Tr/crypt.zpack.gen

[mirekg1963]

Witam!
Mam odrobinkę prośby?! Przyplątało mi sie coś jak w temacie. Zachowywało się to coś w sposób następujący: jak zainstalowałem avire to straszni mi zwalniało a wręcz blokowało wszycho. Jak odinstalowałem to było ok. Zainstalowałem Dr.Web Curelt on niby wykosił to ale po uruchomieniu aviry widzę że znowu to jest . Przeskanowałem i niby usunąłem Avirą , niby nie zwalnia, ale mam wątpliwości dlatego też przesyłam logi do przejrzenia, bardzo proszę !

Kod: Zaznacz wszystko

OTL logfile created on: 2009-12-07 13:55:08 - Run 2
OTL by OldTimer - Version 3.1.11.8     Folder = C:\Documents and Settings\admin\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

446,42 Mb Total Physical Memory | 200,37 Mb Available Physical Memory | 44,88% Memory free
1,03 Gb Paging File | 0,81 Gb Available in Paging File | 78,58% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 26,32 Gb Free Space | 67,39% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 29,23 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPN29
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2009-12-07 13:54:40 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe
PRC - [2009-12-04 18:11:24 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009-07-21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008-04-14 18:21:50 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008-04-14 18:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-12-19 04:12:00 | 16,062,464 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2009-12-07 13:54:40 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found --  -- (Nero BackItUp Scheduler 4.0)
SRV - [2009-12-04 18:11:24 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca7504d1549702) Usługa Google Update (gupdate1ca7504d1549702)
SRV - [2009-09-07 19:51:06 | 00,139,264 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2009-07-21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009-05-13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007-01-08 21:39:44 | 00,171,040 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006-08-16 08:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-10-09 11:34:35 | 00,006,432 | ---- | M] (Sony DADC Austria AG.) -- C:\Documents and Settings\admin\Ustawienia lokalne\temp\sony_ssm.sys -- (sony_ssm.sys)
DRV - [2009-07-28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009-05-11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-03-30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-02-13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008-04-13 17:39:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008-04-13 17:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006-12-21 09:26:00 | 04,405,248 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-11-03 23:45:48 | 00,178,913 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\V0260Vid.sys -- (V0260VID)
DRV - [2006-08-16 08:35:00 | 03,959,712 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006-07-11 14:38:30 | 00,020,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-07-11 14:38:28 | 00,057,856 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-06-28 10:38:56 | 00,105,088 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006-04-07 17:06:38 | 00,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2006-03-02 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..keyword.URL: "http://search.bearshare.com/webResults.html?src=ffb&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-12-07 10:31:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-07 10:31:46 | 00,000,000 | ---D | M]

