komputerowiec_16 utworzono 21 marca 2010 utworzono 21 marca 2010 Witam. Mam taki problem, ze za kazdym razem kiedy chce wejsc na dysk musze go otwierac za pomoca "Eskploruj". Oto logi z OTL: [log]OTL logfile created on: 2010-03-21 13:42:48 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Sebek MAster\Moje dokumenty\Pobieranie Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 655,00 Mb Available Physical Memory | 64,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9,77 Gb Total Space | 0,94 Gb Free Space | 9,62% Space Free | Partition Type: NTFS Drive D: | 46,15 Gb Total Space | 11,69 Gb Free Space | 25,33% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 4,88 Gb Total Space | 0,19 Gb Free Space | 3,98% Space Free | Partition Type: NTFS Drive G: | 23,73 Gb Total Space | 2,68 Gb Free Space | 11,29% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STAJNIA-BA51CD2 Current User Name: Sebek MAster Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-03-21 13:42:35 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebek MAster\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-01-16 04:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-10-25 09:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EXPLORER.EXE PRC - [2006-01-02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2003-08-28 09:45:38 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-03-21 13:42:35 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebek MAster\Moje dokumenty\Pobieranie\OTL.exe MOD - [2010-03-21 13:23:03 | 000,105,984 | RHS- | M] () -- C:\WINDOWS\system32\nmdfgds0.dll MOD - [2003-08-28 09:45:56 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL [color=#E56717]========== Win32 Services (SafeList) ==========[/color] [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-03-27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132) DRV - [2008-04-14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006-05-03 17:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003-10-15 02:53:20 | 000,186,100 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k) DRV - [2003-09-19 02:47:22 | 000,496,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2003-08-28 09:24:36 | 000,145,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia) DRV - [2003-08-28 09:24:24 | 000,136,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k) DRV - [2003-08-28 09:24:08 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k) DRV - [2003-08-28 09:24:06 | 000,113,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003-08-28 09:22:20 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k) DRV - [2003-08-28 09:22:04 | 000,823,456 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2003-03-05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT) DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 21:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-07 08:45:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-13 16:44:18 | 000,000,000 | ---D | M] [2010-02-13 16:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\Mozilla\Extensions [2010-03-20 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\Mozilla\Firefox\Profiles\ff3xq2cw.default\extensions [2010-02-13 16:48:23 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\Mozilla\Firefox\Profiles\ff3xq2cw.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} [2010-03-20 21:35:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-02-13 20:46:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2008-04-15 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe () O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe () O4 - HKCU..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O4 - HKCU..\Run: [wsctf.exe] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-02-13 16:25:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-03-21 13:42:47 | 000,000,055 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-03-21 13:42:47 | 000,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-02-21 21:31:51 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-03-21 13:42:47 | 000,000,055 | RHS- | M] () - F:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-03-21 13:42:47 | 000,000,055 | RHS- | M] () - G:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{0f120cf0-1983-11df-b10d-00e04c8a91ec}\Shell\AutoRun\command - "" = G:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{0f120cf0-1983-11df-b10d-00e04c8a91ec}\Shell\open\Command - "" = G:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{28397e90-2392-11df-9cd0-00e04c8a91ec}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{28397e90-2392-11df-9cd0-00e04c8a91ec}\Shell\explore\Command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{28397e90-2392-11df-9cd0-00e04c8a91ec}\Shell\open\Command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{3043d001-286b-11df-a824-806d6172696f}\Shell\AutoRun\command - "" = F:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{3043d001-286b-11df-a824-806d6172696f}\Shell\open\Command - "" = F:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{341d6440-1f20-11df-992c-00e04c8a91ec}\Shell\AutoRun\command - "" = G:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{341d6440-1f20-11df-992c-00e04c8a91ec}\Shell\open\Command - "" = G:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{c112faa3-18b9-11df-900a-806d6172696f}\Shell\AutoRun\command - "" = C:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{c112faa3-18b9-11df-900a-806d6172696f}\Shell\open\Command - "" = C:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{c112faa4-18b9-11df-900a-806d6172696f}\Shell\AutoRun\command - "" = D:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{c112faa4-18b9-11df-900a-806d6172696f}\Shell\open\Command - "" = D:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{f8fb3061-1f25-11df-992d-00e04c8a91ec}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{f8fb3061-1f25-11df-992d-00e04c8a91ec}\Shell\explore\Command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{f8fb3061-1f25-11df-992d-00e04c8a91ec}\Shell\open\Command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\E\Shell\AutoRun\command - "" = 2nuk.com O33 - MountPoints2\E\Shell\open\Command - "" = 2nuk.com O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\F\Shell\open\Command - "" = F:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-03-13 