Mulący komputer, podejrzenie wirusa

[KaRi]

Witam, dostałem komputer z sali szkolnej ze szkoły gdzie pracuje moja mama. Chodzi baardzo powoli (nawet jak na taki stary sprzęt). Podejrzewam że coś tu siedzi dlatego chciałbym to sprawdzić. Wszyscy tam wpuchają swoje pen-drive i podejrzewam że przenoszą tu jakieś świństwa...

Kod: Zaznacz wszystko

OTL logfile created on: 2010-08-28 13:37:35 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = G:\
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 9,00 Mb Available Physical Memory | 4,00% Memory free
1 002,00 Mb Paging File | 278,00 Mb Available in Paging File | 28,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,11 Gb Total Space | 23,70 Gb Free Space | 63,88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 37,41 Gb Total Space | 34,59 Gb Free Space | 92,46% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 3,72 Gb Total Space | 3,72 Gb Free Space | 99,94% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PPP-8CB1055B9A1
Current User Name: Właściciel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-08-16 00:34:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2010-06-21 20:40:16 | 000,158,216 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe
PRC - [2010-06-21 20:40:15 | 000,507,904 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe
PRC - [2010-06-21 20:40:07 | 000,117,256 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe
PRC - [2008-01-30 02:34:18 | 000,200,704 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe
PRC - [2007-11-14 17:35:26 | 000,100,872 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe
PRC - [2007-10-25 06:20:00 | 000,151,552 | ---- | M] (ArcaBit) -- C:\Program Files\ArcaBit\Common\taskscheduler.exe
PRC - [2006-11-27 00:32:36 | 000,569,344 | ---- | M] (AKKORP) -- C:\Program Files\Beniamin\TGuard.exe
PRC - [2005-09-30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004-12-01 09:54:22 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004-09-02 10:37:44 | 000,770,048 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
PRC - [2004-08-04 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-07-30 15:10:00 | 001,123,840 | ---- | M] (Pinnacle Systems GmbH.) -- C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-08-16 00:34:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
MOD - [2006-08-25 17:51:13 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004-08-04 14:00:00 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll
MOD - [2004-08-04 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010-06-21 20:40:49 | 000,241,664 | ---- | M] (ArcaBit) [On_Demand | Stopped] -- C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe -- (ArcaBit.Core.LoggingService)
SRV - [2010-06-21 20:40:16 | 000,158,216 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe -- (ABFileMon)
SRV - [2010-06-21 20:40:07 | 000,117,256 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaUpdate\update.exe -- (AVUpdate)
SRV - [2008-01-30 02:34:18 | 000,200,704 | ---- | M] (ArcaBit) [On_Demand | Running] -- C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe -- (ArcaBit.Core.Configurator)
SRV - [2007-11-14 17:35:26 | 000,100,872 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe -- (ABNetMon)
SRV - [2007-10-25 06:20:00 | 000,151,552 | ---- | M] (ArcaBit) [Auto | Running] -- C:\Program Files\ArcaBit\Common\TaskScheduler.exe -- (ArcaBit.TaskScheduler)
SRV - [2005-09-30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2008-02-26 15:45:12 | 000,051,208 | ---- | M] (ArcaBit) [Kernel | System | Running] -- C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys -- (ABTDI)
DRV - [2007-12-10 14:37:30 | 000,037,896 | ---- | M] (ArcaBit) [File_System | On_Demand | Running] -- C:\Program Files\ArcaBit\ArcaVir\ABFLT.sys -- (ABFLT)
DRV - [2004-12-01 14:40:08 | 002,300,928 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004-09-01 14:50:02 | 000,188,416 | ---- | M] (Pinnacle Systems GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw)
DRV - [2004-08-25 07:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2004-08-03 11:10:34 | 000,062,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv)
DRV - [2004-05-02 10:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2004-04-13 14:14:12 | 000,070,144 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2003-11-28 18:34:40 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2003-08-01 14:47:24 | 000,029,239 | ---- | M] (Pinnacle Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vobid.sys -- (VOBID)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-682003330-602609370-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
IE - HKU\S-1-5-21-682003330-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-12-10 15:45:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-21 21:14:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-06-21 21:13:32 | 000,000,000 | ---D | M]