[2009-07-21 10:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Extensions
[2009-12-04 18:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\a6b015hx.default\extensions
[2009-11-27 21:46:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\a6b015hx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009-07-18 00:02:48 | 00,002,476 | ---- | M] () -- C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\a6b015hx.default\searchplugins\BearShareWebSearch.xml
[2009-07-21 10:38:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-07-15 20:00:25 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-07-18 00:02:48 | 00,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2009-04-13 07:11:16 | 00,006,269 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chomikuj.xml
[2009-07-15 20:00:25 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-07-15 20:00:25 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-07-15 20:00:25 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-07-15 20:00:25 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-07-15 20:00:25 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIEPlugin Object) - {A9647484-125B-4CD9-B1B8-18F9456334F4} - c:\Program Files\I-Tori\net-warez\ie-ware.dll File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\admin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-07-21 09:13:22 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{135e6ba6-87e7-11de-b0a1-001bb995e534}\Shell\AUtOpLaY\cOmmAnD - "" = gegd.exe
O33 - MountPoints2\{135e6ba6-87e7-11de-b0a1-001bb995e534}\Shell\AutoRun\command - "" = gegd.exe
O33 - MountPoints2\{135e6ba6-87e7-11de-b0a1-001bb995e534}\Shell\explore\CommaND - "" = gegd.exe
O33 - MountPoints2\{135e6ba6-87e7-11de-b0a1-001bb995e534}\Shell\open\comMand - "" = gegd.exe
O33 - MountPoints2\{1a6f3bab-d688-11de-b1fc-001bb995e534}\Shell\AutoRun\command - "" = F:\curqp.exe -- File not found
O33 - MountPoints2\{1a6f3bab-d688-11de-b1fc-001bb995e534}\Shell\open\Command - "" = F:\curqp.exe -- File not found
O33 - MountPoints2\{1a6f3bac-d688-11de-b1fc-001bb995e534}\Shell\AutoRun\command - "" = G:\curqp.exe -- File not found
O33 - MountPoints2\{1a6f3bac-d688-11de-b1fc-001bb995e534}\Shell\open\Command - "" = G:\curqp.exe -- File not found
O33 - MountPoints2\{294f9dd4-8753-11de-b09d-001bb995e534}\Shell\AutoRun\command - "" = F:\0bcobed.exe -- File not found
O33 - MountPoints2\{294f9dd4-8753-11de-b09d-001bb995e534}\Shell\open\Command - "" = F:\0bcobed.exe -- File not found
O33 - MountPoints2\{294f9dd6-8753-11de-b09d-001bb995e534}\Shell\AUtoplay\cOmmaNd - "" = G:\visfun.cmd -- File not found
O33 - MountPoints2\{294f9dd6-8753-11de-b09d-001bb995e534}\Shell\AutoRun\command - "" = G:\visfun.cmd -- File not found
O33 - MountPoints2\{294f9dd6-8753-11de-b09d-001bb995e534}\Shell\exPlore\CommaNd - "" = G:\visfun.cmd -- File not found
O33 - MountPoints2\{294f9dd6-8753-11de-b09d-001bb995e534}\Shell\oPen\CommanD - "" = G:\visfun.cmd -- File not found
O33 - MountPoints2\{294f9dd7-8753-11de-b09d-001bb995e534}\Shell\AUTOplAy\CoMmand - "" = H:\eleahs.pif -- File not found
O33 - MountPoints2\{294f9dd7-8753-11de-b09d-001bb995e534}\Shell\AutoRun\command - "" = H:\eleahs.pif -- File not found
O33 - MountPoints2\{294f9dd7-8753-11de-b09d-001bb995e534}\Shell\explore\comMaNd - "" = H:\eleahs.pif -- File not found
O33 - MountPoints2\{294f9dd7-8753-11de-b09d-001bb995e534}\Shell\OpEN\cOmmand - "" = H:\eleahs.pif -- File not found
O33 - MountPoints2\{2c386ea0-c258-11de-b198-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{2c386ea0-c258-11de-b198-001bb995e534}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2c386ea1-c258-11de-b198-001bb995e534}\Shell\AutoRun\command - "" = b00ijwpu.exe
O33 - MountPoints2\{2c386ea1-c258-11de-b198-001bb995e534}\Shell\open\Command - "" = b00ijwpu.exe
O33 - MountPoints2\{344f61c4-9c52-11de-b0f8-001bb995e534}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{344f61c4-9c52-11de-b0f8-001bb995e534}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{3b08c0c8-b291-11de-b14c-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{3f15b3ac-93fa-11de-b0d6-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{46a3ee67-c621-11de-b1ad-001bb995e534}\Shell\AutoRun\command - "" = I:\upw.bat -- File not found
O33 - MountPoints2\{46a3ee67-c621-11de-b1ad-001bb995e534}\Shell\open\Command - "" = I:\upw.bat -- File not found
O33 - MountPoints2\{5980d33c-b99d-11de-b173-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{5980d33c-b99d-11de-b173-001bb995e534}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5980d33d-b99d-11de-b173-001bb995e534}\Shell\Autoplay\comMaNd - "" = G:\immkjl.pif -- File not found
O33 - MountPoints2\{5980d33d-b99d-11de-b173-001bb995e534}\Shell\AutoRun\command - "" = G:\immkjl.pif -- File not found
O33 - MountPoints2\{5980d33d-b99d-11de-b173-001bb995e534}\Shell\eXPLorE\comMaND - "" = G:\immkjl.pif -- File not found
O33 - MountPoints2\{5980d33d-b99d-11de-b173-001bb995e534}\Shell\open\CommaNd - "" = G:\immkjl.pif -- File not found
O33 - MountPoints2\{748ee6ba-dda2-11de-b21f-001bb995e534}\Shell\AutoRun\command - "" = F:\q3kku.exe -- File not found
