M] () -- C:\WINDOWS\rnvgid.exe

[2010-04-05 13:25:08 | 000,017,408 | -HS- | M] () -- C:\WINDOWS\wseheg.exe

[2010-04-05 11:15:04 | 000,017,408 | -HS- | M] () -- C:\WINDOWS\ecgadd.exe

[2010-04-05 10:54:34 | 000,017,408 | -HS- | M] () -- C:\WINDOWS\tzmgbb.exe

[2010-04-05 07:10:41 | 000,017,408 | -HS- | M] () -- C:\WINDOWS\pvcbaj.exe

[2010-04-05 07:09:30 | 000,017,408 | -HS- | M] () -- C:\WINDOWS\vvngms.exe

[2010-04-04 19:59:27 | 000,017,408 | -HS- | M] () -- C:\WINDOWS\ikytib.exe

[2010-04-04 15:47:16 | 000,017,408 | -HS- | M] () -- C:\WINDOWS\oickil.exe

[2010-04-03 15:48:35 | 004,814,680 | -H-- | M] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-04-03 14:49:28 | 000,035,364 | ---- | M] () -- C:\Documents and Settings\ABC\Dane aplikacji\SQLite3.dll

[2010-04-01 12:55:25 | 000,187,392 | ---- | M] () -- C:\Documents and Settings\ABC\Menu Start\Programy\Autostart\winsystem.exe

[2010-04-01 09:48:37 | 000,000,883 | ---- | M] () -- C:\WINDOWS\VPlayer.INI

[2010-04-01 09:48:37 | 000,000,085 | ---- | M] () -- C:\WINDOWS\VplayerINI.vpl

[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-03-28 09:27:48 | 001,020,472 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-03-28 09:27:48 | 000,460,790 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2010-03-28 09:27:48 | 000,403,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-03-28 09:27:48 | 000,080,862 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2010-03-28 09:27:48 | 000,063,266 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-03-28 02:24:40 | 000,016,896 | -HS- | M] () -- C:\WINDOWS\alg.exe

[2010-03-21 16:20:46 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\ABC\Moje dokumenty\spider.sav

[2010-03-20 18:53:42 | 000,278,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2010-03-20 18:53:41 | 000,025,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-04-18 20:17:11 | 000,000,466 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk

[2010-04-18 13:53:07 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\Euro Truck Simulator.lnk

[2010-04-18 13:53:06 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\Avatar.lnk

[2010-04-18 13:53:04 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\Need for Speed? SHIFT.lnk

[2010-04-18 13:46:23 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\ABC\Menu Start\Programy\Autostart\HDDlife.lnk

[2010-04-18 13:44:20 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Prototype.lnk

[2010-04-18 13:01:59 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\left4dead.lnk

[2010-04-18 12:09:20 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\RSIT.exe

[2010-04-17 21:24:38 | 000,000,575 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\Wow.lnk

[2010-04-15 18:38:31 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\ABC\Pulpit\xp_folder_open.vbs

[2010-04-14 17:08:59 | 000,000,063 | RHS- | C] () -- C:\autorun.inf

[2010-04-06 10:06:38 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010-04-06 10:06:38 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll

[2010-04-06 08:55:35 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-04-05 18:09:43 | 000,017,408 | -HS- | C] () -- C:\WINDOWS\eqjvaf.exe