[2010-06-21 21:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Extensions
[2010-06-21 21:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\68grtdb6.default\extensions
[2010-06-21 21:13:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-04-01 19:33:11 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-04-01 19:33:11 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-04-01 19:33:11 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-04-01 19:33:11 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-04-01 19:33:11 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-04-01 19:33:11 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2004-08-04 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [ABRegmon] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe (ArcaBit)
O4 - HKLM..\Run: [ArcaCheck] C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe (ArcaBit)
O4 - HKLM..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe (ArcaBit)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [tguard] C:\Program Files\Beniamin\TGuard.exe (AKKORP)
O4 - HKU\S-1-5-21-682003330-602609370-839522115-1003..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe (Pinnacle Systems)
O4 - HKU\S-1-5-21-682003330-602609370-839522115-1003..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe (Pinnacle Systems GmbH.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
F3 - HKU\S-1-5-21-682003330-602609370-839522115-1003 WinNT: Load - (C:\WINDOWS\svchost.exe) - C:\WINDOWS\svchost.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O9 - Extra Button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
O9 - Extra 'Tools' menuitem : ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll (ArcaBit sp. z o.o)
O9 - Extra Button: Pokaż lub ukryj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\bnmndrv.dll ()
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-09-17 11:56:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006-05-09 22:36:18 | 000,000,034 | RHS- | M] () - C:\autorun.inf.vir -- [ NTFS ]
O32 - AutoRun File - [2010-06-21 11:47:36 | 000,000,288 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{05263134-7780-11df-bd74-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{05263134-7780-11df-bd74-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{0b1fcd10-3865-11dd-bc00-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{0b9c1f62-4d26-11df-bd3b-000c7650bee1}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{0b9c1f62-4d26-11df-bd3b-000c7650bee1}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{10044df6-9a83-11dd-bc2b-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{10044df6-9a83-11dd-bc2b-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{1d00bc82-2012-11de-bc7b-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{1d00bc82-2012-11de-bc7b-000c7650bee1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1d00bc83-2012-11de-bc7b-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{29c4000a-3b75-11dd-bc02-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{29c4000a-3b75-11dd-bc02-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{2aac27e8-835a-11df-bd88-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{2aac27e8-835a-11df-bd88-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{354669f1-4c61-11df-bd3a-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{3e61d07a-3d00-11dd-bc06-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{4838b26e-2400-11de-bc7f-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{5ceeb2ea-bd2a-11dd-bc41-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{67545346-f4eb-11dc-bbc9-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{69daca94-4b59-11de-bca2-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{69daca94-4b59-11de-bca2-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{7fa0ca82-fbfe-11dc-bbcd-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{7ff172f9-fa2e-11db-bb03-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{7ff172f9-fa2e-11db-bb03-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{8c616a14-ffce-11dc-bbd1-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{8d9176da-e1d3-11db-baef-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{8d9176da-e1d3-11db-baef-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{9110b181-a19d-11dc-bb7a-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{9763155c-fc03-11dd-bc5a-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{a08c4634-a6ec-11dc-bb81-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{a4ee1de4-2b45-11de-bc82-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{ab164f60-3df9-11dd-bc07-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{ac706adc-598f-11de-bcae-000c7650bee1}\Shell\AutoRun\command - "" = G:\gpcdt.cmd -- File not found
O33 - MountPoints2\{ac706adc-598f-11de-bcae-000c7650bee1}\Shell\open\Command - "" = G:\gpcdt.cmd -- File not found
O33 - MountPoints2\{de2da19e-f017-11dc-bbc6-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{f171262a-fbdb-11dc-bbcc-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{f7bbd688-65d1-11dc-bb44-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{f9bb5bc8-a5bf-11dd-bc34-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{fc6c9968-849f-11dd-bc13-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{fc6c9968-849f-11dd-bc13-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2005-09-17 12:32:43 | 000,151,552 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-08-28 11:28:27 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-08-28 11:27:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-08-28 11:27:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-08-28 11:27:29 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010-08-12 12:22:39 | 005,242,880 | -H-- | M] () -- C:\Documents and Settings\Właściciel\NTUSER.DAT
[2010-08-12 12:22:13 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Właściciel\ntuser.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009-12-10 15:36:28 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2008-12-15 14:11:20 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MAGIC40.INI
[2008-03-03 13:43:43 | 000,005,115 | ---- | C] () -- C:\WINDOWS\kd4t.ini
[2008-03-03 13:43:43 | 000,005,115 | ---- | C] () -- C:\WINDOWS\kd4.ini
[2007-06-25 11:01:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2007-06-25 10:56:44 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2007-03-12 09:25:50 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\bnmndrv.dll
[2005-11-30 13:38:33 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005-10-28 11:00:06 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2005-09-23 11:55:16 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005-09-17 12:31:34 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2005-09-17 12:19:54 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004-08-25 07:27:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004-08-04 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003-04-08 11:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002-02-27 17:28:16 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002-02-27 17:28:16 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002-02-27 17:28:14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002-02-27 17:28:14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002-02-27 17:28:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL

[color=#E56717]========== LOP Check ==========[/color]

[2007-03-12 09:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\.Beniamin
[2010-06-21 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit
[2010-06-21 19:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\ArcaBit
[2010-06-21 19:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\ArcaBit
[2010-06-18 11:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\ArcaVirMicroScan
[2005-09-30 12:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\InterTrust

[color=#E56717]========== Purity Check ==========[/color]


< End of report >

Kod: Zaznacz wszystko

OTL Extras logfile created on: 2010-08-28 13:37:38 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = G:\
Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

255,00 Mb Total Physical Memory | 9,00 Mb Available Physical Memory | 4,00% Memory free
1 002,00 Mb Paging File | 278,00 Mb Available in Paging File | 28,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,11 Gb Total Space | 23,70 Gb Free Space | 63,88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 37,41 Gb Total Space | 34,59 Gb Free Space | 92,46% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 3,72 Gb Total Space | 3,72 Gb Free Space | 99,94% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PPP-8CB1055B9A1
Current User Name: Właściciel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-682003330-602609370-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{91120415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{A01872BE-2123-4F1B-B295-E3D1774DC0C9}" = Pinnacle InstantCD/DVD Suite
"{A239B0C1-C487-4BCF-AE78-9B414ECBF7F3}" = ArcaVir 2008
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"6klasa_testy_2007" = 6klasa_testy_2007 1.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0 CE
"All ATI Software" = Narzędzie Software Uninstall Utility firmy ATI
"ATI Display Driver" = ATI Display Driver
"Beniamin_is1" = Beniamin 1.4.187
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CSCLIB" = Canon Camera Support Core Library
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"eko" = Deinstalacja
"EOS Utility" = Canon Utilities EOS Utility
"GratkaPP" = Komputerowa Gratka - Przygoda z Psikusiem
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer cenzura! Program 13.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Ocena Opisowa Sz" = Librus Ocena Opisowa
"PhotoStitch" = Canon Utilities PhotoStitch
"QuickTime" = QuickTime
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shop for HP Supplies" = Shop for HP Supplies
"SprawdzianySzostoklasisty2005" = Sprawdziany Szóstoklasisty 2005
"Szkoła podstawowa klasa 5 - Przyroda" = Szkoła podstawowa klasa 5 - Przyroda
"Szkoła podstawowa klasa 6 – Przyroda" = Szkoła podstawowa klasa 6 – Przyroda
"Świadectwa sp N" = Librus Świadectwa 4-6
"Świadectwa sp Sz" = Librus Świadectwa 4-6
"Testy_szóstoklasisty_Polish" = Testy szóstoklasisty
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zestawy maturalne" = Zestawy maturalne
"Zestawy maturalne 2005" = Zestawy maturalne 2005
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-06-02 10:37:18 | Computer Name = PPP-8CB1055B9A1 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd temp2.exe, wersja 0.0.0.0, moduł powodujący
błąd temp2.exe, wersja 0.0.0.0, adres błędu 0x0000126e.

Error - 2010-06-02 10:50:20 | Computer Name = PPP-8CB1055B9A1 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd temp2.exe, wersja 0.0.0.0, moduł powodujący
błąd temp2.exe, wersja 0.0.0.0, adres błędu 0x0000126e.

