Wicfte.exe

[ToServeAndProtect]

Witam wszystkich użytkowników forum, ponieważ jest to mój pierwszy post

Mój problem polega na "Wicfte.exe" przy uruchomieniu komputera z Eseta wyskakuje komunikat o zawirusowanym tym właśnie pliku. Niestety Eset nie może tego usunąć da się coś z tym zrobić czy wiąże się to z formatem?

Oto Log.

Kod: Zaznacz wszystko

OTL logfile created on: 2010-07-31 09:51:15 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Łukasz\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 44,07 Gb Total Space | 1,62 Gb Free Space | 3,67% Space Free | Partition Type: NTFS
Drive D: | 171,06 Gb Total Space | 40,29 Gb Free Space | 23,56% Space Free | Partition Type: NTFS
Drive E: | 14,49 Gb Total Space | 12,48 Gb Free Space | 86,10% Space Free | Partition Type: NTFS
Drive F: | 3,26 Gb Total Space | 0,29 Gb Free Space | 8,79% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 232,88 Gb Total Space | 45,03 Gb Free Space | 19,34% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ŁUKASZ-PC
Current User Name: Łukasz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-07-31 09:36:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Łukasz\Downloads\OTL.exe
PRC - [2010-07-25 00:57:00 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010-07-25 00:56:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010-07-24 03:27:21 | 000,692,224 | ---- | M] () -- C:\Windows\wicfte.exe
PRC - [2010-06-14 18:58:11 | 000,189,480 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010-06-13 22:57:25 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009-09-11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009-01-30 00:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-07-31 09:36:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Łukasz\Downloads\OTL.exe
MOD - [2008-01-21 04:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008-01-21 04:47:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:[b]64bit:[/b] - [2010-05-05 04:15:10 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009-09-11 07:33:20 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:[b]64bit:[/b] - [2009-09-11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:[b]64bit:[/b] - [2008-01-21 04:51:22 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:[b]64bit:[/b] - [2008-01-21 04:51:03 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:[b]64bit:[/b] - [2008-01-21 04:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2008-01-21 04:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2007-03-06 17:53:08 | 000,173,344 | ---- | M] (Labtec Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2010-06-14 18:58:11 | 000,189,480 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010-06-13 22:57:25 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-03-18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010-03-18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010-03-18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-07-16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-03-20 15:56:57 | 000,357,182 | ---- | M] () [Auto | Stopped] -- C:\Windows\reset.exe -- (.EsetTrialReset)
SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:[b]64bit:[/b] - [2010-05-15 11:51:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2010-05-05 04:47:08 | 006,789,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2010-05-05 03:23:24 | 000,221,184 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2010-04-15 10:44:43 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:[b]64bit:[/b] - [2010-03-09 12:20:50 | 000,120,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2010-02-23 11:51:14 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:[b]64bit:[/b] - [2010-02-23 11:51:14 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:[b]64bit:[/b] - [2009-12-22 02:26:36 | 000,038,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2009-09-11 07:27:10 | 000,044,944 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfp.sys -- (epfwwfp)
DRV:[b]64bit:[/b] - [2009-09-11 07:27:04 | 000,168,544 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfw.sys -- (epfw)
DRV:[b]64bit:[/b] - [2009-09-11 07:23:52 | 000,136,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2009-09-11 07:17:20 | 000,144,824 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon)
DRV:[b]64bit:[/b] - [2009-08-24 00:55:32 | 000,016,440 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:[b]64bit:[/b] - [2009-06-19 09:10:40 | 000,033,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Epfwndis.sys -- (Epfwndis)
DRV:[b]64bit:[/b] - [2009-02-17 19:11:25 | 000,031,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2008-07-29 04:47:00 | 001,075,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrxusb.sys -- (athrusb)
DRV:[b]64bit:[/b] - [2008-01-21 04:51:03 | 000,460,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:[b]64bit:[/b] - [2008-01-21 04:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:[b]64bit:[/b] - [2007-08-08 18:54:12 | 000,035,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool)
DRV:[b]64bit:[/b] - [2007-03-06 17:52:46 | 000,058,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:[b]64bit:[/b] - [2007-03-06 17:50:30 | 002,496,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVMVDrv.sys -- (LVMVDrv)
DRV:[b]64bit:[/b] - [2007-03-06 17:48:58 | 001,029,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys -- (LVcKap64)
DRV:[b]64bit:[/b] - [2007-03-06 17:48:24 | 000,468,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV:[b]64bit:[/b] - [2007-02-16 02:57:06 | 000,040,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:[b]64bit:[/b] - [2006-09-18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010-02-23 11:51:14 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010-02-23 11:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010-01-29 11:40:14 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2007-02-16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: openmedspel@e-medtools.com:1.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-07-25 00:57:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-07-25 00:57:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-04-15 11:50:06 | 000,000,000 | ---D | M]