[2010-04-05 17:57:00 | 000,017,408 | -HS- | C] () -- C:\WINDOWS\nmxpke.exe

[2010-04-05 17:20:41 | 000,017,408 | -HS- | C] () -- C:\WINDOWS\weszkb.exe

[2010-04-05 17:12:13 | 000,017,408 | -HS- | C] () -- C:\WINDOWS\bfxxdv.exe

[2010-04-05 13:27:01 | 000,017,408 | -HS- | C] () -- C:\WINDOWS\rnvgid.exe

[2010-04-05 13:25:08 | 000,017,408 | -HS- | C] () -- C:\WINDOWS\wseheg.exe

[2010-04-05 11:15:04 | 000,017,408 | -HS- | C] () -- C:\WINDOWS\ecgadd.exe

[2010-04-05 10:54:34 | 000,017,408 | -HS- | C] () -- C:\WINDOWS\tzmgbb.exe

[2010-04-05 07:10:41 | 000,017,408 | -HS- | C] () -- C:\WINDOWS\pvcbaj.exe

[2010-04-05 07:09:30 | 000,017,408 | -HS- | C] () -- C:\WINDOWS\vvngms.exe

[2010-04-04 19:59:26 | 000,017,408 | -HS- | C] () -- C:\WINDOWS\ikytib.exe

[2010-04-04 15:47:16 | 000,017,408 | -HS- | C] () -- C:\WINDOWS\err32.exe

[2010-04-04 15:47:15 | 000,017,408 | -HS- | C] () -- C:\WINDOWS\oickil.exe

[2010-04-03 15:02:47 | 000,016,896 | -HS- | C] () -- C:\WINDOWS\alg.exe

[2010-04-03 14:49:28 | 000,035,364 | ---- | C] () -- C:\Documents and Settings\ABC\Dane aplikacji\SQLite3.dll

[2010-04-01 13:05:38 | 000,187,392 | ---- | C] () -- C:\Documents and Settings\ABC\Menu Start\Programy\Autostart\winsystem.exe

[2010-04-01 09:48:37 | 000,000,085 | ---- | C] () -- C:\WINDOWS\VplayerINI.vpl

[2010-04-01 09:48:30 | 000,000,883 | ---- | C] () -- C:\WINDOWS\VPlayer.INI

[2010-03-21 16:20:46 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\ABC\Moje dokumenty\spider.sav

[2010-03-20 18:53:41 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2010-03-20 18:53:41 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2010-03-08 20:23:44 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2010-03-05 12:11:08 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2010-02-04 19:27:37 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2010-02-04 19:22:50 | 000,001,321 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log

[2010-01-15 22:00:10 | 000,000,304 | ---- | C] () -- C:\WINDOWS\game.ini

[2010-01-15 21:40:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2010-01-15 20:55:39 | 000,138,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010-01-15 20:55:38 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\ABC\Dane aplikacji\PnkBstrK.sys

[2010-01-09 21:37:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\neosetup.INI

[2010-01-04 18:12:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\galaxy.ini

[2010-01-02 11:55:13 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\ABC\Ustawienia lokalne\Dane aplikacji\PUTTY.RND

[2009-12-31 13:03:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-12-30 17:53:03 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009-12-30 17:39:37 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009-12-30 17:39:37 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009-12-30 17:26:09 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009-12-30 17:17:17 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\ABC\ntuser.dat.LOG

[2009-12-30 17:17:17 | 000,000,292 | -HS- | C] () -- C:\Documents and Settings\ABC\ntuser.ini

[2009-12-30 17:17:16 | 004,980,736 | -H-- | C] () -- C:\Documents and Settings\ABC\NTUSER.DAT

[2009-08-03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009-08-03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2009-08-03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2006-05-22 23:02:16 | 000,459,948 | -H-- | C] () -- C:\Documents and Settings\ABC\Dane aplikacji\logs.dat

[2003-04-08 12:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:05EE1EEF

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:2BE9FEFC

< End of report >

OTL Extras logfile created on: 2010-04-18 21:01:27 - Run 1

OTL by OldTimer - Version 3.2.1.2 Folder = C:\Documents and Settings\ABC\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 9,77 Gb Total Space | 2,09 Gb Free Space | 21,44% Space Free | Partition Type: NTFS

Drive D: | 27,52 Gb Total Space | 20,98 Gb Free Space | 76,22% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 465,76 Gb Total Space | 346,64 Gb Free Space | 74,42% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ABC-8D2A13DCB2F

Current User Name: ABC

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "D:\programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "D:\programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "D:\programy\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\programy\opera.exe" = C:\programy\opera.exe:*:Enabled:Opera Internet Browser -- File not found

"F:\Program Files\red faction\rf.exe" = F:\Program Files\red faction\rf.exe:*:Disabled:Red Faction -- File not found

"F:\Program Files\Cyanide\GameCenter\GameCenter.exe" = F:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- File not found

"C:\programy\utorrent\uTorrent.exe" = C:\programy\utorrent\uTorrent.exe:*:Enabled:?Torrent -- File not found

"C:\programy\opera\opera.exe" = C:\programy\opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found

"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found

"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- File not found

"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found

"F:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = F:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company? 2 -- File not found

