Autorun.inf - wirus

**Posty:** 503 · przez **Lucky17** 25 Lut 2011, 12:25

Witam,
Komputer jak z podpisu.
System: Win. 7
Mam antywira Avire.

Wczoraj kumpel poslal mi paczke RA2 i postanowilismy pograc po sieci. Wylaczylem w tym celu zapore oraz antywira ponieważ ciągle coś blokowało dostęp. Okazało się to błędem. Dzisiaj rano włączam komputer i widze "100tys. wirów". Wiekszość naprawiłem, pousuwałem lub dałem do kwarantanny.
Nie wszystko jednak poszło tak prosto. Avira ciągle wyświetla mi komunikat ,że zablokowano dostęp plikom C://Autorun.inf ,F://Autorun.inf, E://Autorun.inf
ponieważ mogą one był "złośliwe". Probowałem usunąć - Nic to nie daje bo pojawiają się od nowa.

Użyłem combofixa:

Kod: Zaznacz wszystko: ComboFix 11-02-24.05 - Lucky 2011-02-25 10:57:25.1.3 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1250.48.1045.18.2047.1159 [GMT 1:00] Uruchomiony z: c:\users\Lucky\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\users\Lucky\AppData\Roaming\EurekaLog c:\windows\system32\Cache c:\windows\system32\Cache\activity.opr c:\windows\system32\Cache\dcache4.url c:\windows\system32\Cache\g_003B\opr005VN.tmp c:\windows\system32\Cache\g_004F\opr02BNZ.tmp c:\windows\system32\Cache\g_004F\opr02BO0.tmp c:\windows\system32\Cache\g_004F\opr02BO4.tmp c:\windows\system32\Cache\g_004F\opr02BO5.tmp c:\windows\system32\Cache\sesn\opr02BO1.tmp c:\windows\system32\Icons c:\windows\system32\Icons\http%3A%2F%2F0.s-nk.pl%2Fimg%2Ffavicon_2010.ico c:\windows\system32\Icons\http%3A%2F%2Fforums.d2jsp.org%2Fimages%2Fd2jsp.ico c:\windows\system32\Icons\http%3A%2F%2Fs.ytimg.com%2Fyt%2Ffavicon-vfl147246.ico c:\windows\system32\Icons\http%3A%2F%2Fwww.google.pl%2Ffavicon.ico c:\windows\system32\Icons\https%3A%2F%2Fmail.google.com%2Fmail%2Fimages%2Ffavicon.ico C:\yxtxjp.pif E:\autorun.inf E:\kcyly.pif E:\lqhlf.pif F:\autorun.inf F:\uiqoe.pif F:\ykxoot.pif . ((((((((((((((((((((((((( Pliki utworzone od 2011-01-25 do 2011-02-25 ))))))))))))))))))))))))))))))) . 2011-02-25 10:03 . 2011-02-25 10:06 -------- d-----w- c:\users\Lucky\AppData\Local\temp 2011-02-25 09:02 . 2011-02-25 09:51 103140 --sha-w- C:\hbjgx.exe 2011-02-24 21:16 . 2011-02-24 23:46 -------- d-----w- c:\users\Lucky\AppData\Roaming\Hamachi 2011-02-24 21:16 . 2011-02-24 21:16 -------- d-----w- c:\program files\Hamachi 2011-02-24 21:16 . 2011-02-24 21:16 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys 2011-02-20 13:08 . 2003-02-27 15:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2011-02-20 13:08 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2011-02-20 13:08 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2011-02-20 13:08 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2011-02-20 13:08 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2011-02-20 13:08 . 2011-02-20 13:08 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2011-02-20 13:08 . 2011-02-20 13:08 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2011-02-13 21:05 . 2011-02-13 21:05 -------- d-----w- c:\program files\Deluxe Ski Jump 4 2011-01-28 10:51 . 2011-01-28 10:51 -------- d-----w- c:\users\Lucky\AppData\Local\Geckofx 2011-01-28 10:51 . 2011-01-28 10:51 -------- d-----w- c:\users\Lucky\AppData\Roaming\Firefly Studios 2011-01-28 10:49 . 2011-01-28 10:49 -------- d-----w- c:\programdata\Firefly Studios . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-28 10:35 . 2010-04-14 15:47 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-01-28 10:35 . 2010-04-14 15:21 271200 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-01-28 10:35 . 2010-04-14 15:21 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-01-28 10:32 . 2010-04-14 15:21 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-01-24 11:37 . 2010-04-14 15:21 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-12-21 07:39 . 2010-04-08 20:22 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-12-16 20:10 . 2010-09-07 14:04 22328 ----a-w- c:\users\Lucky\AppData\Roaming\PnkBstrK.sys 2010-12-15 13:17 . 2010-12-15 13:17 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2010-12-15 13:17 . 2010-12-15 13:17 109080 ----a-w- c:\windows\system32\OpenAL32.dll . ------- Sigcheck ------- [-] 2009-07-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-12 395640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768] "Diamondback"="c:\program files\Razer\Diamondback\razerhid.exe" [2007-02-14 147456] "HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 1701888] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] c:\users\Lucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Warkeys Update.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-9-25 324608] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 1 (0x1) "MemCheckBoxInRunDlg"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoWelcomeScreen"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) [HKLM\~\startupfolder\C:^Users^Lucky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk] path=c:\users\Lucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk backup=c:\windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-02-25 09:53 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2011-02-25 09:01 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] 2011-02-07 11:56 8993280 ----a-w- e:\programy\WAPSTE~1\AQQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- e:\programy\DAEMON Tools Lite\DTLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 22:47 31016 ----a-w- e:\programy\office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-06-09 08:16 2433024 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl] 2010-02-03 10:40 394984 ----a-w- e:\programy\sandbox\SbieCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-12-12 07:54 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UacDisableNotify"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400] R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-01-08 285744] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-08 691696] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-21 1102848] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 08:14 525600 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Skan uzupełniający ------- . uStart Page = hxxp://fullarticles.net IE: E&ksportuj do programu Microsoft Excel - e:\programy\office\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Lucky\AppData\Roaming\Mozilla\Firefox\Profiles\jc3fsfiy.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-ALLUpdate - c:\program files\ALLPlayer\ALLUpdate.exe MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe MSConfigStartUp-Steam - d:\program files\Steam\Steam.exe AddRemove-ALLPlayer_is1 - c:\program files\ALLPlayer\unins000.exe AddRemove-AP Tuner 3.08 - c:\program files\AP Tuner\AP Tuner 3.08\uninstall.exe AddRemove-Blobby Volley 2.0 Alpha 6_is1 - c:\program files\Blobby Volley 2.0 Alpha 6\unins000.exe AddRemove-{D1D632A2-E249-466D-A094-B1B934D37645}_is1 - c:\program files\Firefly Studios\Stronghold Kingdoms\unins000.exe . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\AUDIODG.EXE c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\PnkBstrA.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Czas ukończenia: 2011-02-25 11:09:23 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2011-02-25 10:09 Przed: 3 584 364 544 bajtów wolnych Po: 3 463 188 480 bajtów wolnych - - End Of File - - 94AA5A40CD8E2774C5D3C2C5C2CD4CD2

Ten plik nadal jest na każdym dysku ale avira już nie krzyczy ta często o tym problemie jak wcześniej.

Co robić?

**Posty:** 18165 · przez **wojtas** 25 Lut 2011, 20:09

Proszę zastosować się do obowiązkowych zasad w dziale bezpieczeństwo
- wstaw wymagane logi
- wrzuć logi na forum w tagach code lub na www.wklej.org

Przy podpiętym urządzeniu przenośnym (pendrive, telefon - to co jest podłączane do komputera) , uruchom USBFIX z opcji Listing i pokaż raport na forum.