[2010-04-15 11:23:05 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\mozilla\Extensions
[2010-07-31 09:44:15 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\mozilla\Firefox\Profiles\j8p0d0an.default\extensions
[2010-06-01 21:54:03 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\mozilla\Firefox\Profiles\j8p0d0an.default\extensions\openmedspel@e-medtools.com
[2010-07-31 09:44:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010-04-16 21:29:46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-04-15 12:06:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-04-15 12:06:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010-06-24 17:32:03 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2010-06-24 17:32:03 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2010-06-24 17:32:03 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2010-06-24 17:32:03 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2010-06-24 17:32:03 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-06-24 17:32:03 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-05-30 01:54:49 | 000,000,925 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 http://www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinDefender] C:\Windows\wicfte.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.238.0.5 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-11-27 15:40:12 | 000,345,360 | R--- | M] (Valve Corporation) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010-03-23 19:20:23 | 000,000,050 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\RunGame.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-07-27 22:34:42 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\Documents\Mount&Blade Savegames
[2010-07-27 22:33:33 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\Mount&Blade
[2010-07-27 21:44:10 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Local\cache
[2010-07-24 03:32:29 | 000,000,000 | ---D | C] -- C:\Python24
[2010-07-24 03:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia Auto
[2010-07-09 15:22:37 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\Ventrilo
[2010-07-09 15:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010-07-05 19:48:57 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\Tibia
[2010-07-05 19:41:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Asprate
[2010-07-05 14:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Playlogic
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-07-31 09:48:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-07-31 09:37:17 | 003,145,728 | -HS- | M] () -- C:\Users\Łukasz\NTUSER.DAT
[2010-07-31 09:36:58 | 001,606,856 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-07-31 09:36:58 | 000,711,526 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2010-07-31 09:36:58 | 000,631,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-07-31 09:36:58 | 000,149,456 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2010-07-31 09:36:58 | 000,118,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-07-31 09:30:18 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-07-31 09:30:18 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-07-31 09:30:18 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-07-31 09:30:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-07-31 09:30:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-07-29 05:35:18 | 000,524,288 | -HS- | M] () -- C:\Users\Łukasz\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010-07-29 05:35:18 | 000,065,536 | -HS- | M] () -- C:\Users\Łukasz\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010-07-29 05:35:12 | 003,833,919 | -H-- | M] () -- C:\Users\Łukasz\AppData\Local\IconCache.db
[2010-07-28 04:15:37 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010-07-28 04:15:37 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010-07-28 01:25:05 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempUv2508.html
[2010-07-27 23:56:05 | 000,000,221 | ---- | M] () -- C:\Users\Łukasz\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
[2010-07-27 23:24:52 | 000,000,664 | ---- | M] () -- C:\Users\Łukasz\Desktop\Mount&Blade.lnk
[2010-07-26 17:51:45 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempqE3256.html
[2010-07-26 16:31:11 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempWz1608.html
[2010-07-25 19:16:15 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempfG3508.html
[2010-07-25 15:24:04 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TemphN4020.html
[2010-07-25 04:18:34 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempAV1292.html
[2010-07-25 04:18:34 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempVh1292.html
[2010-07-25 02:39:53 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempgO3940.html
[2010-07-25 02:39:53 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempph3940.html
[2010-07-25 01:44:29 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempdV3636.html
[2010-07-25 01:44:29 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempaA3636.html
[2010-07-24 16:41:26 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempKa3716.html
[2010-07-24 16:41:26 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempgH3716.html
[2010-07-24 03:32:47 | 000,001,749 | ---- | M] () -- C:\Users\Łukasz\Desktop\Tibia Auto.lnk
[2010-07-24 03:27:21 | 000,692,224 | ---- | M] () -- C:\Windows\wicfte.exe
[2010-07-24 00:35:02 | 000,000,900 | ---- | M] () -- C:\Users\Łukasz\Desktop\Tibia MULTI-ip changer — skrót.lnk
[2010-07-23 23:39:18 | 000,000,488 | ---- | M] () -- C:\Users\Łukasz\Desktop\Tibia — skrót.lnk
[2010-07-23 23:19:50 | 000,000,483 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk
[2010-07-23 15:26:51 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempCc3732.html
[2010-07-23 15:26:51 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempfh3732.html
[2010-07-23 03:56:36 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempii4052.html
[2010-07-23 03:56:36 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempCt4052.html
[2010-07-22 23:38:56 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempyH2132.html
[2010-07-22 21:42:54 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempiDE164.html
[2010-07-22 21:42:54 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempYaL164.html
[2010-07-22 05:42:27 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempqw3716.html
[2010-07-21 14:57:15 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Temphd3732.html
[2010-07-21 14:57:15 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempBi3732.html
[2010-07-21 05:41:21 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempkU1120.html
[2010-07-21 05:41:21 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempAG1120.html
[2010-07-20 22:26:45 | 000,114,016 | ---- | M] () -- C:\Users\Łukasz\Desktop\1279630877_by_darkman000_500.jpg
[2010-07-20 17:12:20 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempcK1056.html
[2010-07-20 17:12:20 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempWR1056.html
[2010-07-19 17:09:57 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TemphO1672.html
[2010-07-19 00:36:32 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TemptUJ852.html
[2010-07-18 20:41:46 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempymX988.html
[2010-07-18 20:41:46 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Temphcq988.html
[2010-07-18 19:15:22 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempPj3856.html
[2010-07-18 17:54:41 | 000,000,219 | ---- | M] () -- C:\Users\Łukasz\Desktop\Counter-Strike Source.url
[2010-07-18 15:15:36 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempYGv344.html
[2010-07-18 15:15:36 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempKqx344.html
[2010-07-17 19:50:00 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempCV2832.html
[2010-07-17 19:14:53 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempPW4092.html
[2010-07-17 15:03:34 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempis1512.html
[2010-07-17 15:03:34 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempBf1512.html
[2010-07-17 15:01:44 | 000,477,414 | ---- | M] () -- C:\Users\Łukasz\Documents\os7shbuh.bmp
[2010-07-17 14:31:11 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempeq1744.html