"C:\WINDOWS\alg.exe" = C:\WINDOWS\alg.exe:*:Enabled:alg -- ()

"FC:\WINDOWS\err32.exe" = C:\WINDOWS\err32.exe:*:Enabled:ErrorReporting -- ()

"D:\programy\opera\opera.exe" = D:\programy\opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"F:\Program Files\Steam\Steam.exe" = F:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found

"F:\Program Files\Activision\Prototype\prototypef.exe" = F:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype -- (Activision)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{022F6097-A053-4B1B-BE50-3AADE4116B92}" = Opera 10.50

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools

"{306873F4-4417-441E-9620-4B0CB4ED7430}" = HDDlife Pro 3.1

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3CE06D54-72B1-44B2-AB60-E4277EC80EF4}" = Microsoft XML Parser

"{567C9882-843D-4188-A181-00E2CC3E1045}" = LG Burning Tools

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = LG CyberLink PowerDVD 7.0

"{6D305800-BB64-426C-BDBC-B799EE565C86}_is1" = Left4Dead 1.0

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1208.1

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007

"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype

"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver

"{A1E7E6C1-15B7-4398-89B2-8689777FBDAD}" = ESET Smart Security

"{AC76BA86-7AD7-1045-7B44-A90000000001}" = Adobe Reader 9 - Polish

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer

"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed? SHIFT

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ALLPlayer_is1" = ALLPlayer V4.X

"CCleaner" = CCleaner

"Codec_is1" = Codec 8.3a

"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up

"Euro Truck Simulator_is1" = Euro Truck Simulator

"Gadu-Gadu" = Gadu-Gadu 7.7

"HijackThis" = HijackThis 2.0.2

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools

"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype

"IrfanView" = IrfanView (remove only)

"L4DSP" = Left 4 Dead Standalone Patch

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"OpenAL" = OpenAL

"PunkBusterSvc" = PunkBuster Services

"RealAlt_is1" = Real Alternative 1.9.0

"SubEdit-Player_is1" = SubEdit-Player

"Winamp" = Winamp

"WinRAR archiver" = Archiwizator WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Detektor Winampa

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2010-03-06 15:07:54 | Computer Name = ABC-8D2A13DCB2F | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd allplayer.exe, wersja 3.7.6.5, moduł powodujący

błąd kernel32.dll, wersja 5.1.2600.5512, adres błędu 0x00012aeb.

Error - 2010-03-09 15:24:23 | Computer Name = ABC-8D2A13DCB2F | Source = SecurityCenter | ID = 1802

Description = Usługa Centrum zabezpieczeń systemu Windows nie może ustanowić kwerend

zdarzeń z WMI, aby monitorować zaporę i program antywirusowy innej firmy.

Error - 2010-03-13 06:58:27 | Computer Name = ABC-8D2A13DCB2F | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd start.exe, wersja 1.0.0.0, moduł powodujący

błąd quartz.dll, wersja 6.5.2600.5512, adres błędu 0x000172a3.

Error - 2010-03-14 06:20:20 | Computer Name = ABC-8D2A13DCB2F | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd legostarwarsii.exe, wersja 1.0.0.0, moduł

powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x101973e7.

Error - 2010-03-14 06:21:44 | Computer Name = ABC-8D2A13DCB2F | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd legostarwarsii.exe, wersja 1.0.0.0, moduł

powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x101973e7.

Error - 2010-03-14 06:22:46 | Computer Name = ABC-8D2A13DCB2F | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd legostarwarsii_win2k.exe, wersja 1.0.0.0,

moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x101973e7.

Error - 2010-03-14 06:23:36 | Computer Name = ABC-8D2A13DCB2F | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd legostarwarsii_win2k.exe, wersja 1.0.0.0,

moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x101973e7.

Error - 2010-03-14 06:26:41 | Computer Name = ABC-8D2A13DCB2F | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd legostarwarsii_win2k.exe, wersja 1.0.0.0,

moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x101973e7.

Error - 2010-03-14 06:43:22 | Computer Name = ABC-8D2A13DCB2F | Source = Application Error | ID = 1000

Description = Aplikacja powodująca błąd legostarwars.exe, wersja 0.0.0.0, moduł

powodujący błąd legostarwars.exe, wersja 0.0.0.0, adres błędu 0x00149f48.