**Posty:** 1 · przez **polska1295** 26 Lut 2011, 01:07

wedluug mnie masz wirus sality infekuje on wszystkie pliki .exe format wszystkich partycji powinienes sprawdzic czy dziala ci menadzer zadan jak nie to go masz XP

**Posty:** 503 · przez **Lucky17** 26 Lut 2011, 13:43

Kod: Zaznacz wszystko: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-26 12:42:46 Windows 6.1.7600 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-4 ST3160811AS rev.3.AAE Running: 1tbudwhm.exe; Driver: C:\Users\Lucky\AppData\Local\Temp\awdyqkow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E55599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E79F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text sptd.sys 88C18000 8 Bytes [8E, 7A, 22, 83, A0, 57, 22, ...] .text sptd.sys 88C18009 23 Bytes [57, 22, 83, A6, F1, 22, 83, ...] .text sptd.sys 88C18024 4 Bytes [32, 35, D4, 88] .text sptd.sys 88C1802C 18 Bytes CALL 8544652F .text sptd.sys 88C1803F 169 Bytes [83, C0, 1A, E5, 82, D7, 93, ...] .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x88CC4B0B] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. PAGE PCIIDEX.SYS!DllUnload 88C0E606 5 Bytes JMP 84E5F1C8 PAGE ataport.SYS!DllUnload + 1 88E36AD7 4 Bytes JMP 84E5B1C9 .text USBPORT.SYS!DllUnload 8E171CA0 5 Bytes JMP 85E9E1C8 .text a63ofccb.SYS 8FE2C000 12 Bytes [44, 78, 22, 83, EE, 76, 22, ...] {INC ESP; JS 0x25; SUB ESI, 0x76; AND AL, [EBX-0x7cdda860]} .text a63ofccb.SYS 8FE2C00D 128 Bytes [57, 22, 83, 48, 7B, 22, 83, ...] .text a63ofccb.SYS 8FE2C08E 59 Bytes [E7, 82, 9C, 90, E5, 82, 48, ...] .text a63ofccb.SYS 8FE2C0CA 28 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text a63ofccb.SYS 8FE2C0E7 23 Bytes [00, F0, 0E, 00, 00, 00, 00, ...] .text ... .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x8D75B300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x8D79E300, 0x1BEE, 0xE8000020] PAGE peauth.sys 9EC0DE20 101 Bytes JMP 5BF26B04 PAGE spsys.sys!?SPRevision@@3PADA + 4F90 9EDAF000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 9EDAF123 629 Bytes [A5, DA, 9E, FE, 05, 34, A5, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 9EDAF399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F 9EDAF3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B 9EDAF4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ? C:\Users\Lucky\AppData\Local\Temp\awdyqkow.sys Nie można odnaleźć określonego pliku. ! ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88C1971C] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88C19EFE] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [88C1A21E] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88C1A0DC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88C19900] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\System32\Drivers\a63ofccb.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 5D5B0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84E641E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{194E5D1F-C7AA-4E53-BADC-2056F06B8383} 85E401E8 Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbohci \Device\USBPDO-0 85FA3430 Device \Driver\usbohci \Device\USBPDO-1 85FA3430 Device \Driver\usbehci \Device\USBPDO-2 85E69430 Device \Driver\usbohci \Device\USBPDO-3 85FA3430 Device \Driver\NetBT \Device\NetBT_Tcpip_{08D189DA-2ABC-412A-A5E4-6903B857626D} 85E401E8 Device \Driver\usbohci \Device\USBPDO-4 85FA3430 Device \Driver\usbehci \Device\USBPDO-5 85E69430 Device \Driver\usbohci \Device\USBPDO-6 85FA3430 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 85CDB430 Device \Driver\PCI_PNP3479 \Device\00000059 sptd.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E611E8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84E611E8 Device \Driver\atapi \Device\Ide\IdePort0 84E611E8 Device \Driver\atapi \Device\Ide\IdePort1 84E611E8 Device \Driver\atapi \Device\Ide\IdePort2 84E611E8 Device \Driver\atapi \Device\Ide\IdePort3 84E611E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-4 84E611E8 Device \Driver\cdrom \Device\CdRom1 85CDB430 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom2 85CDB430 AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 85E401E8 Device \Driver\USBSTOR \Device\00000077 85DA81E8 Device \Driver\USBSTOR \Device\00000079 85DA81E8 Device \Driver\usbohci \Device\USBFDO-0 85FA3430 Device \Driver\usbohci \Device\USBFDO-1 85FA3430 Device \Driver\usbehci \Device\USBFDO-2 85E69430 Device \Driver\usbohci \Device\USBFDO-3 85FA3430 Device \Driver\usbohci \Device\USBFDO-4 85FA3430 Device \Driver\usbehci \Device\USBFDO-5 85E69430 Device \Driver\usbohci \Device\USBFDO-6 85FA3430 Device \Driver\a63ofccb \Device\Scsi\a63ofccb1Port4Path0Target1Lun0 860611E8 Device \Driver\a63ofccb \Device\Scsi\a63ofccb1 860611E8 Device \Driver\a63ofccb \Device\Scsi\a63ofccb1Port4Path0Target0Lun0 860611E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 14584 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 3452 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA0 0x8D 0x27 0x52 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x54 0xDD 0xCB 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x00 0x53 0x6A 0x83 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x9C 0x46 0xCB 0x75 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA0 0x8D 0x27 0x52 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x54 0xDD 0xCB 0x84 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x00 0x53 0x6A 0x83 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x9C 0x46 0xCB 0x75 ... ---- EOF - GMER 1.0.15 ----

Co dalej robić?

Uzytkownik "Polska" ma racje wiry występują w plikach x.exe.
Menadżer urządzen działa bezproblemowo. Nie odczułem by komputer spowolnił swoją prace.
Wolalbym uniknąc formata ,wiec jak uleczyl mojego kompa?

Kod: Zaznacz wszystko: ############################## | UsbFix 7.041 | [Research] User: Lucky (Administrator) # LUCKY-KOMPUTER [System manufacturer System Product Name] Updated 24/02/2011 by TeamXscript Started at 12:49:11 | 26/02/2011 Website: http://www.teamxscript.org Submit your sample : http://www.teamxscript.org/Upload.php Contact: TeamXscript.ElDesaparecido@gmail.com CPU: AMD Athlon(tm) II X3 440 Processor CPU 2: AMD Athlon(tm) II X3 440 Processor Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) # Internet Explorer 8.0.7600.16385 Windows Firewall: Disabled /!\ Antivirus: AntiVir Desktop 10.0.1.43 [(!) Disabled | (!) Outdated] RAM -> 2047 Mb C:\ (%systemdrive%) -> Fixed drive # 19 Gb (3 Mb free - 17%) [] # NTFS D:\ -> CD-ROM E:\ -> Fixed drive # 130 Gb (23 Mb free - 18%) [Gry] # NTFS F:\ -> Fixed drive # 298 Gb (3 Mb free - 1%) [Pliki] # NTFS H:\ -> CD-ROM I:\ -> CD-ROM ################## | Files # Infected Folders | Found ! F:\muza ################## | Registry | Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsHistory Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch ################## | Mountpoints2 | ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | ############################## | UsbFix 7.041 | [Research] User: Lucky (Administrator) # LUCKY-KOMPUTER [System manufacturer System Product Name] Updated 24/02/2011 by TeamXscript Started at 12:49:11 | 26/02/2011 Website: http://www.teamxscript.org Submit your sample : http://www.teamxscript.org/Upload.php Contact: TeamXscript.ElDesaparecido@gmail.com CPU: AMD Athlon(tm) II X3 440 Processor CPU 2: AMD Athlon(tm) II X3 440 Processor Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) # Internet Explorer 8.0.7600.16385 Windows Firewall: Disabled /!\ Antivirus: AntiVir Desktop 10.0.1.43 [(!) Disabled | (!) Outdated] RAM -> 2047 Mb C:\ (%systemdrive%) -> Fixed drive # 19 Gb (3 Mb free - 17%) [] # NTFS D:\ -> CD-ROM E:\ -> Fixed drive # 130 Gb (23 Mb free - 18%) [Gry] # NTFS F:\ -> Fixed drive # 298 Gb (3 Mb free - 1%) [Pliki] # NTFS H:\ -> CD-ROM I:\ -> CD-ROM ################## | Files # Infected Folders | Found ! F:\muza ################## | Registry | Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsHistory Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch ################## | Mountpoints2 | ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F |