08:29:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010-03-07 14:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Pulpit\Zipera-Druga_Strona_Medalu-PL-2004-A4O [2010-03-03 20:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-03-03 20:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\AudioCommander [2010-03-03 20:51:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C} [2010-03-03 20:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity [2010-03-03 20:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\Identities [2010-03-01 18:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Pulpit\Energy2000---Active-Friday-Night-11.12.2009--www.djraven.pl- [2010-02-28 13:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Pulpit\VMCPSWoWCheat20 [2010-02-27 16:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard [2010-02-27 15:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\WinRAR [2010-02-27 10:20:47 | 000,012,672 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys [2010-02-27 10:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2010-02-26 22:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\Temp [2010-02-21 21:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\DeepBurner [2010-02-21 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Astonsoft [2010-02-21 20:52:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.sys [2010-02-21 20:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Moje dokumenty\PcSetup [2010-02-21 20:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\Vso [2010-02-21 20:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DVDXStudio [2010-02-21 20:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\CloneDVD5 [2010-02-21 20:35:54 | 000,036,864 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\EXPLORER.EXE [2010-02-16 22:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google [2010-02-16 21:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2010-02-13 16:35:20 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [2010-02-13 16:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-13 16:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-13 16:25:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-02-13 16:25:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-03-21 13:44:02 | 000,000,055 | RHS- | M] () -- C:\autorun.inf [2010-03-21 13:23:03 | 000,105,984 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll [2010-03-21 13:22:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-03-21 13:22:24 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-03-21 13:22:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-21 13:22:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-03-21 13:22:13 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys [2010-03-21 13:20:23 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000009-00001102-00000002-100A1102}.rfx [2010-03-21 13:20:23 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000009-00001102-00000002-100A1102}.rfx [2010-03-21 13:20:23 | 000,016,808 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000009-00001102-00000002-100A1102}.rfx [2010-03-21 13:20:23 | 000,016,808 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000009-00001102-00000002-100A1102}.rfx [2010-03-21 13:20:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010-03-21 13:20:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010-03-21 13:20:23 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-100A1102}.dat [2010-03-21 13:20:23 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000009-00001102-00000002-100A1102}.dat [2010-03-21 13:20:17 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Sebek MAster\NTUSER.DAT [2010-03-21 13:20:17 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Sebek MAster\ntuser.ini [2010-03-21 13:20:05 | 003,377,348 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-00000009-00001102-00000002-100A1102}.CDF [2010-03-21 13:20:05 | 003,377,348 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-00000009-00001102-00000002-100A1102}.BAK [2010-03-21 12:21:00 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-03-18 16:17:36 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2010-03-14 20:29:25 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Moje dokumenty\polak(średniowiecze).doc [2010-03-14 12:16:16 | 000,085,385 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268411138_by_Maslo69_500.jpg [2010-03-14 12:12:38 | 000,079,697 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\76067f2606.jpeg [2010-03-09 22:49:02 | 000,236,012 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268167543_by_KprezS_500.jpg [2010-03-09 22:26:33 | 000,031,008 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268168214_by_MarioLena_500.jpg [2010-03-09 22:15:10 | 000,060,432 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268168531_by_wodoglowie_500.jpg [2010-03-07 14:13:05 | 000,022,067 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\HG.jpg [2010-03-07 13:46:38 | 000,038,277 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\Druga-strona-medalu_Zipera,images_big,11,5988572.jpg [2010-03-07 13:44:25 | 000,033,154 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1168208563812.jpg [2010-03-07 13:43:54 | 000,003,540 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\imgres.htm [2010-03-06 08:05:02 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-06 08:04:14 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Medal of Honor Allied Assault.lnk [2010-03-03 20:51:15 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AudioCommander.lnk [2010-03-03 17:30:37 | 005,329,276 | -H-- | M] () -- C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-27 16:17:25 | 000,000,415 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\Skrót do Wow.lnk [2010-02-27 10:20:47 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CPUID CPU-Z.lnk [2010-02-25 15:59:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-02-23 19:43:24 | 001,289,997 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\wwo - sen.mp3 [2010-02-21 21:00:10 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\DeepBurner.lnk [2010-02-21 20:55:27 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\systeminfo3.dll [2010-02-21 20:52:22 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\inst.exe [2010-02-21 20:52:22 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.sys [2010-02-21 