Error - 2010-03-20 17:27:10 | Computer Name = ABC-8D2A13DCB2F | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca ALLPlayer.exe, wersja 3.7.6.5, moduł zawieszenia

hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

[ System Events ]

Error - 2010-04-18 05:53:46 | Computer Name = ABC-8D2A13DCB2F | Source = Dhcp | ID = 1000

Description = Komputer utracił połączenie dla swojego adresu IP 192.168.34.101 na

karcie sieciowej o adresie sieciowym 00A1B0011BFA.

Error - 2010-04-18 13:16:18 | Computer Name = ABC-8D2A13DCB2F | Source = Dhcp | ID = 1000

Description = Komputer utracił połączenie dla swojego adresu IP 192.168.34.101 na

karcie sieciowej o adresie sieciowym 00A1B0011BFA.

Error - 2010-04-18 13:16:20 | Computer Name = ABC-8D2A13DCB2F | Source = Service Control Manager | ID = 7009

Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się

z usługą HDDlife HDD Access service.

Error - 2010-04-18 13:16:20 | Computer Name = ABC-8D2A13DCB2F | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi HDDlife HDD Access service z powodu następującego

błędu: %%1053

Error - 2010-04-18 13:16:20 | Computer Name = ABC-8D2A13DCB2F | Source = Service Control Manager | ID = 7009

Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się

z usługą Eset Nod32 Boot.

Error - 2010-04-18 13:16:20 | Computer Name = ABC-8D2A13DCB2F | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Eset Nod32 Boot z powodu następującego

błędu: %%1053

Error - 2010-04-18 14:10:49 | Computer Name = ABC-8D2A13DCB2F | Source = Dhcp | ID = 1000

Description = Komputer utracił połączenie dla swojego adresu IP 192.168.34.101 na

karcie sieciowej o adresie sieciowym 00A1B0011BFA.

Error - 2010-04-18 14:10:49 | Computer Name = ABC-8D2A13DCB2F | Source = Service Control Manager | ID = 7009

Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się

z usługą Eset Nod32 Boot.

Error - 2010-04-18 14:10:49 | Computer Name = ABC-8D2A13DCB2F | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Eset Nod32 Boot z powodu następującego

błędu: %%1053

Error - 2010-04-18 14:19:28 | Computer Name = ABC-8D2A13DCB2F | Source = Dhcp | ID = 1000

Description = Komputer utracił połączenie dla swojego adresu IP 192.168.34.101 na

karcie sieciowej o adresie sieciowym 00A1B0011BFA.

< End of report >

MALWAREBYTES:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Wersja bazy: 3930

Windows 5.1.2600 Dodatek Service Pack 3

Internet Explorer 7.0.5730.13

2010-04-18 20:23:23

mbam-log-2010-04-18 (20-23-23).txt

Typ skanowania: Szybkie skanowanie

Przeskanowano obiektów: 97654

Upłynęło: 2 minut(y), 24 sekund(y)

Zainfekowanych procesów w pamięci: 1

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 2

Zainfekowanych wartości rejestru: 2

Zainfekowane informacje rejestru systemowego: 3

Zainfekowanych folderów: 1

Zainfekowanych plików: 7

Zainfekowanych procesów w pamięci:

C:\WINDOWS\alg.exe (Trojan.Agent) -> No action taken.

Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5jf-4fcb-11cf-aaa5-00401c6xx500} (Generic.Bot.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.

Zainfekowanych wartości rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows rpc service (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.

Zainfekowane informacje rejestru systemowego:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Zainfekowanych folderów:

C:\WINDOWS\system32\Winbooterr (Trojan.Backdoor) -> No action taken.

Zainfekowanych plików:

C:\copy.exe (Worm.Perlovga) -> No action taken.

C:\WINDOWS\system32\temp1.exe (Trojan.Downloader) -> No action taken.

C:\Documents and Settings\ABC\Dane aplikacji\logs.dat (Bifrose.Trace) -> No action taken.

C:\Documents and Settings\ABC\Ustawienia lokalne\Temp\UuU.uUu (Malware.Trace) -> No action taken.

C:\Documents and Settings\ABC\Ustawienia lokalne\Temp\XxX.xXx (Malware.Trace) -> No action taken.