Error - 2010-06-02 10:55:43 | Computer Name = PPP-8CB1055B9A1 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd temp2.exe, wersja 0.0.0.0, moduł powodujący
błąd temp2.exe, wersja 0.0.0.0, adres błędu 0x0000126e.

Error - 2010-06-07 03:18:21 | Computer Name = PPP-8CB1055B9A1 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd temp2.exe, wersja 0.0.0.0, moduł powodujący
błąd temp2.exe, wersja 0.0.0.0, adres błędu 0x0000126e.

Error - 2010-06-08 06:46:37 | Computer Name = PPP-8CB1055B9A1 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd temp2.exe, wersja 0.0.0.0, moduł powodujący
błąd temp2.exe, wersja 0.0.0.0, adres błędu 0x0000126e.

Error - 2010-06-08 11:06:57 | Computer Name = PPP-8CB1055B9A1 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd temp2.exe, wersja 0.0.0.0, moduł powodujący
błąd temp2.exe, wersja 0.0.0.0, adres błędu 0x0000126e.

Error - 2010-06-11 08:09:19 | Computer Name = PPP-8CB1055B9A1 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd temp2.exe, wersja 0.0.0.0, moduł powodujący
błąd temp2.exe, wersja 0.0.0.0, adres błędu 0x0000126e.

Error - 2010-06-11 08:20:53 | Computer Name = PPP-8CB1055B9A1 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd temp2.exe, wersja 0.0.0.0, moduł powodujący
błąd temp2.exe, wersja 0.0.0.0, adres błędu 0x0000126e.

Error - 2010-06-14 02:42:57 | Computer Name = PPP-8CB1055B9A1 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd temp2.exe, wersja 0.0.0.0, moduł powodujący
błąd temp2.exe, wersja 0.0.0.0, adres błędu 0x0000126e.

Error - 2010-06-14 11:07:36 | Computer Name = PPP-8CB1055B9A1 | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd temp2.exe, wersja 0.0.0.0, moduł powodujący
błąd temp2.exe, wersja 0.0.0.0, adres błędu 0x0000126e.

[ System Events ]
Error - 2010-08-12 03:38:17 | Computer Name = PPP-8CB1055B9A1 | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
DNS  ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
próbę  wyszukania serwera DNS za 15 min.  Wystąpił błąd: Próba przeprowadzenia operacji,
wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

Error - 2010-08-12 03:38:17 | Computer Name = PPP-8CB1055B9A1 | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
   Przez 14 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego
czasu.

Error - 2010-08-12 03:40:45 | Computer Name = PPP-8CB1055B9A1 | Source = Windows Update Agent | ID = 16
Description = Nie można nawiązać połączenia: System Windows nie może połączyć się
z usługą aktualizacji automatycznych i dlatego nie można pobrać i zainstalować
aktualizacji zgodnie z ustalonym harmonogramem. System Windows będzie kontynuował
próby ustanowienia połączenia.

Error - 2010-08-12 03:53:21 | Computer Name = PPP-8CB1055B9A1 | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
DNS  ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
próbę  wyszukania serwera DNS za 30 min.  Wystąpił błąd: Próba przeprowadzenia operacji,
wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

Error - 2010-08-12 03:53:22 | Computer Name = PPP-8CB1055B9A1 | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
   Przez 29 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego
czasu.

Error - 2010-08-12 04:23:21 | Computer Name = PPP-8CB1055B9A1 | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
DNS  ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
próbę  wyszukania serwera DNS za 60 min.  Wystąpił błąd: Próba przeprowadzenia operacji,
wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

Error - 2010-08-12 04:23:22 | Computer Name = PPP-8CB1055B9A1 | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
   Przez 59 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego
czasu.