**Posty:** 18165 · przez **wojtas** 26 Lut 2011, 15:59

a logi z OTL?
zrób też skan tym :
http://www.programosy.pl/program,dr-web-cureit.html
i daj raport + 2 logi z OTL

**Posty:** 503 · przez **Lucky17** 27 Lut 2011, 14:27

Kod: Zaznacz wszystko: OTL logfile created on: 2011-02-27 13:24:25 - Run 1 OTL by OldTimer - Version 3.2.22.1 Folder = C:\Users\Lucky\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 19,43 Gb Total Space | 3,11 Gb Free Space | 16,02% Space Free | Partition Type: NTFS Drive E: | 129,51 Gb Total Space | 22,95 Gb Free Space | 17,72% Space Free | Partition Type: NTFS Drive F: | 298,09 Gb Total Space | 1,79 Gb Free Space | 0,60% Space Free | Partition Type: NTFS Computer Name: LUCKY-KOMPUTER | User Name: Lucky | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-02-27 13:24:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lucky\Desktop\OTL.exe PRC - [2011-02-07 12:56:24 | 008,993,280 | ---- | M] (Creative Team S.A.) -- E:\programy\WapSter AQQ\AQQ.exe PRC - [2011-01-27 14:28:54 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2010-12-15 09:05:51 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010-12-12 08:54:40 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2010-12-06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010-12-06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2010-11-03 08:16:41 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010-11-03 08:16:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010-10-16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010-04-06 01:27:46 | 026,102,056 | R--- | M] (Skype Technologies S.A.) -- E:\programy\Phone\Skype.exe PRC - [2010-01-14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-10-28 03:30:36 | 001,701,888 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe PRC - [2009-07-14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009-07-14 02:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2007-02-14 10:15:04 | 000,147,456 | ---- | M] () -- C:\Program Files\Razer\Diamondback\razerhid.exe PRC - [2007-02-14 10:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Diamondback\razerofa.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-02-27 13:24:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lucky\Desktop\OTL.exe MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Unknown | Stopped] -- -- (Steam Client Service) SRV - File not found [Disabled | Stopped] -- -- (MDM) SRV - File not found [Disabled | Stopped] -- -- (LightScribeService) SRV - File not found [Disabled | Stopped] -- -- (HssTrayService) SRV - File not found [Disabled | Stopped] -- -- (HotspotShieldService) SRV - [2011-01-05 09:41:42 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai) SRV - [2010-12-15 09:05:51 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010-12-06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010-11-03 14:49:40 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-11-03 08:16:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010-05-25 02:00:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010-02-03 11:40:16 | 000,073,960 | ---- | M] (tzuk) [Disabled | Stopped] -- E:\programy\sandbox\SbieSvc.exe -- (SbieSvc) SRV - [2010-01-09 00:42:42 | 000,285,744 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-05-15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2006-10-26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\programy\office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-12-21 08:39:26 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010-11-25 09:12:29 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-10-22 07:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010-09-01 22:53:52 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010-09-01 22:53:51 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-02-03 11:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- E:\programy\sandbox\SbieDrv.sys -- (SbieDrv) DRV - [2009-10-21 04:27:42 | 001,102,848 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009-07-16 04:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009-05-11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-05-05 05:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-01-01 19:21:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-01-01 19:21:24 | 000,000,000 | ---D | M] [2011-01-01 19:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucky\AppData\Roaming\mozilla\Extensions [2011-01-01 19:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucky\AppData\Roaming\mozilla\Firefox\Profiles\jc3fsfiy.default\extensions [2011-01-01 19:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-12-03 18:54:54 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-12-03 18:54:54 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-12-03 18:54:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-12-03 18:54:54 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-12-03 18:54:54 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-12-03 18:54:54 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-02-25 18:13:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\programy\office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\Lucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\programy\office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\programy\office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\programy\office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\programy\office\Office12\REFIEBAR.DLL (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\programy\office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\programy\office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-02-27 13:25:35 | 003,033,192 | ---- | C] (Piriform Ltd) -- C:\Users\Lucky\Desktop\ccsetup304.exe [2011-02-27 13:24:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Lucky\Desktop\OTL.exe [2011-02-27 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2011-02-27 11:43:44 | 000,000,000 | ---D | C] -- C:\Users\Lucky\AppData\Local\LogMeIn Hamachi [2011-02-27 11:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011-02-27 11:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2011-02-27 11:02:05 | 000,000,000 | ---D | C] -- C:\Users\Lucky\AppData\Local\My Games [2011-02-26 12:48:59 | 000,000,000 | ---D | C] -- C:\UsbFix [2011-02-26 12:48:42 | 001,442,891 | ---- | C] (TeamXscript) -- C:\Users\Lucky\Desktop\UsbFix.exe [2011-02-26 12:10:45 | 000,590,392 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Lucky\Desktop\SPTDinst-v177-x86.exe [2011-02-25 18:13:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011-02-25 18:12:19 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011-02-25 18:12:19 | 000,000,000 | ---D | C] -- C:\Users\Lucky\AppData\Local\temp [2011-02-25 18:05:11 | 000,000,000 | ---D | C] -- C:\ComboFix [2011-02-25 18:04:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011-02-25 10:55:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011-02-25 10:55:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011-02-25 10:55:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011-02-25 10:55:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011-02-25 10:55:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2011-02-24 22:16:42 | 000,000,000 | ---D | C] -- C:\Users\Lucky\AppData\Roaming\Hamachi [2011-02-24 22:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamachi [2011-02-20 14:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWood [2011-02-16 10:58:02 | 000,000,000 | ---D | C] -- C:\Users\Lucky\Documents\Deluxe Ski Jump 3 [2011-02-16 10:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 3 [2011-02-13 22:06:04 | 000,000,000 | ---D | C] -- C:\Users\Lucky\Documents\Deluxe Ski Jump 4 [2011-02-13 22:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4 [2011-02-13 22:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4 [1 C:\Users\Lucky\Desktop\*.tmp files -> C:\Users\Lucky\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-02-27 13:25:38 | 003,033,192 | ---- | M] (Piriform Ltd) -- C:\Users\Lucky\Desktop\ccsetup304.exe [2011-02-27 13:24:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lucky\Desktop\OTL.exe [2011-02-27 13:23:44 | 004,198,960 | ---- | M] () -- C:\Users\Lucky\Desktop\launch.exe [2011-02-27 