O33 - MountPoints2\{748ee6ba-dda2-11de-b21f-001bb995e534}\Shell\open\Command - "" = F:\q3kku.exe -- File not found
O33 - MountPoints2\{7af9329b-b81e-11de-b166-001bb995e534}\Shell\AutoRun\command - "" = F:\RECYCLER32\dmgr.exe -- File not found
O33 - MountPoints2\{7af9329b-b81e-11de-b166-001bb995e534}\Shell\open\command - "" = F:\RECYCLER32\dmgr.exe -- File not found
O33 - MountPoints2\{89d5852e-993e-11de-b0ec-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{8d1a2732-d378-11de-b1e9-001bb995e534}\Shell\AutoRun\command - "" = F:\9g86.exe -- File not found
O33 - MountPoints2\{8d1a2732-d378-11de-b1e9-001bb995e534}\Shell\open\Command - "" = F:\9g86.exe -- File not found
O33 - MountPoints2\{8d1a2733-d378-11de-b1e9-001bb995e534}\Shell\AutoRun\command - "" = G:\9g86.exe -- File not found
O33 - MountPoints2\{8d1a2733-d378-11de-b1e9-001bb995e534}\Shell\open\Command - "" = G:\9g86.exe -- File not found
O33 - MountPoints2\{8d1a2734-d378-11de-b1e9-001bb995e534}\Shell\AutoRun\command - "" = H:\9g86.exe -- File not found
O33 - MountPoints2\{8d1a2734-d378-11de-b1e9-001bb995e534}\Shell\open\Command - "" = H:\9g86.exe -- File not found
O33 - MountPoints2\{93690c38-a84a-11de-b122-001bb995e534}\Shell\AutoRun\command - "" = F:\3yalgc.exe -- File not found
O33 - MountPoints2\{93690c38-a84a-11de-b122-001bb995e534}\Shell\open\Command - "" = F:\3yalgc.exe -- File not found
O33 - MountPoints2\{abb45250-d90c-11de-b206-001bb995e534}\Shell\AutoRun\command - "" = F:\wu1n.exe -- File not found
O33 - MountPoints2\{abb45250-d90c-11de-b206-001bb995e534}\Shell\open\Command - "" = F:\wu1n.exe -- File not found
O33 - MountPoints2\{ac1cd154-9793-11de-b0e2-001bb995e534}\Shell\AutoRun\command - "" = F:\hx.exe -- File not found
O33 - MountPoints2\{ac1cd154-9793-11de-b0e2-001bb995e534}\Shell\open\Command - "" = F:\hx.exe -- File not found
O33 - MountPoints2\{b0712156-9703-11de-b0e1-001bb995e534}\Shell\AutoRun\command - "" = F:\uvsqfgwd.cmd -- File not found
O33 - MountPoints2\{b0712156-9703-11de-b0e1-001bb995e534}\Shell\open\Command - "" = F:\uvsqfgwd.cmd -- File not found
O33 - MountPoints2\{dbb80e88-7ceb-11de-b071-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{dde1e2d8-a91e-11de-b127-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{e8b33b0b-b7df-11de-b164-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{e8b33b0b-b7df-11de-b164-001bb995e534}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e8b33b0c-b7df-11de-b164-001bb995e534}\Shell\AutoRun\command - "" = G:\mbdm.exe -- File not found
O33 - MountPoints2\{e8b33b0c-b7df-11de-b164-001bb995e534}\Shell\open\Command - "" = G:\mbdm.exe -- File not found
O33 - MountPoints2\{f6e3446d-c929-11de-b1bc-001bb995e534}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009-12-07 13:54:31 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe
[2009-12-07 13:12:00 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009-12-07 13:12:00 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009-12-07 13:12:00 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009-12-07 13:12:00 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009-12-07 13:11:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Avira
[2009-12-07 12:38:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\DoctorWeb
[2009-12-07 11:29:21 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009-12-07 11:22:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\Auslogics
[2009-12-07 11:16:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-12-07 11:16:13 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009-12-07 11:09:28 | 00,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2009-12-07 09:17:55 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009-12-07 09:17:53 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009-12-04 18:26:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Temp
[2009-12-04 18:13:06 | 00,000,000 | R--D | C] -- C:\Documents and Settings\admin\Moje dokumenty\Moje wideo
[2009-12-04 18:13:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Real
[2009-12-04 18:12:26 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009-12-04 18:12:25 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009-12-04 18:12:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Real
[2009-12-04 18:12:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\Real
[2009-12-04 18:11:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Google
[2009-11-30 21:23:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\dwhelper
[2009-11-30 21:07:26 | 01,925,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\admin\Pulpit\install_flash_player(2).exe
[2009-11-27 20:46:05 | 00,000,000 | ---D | C] -- C:\Program Files\YouTube Video Downloader
[2009-11-27 11:32:55 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009-11-27 11:32:54 | 00,000,000 | ---D | C] -- C:\Program Files\FDRLab
[2009-11-27 11:30:22 | 02,921,492 | ---- | C] (FDRLab                                                      ) -- C:\Documents and Settings\admin\Pulpit\save2pc_light_setup.exe