Error - 2010-08-12 05:23:19 | Computer Name = PPP-8CB1055B9A1 | Source = W32Time | ID = 39452689
Description = Dostawca czasu NtpClient: Wystąpił błąd podczas wyszukiwania serwera
DNS  ręcznie skonfigurowanej końcówki „time.windows.com,0x1”. Klient NtpClient ponowi
próbę  wyszukania serwera DNS za 120 min.  Wystąpił błąd: Próba przeprowadzenia operacji,
wykonywanej przez gniazdo, na nieosiągalnym hoście. (0x80072751)

Error - 2010-08-12 05:23:19 | Computer Name = PPP-8CB1055B9A1 | Source = W32Time | ID = 39452701
Description = Dostawca czasu NtpClient jest skonfigurowany, tak aby pobierać czas
z jednego lub kilku  źródeł czasu, jednak żadne ze źródeł jest obecnie niedostępne.
   Przez 119 min nie nastąpi próba kontaktu ze źródłem.  NtpClient nie ma źródła dokładnego
czasu.

Error - 2010-08-28 05:29:21 | Computer Name = PPP-8CB1055B9A1 | Source = Windows Update Agent | ID = 16
Description = Nie można nawiązać połączenia: System Windows nie może połączyć się
z usługą aktualizacji automatycznych i dlatego nie można pobrać i zainstalować
aktualizacji zgodnie z ustalonym harmonogramem. System Windows będzie kontynuował
próby ustanowienia połączenia.


< End of report >

Kod: Zaznacz wszystko

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-28 12:50:22
Windows 5.1.2600 Dodatek Service Pack 2
Running: ggdwedo7.exe; Driver: C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\pgrorfod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Tcp  ABTDI.sys (ABTDI/ArcaBit)
AttachedDevice  \FileSystem\Fastfat \Fat   fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


[Andziorka]

W okienko OTL wklej poniższy skrypt i klik na Wykonaj skrypt:

:Processes
explorer.exe

:OTL
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
F3 - HKU\S-1-5-21-682003330-602609370-839522115-1003 WinNT: Load - (C:\WINDOWS\svchost.exe) - C:\WINDOWS\svchost.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\bnmndrv.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\bnmndrv.dll ()
O32 - AutoRun File - [2006-05-09 22:36:18 | 000,000,034 | RHS- | M] () - C:\autorun.inf.vir -- [ NTFS ]
O32 - AutoRun File - [2010-06-21 11:47:36 | 000,000,288 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{05263134-7780-11df-bd74-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{05263134-7780-11df-bd74-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{0b1fcd10-3865-11dd-bc00-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{0b9c1f62-4d26-11df-bd3b-000c7650bee1}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{0b9c1f62-4d26-11df-bd3b-000c7650bee1}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{10044df6-9a83-11dd-bc2b-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{10044df6-9a83-11dd-bc2b-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{1d00bc82-2012-11de-bc7b-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{1d00bc82-2012-11de-bc7b-000c7650bee1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1d00bc83-2012-11de-bc7b-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{29c4000a-3b75-11dd-bc02-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{29c4000a-3b75-11dd-bc02-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{2aac27e8-835a-11df-bd88-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{2aac27e8-835a-11df-bd88-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{354669f1-4c61-11df-bd3a-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{3e61d07a-3d00-11dd-bc06-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{4838b26e-2400-11de-bc7f-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{5ceeb2ea-bd2a-11dd-bc41-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{67545346-f4eb-11dc-bbc9-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{69daca94-4b59-11de-bca2-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{69daca94-4b59-11de-bca2-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{7fa0ca82-fbfe-11dc-bbcd-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{7ff172f9-fa2e-11db-bb03-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{7ff172f9-fa2e-11db-bb03-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{8c616a14-ffce-11dc-bbd1-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{8d9176da-e1d3-11db-baef-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{8d9176da-e1d3-11db-baef-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{9110b181-a19d-11dc-bb7a-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{9763155c-fc03-11dd-bc5a-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{a08c4634-a6ec-11dc-bb81-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{a4ee1de4-2b45-11de-bc82-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{ab164f60-3df9-11dd-bc07-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{ac706adc-598f-11de-bcae-000c7650bee1}\Shell\AutoRun\command - "" = G:\gpcdt.cmd -- File not found
O33 - MountPoints2\{ac706adc-598f-11de-bcae-000c7650bee1}\Shell\open\Command - "" = G:\gpcdt.cmd -- File not found
O33 - MountPoints2\{de2da19e-f017-11dc-bbc6-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{f171262a-fbdb-11dc-bbcc-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{f7bbd688-65d1-11dc-bb44-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{f9bb5bc8-a5bf-11dd-bc34-000c7650bee1}\Shell - "" = AutoRun
O33 - MountPoints2\{fc6c9968-849f-11dd-bc13-000c7650bee1}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()
O33 - MountPoints2\{fc6c9968-849f-11dd-bc13-000c7650bee1}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe -- [2008-05-20 10:16:46 | 000,438,784 | RHS- | M] ()