13:19:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-02-27 13:19:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-02-27 13:11:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-02-27 12:34:45 | 001,588,224 | ---- | M] () -- C:\Users\Lucky\Desktop\SteamInstall.msi [2011-02-27 11:09:09 | 000,000,144 | ---- | M] () -- C:\Users\Lucky\AppData\Roaming\default.rss [2011-02-27 11:08:53 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011-02-27 11:04:49 | 000,000,853 | ---- | M] () -- C:\Users\Lucky\Desktop\CivilizationV — skrót.lnk [2011-02-26 12:51:55 | 002,544,054 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-02-26 12:51:55 | 001,247,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-02-26 12:51:55 | 000,757,868 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-02-26 12:51:55 | 000,707,704 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-02-26 12:48:42 | 001,442,891 | ---- | M] (TeamXscript) -- C:\Users\Lucky\Desktop\UsbFix.exe [2011-02-26 12:19:11 | 000,296,448 | ---- | M] () -- C:\Users\Lucky\Desktop\1tbudwhm.exe [2011-02-26 12:10:46 | 000,590,392 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Lucky\Desktop\SPTDinst-v177-x86.exe [2011-02-25 18:13:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011-02-25 12:52:43 | 000,024,794 | ---- | M] () -- C:\Users\Lucky\Desktop\stone_sour_bother.gp5 [2011-02-25 12:42:03 | 000,042,163 | ---- | M] () -- C:\Users\Lucky\Desktop\creed_one_last_breath.gp5 [2011-02-24 21:51:09 | 000,012,680 | ---- | M] () -- C:\Users\Lucky\Desktop\metallica_the_ecstasy_of_gold.gp4 [2011-02-22 18:07:58 | 000,000,842 | ---- | M] () -- C:\Users\Lucky\Desktop\mgr.lnk [2011-02-20 14:35:45 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\The Guild II.lnk [2011-02-19 10:27:50 | 000,208,265 | ---- | M] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-02-19 10_27_49.841918.dmp [2011-02-18 21:42:51 | 188,909,557 | ---- | M] () -- C:\Users\Lucky\Desktop\Tajemnice.Roswell.3x15.rar [2011-02-16 10:57:51 | 000,000,652 | ---- | M] () -- C:\Users\Lucky\Desktop\DSJ3.lnk [2011-02-14 12:02:47 | 000,206,957 | ---- | M] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-02-14 12_02_47.635066.dmp [2011-02-09 22:02:53 | 000,208,669 | ---- | M] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-02-09 22_02_52.507267.dmp [2011-01-30 11:11:04 | 000,206,073 | ---- | M] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-01-30 11_11_04.393960.dmp [2011-01-29 10:18:41 | 000,208,293 | ---- | M] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-01-29 10_18_41.384272.dmp [1 C:\Users\Lucky\Desktop\*.tmp files -> C:\Users\Lucky\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-27 13:23:44 | 003,855,292 | ---- | C] () -- C:\Users\Lucky\Desktop\launch.exe [2011-02-27 12:33:14 | 001,588,224 | ---- | C] () -- C:\Users\Lucky\Desktop\SteamInstall.msi [2011-02-27 11:04:49 | 000,000,853 | ---- | C] () -- C:\Users\Lucky\Desktop\CivilizationV — skrót.lnk [2011-02-26 12:19:11 | 000,296,448 | ---- | C] () -- C:\Users\Lucky\Desktop\1tbudwhm.exe [2011-02-25 12:52:43 | 000,024,794 | ---- | C] () -- C:\Users\Lucky\Desktop\stone_sour_bother.gp5 [2011-02-25 12:42:03 | 000,042,163 | ---- | C] () -- C:\Users\Lucky\Desktop\creed_one_last_breath.gp5 [2011-02-25 10:55:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011-02-25 10:55:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-02-25 10:55:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011-02-25 10:55:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-02-25 10:55:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-02-24 21:51:09 | 000,012,680 | ---- | C] () -- C:\Users\Lucky\Desktop\metallica_the_ecstasy_of_gold.gp4 [2011-02-22 18:07:58 | 000,000,842 | ---- | C] () -- C:\Users\Lucky\Desktop\mgr.lnk [2011-02-20 14:35:45 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\The Guild II.lnk [2011-02-19 10:27:49 | 000,208,265 | ---- | C] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-02-19 10_27_49.841918.dmp [2011-02-18 21:28:31 | 188,909,557 | ---- | C] () -- C:\Users\Lucky\Desktop\Tajemnice.Roswell.3x15.rar [2011-02-16 10:57:51 | 000,000,652 | ---- | C] () -- C:\Users\Lucky\Desktop\DSJ3.lnk [2011-02-14 12:02:47 | 000,206,957 | ---- | C] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-02-14 12_02_47.635066.dmp [2011-02-09 22:02:52 | 000,208,669 | ---- | C] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-02-09 22_02_52.507267.dmp [2011-01-30 11:11:04 | 000,206,073 | ---- | C] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-01-30 11_11_04.393960.dmp [2011-01-29 10:18:41 | 000,208,293 | ---- | C] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-01-29 10_18_41.384272.dmp [2011-01-11 17:33:54 | 000,000,132 | ---- | C] () -- C:\Users\Lucky\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG [2011-01-01 19:21:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010-12-24 12:36:35 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll [2010-12-16 21:10:00 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2010-11-26 23:14:20 | 000,451,584 | ---- | C] () -- C:\Windows\System32\PRO Installer.exe [2010-11-15 16:22:57 | 000,072,046 | ---- | C] () -- C:\Windows\War3Unin.dat [2010-09-07 15:04:08 | 000,022,328 | ---- | C] () -- C:\Users\Lucky\AppData\Roaming\PnkBstrK.sys [2010-09-07 15:03:34 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010-09-02 00:01:10 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010-09-01 23:59:13 | 000,034,769 | ---- | C] () -- C:\Windows\Ascd_log.ini [2010-09-01 23:56:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010-09-01 23:56:39 | 000,028,289 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010-08-25 07:31:31 | 000,000,144 | ---- | C] () -- C:\Users\Lucky\AppData\Roaming\default.rss [2010-08-25 07:27:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010-08-01 12:42:28 | 000,006,656 | ---- | C] () -- C:\Users\Lucky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-07-26 10:47:46 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010-07-12 14:44:52 | 000,122,884 | ---- | C] () -- C:\Windows\UnGins.exe [2010-05-16 17:10:57 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010-05-16 17:10:52 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010-05-10 21:39:38 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2010-04-16 07:14:48 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010-04-14 16:47:32 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010-04-14 16:21:11 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010-04-14 16:21:01 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010-04-14 14:08:47 | 000,000,218 | ---- | C] () -- C:\Windows\IDA30.ini [2010-04-10 17:47:33 | 000,002,116 | ---- | C] () -- C:\Windows\Sandboxie.ini [2010-04-10 17:24:51 | 000,000,915 | ---- | C] () -- C:\Windows\DIIUnin.dat [2010-04-09 20:55:39 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2010-04-08 21:25:23 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-04-08 21:25:22 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010-04-08 21:25:20 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010-04-08 21:25:20 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010-04-08 21:25:18 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-07-16 04:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2009-07-14 09:07:57 | 002,544,054 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2009-07-14 09:07:57 | 000,757,868 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2009-07-14 09:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2009-07-14 09:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2009-07-14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 05:33:53 | 003,842,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 03:05:48 | 001,247,992 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 03:05:48 | 000,707,704 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009-07-14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-07-14 00:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe [2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009-04-02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2009-02-19 04:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 597 bytes -> C:\ZAD.eml:OECustomProperty < End of report >