[2009-11-19 19:57:58 | 00,000,000 | ---D | C] -- C:\Program Files\Olympus
[2009-11-19 19:45:27 | 00,073,728 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\WINDOWS\System32\VNUSB.dll
[2009-11-19 19:45:27 | 00,038,496 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\WINDOWS\System32\drivers\VNUSB.sys
[2009-11-19 13:16:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\12232
[2009-11-19 13:15:47 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx
[2009-11-13 13:06:27 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009-11-13 13:06:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2009-11-12 17:22:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\WinRAR
[2009-11-12 17:22:47 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009-11-10 19:20:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dane aplikacji\DMCache
[2009-11-10 19:20:39 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2009-11-09 17:08:32 | 00,000,000 | ---D | C] -- C:\Program Files\WinX DVD Player 3.0
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2009-12-07 13:54:40 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Pulpit\OTL.exe
[2009-12-07 13:50:16 | 00,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-12-07 13:50:12 | 00,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-12-07 13:50:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-12-07 13:50:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-12-07 13:49:27 | 03,989,504 | ---- | M] () -- C:\Documents and Settings\admin\NTUSER.DAT
[2009-12-07 13:49:27 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2009-12-07 13:48:35 | 00,000,462 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B5D87989-EC2D-494A-B05E-C8DB0D6E29C8}.job
[2009-12-07 13:26:07 | 00,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-12-07 13:23:01 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009-12-07 10:45:49 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2009-12-07 10:45:49 | 00,000,363 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-12-07 10:45:49 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009-12-07 10:38:44 | 05,854,724 | -H-- | M] () -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-12-07 08:53:55 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-12-04 18:12:26 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009-12-04 18:12:26 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009-12-04 11:11:20 | 00,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2009-12-01 12:17:51 | 00,017,408 | ---- | M] () -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-30 21:07:51 | 01,925,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\admin\Pulpit\install_flash_player(2).exe
[2009-11-30 18:54:14 | 00,001,607 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\Counter Strike 1.6 Non Steam.lnk
[2009-11-30 18:54:14 | 00,001,587 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\Dedicated Server.lnk
[2009-11-27 21:19:57 | 01,309,117 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\wrar380pl.exe
[2009-11-27 20:13:28 | 00,000,727 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\save2pc Light.lnk
[2009-11-27 11:32:12 | 02,921,492 | ---- | M] (FDRLab                                                      ) -- C:\Documents and Settings\admin\Pulpit\save2pc_light_setup.exe
[2009-11-12 10:33:43 | 00,135,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-11-09 17:08:34 | 00,000,754 | ---- | M] () -- C:\Documents and Settings\admin\Pulpit\WinX DVD Player.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2009-12-04 18:21:26 | 00,001,036 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009-12-04 18:21:26 | 00,001,032 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009-11-27 21:19:57 | 01,309,117 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\wrar380pl.exe
[2009-11-27 11:32:55 | 00,000,727 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\save2pc Light.lnk
[2009-11-19 13:16:07 | 00,076,407 | ---- | C] () -- C:\Documents and Settings\admin\Dane aplikacji\Smiley.ico
[2009-11-09 17:08:34 | 00,000,754 | ---- | C] () -- C:\Documents and Settings\admin\Pulpit\WinX DVD Player.lnk
[2009-10-19 14:40:55 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009-08-31 19:21:14 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Dane aplikacji\AVSDVDPlayer.m3u
[2009-08-31 16:23:02 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-08-31 16:23:02 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-07-24 15:49:40 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-21 17:34:59 | 00,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2006-08-16 08:35:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-08-16 08:35:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-08-16 08:35:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-08-16 08:35:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-08-16 08:35:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-08-16 08:35:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-08-16 08:35:00 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CF778051
< End of report >