[2010-07-17 14:31:11 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempuk1744.html
[2010-07-17 13:02:04 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempAF3460.html
[2010-07-17 13:02:04 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempdK3460.html
[2010-07-17 03:14:23 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempeQ3484.html
[2010-07-17 00:05:51 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempzh3300.html
[2010-07-17 00:05:51 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempLs3300.html
[2010-07-16 22:30:12 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TemppbV344.html
[2010-07-16 22:30:12 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempvSr344.html
[2010-07-15 16:30:27 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TemprB3956.html
[2010-07-14 20:02:01 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempay3452.html
[2010-07-14 00:20:11 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-07-13 23:00:10 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Templsn928.html
[2010-07-13 23:00:10 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempZUa928.html
[2010-07-13 20:36:16 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempyQ3320.html
[2010-07-13 16:52:44 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempqZ3776.html
[2010-07-13 16:52:44 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempVR3776.html
[2010-07-13 00:54:45 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempGP3932.html
[2010-07-12 21:15:34 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempXI3384.html
[2010-07-12 17:03:57 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempZe3428.html
[2010-07-12 13:21:43 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempom3380.html
[2010-07-12 12:24:43 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempONu888.html
[2010-07-12 12:24:43 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempXoU888.html
[2010-07-12 00:42:44 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempuT3556.html
[2010-07-11 23:31:24 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempNL2924.html
[2010-07-11 18:43:42 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempug2688.html
[2010-07-11 15:35:24 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempeQ3172.html
[2010-07-11 15:35:24 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempNO3172.html
[2010-07-10 17:32:18 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempcI3016.html
[2010-07-10 17:32:18 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempSD3016.html
[2010-07-09 18:09:49 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempCh2672.html
[2010-07-09 18:09:49 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempiF2672.html
[2010-07-09 15:43:55 | 000,036,401 | ---- | M] () -- C:\Users\Łukasz\Documents\Bez_nazwy.wma
[2010-07-09 03:28:33 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempcv3184.html
[2010-07-09 02:07:17 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempWG3608.html
[2010-07-09 02:07:17 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempPT3608.html
[2010-07-08 14:42:05 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempAs3752.html
[2010-07-08 14:42:05 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempzN3752.html
[2010-07-07 20:01:47 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempfN3312.html
[2010-07-07 15:45:04 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempUe3848.html
[2010-07-07 12:53:26 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempiz3440.html
[2010-07-07 12:53:26 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempYx3440.html
[2010-07-07 03:56:36 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempDGr952.html
[2010-07-06 14:49:37 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempjI1448.html
[2010-07-06 14:49:37 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempda1448.html
[2010-07-06 01:08:42 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempel3112.html
[2010-07-06 01:08:42 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TemppZ3112.html
[2010-07-05 19:41:59 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk
[2010-07-05 16:00:07 | 000,000,520 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike 2D.lnk
[2010-07-05 12:04:34 | 000,043,520 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-05 11:20:02 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempHE2304.html
[2010-07-05 11:20:02 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempuE2304.html
[2010-07-05 02:02:29 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempqi2944.html
[2010-07-04 22:08:26 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempOO3804.html
[2010-07-04 22:08:26 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempvM3804.html
[2010-07-04 19:12:58 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempms3444.html
[2010-07-04 16:40:11 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempdn3964.html
[2010-07-04 16:40:11 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempjf3964.html
[2010-07-04 12:24:51 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempqB3200.html
[2010-07-04 12:24:51 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempPw3200.html
[2010-07-04 02:50:54 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempjZ2636.html
[2010-07-03 21:17:45 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempdb2424.html
[2010-07-03 20:21:24 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempyS3504.html
[2010-07-03 20:21:24 | 000,002,089 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\Tempry3504.html
[2010-07-02 22:28:43 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempPK3736.html
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-07-28 01:24:44 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempUv2508.html
[2010-07-27 23:56:05 | 000,000,221 | ---- | C] () -- C:\Users\Łukasz\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
[2010-07-27 22:30:43 | 000,000,664 | ---- | C] () -- C:\Users\Łukasz\Desktop\Mount&Blade.lnk
[2010-07-26 17:04:47 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempqE3256.html
[2010-07-26 15:38:22 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempWz1608.html
[2010-07-25 18:01:57 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempfG3508.html
[2010-07-25 14:22:45 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TemphN4020.html
[2010-07-25 02:44:48 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempAV1292.html
[2010-07-25 02:44:48 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempVh1292.html
[2010-07-25 02:39:53 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempgO3940.html
[2010-07-25 02:39:53 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempph3940.html
[2010-07-25 01:44:29 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempdV3636.html
[2010-07-25 01:44:29 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempaA3636.html
[2010-07-24 16:41:26 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempKa3716.html
[2010-07-24 16:41:26 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempgH3716.html
[2010-07-24 03:32:47 | 000,001,749 | ---- | C] () -- C:\Users\Łukasz\Desktop\Tibia Auto.lnk
[2010-07-24 03:29:46 | 001,867,776 | ---- | C] () -- C:\Windows\SysNative\python24.dll
[2010-07-24 03:27:21 | 000,692,224 | ---- | C] () -- C:\Windows\wicfte.exe
[2010-07-24 00:35:12 | 000,000,900 | ---- | C] () -- C:\Users\Łukasz\Desktop\Tibia MULTI-ip changer — skrót.lnk
[2010-07-23 23:39:20 | 000,000,488 | ---- | C] () -- C:\Users\Łukasz\Desktop\Tibia — skrót.lnk
[2010-07-23 14:29:47 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempCc3732.html
[2010-07-23 14:29:47 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempfh3732.html
[2010-07-23 02:43:15 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempii4052.html
[2010-07-23 02:43:15 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempCt4052.html
[2010-07-22 23:06:11 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempyH2132.html
[2010-07-22 14:50:53 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempiDE164.html
[2010-07-22 14:50:53 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempYaL164.html
[2010-07-21 23:48:24 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempqw3716.html