20:52:22 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.cat [2010-02-21 20:52:22 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.inf [2010-02-21 20:52:21 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\CloneDVD5.lnk [2010-02-21 20:35:55 | 000,105,984 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds1.dll [2010-02-21 20:32:20 | 003,941,739 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\pono - pierdole to.mp3 [2010-02-20 14:30:02 | 004,078,861 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\zipera - patriota.mp3 [2010-02-20 10:41:22 | 003,263,841 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\robert m feat nicco - dance hall track ( radio edit ).mp3 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-03-14 20:29:23 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Moje dokumenty\polak(średniowiecze).doc [2010-03-14 12:16:12 | 000,085,385 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268411138_by_Maslo69_500.jpg [2010-03-14 12:12:38 | 000,079,697 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\76067f2606.jpeg [2010-03-09 22:49:01 | 000,236,012 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268167543_by_KprezS_500.jpg [2010-03-09 22:26:30 | 000,031,008 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268168214_by_MarioLena_500.jpg [2010-03-09 22:15:08 | 000,060,432 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268168531_by_wodoglowie_500.jpg [2010-03-07 14:13:05 | 000,022,067 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\HG.jpg [2010-03-07 13:46:37 | 000,038,277 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\Druga-strona-medalu_Zipera,images_big,11,5988572.jpg [2010-03-07 13:44:25 | 000,033,154 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1168208563812.jpg [2010-03-07 13:43:53 | 000,003,540 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\imgres.htm [2010-03-06 08:04:14 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Medal of Honor Allied Assault.lnk [2010-03-03 20:51:15 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AudioCommander.lnk [2010-03-03 15:27:43 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-27 10:20:47 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CPUID CPU-Z.lnk [2010-02-21 21:15:17 | 001,289,997 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\wwo - sen.mp3 [2010-02-21 21:00:10 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\DeepBurner.lnk [2010-02-21 20:55:27 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll [2010-02-21 20:52:26 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.log [2010-02-21 20:52:22 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\inst.exe [2010-02-21 20:52:22 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.cat [2010-02-21 20:52:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.inf [2010-02-21 20:52:21 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\CloneDVD5.lnk [2010-02-21 20:35:55 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll [2010-02-21 17:20:19 | 003,941,739 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\pono - pierdole to.mp3 [2010-02-20 10:24:35 | 003,263,841 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\robert m feat nicco - dance hall track ( radio edit ).mp3 [2010-02-19 20:12:55 | 004,078,861 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\zipera - patriota.mp3 [2010-02-13 17:06:37 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-02-13 17:02:03 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-02-13 17:02:02 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-02-13 16:36:11 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2010-02-13 16:35:34 | 000,035,972 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini [2010-02-13 16:35:34 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2010-02-13 16:35:26 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [2010-02-13 16:35:26 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2010-02-13 16:35:07 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2010-02-13 16:31:50 | 000,105,984 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll [2008-08-28 12:19:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\IsDRM.dll [2008-08-28 12:16:00 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AudioConverter.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6900017D < End of report > [/log]
Psycholandia komentarz 21 marca 2010 komentarz 21 marca 2010 W okienko OTL wklej poniższy skrypt i klik na Run Fix: [quote]:Processes explorer.exe :OTL O4 - HKCU..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O4 - HKCU..\Run: [wsctf.exe] File not found O4 - HKCU..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O32 - AutoRun File - [2010-03-21 13:42:47 | 000,000,055 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-03-21 13:42:47 | 000,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-02-21 21:31:51 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-03-21 13:42:47 | 000,000,055 | RHS- | M] () - F:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-03-21 13:42:47 | 000,000,055 | RHS- | M] () - G:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{0f120cf0-1983-11df-b10d-00e04c8a91ec}\Shell\AutoRun\command - "" = G:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{0f120cf0-1983-11df-b10d-00e04c8a91ec}\Shell\open\Command - "" = G:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{28397e90-2392-11df-9cd0-00e04c8a91ec}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{28397e90-2392-11df-9cd0-00e04c8a91ec}\Shell\explore\Command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{28397e90-2392-11df-9cd0-00e04c8a91ec}\Shell\open\Command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{3043d001-286b-11df-a824-806d6172696f}\Shell\AutoRun\command - "" = F:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{3043d001-286b-11df-a824-806d6172696f}\Shell\open\Command - "" = F:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{341d6440-1f20-11df-992c-00e04c8a91ec}\Shell\AutoRun\command - "" = G:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{341d6440-1f20-11df-992c-00e04c8a91ec}\Shell\open\Command - "" = G:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{c112faa3-18b9-11df-900a-806d6172696f}\Shell\AutoRun\command - "" = C:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{c112faa3-18b9-11df-900a-806d6172696f}\Shell\open\Command - "" = C:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{c112faa4-18b9-11df-900a-806d6172696f}\Shell\AutoRun\command - "" = D:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{c112faa4-18b9-11df-900a-806d6172696f}\Shell\open\Command - "" = D:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\{f8fb3061-1f25-11df-992d-00e04c8a91ec}\Shell\AutoRun\command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{f8fb3061-1f25-11df-992d-00e04c8a91ec}\Shell\explore\Command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\{f8fb3061-1f25-11df-992d-00e04c8a91ec}\Shell\open\Command - "" = F:\EXPLORER.EXE -- File not found O33 - MountPoints2\E\Shell\AutoRun\command - "" = 2nuk.com O33 - MountPoints2\E\Shell\open\Command - "" = 2nuk.com O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () O33 - MountPoints2\F\Shell\open\Command - "" = F:\2nuk.com -- [2009-06-29 19:26:30 | 000,108,386 | RHS- | M] () :Files C:\WINDOWS\system32\EXPLORER.EXE C:\WINDOWS\system32\nmdfgds0.dll C:\WINDOWS\system32\olhrwef.exe C:\autorun.inf D:\autorun.inf F:\autorun.inf G:\autorun.inf C:\WINDOWS\System32\nmdfgds1.dll :Commands [emptytemp] [start explorer] [Reboot][/quote] Otwórz notatnik tekstowy i wklej do niego poniższy tekst: [code]Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [/code] Zapisz jako->Wybierz [b]Wszystkie pliki[/b]->wpisz [b]Fix.reg[/b]->Następnie kliknij na zapisany plik i uruchom komputer ponownie. Pokazujesz nowego loga + powstałego po usuwaniu.
komputerowiec_16 komentarz 21 marca 2010 Autor komentarz 21 marca 2010 Log po wykonaniu operacji w OTL: [log]All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EXPLORER.EXE deleted successfully. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully. C:\WINDOWS\system32\olhrwef.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:Explorer.exe deleted successfully. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:EXPLORER.EXE deleted successfully. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. C:\autorun.inf moved successfully. D:\autorun.inf moved successfully. File F:\AUTOEXEC.BAT not found. File F:\autorun.inf not found. File G:\autorun.inf not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f120cf0-1983-11df-b10d-00e04c8a91ec}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f120cf0-1983-11df-b10d-00e04c8a91ec}\ not found. File G:\2nuk.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f120cf0-1983-11df-b10d-00e04c8a91ec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f120cf0-1983-11df-b10d-00e04c8a91ec}\ not found. File G:\2nuk.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28397e90-2392-11df-9cd0-00e04c8a91ec}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28397e90-2392-11df-9cd0-00e04c8a91ec}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28397e90-2392-11df-9cd0-00e04c8a91ec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28397e90-2392-11df-9cd0-00e04c8a91ec}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28397e90-2392-11df-9cd0-00e04c8a91ec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28397e90-2392-11df-9cd0-00e04c8a91ec}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3043d001-286b-11df-a824-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3043d001-286b-11df-a824-806d6172696f}\ not found. File F:\2nuk.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3043d001-286b-11df-a824-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3043d001-286b-11df-a824-806d6172696f}\ not found. File F:\2nuk.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{341d6440-1f20-11df-992c-00e04c8a91ec}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{341d6440-1f20-11df-992c-00e04c8a91ec}\ not found. File G:\2nuk.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{341d6440-1f20-11df-992c-00e04c8a91ec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{341d6440-1f20-11df-992c-00e04c8a91ec}\ not found. File G:\2nuk.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c112faa3-18b9-11df-900a-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c112faa3-18b9-11df-900a-806d6172696f}\ not found. C:\2nuk.com moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c112faa3-18b9-11df-900a-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c112faa3-18b9-11df-900a-806d6172696f}\ not found. File C:\2nuk.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c112faa4-18b9-11df-900a-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c112faa4-18b9-11df-900a-806d6172696f}\ not found. D:\2nuk.com moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c112faa4-18b9-11df-900a-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c112faa4-18b9-11df-900a-806d6172696f}\ not found. File D:\2nuk.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8fb3061-1f25-11df-992d-00e04c8a91ec}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8fb3061-1f25-11df-992d-00e04c8a91ec}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8fb3061-1f25-11df-992d-00e04c8a91ec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8fb3061-1f25-11df-992d-00e04c8a91ec}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8fb3061-1f25-11df-992d-00e04c8a91ec}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8fb3061-1f25-11df-992d-00e04c8a91ec}\ not found. File F:\EXPLORER.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully. File 2nuk.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. File 2nuk.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. File F:\2nuk.