[wojtas]

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O33 - MountPoints2\{3b08c0c8-b291-11de-b14c-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{3f15b3ac-93fa-11de-b0d6-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{46a3ee67-c621-11de-b1ad-001bb995e534}\Shell\AutoRun\command - "" = I:\upw.bat -- File not found
O33 - MountPoints2\{46a3ee67-c621-11de-b1ad-001bb995e534}\Shell\open\Command - "" = I:\upw.bat -- File not found
O33 - MountPoints2\{5980d33c-b99d-11de-b173-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{5980d33c-b99d-11de-b173-001bb995e534}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5980d33d-b99d-11de-b173-001bb995e534}\Shell\Autoplay\comMaNd - "" = G:\immkjl.pif -- File not found
O33 - MountPoints2\{5980d33d-b99d-11de-b173-001bb995e534}\Shell\AutoRun\command - "" = G:\immkjl.pif -- File not found
O33 - MountPoints2\{5980d33d-b99d-11de-b173-001bb995e534}\Shell\eXPLorE\comMaND - "" = G:\immkjl.pif -- File not found
O33 - MountPoints2\{5980d33d-b99d-11de-b173-001bb995e534}\Shell\open\CommaNd - "" = G:\immkjl.pif -- File not found
O33 - MountPoints2\{748ee6ba-dda2-11de-b21f-001bb995e534}\Shell\AutoRun\command - "" = F:\q3kku.exe -- File not found
O33 - MountPoints2\{748ee6ba-dda2-11de-b21f-001bb995e534}\Shell\open\Command - "" = F:\q3kku.exe -- File not found
O33 - MountPoints2\{7af9329b-b81e-11de-b166-001bb995e534}\Shell\AutoRun\command - "" = F:\RECYCLER32\dmgr.exe -- File not found
O33 - MountPoints2\{7af9329b-b81e-11de-b166-001bb995e534}\Shell\open\command - "" = F:\RECYCLER32\dmgr.exe -- File not found
O33 - MountPoints2\{89d5852e-993e-11de-b0ec-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{8d1a2732-d378-11de-b1e9-001bb995e534}\Shell\AutoRun\command - "" = F:\9g86.exe -- File not found
O33 - MountPoints2\{8d1a2732-d378-11de-b1e9-001bb995e534}\Shell\open\Command - "" = F:\9g86.exe -- File not found
O33 - MountPoints2\{8d1a2733-d378-11de-b1e9-001bb995e534}\Shell\AutoRun\command - "" = G:\9g86.exe -- File not found
O33 - MountPoints2\{8d1a2733-d378-11de-b1e9-001bb995e534}\Shell\open\Command - "" = G:\9g86.exe -- File not found
O33 - MountPoints2\{8d1a2734-d378-11de-b1e9-001bb995e534}\Shell\AutoRun\command - "" = H:\9g86.exe -- File not found
O33 - MountPoints2\{8d1a2734-d378-11de-b1e9-001bb995e534}\Shell\open\Command - "" = H:\9g86.exe -- File not found
O33 - MountPoints2\{93690c38-a84a-11de-b122-001bb995e534}\Shell\AutoRun\command - "" = F:\3yalgc.exe -- File not found
O33 - MountPoints2\{93690c38-a84a-11de-b122-001bb995e534}\Shell\open\Command - "" = F:\3yalgc.exe -- File not found
O33 - MountPoints2\{abb45250-d90c-11de-b206-001bb995e534}\Shell\AutoRun\command - "" = F:\wu1n.exe -- File not found
O33 - MountPoints2\{abb45250-d90c-11de-b206-001bb995e534}\Shell\open\Command - "" = F:\wu1n.exe -- File not found
O33 - MountPoints2\{ac1cd154-9793-11de-b0e2-001bb995e534}\Shell\AutoRun\command - "" = F:\hx.exe -- File not found
O33 - MountPoints2\{ac1cd154-9793-11de-b0e2-001bb995e534}\Shell\open\Command - "" = F:\hx.exe -- File not found
O33 - MountPoints2\{b0712156-9703-11de-b0e1-001bb995e534}\Shell\AutoRun\command - "" = F:\uvsqfgwd.cmd -- File not found
O33 - MountPoints2\{b0712156-9703-11de-b0e1-001bb995e534}\Shell\open\Command - "" = F:\uvsqfgwd.cmd -- File not found
O33 - MountPoints2\{dbb80e88-7ceb-11de-b071-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{dde1e2d8-a91e-11de-b127-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{e8b33b0b-b7df-11de-b164-001bb995e534}\Shell - "" = AutoRun
O33 - MountPoints2\{e8b33b0b-b7df-11de-b164-001bb995e534}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e8b33b0c-b7df-11de-b164-001bb995e534}\Shell\AutoRun\command - "" = G:\mbdm.exe -- File not found
O33 - MountPoints2\{e8b33b0c-b7df-11de-b164-001bb995e534}\Shell\open\Command - "" = G:\mbdm.exe -- File not found