:Files
C:\WINDOWS\System32\bnmndrv.dll
C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:REG
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]
[clearallrestorepoints]
[start explorer]
[Reboot]

Wykonaj tym skan: http://www.programosy.pl/program,malwarebytes-anti-malware.html usuń co znajdzie i daj raport.

[KaRi]

Kod: Zaznacz wszystko

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ deleted successfully.
File WebPrint\Toolband.dll not found.
Registry value HKEY_USERS\S-1-5-21-682003330-602609370-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\WINDOWS\svchost.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
C:\WINDOWS\system32\bnmndrv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
C:\WINDOWS\system32\bnmndrv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
C:\WINDOWS\system32\bnmndrv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
C:\WINDOWS\system32\bnmndrv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
C:\WINDOWS\system32\bnmndrv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.
C:\WINDOWS\system32\bnmndrv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.
C:\WINDOWS\system32\bnmndrv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.
C:\WINDOWS\system32\bnmndrv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.
C:\WINDOWS\system32\bnmndrv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.
C:\WINDOWS\system32\bnmndrv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\ deleted successfully.
C:\WINDOWS\system32\bnmndrv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023\ deleted successfully.
C:\WINDOWS\system32\bnmndrv.dll moved successfully.
C:\autorun.inf.vir moved successfully.
G:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05263134-7780-11df-bd74-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05263134-7780-11df-bd74-000c7650bee1}\ not found.
G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05263134-7780-11df-bd74-000c7650bee1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05263134-7780-11df-bd74-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b1fcd10-3865-11dd-bc00-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b1fcd10-3865-11dd-bc00-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b9c1f62-4d26-11df-bd3b-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b9c1f62-4d26-11df-bd3b-000c7650bee1}\ not found.
File C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b9c1f62-4d26-11df-bd3b-000c7650bee1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b9c1f62-4d26-11df-bd3b-000c7650bee1}\ not found.
File C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10044df6-9a83-11dd-bc2b-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10044df6-9a83-11dd-bc2b-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10044df6-9a83-11dd-bc2b-000c7650bee1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10044df6-9a83-11dd-bc2b-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d00bc82-2012-11de-bc7b-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d00bc82-2012-11de-bc7b-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d00bc82-2012-11de-bc7b-000c7650bee1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d00bc82-2012-11de-bc7b-000c7650bee1}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d00bc83-2012-11de-bc7b-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d00bc83-2012-11de-bc7b-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29c4000a-3b75-11dd-bc02-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29c4000a-3b75-11dd-bc02-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29c4000a-3b75-11dd-bc02-000c7650bee1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29c4000a-3b75-11dd-bc02-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2aac27e8-835a-11df-bd88-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2aac27e8-835a-11df-bd88-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2aac27e8-835a-11df-bd88-000c7650bee1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2aac27e8-835a-11df-bd88-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{354669f1-4c61-11df-bd3a-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{354669f1-4c61-11df-bd3a-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e61d07a-3d00-11dd-bc06-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e61d07a-3d00-11dd-bc06-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4838b26e-2400-11de-bc7f-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4838b26e-2400-11de-bc7f-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ceeb2ea-bd2a-11dd-bc41-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ceeb2ea-bd2a-11dd-bc41-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67545346-f4eb-11dc-bbc9-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67545346-f4eb-11dc-bbc9-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69daca94-4b59-11de-bca2-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69daca94-4b59-11de-bca2-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69daca94-4b59-11de-bca2-000c7650bee1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69daca94-4b59-11de-bca2-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fa0ca82-fbfe-11dc-bbcd-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fa0ca82-fbfe-11dc-bbcd-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ff172f9-fa2e-11db-bb03-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ff172f9-fa2e-11db-bb03-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ff172f9-fa2e-11db-bb03-000c7650bee1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ff172f9-fa2e-11db-bb03-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c616a14-ffce-11dc-bbd1-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c616a14-ffce-11dc-bbd1-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d9176da-e1d3-11db-baef-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d9176da-e1d3-11db-baef-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d9176da-e1d3-11db-baef-000c7650bee1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d9176da-e1d3-11db-baef-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9110b181-a19d-11dc-bb7a-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9110b181-a19d-11dc-bb7a-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9763155c-fc03-11dd-bc5a-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9763155c-fc03-11dd-bc5a-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a08c4634-a6ec-11dc-bb81-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a08c4634-a6ec-11dc-bb81-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4ee1de4-2b45-11de-bc82-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4ee1de4-2b45-11de-bc82-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab164f60-3df9-11dd-bc07-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab164f60-3df9-11dd-bc07-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac706adc-598f-11de-bcae-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac706adc-598f-11de-bcae-000c7650bee1}\ not found.
File G:\gpcdt.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac706adc-598f-11de-bcae-000c7650bee1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac706adc-598f-11de-bcae-000c7650bee1}\ not found.
File G:\gpcdt.cmd not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de2da19e-f017-11dc-bbc6-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de2da19e-f017-11dc-bbc6-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f171262a-fbdb-11dc-bbcc-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f171262a-fbdb-11dc-bbcc-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7bbd688-65d1-11dc-bb44-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7bbd688-65d1-11dc-bb44-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9bb5bc8-a5bf-11dd-bc34-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9bb5bc8-a5bf-11dd-bc34-000c7650bee1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc6c9968-849f-11dd-bc13-000c7650bee1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc6c9968-849f-11dd-bc13-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc6c9968-849f-11dd-bc13-000c7650bee1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc6c9968-849f-11dd-bc13-000c7650bee1}\ not found.
File G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
========== FILES ==========
C:\WINDOWS\System32\bnmndrv.dll moved successfully.
C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Właściciel
->Temp folder emptied: 91629141 bytes
->Temporary Internet Files folder emptied: 245894 bytes
->FireFox cache emptied: 13053521 bytes
->Flash cache emptied: 19242 bytes