[2010-07-21 14:57:15 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Temphd3732.html
[2010-07-21 14:57:15 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempBi3732.html
[2010-07-20 22:26:44 | 000,114,016 | ---- | C] () -- C:\Users\Łukasz\Desktop\1279630877_by_darkman000_500.jpg
[2010-07-20 20:12:55 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempkU1120.html
[2010-07-20 20:12:55 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempAG1120.html
[2010-07-20 16:15:04 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempcK1056.html
[2010-07-20 16:15:04 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempWR1056.html
[2010-07-19 14:20:03 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TemphO1672.html
[2010-07-18 23:57:52 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TemptUJ852.html
[2010-07-18 20:24:05 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempymX988.html
[2010-07-18 20:24:05 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Temphcq988.html
[2010-07-18 18:53:52 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempPj3856.html
[2010-07-18 15:15:36 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempYGv344.html
[2010-07-18 15:15:36 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempKqx344.html
[2010-07-17 19:34:13 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempCV2832.html
[2010-07-17 18:11:03 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempPW4092.html
[2010-07-17 15:03:34 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempis1512.html
[2010-07-17 15:03:34 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempBf1512.html
[2010-07-17 15:01:26 | 000,477,414 | ---- | C] () -- C:\Users\Łukasz\Documents\os7shbuh.bmp
[2010-07-17 14:31:11 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempeq1744.html
[2010-07-17 14:31:11 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempuk1744.html
[2010-07-17 13:02:04 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempAF3460.html
[2010-07-17 13:02:04 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempdK3460.html
[2010-07-17 01:27:02 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempeQ3484.html
[2010-07-17 00:05:51 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempzh3300.html
[2010-07-17 00:05:51 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempLs3300.html
[2010-07-16 22:30:12 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TemppbV344.html
[2010-07-16 22:30:12 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempvSr344.html
[2010-07-15 15:40:10 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TemprB3956.html
[2010-07-14 18:38:39 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempay3452.html
[2010-07-13 23:00:10 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Templsn928.html
[2010-07-13 23:00:10 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempZUa928.html
[2010-07-13 18:25:13 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempyQ3320.html
[2010-07-13 12:15:39 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempqZ3776.html
[2010-07-13 12:15:39 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempVR3776.html
[2010-07-12 22:48:28 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempGP3932.html
[2010-07-12 20:51:57 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempXI3384.html
[2010-07-12 15:55:59 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempZe3428.html
[2010-07-12 12:46:58 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempom3380.html
[2010-07-12 12:24:43 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempONu888.html
[2010-07-12 12:24:43 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempXoU888.html
[2010-07-12 00:00:55 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempuT3556.html
[2010-07-11 22:50:56 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempNL2924.html
[2010-07-11 16:38:16 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempug2688.html
[2010-07-11 15:29:19 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempeQ3172.html
[2010-07-11 15:29:19 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempNO3172.html
[2010-07-10 17:23:15 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempcI3016.html
[2010-07-10 17:23:15 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempSD3016.html
[2010-07-09 18:08:39 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempCh2672.html
[2010-07-09 18:08:39 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempiF2672.html
[2010-07-09 15:43:55 | 000,036,401 | ---- | C] () -- C:\Users\Łukasz\Documents\Bez_nazwy.wma
[2010-07-09 02:07:28 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempcv3184.html
[2010-07-09 01:53:10 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempWG3608.html
[2010-07-09 01:53:10 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempPT3608.html
[2010-07-08 14:42:05 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempAs3752.html
[2010-07-08 14:42:05 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempzN3752.html
[2010-07-07 18:42:40 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempfN3312.html
[2010-07-07 12:53:45 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempUe3848.html
[2010-07-07 12:52:43 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempiz3440.html
[2010-07-07 12:52:43 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempYx3440.html
[2010-07-06 23:09:22 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempDGr952.html
[2010-07-06 14:49:37 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempjI1448.html
[2010-07-06 14:49:37 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempda1448.html
[2010-07-06 01:08:42 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempel3112.html
[2010-07-06 01:08:42 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TemppZ3112.html
[2010-07-05 19:48:43 | 000,000,483 | ---- | C] () -- C:\Users\Public\Desktop\Tibia.lnk
[2010-07-05 19:46:37 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\sknc.dll
[2010-07-05 19:41:59 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk
[2010-07-05 16:00:07 | 000,000,520 | ---- | C] () -- C:\Users\Public\Desktop\Counter-Strike 2D.lnk
[2010-07-05 11:20:02 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempHE2304.html
[2010-07-05 11:20:02 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempuE2304.html
[2010-07-04 23:40:14 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempqi2944.html
[2010-07-04 22:08:26 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempOO3804.html
[2010-07-04 22:08:26 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempvM3804.html
[2010-07-04 17:45:42 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempms3444.html
[2010-07-04 16:40:11 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempdn3964.html
[2010-07-04 16:40:11 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempjf3964.html
[2010-07-04 12:24:51 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempqB3200.html
[2010-07-04 12:24:51 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempPw3200.html
[2010-07-04 01:36:47 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempjZ2636.html
[2010-07-03 21:04:08 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempdb2424.html
[2010-07-03 20:21:24 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempyS3504.html
[2010-07-03 20:21:24 | 000,002,089 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\Tempry3504.html
[2010-07-02 21:06:40 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempPK3736.html
[2010-05-15 13:31:39 | 001,584,248 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-05-15 03:19:35 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2010-05-15 03:19:32 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010-05-15 03:19:31 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2010-05-15 02:57:05 | 000,013,576 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll
[2010-04-22 02:33:26 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009-11-06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009-06-19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008-01-21 04:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008-01-21 04:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2001-09-19 19:18:01 | 000,008,444 | ---- | C] () -- C:\Windows\Zmodeler.ini