C:\WINDOWS\alg.exe (Trojan.Agent) -> No action taken.

C:\WINDOWS\HOSTS (Trojan.Agent) -> No action taken.

Link do komentarza
Udostępnij na innych stronach

Wykonaj pełne skanowanie Malwarebytes' Anti-Malware, niech ponaprawia to, co znajdzie. Następnie wklej loga, który zostanie wygenerowany po skanowaniu.

Uruchom OTL, w Custom Scans/Fixes w OTL wklej to co poniżej:

:Processes
killallprocesses

:Files
C:\autorun.inf
D:\autorun.inf

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]

i kliknij run fix. Wrzuć na forum log z tej operacji. Następnie wrzuć nowe logi z OTL wygenerowane w ten sam sposób, co poprzednio.

Jeśli powyższe zabiegi nie przyniosą porządanego efektu, to być może będzie jeszcze trzeba naprawić parę wpisów w rejestrze. Otwórz notatnik, wklej do niego to co poniżej:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Folder\shell]

[HKEY_CLASSES_ROOT\Folder\shell\explore]
"BrowserFlags"=dword:00000022
"ExplorerFlags"=dword:00000021

[HKEY_CLASSES_ROOT\Folder\shell\explore\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
  65,00,20,00,2f,00,65,00,2c,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,\
  00,25,00,49,00,2c,00,25,00,4c,00,00,00

[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec]
@="[ExploreFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\application]
@="Folders"

[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\ifexec]
@="[]"

[HKEY_CLASSES_ROOT\Folder\shell\explore\ddeexec\topic]
@="AppProperties"

[HKEY_CLASSES_ROOT\Folder\shell\open]
"BrowserFlags"=dword:00000010
"ExplorerFlags"=dword:00000012

[HKEY_CLASSES_ROOT\Folder\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
  65,00,20,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,00,25,00,49,00,2c,\
  00,25,00,4c,00,00,00

[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec]
@="[ViewFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec\application]
@="Folders"

[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec\ifexec]
@="[]"

[HKEY_CLASSES_ROOT\Folder\shell\open\ddeexec\topic]
@="AppProperties"

[-HKEY_CLASSES_ROOT\Directory\shell\explore]

[-HKEY_CLASSES_ROOT\Directory\shell\open]

[-HKEY_CLASSES_ROOT\Drive\shell\open]

[HKEY_CLASSES_ROOT\Drive\shell]
@="none"

[HKEY_CLASSES_ROOT\Directory\shell]
@="none"

[HKEY_CLASSES_ROOT\Folder\shell]
@=-

zapisz to jako fix.reg i uruchom.

Przeskanuj też kompa za pomocą programu SUPERAntiSpyware Free. Skanowanie należy przeprowadzić w trybie awaryjnym.

Na koniec uaktualnij Internet Explorer do najnowszej wersji (nawet jeśli nie używasz tej przeglądarki).

Link do komentarza
Udostępnij na innych stronach

Przepraszam bardzo za nieobecnosc i brak odpowiedź. Ale niestety niemogłem odpisać. Co do dysku to D się odblokował a C nadal jest tak samo. Lecz zdecydowałem się na wymianę na coś nowszego bo obecny ma zaledwie 40 gb i jest juz w opłakanym stanie. I jesli mugłbym proscić o jakieś propozycję dobrego dysku w cenie do ok 200zł. Byłbym bardzo wdzięczny.

Link do komentarza
Udostępnij na innych stronach

Przepraszam bardzo za nieobecnosc i brak odpowiedź. Ale niestety niemogłem odpisać. Co do dysku to D się odblokował a C nadal jest tak samo.

Nowy log z OTL wygenerowany w ten sam sposób, jak ostatnio poproszę.

Link do komentarza
Udostępnij na innych stronach

Tu nie musi chodzić o sam plik autorun.inf, ale również o dodatkowe rzeczy w rejestrze, dlatego wolę zobaczyć co jest w logach. Zwłaszcza, że teoretycznie po wykonaniu wcześniejszych skryptów wszystko powinno działać.

Link do komentarza
Udostępnij na innych stronach



  • Kto przegląda   0 użytkowników

    • Brak zalogowanych użytkowników przeglądających tę stronę.
×
×
  • Utwórz nowe...