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2011-02-27 13:24:25 - Run 1 OTL by OldTimer - Version 3.2.22.1 Folder = C:\Users\Lucky\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 19,43 Gb Total Space | 3,11 Gb Free Space | 16,02% Space Free | Partition Type: NTFS Drive E: | 129,51 Gb Total Space | 22,95 Gb Free Space | 17,72% Space Free | Partition Type: NTFS Drive F: | 298,09 Gb Total Space | 1,79 Gb Free Space | 0,60% Space Free | Partition Type: NTFS Computer Name: LUCKY-KOMPUTER | User Name: Lucky | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- F:\Program Files\adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- E:\programy\office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Users\Lucky\Desktop\Hamachi-1.0.1.5.exe" = C:\Users\Lucky\Desktop\Hamachi-1.0.1.5.exe:*:Enabled:ipsec "C:\Users\Lucky\AppData\Local\Temp\snmgf.exe" = C:\Users\Lucky\AppData\Local\Temp\snmgf.exe:*:Enabled:ipsec "C:\Users\Lucky\AppData\Local\Temp\winvvyj.exe" = C:\Users\Lucky\AppData\Local\Temp\winvvyj.exe:*:Enabled:ipsec "C:\Users\Lucky\AppData\Local\Temp\yfbvex.exe" = C:\Users\Lucky\AppData\Local\Temp\yfbvex.exe:*:Enabled:ipsec "C:\Users\Lucky\AppData\Local\Temp\w313fc19.exe" = C:\Users\Lucky\AppData\Local\Temp\w313fc19.exe:*:Enabled:ipsec "C:\Users\Lucky\AppData\Local\Temp\winmycxe.exe" = C:\Users\Lucky\AppData\Local\Temp\winmycxe.exe:*:Enabled:ipsec "C:\Users\Lucky\AppData\Local\Temp\ikenix.exe" = C:\Users\Lucky\AppData\Local\Temp\ikenix.exe:*:Enabled:ipsec "C:\Users\Lucky\AppData\Local\Temp\wintjgx.exe" = C:\Users\Lucky\AppData\Local\Temp\wintjgx.exe:*:Enabled:ipsec "C:\Users\Lucky\AppData\Local\Temp\eptqk.exe" = C:\Users\Lucky\AppData\Local\Temp\eptqk.exe:*:Enabled:ipsec "C:\Users\Lucky\AppData\Local\Temp\fusae.exe" = C:\Users\Lucky\AppData\Local\Temp\fusae.exe:*:Enabled:ipsec "C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe" = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe:*:Enabled:ipsec "C:\Users\Lucky\AppData\Local\Temp\sqbekp.exe" = C:\Users\Lucky\AppData\Local\Temp\sqbekp.exe:*:Enabled:ipsec "C:\Users\Lucky\AppData\Local\Temp\malads.exe" = C:\Users\Lucky\AppData\Local\Temp\malads.exe:*:Enabled:ipsec "C:\Users\Lucky\AppData\Local\Temp\winlcpx.exe" = C:\Users\Lucky\AppData\Local\Temp\winlcpx.exe:*:Enabled:ipsec "C:\Users\Lucky\AppData\Local\Temp\w286bae.exe" = C:\Users\Lucky\AppData\Local\Temp\w286bae.exe:*:Enabled:ipsec "E:\fifa online\Launch.exe" = E:\fifa online\Launch.exe:*:Enabled:ipsec -- (Electronic Arts) "E:\fifa online\Patcher.exe" = E:\fifa online\Patcher.exe:*:Enabled:ipsec -- (Electronic Arts) "C:\Program Files\Razer\Diamondback\razerofa.exe" = C:\Program Files\Razer\Diamondback\razerofa.exe:*:Enabled:ipsec -- (Razer Inc.) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0BF46BBF-F160-46C2-9A69-97E33A08BF04}" = The Guild II "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DD2E9EA-0544-4162-B8BE-E21E994E9F3B}" = LEGO Racers 2 "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight "{518A26CD-CCB0-4017-80DB-990170F63BBD}" = BIMwareCommunication "{52FFC99A-2040-4243-A652-5EB3B2AE1447}" = Adobe CreatePDF Desktop Printer "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5783F2D7-9001-0415-0002-0060B0CE6BBA}" = AutoCAD 2011 - Polski "{5783F2D7-9001-0415-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Polski "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{5CA86DBC-3F01-09AF-C67C-99557DB3E1F5}" = ATI Catalyst Install Manager "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2) "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2) "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2) "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2) "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2) "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office SharePoint Designer Language Pack 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office SharePoint Designer Language Pack 2007 Service Pack 2 (SP2) "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office SharePoint Designer Language Pack 2007 Service Pack 2 (SP2) "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Add-On "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9C748279-288D-11D7-928D-00C0CA129740}" = Robin Hood - Legenda Sherwood "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap "{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library "{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Narodziny Imperium "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback "{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AQQ" = WapSter AQQ "AutoCAD 2011 - Polski" = AutoCAD 2011 - Polski "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09 "CzasoWyłącznik 3.0" = CzasoWyłącznik 3.0 "Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Fallout New Vegas_is1" = Fallout New Vegas "GMailFS" = GMail Drive Shell Extension "IDA Indoor Climate and Energy 3.0" = IDA Indoor Climate and Energy 3.0 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Menedżera urządzeń "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full) "LogMeIn Hamachi" = LogMeIn Hamachi "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "mIRC" = mIRC "Mount&Blade Warband" = Mount&Blade Warband "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "OpenAL" = OpenAL "Opera 11.01.1190" = Opera 11.01 "PunkBusterSvc" = PunkBuster Services "Purmo C.O. 3.6_is1" = Purmo C.O. - Deinstalacja programu "Purmo OZC 4.0_is1" = Purmo OZC - Deinstalacja programu "RealAlt_is1" = Real Alternative 2.0.2 "Sandboxie" = Sandboxie 3.44 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Testy IQ" = Testy IQ "Totalcmd" = Total Commander (Remove or Repair) "Two Worlds II" = Two Worlds II "UsbFix" = UsbFix By TeamXscript "uTorrent" = µTorrent "Warcraft III" = Warcraft III "Warkeys" = Warkeys 1.18.1.0b "WinRAR archiver" = Archiwizator WinRAR "Worms Reloaded_is1" = Worms Reloaded [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Warcraft III" = Warcraft III: wszystkie elementy [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2011-02-27 07:47:56 | Computer Name = Lucky-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CivilizationV_DX11.exe, wersja: 1.0.0.17, sygnatura czasowa: 0x4c9b9292 Nazwa modułu powodującego błąd: CivilizationV_DX11.exe, wersja: 1.0.0.17, sygnatura czasowa: 0x4c9b9292 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x004084fd Identyfikator procesu powodującego błąd: 0xe10 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbd6742aea1cb9 Ścieżka aplikacji powodującej błąd: E:\CIV5\CivilizationV_DX11.exe Ścieżka modułu powodującego błąd: E:\CIV5\CivilizationV_DX11.exe Identyfikator raportu: 6a7dc6fc-4267-11e0-b7d8-485b3933b2e0 Error - 2011-02-27 07:48:52 | Computer Name = Lucky-Komputer | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: CivilizationV_DX11.exe, wersja: 1.0.0.17, sygnatura czasowa: 0x4c9b9292 Nazwa modułu powodującego błąd: CivilizationV_DX11.exe, wersja: 1.0.0.17, sygnatura czasowa: 0x4c9b9292 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x004084fd Identyfikator procesu powodującego błąd: 0xee8 Godzina uruchomienia aplikacji powodującej błąd: 0x01cbd6744e1190db Ścieżka aplikacji powodującej błąd: E:\CIV5\CivilizationV_DX11.exe Ścieżka modułu powodującego błąd: E:\CIV5\CivilizationV_DX11.exe Identyfikator raportu: 8bfd6ad1-4267-11e0-b7d8-485b3933b2e0 Error - 2011-02-27 08:06:17 | Computer Name = Lucky-Komputer | Source = MsiInstaller | ID = 11324 Description = Error - 2011-02-27 08:06:35 | Computer Name = Lucky-Komputer | Source = MsiInstaller | ID = 11324 Description = Error - 2011-02-27 08:09:44 | Computer Name = Lucky-Komputer | Source = MsiInstaller | ID = 11324 Description = Error - 2011-02-27 08:13:23 | Computer Name = Lucky-Komputer | Source = MsiInstaller | ID = 11324 Description = Error - 2011-02-27 08:14:37 | Computer Name = Lucky-Komputer | Source = MsiInstaller | ID = 11324 Description = Error - 2011-02-27 08:19:51 | Computer Name = Lucky-Komputer | Source = MsiInstaller | ID = 11324 Description = Error - 2011-02-27 08:21:43 | Computer Name = Lucky-Komputer | Source = MsiInstaller | ID = 11324 Description = Error - 2011-02-27 08:26:27 | Computer Name = Lucky-Komputer | Source = MsiInstaller | ID = 11324 Description = [ OSession Events ] Error - 2010-06-08 17:14:51 | Computer Name = Lucky-Komputer | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23294 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 2011-02-27 08:12:36 | Computer Name = Lucky-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error - 2011-02-27 08:13:55 | Computer Name = Lucky-Komputer | Source = PNRPSvc | ID = 102 Description = Error - 2011-02-27 08:13:55 | Computer Name = Lucky-Komputer | Source = PNRPSvc | ID = 102 Description = Error - 2011-02-27 08:13:55 | Computer Name = Lucky-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2011-02-27 08:13:55 | Computer Name = Lucky-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error - 2011-02-27 08:13:55 | Computer Name = Lucky-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2011-02-27 08:13:55 | Computer Name = Lucky-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 Error - 2011-02-27 08:14:01 | Computer Name = Lucky-Komputer | Source = PNRPSvc | ID = 102 Description = Error - 2011-02-27 08:14:01 | Computer Name = Lucky-Komputer | Source = Service Control Manager | ID = 7023 Description = Usługa Protokół rozpoznawania nazw równorzędnych zakończyła działanie; wystąpił następujący błąd: %%-2140993535 Error - 2011-02-27 08:14:01 | Computer Name = Lucky-Komputer | Source = Service Control Manager | ID = 7001 Description = Usługa Grupowanie sieci równorzędnej zależy od usługi Protokół rozpoznawania nazw równorzędnych, której nie można uruchomić z powodu następującego błędu: %%-2140993535 < End of report >