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 24 bytes -> C:\Windows:CD9AE63FB5EFB29A
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:1AAB2E68
@Alternate Data Stream - 168 bytes -> C:\Users\Łukasz\Desktop\adasdasdasdasdsa.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Łukasz\Desktop\adasdasdasdasdsa Paint.jpg:3or4kl4x13tuuug3Byamue2s4b
< End of report >

[Andziorka]

W okienko OTL wklej poniższy skrypt i klik na Run Fix:

:Processes
explorer.exe

:OTL
O4 - HKLM..\Run: [WinDefender] C:\Windows\wicfte.exe ()
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 http://www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O32 - AutoRun File - [2010-03-23 19:20:23 | 000,000,050 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\RunGame.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\Autorun.exe -- File not found

:Files
C:\Windows\wicfte.exe
C:\Windows\SysWow64\sknc.dll
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:1AAB2E68
C:\Users\Łukasz\AppData\Local\TempUv2508.html
C:\Users\Łukasz\AppData\Local\TempqE3256.html
C:\Users\Łukasz\AppData\Local\TempWz1608.html
C:\Users\Łukasz\AppData\Local\TempfG3508.html
C:\Users\Łukasz\AppData\Local\TemphN4020.html
C:\Users\Łukasz\AppData\Local\TempAV1292.html
C:\Users\Łukasz\AppData\Local\TempVh1292.html
C:\Users\Łukasz\AppData\Local\TempgO3940.html
C:\Users\Łukasz\AppData\Local\Tempph3940.html
C:\Users\Łukasz\AppData\Local\TempdV3636.html
C:\Users\Łukasz\AppData\Local\TempaA3636.html
C:\Users\Łukasz\AppData\Local\TempKa3716.html
C:\Users\Łukasz\AppData\Local\TempgH3716.html
C:\Users\Łukasz\AppData\Local\TempCc3732.html
C:\Users\Łukasz\AppData\Local\Tempfh3732.html
C:\Users\Łukasz\AppData\Local\Tempii4052.html
C:\Users\Łukasz\AppData\Local\TempCt4052.html
C:\Users\Łukasz\AppData\Local\TempyH2132.html
C:\Users\Łukasz\AppData\Local\TempiDE164.html
C:\Users\Łukasz\AppData\Local\TempYaL164.html
C:\Users\Łukasz\AppData\Local\Tempqw3716.html
C:\Users\Łukasz\AppData\Local\Temphd3732.html
C:\Users\Łukasz\AppData\Local\TempBi3732.html
C:\Users\Łukasz\AppData\Local\TempkU1120.html
C:\Users\Łukasz\AppData\Local\TempAG1120.html
C:\Users\Łukasz\AppData\Local\TempcK1056.html
C:\Users\Łukasz\AppData\Local\TempWR1056.html
C:\Users\Łukasz\AppData\Local\TemphO1672.html
C:\Users\Łukasz\AppData\Local\TemptUJ852.html
C:\Users\Łukasz\AppData\Local\TempymX988.html
C:\Users\Łukasz\AppData\Local\Temphcq988.html
C:\Users\Łukasz\AppData\Local\TempPj3856.html
C:\Users\Łukasz\AppData\Local\TempYGv344.html
C:\Users\Łukasz\AppData\Local\TempKqx344.html
C:\Users\Łukasz\AppData\Local\TempCV2832.html
C:\Users\Łukasz\AppData\Local\TempPW4092.html
C:\Users\Łukasz\AppData\Local\Tempis1512.html
C:\Users\Łukasz\AppData\Local\TempBf1512.html
C:\Users\Łukasz\AppData\Local\Tempeq1744.html
C:\Users\Łukasz\AppData\Local\Tempuk1744.html
C:\Users\Łukasz\AppData\Local\TempAF3460.html
C:\Users\Łukasz\AppData\Local\TempdK3460.html
C:\Users\Łukasz\AppData\Local\TempeQ3484.html
C:\Users\Łukasz\AppData\Local\Tempzh3300.html
C:\Users\Łukasz\AppData\Local\TempLs3300.html
C:\Users\Łukasz\AppData\Local\TemppbV344.html
C:\Users\Łukasz\AppData\Local\TempvSr344.html
C:\Users\Łukasz\AppData\Local\TemprB3956.html
C:\Users\Łukasz\AppData\Local\Tempay3452.html
C:\Users\Łukasz\AppData\Local\Templsn928.html
C:\Users\Łukasz\AppData\Local\TempZUa928.html
C:\Users\Łukasz\AppData\Local\TempyQ3320.html
C:\Users\Łukasz\AppData\Local\TempqZ3776.html
C:\Users\Łukasz\AppData\Local\TempVR3776.html
C:\Users\Łukasz\AppData\Local\TempGP3932.html
C:\Users\Łukasz\AppData\Local\TempXI3384.html
C:\Users\Łukasz\AppData\Local\TempZe3428.html
C:\Users\Łukasz\AppData\Local\Tempom3380.html
C:\Users\Łukasz\AppData\Local\TempONu888.html
C:\Users\Łukasz\AppData\Local\TempXoU888.html
C:\Users\Łukasz\AppData\Local\TempuT3556.html
C:\Users\Łukasz\AppData\Local\TempNL2924.html
C:\Users\Łukasz\AppData\Local\Tempug2688.html
C:\Users\Łukasz\AppData\Local\TempeQ3172.html
C:\Users\Łukasz\AppData\Local\TempNO3172.html
C:\Users\Łukasz\AppData\Local\TempcI3016.html
C:\Users\Łukasz\AppData\Local\TempSD3016.html
C:\Users\Łukasz\AppData\Local\TempCh2672.html
C:\Users\Łukasz\AppData\Local\TempiF2672.html
C:\Users\Łukasz\AppData\Local\Tempcv3184.html
C:\Users\Łukasz\AppData\Local\TempWG3608.html
C:\Users\Łukasz\AppData\Local\TempPT3608.html
C:\Users\Łukasz\AppData\Local\TempAs3752.html
C:\Users\Łukasz\AppData\Local\TempzN3752.html
C:\Users\Łukasz\AppData\Local\TempfN3312.html
C:\Users\Łukasz\AppData\Local\TempUe3848.html
C:\Users\Łukasz\AppData\Local\Tempiz3440.html
C:\Users\Łukasz\AppData\Local\TempYx3440.html
C:\Users\Łukasz\AppData\Local\TempDGr952.html
C:\Users\Łukasz\AppData\Local\TempjI1448.html
C:\Users\Łukasz\AppData\Local\Tempda1448.html
C:\Users\Łukasz\AppData\Local\Tempel3112.html
C:\Users\Łukasz\AppData\Local\TemppZ3112.html
C:\Users\Łukasz\AppData\Local\TempHE2304.html
C:\Users\Łukasz\AppData\Local\TempuE2304.html
C:\Users\Łukasz\AppData\Local\Tempqi2944.html
C:\Users\Łukasz\AppData\Local\TempOO3804.html