:Files
C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\a6b015hx.default\searchplugins\BearShareWebSearch.xml

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db1b3e60-05ac-11de-a5d3-00001cd72a97}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie ) i daj raport ze skanu

[mirekg1963]

Witam! Przeskanowałem to Malwarebytes i obawiam się, że ciągle to samo widzi i usuwa...

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.42
Wersja bazy definicji: 3319
Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 8.0.6001.18702

2009-12-08 11:28:15
mbam-log-2009-12-08 (11-28-15).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|)
Przeskanowane obiekty: 141480
Upłynęło: 22 minute(s), 20 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 17
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 1
Zainfekowane pliki: 3

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\newbonomediumpop.popbono (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newbonomediumpop.popbono.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newbooomediumpop.popbono.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newbooomediumpop.popbooo (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\neztadpopup.crlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\neztadpopup.crlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nezuadpopup.cslogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nezuadpopup.cslogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nezvadpopup.ctlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nezvadpopup.ctlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b03a4be6-5e5a-b9b3-483e-c484d4b20b72} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b03a4be6-5e5a-483e-b9b3-c484d4b20b72} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_SAFEG (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\lvbasb (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pnpmem (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\safeg (Worm.AutoRun) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
C:\sa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Zainfekowane pliki:
C:\WINDOWS\Fonts\bp.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\AhnRpta.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\SA.PIF (Spyware.OnlineGames) -> Quarantined and deleted successfully.


Mam do Ciebie jeszcze jedno pytanie...wiem, że to inny dział ale tam chyba nie bardzo mi mogą udzielić odpowiedzi? Poszukuję jakiejś małej aplikacji, która pokazuje jaki transfer w danej chwili zużywają kompy podłączone do mojej sieci 10 kompów w pracy!? Nie chcę, żeby ograniczał tylko żeby informował mnie. W moim routerze to nie bardzo bo to jest zyksel od netii to w ogóle porażka! Pozdrawiam!

[NieWiem]

Skoro usunąłeś to, co znalazł MBAM, to zrestartuj komputer (ważne!), odpal jeszcze raz skanowanie MBAM i powiedz jak wyniki.

Jeśli cokolwiek znajdzie, wróć z raportem z MBAM i nowym logiem z OTL.

Autor postu otrzymał pochwałę