**Posty:** 18165 · przez **wojtas** 27 Lut 2011, 15:24

ten plik/i :

C:\Windows\System32\winver.exe
C:\Windows\System32\mlang.dat
C:\Windows\System32\drivers\ASUSHWIO.SYS
C:\Windows\DAOD.exe

przeskanuj tu
http://virusscan.jotti.org/
lub tu:
http://www.virustotal.com/

i daj raporty ze skanu w następnym poście

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
SRV - File not found [Unknown | Stopped] -- -- (Steam Client Service)
SRV - File not found [Disabled | Stopped] -- -- (MDM)
SRV - File not found [Disabled | Stopped] -- -- (LightScribeService)
SRV - File not found [Disabled | Stopped] -- -- (HssTrayService)
SRV - File not found [Disabled | Stopped] -- -- (HotspotShieldService)
SRV - [2011-01-05 09:41:42 | 003,129,432 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll -- (Akamai)
O4 - Startup: C:\Users\Lucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk = File not found
@Alternate Data Stream - 597 bytes -> C:\ZAD.eml:OECustomProperty

:Files
c:\Program Files\Common Files\Akamai

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

**Posty:** 503 · przez **Lucky17** 27 Lut 2011, 16:16

Winver.exe
mlang.dat
ASUSHWIO.SYS
DAOD.exe

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Service Steam Client Service stopped successfully! Service Steam Client Service deleted successfully! Service MDM stopped successfully! Service MDM deleted successfully! Service LightScribeService stopped successfully! Service LightScribeService deleted successfully! Service HssTrayService stopped successfully! Service HssTrayService deleted successfully! Service HotspotShieldService stopped successfully! Service HotspotShieldService deleted successfully! Service Akamai stopped successfully! Service Akamai deleted successfully! c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll moved successfully. C:\Users\Lucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk moved successfully. ADS C:\ZAD.eml:OECustomProperty deleted successfully. ========== FILES ========== c:\Program Files\Common Files\Akamai\Logs\dump folder moved successfully. c:\Program Files\Common Files\Akamai\Logs folder moved successfully. c:\Program Files\Common Files\Akamai\Languages folder moved successfully. c:\Program Files\Common Files\Akamai\Cache\8\e folder moved successfully. c:\Program Files\Common Files\Akamai\Cache\8 folder moved successfully. c:\Program Files\Common Files\Akamai\Cache folder moved successfully. c:\Program Files\Common Files\Akamai folder moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Lucky ->Temp folder emptied: 583066 bytes ->Temporary Internet Files folder emptied: 3403534 bytes ->Java cache emptied: 166353 bytes ->FireFox cache emptied: 21321349 bytes ->Opera cache emptied: 116387 bytes ->Flash cache emptied: 48070 bytes User: Public ->Temp folder emptied: 0 bytes User: Skidrow ->Temp folder emptied: 165849 bytes ->Temporary Internet Files folder emptied: 4211201 bytes ->Flash cache emptied: 41620 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1824 bytes RecycleBin emptied: 404041 bytes Total Files Cleaned = 29,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Lucky ->Flash cache emptied: 0 bytes User: Public User: Skidrow ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.22.1 log created on 02272011_151955 Files\Folders moved on Reboot... File\Folder C:\Users\Lucky\AppData\Local\Temp\~DF12F8D9AF2A8710FC.TMP not found! File\Folder C:\Users\Lucky\AppData\Local\Temp\~DF22BEC409AEA08D8C.TMP not found! File\Folder C:\Users\Lucky\AppData\Local\Temp\~DF357975F57C4D9FCA.TMP not found! File\Folder C:\Users\Lucky\AppData\Local\Temp\~DF5A3273910B5FA7B6.TMP not found! File\Folder C:\Users\Lucky\AppData\Local\Temp\~DFE6DFC7D74C520491.TMP not found! File\Folder C:\Users\Lucky\AppData\Local\Temp\~DFF11E49103816C670.TMP not found! C:\Users\Lucky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYDF22OW\mail[1].htm moved successfully. C:\Users\Lucky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYDF22OW\mail[2].htm moved successfully. C:\Users\Lucky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYDF22OW\mail[3].htm moved successfully. C:\Users\Lucky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IMTFGNCE\mail[1].htm moved successfully. C:\Users\Lucky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IMTFGNCE\openhand[1].cur moved successfully. C:\Users\Lucky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ME984HP\mail[1].htm moved successfully. File\Folder C:\Users\Skidrow\AppData\Local\Temp\~DF081EE104F5951394.TMP not found! File\Folder C:\Users\Skidrow\AppData\Local\Temp\~DF3D9FB93958BE7741.TMP not found! File\Folder C:\Users\Skidrow\AppData\Local\Temp\~DF78706E189E1234DD.TMP not found! File\Folder C:\Users\Skidrow\AppData\Local\Temp\~DFBC433E9B4619EF2E.TMP not found! File\Folder C:\Users\Skidrow\AppData\Local\Temp\~DFEAF7CBB0502C8415.TMP not found! File\Folder C:\Users\Skidrow\AppData\Local\Temp\~DFF169E8CAE5F7275A.TMP not found! C:\Users\Skidrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1UP253R\SteamInstall[1].msi moved successfully. C:\Users\Skidrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JL5SSH2\about[1].htm moved successfully. C:\Users\Skidrow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JL5SSH2\search[1].htm moved successfully. Registry entries deleted on Reboot...