C:\Users\Łukasz\AppData\Local\TempvM3804.html
C:\Users\Łukasz\AppData\Local\Tempms3444.html
C:\Users\Łukasz\AppData\Local\Tempdn3964.html
C:\Users\Łukasz\AppData\Local\Tempjf3964.html
C:\Users\Łukasz\AppData\Local\TempqB3200.html
C:\Users\Łukasz\AppData\Local\TempPw3200.html
C:\Users\Łukasz\AppData\Local\TempjZ2636.html
C:\Users\Łukasz\AppData\Local\Tempdb2424.html
C:\Users\Łukasz\AppData\Local\TempyS3504.html
C:\Users\Łukasz\AppData\Local\Tempry3504.html
C:\Users\Łukasz\AppData\Local\TempPK3736.html
C:\Users\Łukasz\AppData\Local\TempUv2508.html
C:\Users\Łukasz\AppData\Local\TempqE3256.html
C:\Users\Łukasz\AppData\Local\TempWz1608.html
C:\Users\Łukasz\AppData\Local\TempfG3508.html
C:\Users\Łukasz\AppData\Local\TemphN4020.html
C:\Users\Łukasz\AppData\Local\TempAV1292.html
C:\Users\Łukasz\AppData\Local\TempVh1292.html
C:\Users\Łukasz\AppData\Local\TempgO3940.html
C:\Users\Łukasz\AppData\Local\Tempph3940.html
C:\Users\Łukasz\AppData\Local\TempdV3636.html
C:\Users\Łukasz\AppData\Local\TempaA3636.html
C:\Users\Łukasz\AppData\Local\TempKa3716.html
C:\Users\Łukasz\AppData\Local\TempgH3716.html
C:\Users\Łukasz\AppData\Local\TempCc3732.html
C:\Users\Łukasz\AppData\Local\Tempfh3732.html
C:\Users\Łukasz\AppData\Local\Tempii4052.html
C:\Users\Łukasz\AppData\Local\TempCt4052.html
C:\Users\Łukasz\AppData\Local\TempyH2132.html
C:\Users\Łukasz\AppData\Local\TempiDE164.html
C:\Users\Łukasz\AppData\Local\TempYaL164.html
C:\Users\Łukasz\AppData\Local\Tempqw3716.html
C:\Users\Łukasz\AppData\Local\Temphd3732.html
C:\Users\Łukasz\AppData\Local\TempBi3732.html
C:\Users\Łukasz\AppData\Local\TempkU1120.html
C:\Users\Łukasz\AppData\Local\TempAG1120.html
C:\Users\Łukasz\AppData\Local\TempcK1056.html
C:\Users\Łukasz\AppData\Local\TempWR1056.html
C:\Users\Łukasz\AppData\Local\TemphO1672.html
C:\Users\Łukasz\AppData\Local\TemptUJ852.html
C:\Users\Łukasz\AppData\Local\TempymX988.html
C:\Users\Łukasz\AppData\Local\Temphcq988.html
C:\Users\Łukasz\AppData\Local\TempPj3856.html
C:\Users\Łukasz\AppData\Local\TempYGv344.html
C:\Users\Łukasz\AppData\Local\TempKqx344.html
C:\Users\Łukasz\AppData\Local\TempCV2832.html
C:\Users\Łukasz\AppData\Local\TempPW4092.html
C:\Users\Łukasz\AppData\Local\Tempis1512.html
C:\Users\Łukasz\AppData\Local\TempBf1512.htm
C:\Users\Łukasz\AppData\Local\Tempeq1744.html
C:\Users\Łukasz\AppData\Local\Tempuk1744.html
C:\Users\Łukasz\AppData\Local\TempAF3460.html
C:\Users\Łukasz\AppData\Local\TempdK3460.html
C:\Users\Łukasz\AppData\Local\TempeQ3484.html
C:\Users\Łukasz\AppData\Local\Tempzh3300.html
C:\Users\Łukasz\AppData\Local\TempLs3300.html
C:\Users\Łukasz\AppData\Local\TemppbV344.html
C:\Users\Łukasz\AppData\Local\TempvSr344.html
C:\Users\Łukasz\AppData\Local\TemprB3956.html
C:\Users\Łukasz\AppData\Local\Tempay3452.html
C:\Users\Łukasz\AppData\Local\Templsn928.html
C:\Users\Łukasz\AppData\Local\TempZUa928.html
C:\Users\Łukasz\AppData\Local\TempyQ3320.html
C:\Users\Łukasz\AppData\Local\TempqZ3776.html
C:\Users\Łukasz\AppData\Local\TempVR3776.html
C:\Users\Łukasz\AppData\Local\TempGP3932.html
C:\Users\Łukasz\AppData\Local\TempXI3384.html
C:\Users\Łukasz\AppData\Local\TempZe3428.html
C:\Users\Łukasz\AppData\Local\Tempom3380.html
C:\Users\Łukasz\AppData\Local\TempONu888.html
C:\Users\Łukasz\AppData\Local\TempXoU888.html
C:\Users\Łukasz\AppData\Local\TempuT3556.html
C:\Users\Łukasz\AppData\Local\TempNL2924.html
C:\Users\Łukasz\AppData\Local\Tempug2688.html
C:\Users\Łukasz\AppData\Local\TempeQ3172.html
C:\Users\Łukasz\AppData\Local\TempNO3172.html
C:\Users\Łukasz\AppData\Local\TempcI3016.html
C:\Users\Łukasz\AppData\Local\TempSD3016.html
C:\Users\Łukasz\AppData\Local\TempCh2672.html
C:\Users\Łukasz\AppData\Local\TempiF2672.html
C:\Users\Łukasz\AppData\Local\Tempcv3184.html
C:\Users\Łukasz\AppData\Local\TempWG3608.html
C:\Users\Łukasz\AppData\Local\TempPT3608.html
C:\Users\Łukasz\AppData\Local\TempAs3752.html
C:\Users\Łukasz\AppData\Local\TempzN3752.html
C:\Users\Łukasz\AppData\Local\TempfN3312.html
C:\Users\Łukasz\AppData\Local\TempUe3848.html
C:\Users\Łukasz\AppData\Local\Tempiz3440.html
C:\Users\Łukasz\AppData\Local\TempYx3440.html
C:\Users\Łukasz\AppData\Local\TempDGr952.html
C:\Users\Łukasz\AppData\Local\TempjI1448.html
C:\Users\Łukasz\AppData\Local\Tempda1448.html
C:\Users\Łukasz\AppData\Local\Tempel3112.html
C:\Users\Łukasz\AppData\Local\TemppZ3112.html
C:\Users\Łukasz\AppData\Local\TempHE2304.html
C:\Users\Łukasz\AppData\Local\TempuE2304.html
C:\Users\Łukasz\AppData\Local\Tempqi2944.html
C:\Users\Łukasz\AppData\Local\TempOO3804.html
C:\Users\Łukasz\AppData\Local\TempvM3804.html
C:\Users\Łukasz\AppData\Local\Tempms3444.html
C:\Users\Łukasz\AppData\Local\Tempdn3964.html
C:\Users\Łukasz\AppData\Local\Tempjf3964.html
C:\Users\Łukasz\AppData\Local\TempqB3200.html
C:\Users\Łukasz\AppData\Local\TempPw3200.html
C:\Users\Łukasz\AppData\Local\TempjZ2636.html
C:\Users\Łukasz\AppData\Local\Tempdb2424.html
C:\Users\Łukasz\AppData\Local\TempyS3504.html
C:\Users\Łukasz\AppData\Local\Tempry3504.html
C:\Users\Łukasz\AppData\Local\TempPK3736.html