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\2nuk.com not found. ========== FILES ========== Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. C:\WINDOWS\system32\nmdfgds0.dll moved successfully. File\Folder C:\WINDOWS\system32\olhrwef.exe not found. File\Folder C:\autorun.inf not found. File\Folder D:\autorun.inf not found. File\Folder F:\autorun.inf not found. File\Folder G:\autorun.inf not found. C:\WINDOWS\System32\nmdfgds1.dll moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: Sebek MAster ->Temp folder emptied: 326311322 bytes ->Temporary Internet Files folder emptied: 13222585 bytes ->FireFox cache emptied: 81090599 bytes ->Opera cache emptied: 32307356 bytes ->Flash cache emptied: 17919 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2352022 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2480792 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 437,00 mb OTL by OldTimer - Version 3.1.37.3 log created on 03212010_143540 Files\Folders moved on Reboot... Registry entries deleted on Reboot... [/log] I log z OTL po ponownym uruchomienia kompa: [log]OTL logfile created on: 2010-03-21 14:41:47 - Run 2 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Sebek MAster\Moje dokumenty\Pobieranie Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1 023,00 Mb Total Physical Memory | 650,00 Mb Available Physical Memory | 63,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9,77 Gb Total Space | 1,28 Gb Free Space | 13,06% Space Free | Partition Type: NTFS Drive D: | 46,15 Gb Total Space | 11,69 Gb Free Space | 25,33% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STAJNIA-BA51CD2 Current User Name: Sebek MAster Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-03-21 13:42:35 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebek MAster\Moje dokumenty\Pobieranie\OTL.exe PRC - [2010-01-16 04:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-01-02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe PRC - [2003-08-28 09:45:38 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-03-21 13:42:35 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sebek MAster\Moje dokumenty\Pobieranie\OTL.exe MOD - [2003-08-28 09:45:56 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL [color=#E56717]========== Win32 Services (SafeList) ==========[/color] [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-03-27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132) DRV - [2008-04-14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2006-05-03 17:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003-10-15 02:53:20 | 000,186,100 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAC32K.SYS -- (ctac32k) DRV - [2003-09-19 02:47:22 | 000,496,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2003-08-28 09:24:36 | 000,145,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMUPIA2K.SYS -- (emupia) DRV - [2003-08-28 09:24:24 | 000,136,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k) DRV - [2003-08-28 09:24:08 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTPRXY2K.SYS -- (ctprxy2k) DRV - [2003-08-28 09:24:06 | 000,113,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2003-08-28 09:22:20 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HAP16V2K.SYS -- (hap16v2k) DRV - [2003-08-28 09:22:04 | 000,823,456 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2003-03-05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT) DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) DRV - [2001-08-17 21:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-07 08:45:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-13 16:44:18 | 000,000,000 | ---D | M] [2010-02-13 16:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\Mozilla\Extensions [2010-03-20 21:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\Mozilla\Firefox\Profiles\ff3xq2cw.default\extensions [2010-02-13 16:48:23 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\Mozilla\Firefox\Profiles\ff3xq2cw.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} [2010-03-20 21:35:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-02-13 20:46:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2008-04-15 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe () O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz za pomocą BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll (BitComet) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-02-13 16:25:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-03-21 14:35:40 | 000,000,000 | ---D | C] -- C:\_OTL [2010-03-13 08:29:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010-03-07 14:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Pulpit\Zipera-Druga_Strona_Medalu-PL-2004-A4O [2010-03-03 20:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2010-03-03 20:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\AudioCommander [2010-03-03 20:51:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C} [2010-03-03 20:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity [2010-03-03 20:03:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\Identities [2010-03-01 18:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Pulpit\Energy2000---Active-Friday-Night-11.12.2009--www.djraven.pl- [2010-02-28 13:15:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Pulpit\VMCPSWoWCheat20 [2010-02-27 16:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard [2010-02-27 15:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\WinRAR [2010-02-27 10:20:47 | 000,012,672 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys [2010-02-27 10:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2010-02-26 22:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\Temp [2010-02-21 21:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\DeepBurner [2010-02-21 21:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Astonsoft [2010-02-21 20:52:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.sys [2010-02-21 20:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Moje dokumenty\PcSetup [2010-02-21 20:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\Vso [2010-02-21 20:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\DVDXStudio [2010-02-21 20:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\CloneDVD5 [2010-02-21 20:35:54 | 000,036,864 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\EXPLORER.EXE [2010-02-16 22:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google [2010-02-16 21:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google [2010-02-13 16:35:20 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [2010-02-13 16:29:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2010-02-13 16:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-02-13 16:29:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-02-13 16:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-03-21 14:40:09 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-03-21 14:40:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-21 14:40:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-03-21 14:40:01 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys [2010-03-21 14:39:35 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000009-00001102-00000002-100A1102}.rfx [2010-03-21 14:39:35 | 000,024,144 