%systemdrive% .tmp files removed: 4 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2250051 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 104,00 mb

Restore points cleared and new OTL Restore Point set!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

OTL by OldTimer - Version 3.2.10.0 log created on 08282010_160953

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Wersja bazy: 4052

Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180

2010-08-28 17:46:34
mbam-log-2010-08-28 (17-46-34).txt

Typ skanowania: Pełne skanowanie (C:\|E:\|)
Przeskanowano obiektów: 160323
Upłynęło: 1 godzin(y), 26 minut(y), 7 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 7

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
C:\copy.exe.vir (Worm.Perlovga) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\xcopy.exe.vir (Worm.Perlovga) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp1.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp2.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\copy.exe.vir (Worm.Perlovga) -> Quarantined and deleted successfully.
E:\host.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.


[Andziorka]

Wykonaj optymalizację: http://forum.programosy.pl/optymalizacja-windowsa-xp-vt89133.html
Wykonaj jeszcze skan tym: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ po zakończeniu klikasz Reports i Save to file i dajesz loga

[KaRi]

Optymalizację wykonałem, a po skanowaniu klikam reports i nie widze nigdzie save to file... Gdzie to jest?

[Andziorka]

Powinno być jak klikniesz w Reports, na dole.

[KaRi]

Ale nie ma Jak by było to bym widział, bo patrzałem na to bardzo uważnie kilka razy

[Andziorka]

No nic, a usunąłeś co znalazł? Jeśli tak to już powinno być czysto. Jak działa komputer?

[KaRi]

No nie usunąłem, ale jutro poprawie, znaczy sie zrobie jeszcze raz skan i usunę bo dziś już go odstawiłem (teraz siedze na moim kompie a tam ten jest OFF). Ogólnie to zauważyłem poprawę w prędkości chodzenia komputera więc jest lepiej. No ale odezwę się jutro

[Andziorka]

Ok, to wykonaj skan, postaraj się dać loga, a jak nie da rady to usuń co znajdzie.