:Commands
[emptytemp]
[start explorer]
[Reboot]

Otwórz notatnik tekstowy i wklej do niego poniższy tekst:

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


Zapisz jako->Wybierz Wszystkie pliki->wpisz Fix.reg->Następnie kliknij na zapisany plik i uruchom komputer ponownie.

Wykonaj skan tym: http://www.programosy.pl/program,dr-web-cureit.html usuń co znajdzie i daj powstałego loga.

Autor postu otrzymał pochwałę

[wojtas]

Po wgraniu skryptu komunikat o wirusie już nie wyskoczył. Potem dodałem ten wpis do rejestru.Zrobiłem skan tym polecanym programem i nic nie znalazł:)

A tu log z OTL-a już po wszystkim

Kod: Zaznacz wszystko


OTL logfile created on: 2010-07-31 15:05:57 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Łukasz\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 44,07 Gb Total Space | 2,52 Gb Free Space | 5,71% Space Free | Partition Type: NTFS
Drive D: | 171,06 Gb Total Space | 40,29 Gb Free Space | 23,56% Space Free | Partition Type: NTFS
Drive E: | 14,49 Gb Total Space | 12,48 Gb Free Space | 86,10% Space Free | Partition Type: NTFS
Drive F: | 3,26 Gb Total Space | 0,29 Gb Free Space | 8,79% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 232,88 Gb Total Space | 45,03 Gb Free Space | 19,34% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ŁUKASZ-PC
Current User Name: Łukasz
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-07-31 09:36:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Łukasz\Downloads\OTL.exe
PRC - [2010-07-25 00:57:00 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010-07-25 00:56:59 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010-06-14 18:58:11 | 000,189,480 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010-06-13 22:57:25 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009-09-11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009-01-30 00:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-07-31 09:36:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Łukasz\Downloads\OTL.exe
MOD - [2008-01-21 04:49:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008-01-21 04:47:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:[b]64bit:[/b] - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:[b]64bit:[/b] - [2010-05-05 04:15:10 | 000,202,752 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009-09-11 07:33:20 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:[b]64bit:[/b] - [2009-09-11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:[b]64bit:[/b] - [2008-01-21 04:51:22 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:[b]64bit:[/b] - [2008-01-21 04:51:03 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:[b]64bit:[/b] - [2008-01-21 04:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2008-01-21 04:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2007-03-06 17:53:08 | 000,173,344 | ---- | M] (Labtec Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2010-06-14 18:58:11 | 000,189,480 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010-06-13 22:57:25 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-03-18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010-03-18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010-03-18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-07-16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009-03-20 15:56:57 | 000,357,182 | ---- | M] () [Auto | Stopped] -- C:\Windows\reset.exe -- (.EsetTrialReset)
SRV - [2005-11-14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:[b]64bit:[/b] - [2010-05-15 11:51:39 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2010-05-05 04:47:08 | 006,789,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2010-05-05 03:23:24 | 000,221,184 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2010-04-15 10:44:43 | 000,160,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:[b]64bit:[/b] - [2010-03-09 12:20:50 | 000,120,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2010-02-23 11:51:14 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:[b]64bit:[/b] - [2010-02-23 11:51:14 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:[b]64bit:[/b] - [2009-12-22 02:26:36 | 000,038,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2009-09-11 07:27:10 | 000,044,944 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfp.sys -- (epfwwfp)
DRV:[b]64bit:[/b] - [2009-09-11 07:27:04 | 000,168,544 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfw.sys -- (epfw)
DRV:[b]64bit:[/b] - [2009-09-11 07:23:52 | 000,136,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:[b]64bit:[/b] - [2009-09-11 07:17:20 | 000,144,824 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon)
DRV:[b]64bit:[/b] - [2009-08-24 00:55:32 | 000,016,440 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:[b]64bit:[/b] - [2009-06-19 09:10:40 | 000,033,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Epfwndis.sys -- (Epfwndis)
DRV:[b]64bit:[/b] - [2009-02-17 19:11:25 | 000,031,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2008-07-29 04:47:00 | 001,075,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrxusb.sys -- (athrusb)
DRV:[b]64bit:[/b] - [2008-01-21 04:51:03 | 000,460,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:[b]64bit:[/b] - [2008-01-21 04:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:[b]64bit:[/b] - [2007-08-08 18:54:12 | 000,035,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATITool64.sys -- (ATITool)
DRV:[b]64bit:[/b] - [2007-03-06 17:52:46 | 000,058,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:[b]64bit:[/b] - [2007-03-06 17:50:30 | 002,496,928 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVMVDrv.sys -- (LVMVDrv)
DRV:[b]64bit:[/b] - [2007-03-06 17:48:58 | 001,029,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys -- (LVcKap64)
DRV:[b]64bit:[/b] - [2007-03-06 17:48:24 | 000,468,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV:[b]64bit:[/b] - [2007-02-16 02:57:06 | 000,040,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:[b]64bit:[/b] - [2006-09-18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010-02-23 11:51:14 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2010-02-23 11:51:14 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010-01-29 11:40:14 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2007-02-16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "www.google.pl"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: openmedspel@e-medtools.com:1.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-07-25 00:57:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-07-25 00:57:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010-04-15 11:50:06 | 000,000,000 | ---D | M]

[2010-04-15 11:23:05 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\mozilla\Extensions
[2010-07-31 09:44:15 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\mozilla\Firefox\Profiles\j8p0d0an.default\extensions
[2010-06-01 21:54:03 | 000,000,000 | ---D | M] -- C:\Users\Łukasz\AppData\Roaming\mozilla\Firefox\Profiles\j8p0d0an.default\extensions\openmedspel@e-medtools.com
[2010-07-31 09:44:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010-04-16 21:29:46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010-04-15 12:06:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-04-15 12:06:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010-06-24 17:32:03 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2010-06-24 17:32:03 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2010-06-24 17:32:03 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2010-06-24 17:32:03 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2010-06-24 17:32:03 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2010-06-24 17:32:03 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-07-31 14:27:39 | 000,001,500 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.238.0.5 192.168.0.1
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-11-27 15:40:12 | 000,345,360 | R--- | M] (Valve Corporation) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010-03-23 19:20:23 | 000,000,050 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-07-31 14:38:28 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\DoctorWeb
[2010-07-31 14:27:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-07-31 11:01:05 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\Malwarebytes
[2010-07-31 11:00:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-07-31 11:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-07-31 11:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-07-27 22:34:42 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\Documents\Mount&Blade Savegames
[2010-07-27 22:33:33 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\Mount&Blade
[2010-07-27 21:44:10 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Local\cache
[2010-07-24 03:32:29 | 000,000,000 | ---D | C] -- C:\Python24
[2010-07-24 03:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tibia Auto
[2010-07-09 15:22:37 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\Ventrilo
[2010-07-09 15:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010-07-05 19:48:57 | 000,000,000 | ---D | C] -- C:\Users\Łukasz\AppData\Roaming\Tibia
[2010-07-05 19:41:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Asprate
[2010-07-05 14:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Playlogic