Kod: Zaznacz wszystko: OTL logfile created on: 2011-02-27 15:24:38 - Run 2 OTL by OldTimer - Version 3.2.22.1 Folder = C:\Users\Lucky\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 19,43 Gb Total Space | 3,21 Gb Free Space | 16,50% Space Free | Partition Type: NTFS Drive E: | 129,51 Gb Total Space | 22,95 Gb Free Space | 17,72% Space Free | Partition Type: NTFS Drive F: | 298,09 Gb Total Space | 1,73 Gb Free Space | 0,58% Space Free | Partition Type: NTFS Computer Name: LUCKY-KOMPUTER | User Name: Lucky | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011-02-27 13:24:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lucky\Desktop\OTL.exe PRC - [2011-01-27 14:28:54 | 000,943,472 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2010-12-15 09:05:51 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010-12-12 08:54:40 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2010-12-06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010-12-06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2010-11-03 08:16:41 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010-11-03 08:16:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010-10-16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010-01-14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-10-28 03:30:36 | 001,701,888 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe PRC - [2009-07-14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009-07-14 02:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2007-02-14 10:15:04 | 000,147,456 | ---- | M] () -- C:\Program Files\Razer\Diamondback\razerhid.exe PRC - [2007-02-14 10:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Diamondback\razerofa.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011-02-27 13:24:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lucky\Desktop\OTL.exe MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2010-12-15 09:05:51 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010-12-06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010-11-03 14:49:40 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010-11-03 08:16:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010-05-25 02:00:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010-02-03 11:40:16 | 000,073,960 | ---- | M] (tzuk) [Disabled | Stopped] -- E:\programy\sandbox\SbieSvc.exe -- (SbieSvc) SRV - [2010-01-09 00:42:42 | 000,285,744 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009-05-15 06:35:52 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2006-10-26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\programy\office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-12-21 08:39:26 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010-11-25 09:12:29 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010-10-22 07:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010-09-01 22:53:52 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010-09-01 22:53:51 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-02-03 11:40:08 | 000,115,432 | ---- | M] (tzuk) [Kernel | On_Demand | Stopped] -- E:\programy\sandbox\SbieDrv.sys -- (SbieDrv) DRV - [2009-10-21 04:27:42 | 001,102,848 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009-07-16 04:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009-07-13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009-05-11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009-05-05 05:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-01-01 19:21:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-01-01 19:21:24 | 000,000,000 | ---D | M] [2011-01-01 19:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucky\AppData\Roaming\mozilla\Extensions [2011-01-01 19:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucky\AppData\Roaming\mozilla\Firefox\Profiles\jc3fsfiy.default\extensions [2011-01-01 19:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-12-03 18:54:54 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-12-03 18:54:54 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-12-03 18:54:54 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-12-03 18:54:54 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-12-03 18:54:54 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-12-03 18:54:54 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-02-25 18:13:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\programy\office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\programy\office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\programy\office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\programy\office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\programy\office\Office12\REFIEBAR.DLL (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\programy\office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\programy\office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011-02-27 15:19:55 | 000,000,000 | ---D | C] -- C:\_OTL [2011-02-27 14:35:11 | 000,000,000 | ---D | C] -- C:\Users\Lucky\DoctorWeb [2011-02-27 13:24:17 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Lucky\Desktop\OTL.exe [2011-02-27 12:37:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2011-02-27 11:43:44 | 000,000,000 | ---D | C] -- C:\Users\Lucky\AppData\Local\LogMeIn Hamachi [2011-02-27 11:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011-02-27 11:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2011-02-27 11:02:05 | 000,000,000 | ---D | C] -- C:\Users\Lucky\AppData\Local\My Games [2011-02-26 12:48:59 | 000,000,000 | ---D | C] -- C:\UsbFix [2011-02-26 12:48:42 | 001,442,891 | ---- | C] (TeamXscript) -- C:\Users\Lucky\Desktop\UsbFix.exe [2011-02-26 12:10:45 | 000,590,392 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Lucky\Desktop\SPTDinst-v177-x86.exe [2011-02-25 18:13:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011-02-25 18:12:19 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011-02-25 18:12:19 | 000,000,000 | ---D | C] -- C:\Users\Lucky\AppData\Local\temp [2011-02-25 18:05:11 | 000,000,000 | ---D | C] -- C:\ComboFix [2011-02-25 18:04:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011-02-25 10:55:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011-02-25 10:55:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011-02-25 10:55:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011-02-25 10:55:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011-02-25 10:55:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2011-02-24 22:16:42 | 000,000,000 | ---D | C] -- C:\Users\Lucky\AppData\Roaming\Hamachi [2011-02-24 22:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamachi [2011-02-20 14:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWood [2011-02-16 10:58:02 | 000,000,000 | ---D | C] -- C:\Users\Lucky\Documents\Deluxe Ski Jump 3 [2011-02-16 10:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 3 [2011-02-13 22:06:04 | 000,000,000 | ---D | C] -- C:\Users\Lucky\Documents\Deluxe Ski Jump 4 [2011-02-13 22:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4 [2011-02-13 22:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4 [1 C:\Users\Lucky\Desktop\*.tmp files -> C:\Users\Lucky\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011-02-27 15:22:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-02-27 14:58:13 | 000,000,055 | ---- | M] () -- C:\Users\Lucky\Desktop\DrWeb.csv [2011-02-27 14:03:50 | 057,549,912 | ---- | M] () -- C:\Users\Lucky\Desktop\launch.exe [2011-02-27 13:55:16 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-02-27 13:55:16 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-02-27 13:24:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lucky\Desktop\OTL.exe [2011-02-27 11:09:09 | 000,000,144 | ---- | M] () -- C:\Users\Lucky\AppData\Roaming\default.rss [2011-02-27 11:08:53 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011-02-27 11:04:49 | 000,000,853 | ---- | M] () -- C:\Users\Lucky\Desktop\CivilizationV — skrót.lnk [2011-02-26 12:51:55 | 002,544,054 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-02-26 12:51:55 | 001,247,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-02-26 12:51:55 | 000,757,868 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-02-26 12:51:55 | 000,707,704 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-02-26 12:48:42 | 001,442,891 | ---- | M] (TeamXscript) -- C:\Users\Lucky\Desktop\UsbFix.exe [2011-02-26 12:19:11 | 000,296,448 | ---- | M] () -- C:\Users\Lucky\Desktop\1tbudwhm.exe [2011-02-26 12:10:46 | 000,590,392 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Lucky\Desktop\SPTDinst-v177-x86.exe [2011-02-25 18:13:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011-02-25 12:52:43 | 000,024,794 | ---- | M] () -- C:\Users\Lucky\Desktop\stone_sour_bother.gp5 [2011-02-25 12:42:03 | 000,042,163 | ---- | M] () -- C:\Users\Lucky\Desktop\creed_one_last_breath.gp5 [2011-02-24 21:51:09 | 000,012,680 | ---- | M] () -- C:\Users\Lucky\Desktop\metallica_the_ecstasy_of_gold.gp4 [2011-02-22 18:07:58 | 000,000,842 | ---- | M] () -- C:\Users\Lucky\Desktop\mgr.lnk [2011-02-20 14:35:45 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\The Guild II.lnk [2011-02-19 10:27:50 | 000,208,265 | ---- | M] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-02-19 10_27_49.841918.dmp [2011-02-18 21:42:51 | 188,909,557 | ---- | M] () -- C:\Users\Lucky\Desktop\Tajemnice.Roswell.3x15.rar [2011-02-16 10:57:51 | 000,000,652 | ---- | M] () -- C:\Users\Lucky\Desktop\DSJ3.lnk [2011-02-14 12:02:47 | 000,206,957 | ---- | M] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-02-14 12_02_47.635066.dmp [2011-02-09 22:02:53 | 000,208,669 | ---- | M] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-02-09 22_02_52.507267.dmp [2011-01-30 11:11:04 | 000,206,073 | ---- | M] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-01-30 11_11_04.393960.dmp [2011-01-29 10:18:41 | 000,208,293 | ---- | M] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-01-29 10_18_41.384272.dmp [1 C:\Users\Lucky\Desktop\*.tmp files -> C:\Users\Lucky\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011-02-27 14:58:12 | 000,000,055 | ---- | C] () -- C:\Users\Lucky\Desktop\DrWeb.csv [2011-02-27 13:23:44 | 057,549,912 | ---- | C] () -- C:\Users\Lucky\Desktop\launch.exe [2011-02-27 11:04:49 | 000,000,853 | ---- | C] () -- C:\Users\Lucky\Desktop\CivilizationV — skrót.lnk [2011-02-26 12:19:11 | 000,296,448 | ---- | C] () -- C:\Users\Lucky\Desktop\1tbudwhm.exe [2011-02-25 12:52:43 | 000,024,794 | ---- | C] () -- C:\Users\Lucky\Desktop\stone_sour_bother.gp5 [2011-02-25 12:42:03 | 000,042,163 | ---- | C] () -- C:\Users\Lucky\Desktop\creed_one_last_breath.gp5 [2011-02-25 10:55:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011-02-25 10:55:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-02-25 10:55:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011-02-25 10:55:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-02-25 10:55:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-02-24 21:51:09 | 000,012,680 | ---- | C] () -- C:\Users\Lucky\Desktop\metallica_the_ecstasy_of_gold.gp4 [2011-02-22 18:07:58 | 000,000,842 | ---- | C] () -- C:\Users\Lucky\Desktop\mgr.lnk [2011-02-20 14:35:45 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\The Guild II.lnk [2011-02-19 10:27:49 | 000,208,265 | ---- | C] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-02-19 10_27_49.841918.dmp [2011-02-18 21:28:31 | 188,909,557 | ---- | C] () -- C:\Users\Lucky\Desktop\Tajemnice.Roswell.3x15.rar [2011-02-16 10:57:51 | 000,000,652 | ---- | C] () -- C:\Users\Lucky\Desktop\DSJ3.lnk [2011-02-14 12:02:47 | 000,206,957 | ---- | C] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-02-14 12_02_47.635066.dmp [2011-02-09 22:02:52 | 000,208,669 | ---- | C] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-02-09 22_02_52.507267.dmp [2011-01-30 11:11:04 | 000,206,073 | ---- | C] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-01-30 11_11_04.393960.dmp [2011-01-29 10:18:41 | 000,208,293 | ---- | C] () -- C:\Users\Lucky\Documents\ts3_clientui-win32-12815-2011-01-29 10_18_41.384272.dmp [2011-01-11 17:33:54 | 000,000,132 | ---- | C] () -- C:\Users\Lucky\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG [2011-01-01 19:21:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010-12-24 12:36:35 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll [2010-12-16 21:10:00 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2010-11-26 23:14:20 | 000,451,584 | ---- | C] () -- C:\Windows\System32\PRO Installer.exe [2010-11-15 16:22:57 | 000,072,046 | ---- | C] () -- C:\Windows\War3Unin.dat [2010-09-07 15:04:08 | 000,022,328 | ---- | C] () -- C:\Users\Lucky\AppData\Roaming\PnkBstrK.sys [2010-09-07 15:03:34 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010-09-02 00:01:10 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010-09-01 23:59:13 | 000,034,769 | ---- | C] () -- C:\Windows\Ascd_log.ini [2010-09-01 23:56:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010-09-01 23:56:39 | 000,028,289 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010-08-25 07:31:31 | 000,000,144 | ---- | C] () -- C:\Users\Lucky\AppData\Roaming\default.rss [2010-08-25 07:27:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010-08-01 12:42:28 | 000,006,656 | ---- | C] () -- C:\Users\Lucky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-07-26 10:47:46 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010-07-12 14:44:52 | 000,122,884 | ---- | C] () -- C:\Windows\UnGins.exe [2010-05-16 17:10:57 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010-05-16 17:10:52 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010-05-10 21:39:38 | 000,258,048 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2010-04-16 07:14:48 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010-04-14 16:47:32 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010-04-14 16:21:11 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010-04-14 16:21:01 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010-04-14 14:08:47 | 000,000,218 | ---- | C] () -- C:\Windows\IDA30.ini [2010-04-10 17:47:33 | 000,002,116 | ---- | C] () -- C:\Windows\Sandboxie.ini [2010-04-10 17:24:51 | 000,000,915 | ---- | C] () -- C:\Windows\DIIUnin.dat [2010-04-09 20:55:39 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2010-04-08 21:25:23 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010-04-08 21:25:22 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010-04-08 21:25:20 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010-04-08 21:25:20 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010-04-08 21:25:18 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009-07-16 04:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2009-07-14 09:07:57 | 002,544,054 | ---- | C] () -- C:\Windows\System32\perfh015.dat [2009-07-14 09:07:57 | 000,757,868 | ---- | C] () -- C:\Windows\System32\perfc015.dat [2009-07-14 09:07:57 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat [2009-07-14 09:07:57 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat [2009-07-14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009-07-14 05:33:53 | 003,842,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009-07-14 03:05:48 | 001,247,992 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009-07-14 03:05:48 | 000,707,704 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009-07-14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009-07-14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009-07-14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009-07-14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009-07-14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009-07-14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009-07-14 00:41:47 | 000,001,536 | ---- | C] () -- C:\Windows\System32\winver.exe [2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009-04-02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2009-02-19 04:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe < End of report >

Co dalej?

Jeszcze mam inny problem troche niezwiązany z bezpieczenstwem. Podczas instalacji programy 'Steam' wyskakuje błąd

error 1324 the path contains an invalid character

Jak sobie z nim poradzić?

**Posty:** 18165 · przez **wojtas** 27 Lut 2011, 20:29

problem ze steamem może być związany z wirusem Sality:
skanuj kompa dopóki nic nie będzie znajdował tym:
http://support.kaspersky.com/pl/downloads/common/salitykiller.zip
oraz pełny skan Dr Webem. zapisz sobie raport i wrzuć na forum jeśli coś znajdzie..

jeśli już nie będzie zgłaszał zarażonych plików daj nowe logi , z OTL na nowo ściągniętego (OTL.txt + extras.txt )
wraz z raportem z USBFix (opcja Listing) , oczywiście podłączając urządzenia typu pendrive, telefon co łączysz ze swoim kompem bo tam może być infekcja

Autor postu otrzymał pochwałę

Kto jest na forum