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000009-00001102-00000002-100A1102}.rfx [2010-03-21 14:39:35 | 000,016,808 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000009-00001102-00000002-100A1102}.rfx [2010-03-21 14:39:35 | 000,016,808 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000009-00001102-00000002-100A1102}.rfx [2010-03-21 14:39:35 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010-03-21 14:39:35 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010-03-21 14:39:35 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-100A1102}.dat [2010-03-21 14:39:35 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000009-00001102-00000002-100A1102}.dat [2010-03-21 14:39:32 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Sebek MAster\NTUSER.DAT [2010-03-21 14:39:32 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Sebek MAster\ntuser.ini [2010-03-21 14:39:25 | 003,377,348 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-00000009-00001102-00000002-100A1102}.CDF [2010-03-21 14:39:25 | 003,377,348 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-00000009-00001102-00000002-100A1102}.BAK [2010-03-21 14:38:55 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\Fix.reg [2010-03-21 14:29:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-03-21 14:21:03 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-03-18 16:17:36 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk [2010-03-14 20:29:25 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Moje dokumenty\polak(średniowiecze).doc [2010-03-14 12:16:16 | 000,085,385 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268411138_by_Maslo69_500.jpg [2010-03-14 12:12:38 | 000,079,697 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\76067f2606.jpeg [2010-03-09 22:49:02 | 000,236,012 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268167543_by_KprezS_500.jpg [2010-03-09 22:26:33 | 000,031,008 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268168214_by_MarioLena_500.jpg [2010-03-09 22:15:10 | 000,060,432 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268168531_by_wodoglowie_500.jpg [2010-03-07 14:13:05 | 000,022,067 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\HG.jpg [2010-03-07 13:46:38 | 000,038,277 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\Druga-strona-medalu_Zipera,images_big,11,5988572.jpg [2010-03-07 13:44:25 | 000,033,154 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1168208563812.jpg [2010-03-07 13:43:54 | 000,003,540 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\imgres.htm [2010-03-06 08:05:02 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-03-06 08:04:14 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Medal of Honor Allied Assault.lnk [2010-03-03 20:51:15 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\AudioCommander.lnk [2010-03-03 17:30:37 | 005,329,276 | -H-- | M] () -- C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-27 16:17:25 | 000,000,415 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\Skrót do Wow.lnk [2010-02-27 10:20:47 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\CPUID CPU-Z.lnk [2010-02-25 15:59:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010-02-23 19:43:24 | 001,289,997 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\wwo - sen.mp3 [2010-02-21 21:00:10 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\DeepBurner.lnk [2010-02-21 20:55:27 | 000,000,014 | ---- | M] () -- C:\WINDOWS\System32\systeminfo3.dll [2010-02-21 20:52:22 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\inst.exe [2010-02-21 20:52:22 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.sys [2010-02-21 20:52:22 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.cat [2010-02-21 20:52:22 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.inf [2010-02-21 20:52:21 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\CloneDVD5.lnk [2010-02-21 20:32:20 | 003,941,739 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\pono - pierdole to.mp3 [2010-02-20 14:30:02 | 004,078,861 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\zipera - patriota.mp3 [2010-02-20 10:41:22 | 003,263,841 | ---- | M] () -- C:\Documents and Settings\Sebek MAster\Pulpit\robert m feat nicco - dance hall track ( radio edit ).mp3 [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-03-21 14:38:54 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\Fix.reg [2010-03-14 20:29:23 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Moje dokumenty\polak(średniowiecze).doc [2010-03-14 12:16:12 | 000,085,385 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268411138_by_Maslo69_500.jpg [2010-03-14 12:12:38 | 000,079,697 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\76067f2606.jpeg [2010-03-09 22:49:01 | 000,236,012 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268167543_by_KprezS_500.jpg [2010-03-09 22:26:30 | 000,031,008 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268168214_by_MarioLena_500.jpg [2010-03-09 22:15:08 | 000,060,432 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1268168531_by_wodoglowie_500.jpg [2010-03-07 14:13:05 | 000,022,067 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\HG.jpg [2010-03-07 13:46:37 | 000,038,277 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\Druga-strona-medalu_Zipera,images_big,11,5988572.jpg [2010-03-07 13:44:25 | 000,033,154 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\1168208563812.jpg [2010-03-07 13:43:53 | 000,003,540 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\imgres.htm [2010-03-06 08:04:14 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Medal of Honor Allied Assault.lnk [2010-03-03 20:51:15 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\AudioCommander.lnk [2010-03-03 15:27:43 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-02-27 10:20:47 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\CPUID CPU-Z.lnk [2010-02-21 21:15:17 | 001,289,997 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\wwo - sen.mp3 [2010-02-21 21:00:10 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\DeepBurner.lnk [2010-02-21 20:55:27 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll [2010-02-21 20:52:26 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.log [2010-02-21 20:52:22 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\inst.exe [2010-02-21 20:52:22 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.cat [2010-02-21 20:52:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Dane aplikacji\pcouffin.inf [2010-02-21 20:52:21 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\CloneDVD5.lnk [2010-02-21 17:20:19 | 003,941,739 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\pono - pierdole to.mp3 [2010-02-20 10:24:35 | 003,263,841 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\robert m feat nicco - dance hall track ( radio edit ).mp3 [2010-02-19 20:12:55 | 004,078,861 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Pulpit\zipera - patriota.mp3 [2010-02-13 17:06:37 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-02-13 17:02:03 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-02-13 17:02:02 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-02-13 16:36:11 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2010-02-13 16:35:34 | 000,035,972 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini [2010-02-13 16:35:34 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2010-02-13 16:35:26 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI [2010-02-13 16:35:26 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2010-02-13 16:35:07 | 000,000,307 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2008-08-28 12:19:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\IsDRM.dll [2008-08-28 12:16:00 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AudioConverter.dll [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:6900017D < End of report > [/log]
Psycholandia komentarz 21 marca 2010 komentarz 21 marca 2010 Wykonaj skan Combofixem: http://www.forumpc.pl/index.php?showtopic=153621 i daj loga.
komputerowiec_16 komentarz 25 marca 2010 Autor komentarz 25 marca 2010 [log]ComboFix 10-03-24.03 - Sebek MAster 2010-03-25 18:48:30.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1023.734 [GMT 1:00] Uruchomiony z: c:\documents and settings\Sebek MAster\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Sebek MAster\Dane aplikacji\inst.exe c:\windows\system32\EXPLORER.EXE c:\windows\system32\ieuinit.inf c:\windows\system32\systeminfo3.dll . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AVPsys ((((((((((((((((((((((((( Pliki utworzone od 2010-02-25 do 2010-03-25 ))))))))))))))))))))))))))))))) . 2010-03-22 19:12 . 2010-03-22 19:13 -------- d-----w- c:\program files\MP3 Cutter 2010-03-21 13:35 . 2010-03-21 13:35 -------- d-----w- C:\_OTL 2010-03-13 07:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-03-03 19:52 . 2010-03-03 19:54 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP 2010-03-03 19:51 . 2009-02-26 21:03 2539176 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}\setup_ac.exe 2010-03-03 19:51 . 2010-03-03 19:52 -------- d-----w- c:\program files\AudioCommander 2010-03-03 19:51 . 2010-03-03 19:51 -------- dc-h--w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C} 2010-03-03 19:50 . 2009-01-31 14:30 310784 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}\OFFLINE\1B709323\AF8C2D79\AudioGenie2.dll 2010-03-03 19:50 . 2008-08-28 11:34 24576 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}\OFFLINE\1EB8D3D\5D8C36FC\AffCreatorDLL.dll 2010-03-03 19:50 . 2008-08-28 11:19 32768 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}\OFFLINE\ACF70AF1\387EEA1E\IsDRM.dll 2010-03-03 19:50 . 2008-08-28 11:19 32768 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}\OFFLINE\23A27872\387EEA1E\IsDRM.dll 2010-03-03 19:50 . 2008-08-28 11:16 544768 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}\OFFLINE\A08C3EFF\4779A637\AudioConverter.dll 2010-03-03 19:50 . 2008-08-28 11:15 86016 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}\OFFLINE\A6B62C87\F62D5284\ExControl.dll 2010-03-03 19:50 . 2008-08-28 11:15 86016 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}\OFFLINE\6E5E09DF\F62D5284\ExControl.dll 2010-03-03 19:50 . 2009-02-26 21:02 860160 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}\OFFLINE\C0FE1718\F2AF3283\AudioCommander.exe 2010-03-03 19:50 . 2008-12-13 05:23 1403904 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}\OFFLINE\C283212E\32F7A4D1\AdjMmsEng.dll 2010-03-03 19:50 . 2005-11-05 23:34 145408 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}\OFFLINE\46DCAF14\431AE4FA\Lame.exe 2010-03-03 19:50 . 2005-05-17 20:37 76800 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}\OFFLINE\1F3C49AE\8FD17A8B\Faac.exe 2010-03-03 19:50 . 2002-07-19 16:48 157696 -c--a-w- c:\documents and settings\All Users\Dane aplikacji\{402F10B9-711E-4EF4-BC0E-AFE669ACC04C}\OFFLINE\63E85F6B\431AE4FA\OggEnc.exe 2010-03-03 19:47 . 2010-03-03 19:47 -------- d-----w- c:\program files\Audacity 2010-03-03 19:03 . 2010-03-03 19:03 -------- d-----w- c:\documents and settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\Identities 2010-02-27 15:04 . 2010-02-27 15:04 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Blizzard 2010-02-27 09:20 . 2010-02-27 09:20 -------- d-----w- c:\program files\CPUID 2010-02-27 09:20 . 2009-03-27 00:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys 2010-02-26 21:11 . 2010-03-25 17:22 -------- d-----w- c:\documents and settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\Temp . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-25 17:52 . 2010-02-13 16:30 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-00000009-00001102-00000002-100A1102}.dat 2010-03-25 17:52 . 2010-02-13 16:30 288 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-00000009-00001102-00000002-100A1102}.dat 2010-03-24 19:08 . 2010-02-13 19:47 -------- d-----w- c:\documents and settings\Sebek MAster\Dane aplikacji\Skype 2010-03-24 18:17 . 2010-02-13 19:49 -------- d-----w- c:\documents and settings\Sebek MAster\Dane aplikacji\skypePM 2010-03-14 19:29 . 2010-02-13 15:59 -------- d-----w- c:\program files\Gadu-Gadu 10 2010-03-06 06:59 . 2010-02-13 15:32 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-02-22 21:29 . 2010-02-14 15:04 -------- d-----w- c:\program files\BitComet 2010-02-22 19:32 . 2010-02-13 15:39 -------- d-----w- c:\program files\Opera 2010-02-21 20:01 . 2010-02-21 20:00 -------- d-----w- c:\documents and settings\Sebek MAster\Dane aplikacji\DeepBurner 2010-02-21 20:00 . 2010-02-21 20:00 -------- d-----w- c:\program files\Astonsoft 2010-02-21 19:57 . 2010-02-21 19:55 10665 ----a-w- c:\documents and settings\All Users\Dane aplikacji\DVDXStudio\CloneDVD5\MainApp.dll 2010-02-21 19:52 . 