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-07-31 15:06:01 | 003,145,728 | -HS- | M] () -- C:\Users\Łukasz\NTUSER.DAT
[2010-07-31 14:48:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-07-31 14:41:09 | 000,711,526 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2010-07-31 14:41:09 | 000,631,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-07-31 14:41:09 | 000,149,456 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2010-07-31 14:41:09 | 000,118,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-07-31 14:41:08 | 001,606,856 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-07-31 14:35:01 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-07-31 14:35:01 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-07-31 14:35:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-07-31 14:34:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-07-31 14:34:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-07-31 14:34:20 | 000,524,288 | -HS- | M] () -- C:\Users\Łukasz\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010-07-31 14:34:20 | 000,065,536 | -HS- | M] () -- C:\Users\Łukasz\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010-07-31 14:34:17 | 003,840,705 | -H-- | M] () -- C:\Users\Łukasz\AppData\Local\IconCache.db
[2010-07-31 14:33:34 | 000,000,124 | ---- | M] () -- C:\Users\Łukasz\Documents\fix.reg
[2010-07-31 11:46:52 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempBC3312.html
[2010-07-31 11:45:30 | 000,002,432 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\TempnP3312.html
[2010-07-31 11:00:46 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-07-31 10:22:36 | 000,000,372 | ---- | M] () -- C:\Users\Łukasz\Dokumenty — skrót.lnk
[2010-07-28 04:15:37 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010-07-28 04:15:37 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010-07-27 23:56:05 | 000,000,221 | ---- | M] () -- C:\Users\Łukasz\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
[2010-07-27 23:24:52 | 000,000,664 | ---- | M] () -- C:\Users\Łukasz\Desktop\Mount&Blade.lnk
[2010-07-24 03:32:47 | 000,001,749 | ---- | M] () -- C:\Users\Łukasz\Desktop\Tibia Auto.lnk
[2010-07-24 00:35:02 | 000,000,900 | ---- | M] () -- C:\Users\Łukasz\Desktop\Tibia MULTI-ip changer — skrót.lnk
[2010-07-23 23:39:18 | 000,000,488 | ---- | M] () -- C:\Users\Łukasz\Desktop\Tibia — skrót.lnk
[2010-07-23 23:19:50 | 000,000,483 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk
[2010-07-20 22:26:45 | 000,114,016 | ---- | M] () -- C:\Users\Łukasz\Desktop\1279630877_by_darkman000_500.jpg
[2010-07-18 17:54:41 | 000,000,219 | ---- | M] () -- C:\Users\Łukasz\Desktop\Counter-Strike Source.url
[2010-07-17 15:01:44 | 000,477,414 | ---- | M] () -- C:\Users\Łukasz\Documents\os7shbuh.bmp
[2010-07-14 00:20:11 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-07-09 15:43:55 | 000,036,401 | ---- | M] () -- C:\Users\Łukasz\Documents\Bez_nazwy.wma
[2010-07-05 19:41:59 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk
[2010-07-05 16:00:07 | 000,000,520 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike 2D.lnk
[2010-07-05 12:04:34 | 000,043,520 | ---- | M] () -- C:\Users\Łukasz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-07-31 14:33:34 | 000,000,124 | ---- | C] () -- C:\Users\Łukasz\Documents\fix.reg
[2010-07-31 11:45:26 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempBC3312.html
[2010-07-31 11:45:08 | 000,002,432 | ---- | C] () -- C:\Users\Łukasz\AppData\Local\TempnP3312.html
[2010-07-31 11:00:46 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-07-31 11:00:42 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010-07-31 10:22:36 | 000,000,372 | ---- | C] () -- C:\Users\Łukasz\Dokumenty — skrót.lnk
[2010-07-27 23:56:05 | 000,000,221 | ---- | C] () -- C:\Users\Łukasz\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
[2010-07-27 22:30:43 | 000,000,664 | ---- | C] () -- C:\Users\Łukasz\Desktop\Mount&Blade.lnk
[2010-07-24 03:32:47 | 000,001,749 | ---- | C] () -- C:\Users\Łukasz\Desktop\Tibia Auto.lnk
[2010-07-24 03:29:46 | 001,867,776 | ---- | C] () -- C:\Windows\SysNative\python24.dll
[2010-07-24 00:35:12 | 000,000,900 | ---- | C] () -- C:\Users\Łukasz\Desktop\Tibia MULTI-ip changer — skrót.lnk
[2010-07-23 23:39:20 | 000,000,488 | ---- | C] () -- C:\Users\Łukasz\Desktop\Tibia — skrót.lnk
[2010-07-20 22:26:44 | 000,114,016 | ---- | C] () -- C:\Users\Łukasz\Desktop\1279630877_by_darkman000_500.jpg
[2010-07-17 15:01:26 | 000,477,414 | ---- | C] () -- C:\Users\Łukasz\Documents\os7shbuh.bmp
[2010-07-09 15:43:55 | 000,036,401 | ---- | C] () -- C:\Users\Łukasz\Documents\Bez_nazwy.wma
[2010-07-05 19:48:43 | 000,000,483 | ---- | C] () -- C:\Users\Public\Desktop\Tibia.lnk
[2010-07-05 19:41:59 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk
[2010-07-05 16:00:07 | 000,000,520 | ---- | C] () -- C:\Users\Public\Desktop\Counter-Strike 2D.lnk
[2010-05-15 13:31:39 | 001,584,248 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-05-15 03:19:35 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2010-05-15 03:19:32 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2010-05-15 03:19:31 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2010-05-15 02:57:05 | 000,013,576 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll
[2010-04-22 02:33:26 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009-11-06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009-06-19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009-06-19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008-01-21 04:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008-01-21 04:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2001-09-19 19:18:01 | 000,008,444 | ---- | C] () -- C:\Windows\Zmodeler.ini

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 24 bytes -> C:\Windows:CD9AE63FB5EFB29A
@Alternate Data Stream - 168 bytes -> C:\Users\Łukasz\Desktop\adasdasdasdasdsa.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Łukasz\Desktop\adasdasdasdasdsa Paint.jpg:3or4kl4x13tuuug3Byamue2s4b
< End of report >


Ogromnie dziękuję komputer przyspieszył i komunikat o wirusie już nie występuje Pozdrawiam

[Andziorka]

Uruchom teraz OTL i kliknij na Sprzątanie