2010-02-21 19:52 -------- d-----w- c:\documents and settings\Sebek MAster\Dane aplikacji\Vso 2010-02-21 19:52 . 2010-02-21 19:52 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-02-21 19:52 . 2010-02-21 19:52 47360 ----a-w- c:\documents and settings\Sebek MAster\Dane aplikacji\pcouffin.sys 2010-02-21 19:52 . 2010-02-21 19:52 47360 ----a-w- c:\documents and settings\Sebek MAster\Dane aplikacji\pcouffin.sys 2010-02-21 19:52 . 2010-02-21 19:52 -------- d-----w- c:\program files\CloneDVD5 2010-02-21 19:52 . 2010-02-21 19:52 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DVDXStudio 2010-02-18 16:19 . 2008-04-15 12:00 67298 ----a-w- c:\windows\system32\perfc015.dat 2010-02-18 16:19 . 2008-04-15 12:00 436322 ----a-w- c:\windows\system32\perfh015.dat 2010-02-16 20:52 . 2010-02-16 20:49 -------- d-----w- c:\program files\Google 2010-02-16 20:50 . 2010-02-16 20:49 -------- d-----w- c:\program files\DivX 2010-02-16 20:49 . 2010-02-16 20:49 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-02-14 15:21 . 2010-02-14 15:07 -------- d-----w- c:\program files\CometBird 2010-02-14 15:08 . 2010-02-14 15:08 -------- d-----w- c:\documents and settings\Sebek MAster\Dane aplikacji\CometNetwork 2010-02-14 15:04 . 2010-02-14 15:04 -------- d-----w- c:\documents and settings\Sebek MAster\Dane aplikacji\BitComet 2010-02-14 12:45 . 2010-02-14 12:45 -------- d-----w- c:\program files\Nowy folder 2010-02-13 20:07 . 2010-02-13 19:34 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-13 20:06 . 2010-02-13 20:06 -------- d-----w- c:\program files\cladDVD.NET 3.5.7 2010-02-13 20:00 . 2010-02-13 20:00 552 ----a-w- c:\windows\system32\d3d8caps.dat 2010-02-13 19:49 . 2010-02-13 19:49 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-02-13 19:46 . 2010-02-13 19:46 -------- d-----r- c:\program files\Skype 2010-02-13 19:46 . 2010-02-13 19:46 -------- d-----w- c:\program files\Common Files\Skype 2010-02-13 19:46 . 2010-02-13 19:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype 2010-02-13 16:07 . 2010-02-13 16:07 12328 ----a-w- c:\documents and settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-02-13 16:07 . 2010-02-13 15:32 -------- d-----w- c:\program files\Creative 2010-02-13 16:06 . 2010-02-13 16:06 -------- d-----w- c:\documents and settings\Sebek MAster\Dane aplikacji\ATI 2010-02-13 16:06 . 2010-02-13 16:06 137 ----a-w- c:\documents and settings\Sebek MAster\Ustawienia lokalne\Dane aplikacji\fusioncache.dat 2010-02-13 16:06 . 2010-02-13 16:06 -------- d-----w- c:\documents and settings\Sebek MAster\Dane aplikacji\Creative 2010-02-13 16:02 . 2010-02-13 16:02 -------- d-----w- c:\program files\ffdshow 2010-02-13 15:57 . 2010-02-13 15:57 -------- d-----w- c:\documents and settings\Sebek MAster\Dane aplikacji\Gadu-Gadu 10 2010-02-13 15:57 . 2010-02-13 15:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10 2010-02-13 15:56 . 2010-02-13 15:54 -------- d-----w- c:\program files\ATI Technologies 2010-02-13 15:55 . 2010-02-13 15:32 -------- d-----w- c:\program files\Common Files\InstallShield 2010-02-13 15:40 . 2010-02-13 15:40 0 ----a-w- c:\windows\nsreg.dat 2010-02-13 15:37 . 2010-02-13 15:37 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-13 15:37 . 2010-02-13 15:37 -------- d-----w- c:\documents and settings\Sebek MAster\Dane aplikacji\InterTrust 2010-02-13 15:34 . 2010-02-13 15:34 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Creative 2010-02-13 15:25 . 2010-02-13 15:25 -------- d-----w- c:\program files\microsoft frontpage 2010-02-13 15:25 . 2010-02-13 15:24 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-02-13 15:24 . 2010-02-13 15:24 -------- d-----w- c:\program files\Usługi online 2010-02-13 15:22 . 2010-02-13 15:22 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-04 09:01 . 2010-02-13 15:50 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2010-02-04 09:01 . 2010-02-13 15:50 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2010-02-04 09:01 . 2010-02-13 15:50 238936 ----a-w- c:\windows\system32\xactengine3_6.dll 2010-02-04 09:01 . 2010-02-13 15:50 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2010-01-20 12:05 . 2010-01-20 12:05 42088 ----a-w- c:\documents and settings\Sebek MAster\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll 2010-01-20 12:03 . 2010-01-20 12:03 11776 ----a-w- c:\documents and settings\Sebek MAster\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll 2010-01-12 19:12 . 2010-02-13 16:02 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-12-31 16:50 . 2008-04-15 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [2003-08-28 24576] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu 10\\gg.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "d:\\Counter-Strike\\hl.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Opera\\opera.exe"= "d:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26466:TCP"= 26466:TCP:BitComet 26466 TCP "26466:UDP"= 26466:UDP:BitComet 26466 UDP S2 gupdate1caaf499641cce0;Usługa Google Update (gupdate1caaf499641cce0);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 133104] . Zawartość folderu 'Zaplanowane zadania' 2010-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 20:49] 2010-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 20:49] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://google.atcomet.com/b/ IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm FF - ProfilePath - c:\documents and settings\Sebek MAster\Dane aplikacji\Mozilla\Firefox\Profiles\ff3xq2cw.default\ FF - plugin: c:\documents and settings\Sebek MAster\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-25 18:53 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(608) c:\windows\system32\Ati2evxx.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\CTsvcCDA.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2010-03-25 18:55:02 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-03-25 17:54 Przed: 1 175 855 104 bajtów wolnych Po: 1 107 963 904 bajtów wolnych - - End Of File - - 1A1A6C9B732C9E02480679BB21363199 [/log]
komputerowiec_16 komentarz 26 marca 2010 Autor komentarz 26 marca 2010 (edytowane) nie. juz dobrze dziala. nawet system przyspieszylo. dzieki wielkie za pomoc
Psycholandia komentarz 26 marca 2010 komentarz 26 marca 2010 Uruchom OTL i kliknij na CleanUP. Czysto.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.