Nie mogę wejść na dyski z mój komputer

**Posty:** 44 · przez **adamo88** 13 Gru 2010, 18:08

Od wczoraj nie mogę wejść na moje dyski z Mój komputer, steam działa - natomiast odpalenie counter-strike 1.6 wygląda tak że pojawia się ekran startowy i wyrzuca z powrotem na pulpit

, drukarka znikła z systemu - zainstalowałem ponownie i działa :]
Proszę o pomoc, logi zrobione w Gmer (paręnaście godzin trwało) oraz OTL

Kod: Zaznacz wszystko: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-12-13 16:47:39 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3500320AS rev.SD15 Running: gmer.exe; Driver: C:\DOCUME~1\adamo88\USTAWI~1\Temp\kgtdypog.sys ---- System - GMER 1.0.15 ---- SSDT sptd.sys ZwCreateKey [0xB7EBE0D0] SSDT sptd.sys ZwEnumerateKey [0xB7EC3FB2] SSDT sptd.sys ZwEnumerateValueKey [0xB7EC4340] SSDT sptd.sys ZwOpenKey [0xB7EBE0B0] SSDT sptd.sys ZwQueryKey [0xB7EC4418] SSDT sptd.sys ZwQueryValueKey [0xB7EC4298] SSDT sptd.sys ZwSetValueKey [0xB7EC44AA] ---- Kernel code sections - GMER 1.0.15 ---- ? sptd.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB74C4360, 0x3D46A5, 0xE8000020] .text USBPORT.SYS!DllUnload B747C8AC 5 Bytes JMP 8A0AB770 .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB412B400, 0x87EE2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB41CF620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB41CF620] .protect˙˙˙˙hardlockunknown last code section [0xB41CF400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB41CF400, 0x5126, 0xE0000020] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EBEAD4] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EBEC1A] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EBEB9C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EBF748] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EBF61E] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7ED429A] sptd.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A1C91E8 Device \FileSystem\Fastfat \FatCdrom 899E3790 Device \Driver\usbuhci \Device\USBPDO-0 8A0AF790 Device \Driver\usbuhci \Device\USBPDO-1 8A0AF790 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A1591E8 Device \Driver\dmio \Device\DmControl\DmConfig 8A1591E8 Device \Driver\dmio \Device\DmControl\DmPnP 8A1591E8 Device \Driver\dmio \Device\DmControl\DmInfo 8A1591E8 Device \Driver\usbuhci \Device\USBPDO-2 8A0AF790 Device \Driver\usbuhci \Device\USBPDO-3 8A0AF790 Device \Driver\usbehci \Device\USBPDO-4 8A020790 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A1CB1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A1CB1E8 Device \Driver\Cdrom \Device\CdRom0 89FE6790 Device \Driver\atapi \Device\Ide\IdePort0 [B7E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 [B7E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [B7E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [B7E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [B7E11B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Ftdisk \Device\HarddiskVolume3 8A1CB1E8 Device \Driver\Ftdisk \Device\HarddiskVolume4 8A1CB1E8 Device \Driver\Ftdisk \Device\HarddiskVolume5 8A1CB1E8 Device \Driver\Ftdisk \Device\HarddiskVolume6 8A1CB1E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 89A681E8 Device \Driver\NetBT \Device\NetbiosSmb 89A681E8 Device \Driver\usbuhci \Device\USBFDO-0 8A0AF790 Device \Driver\usbuhci \Device\USBFDO-1 8A0AF790 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A59790 Device \Driver\usbuhci \Device\USBFDO-2 8A0AF790 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A59790 Device \Driver\usbuhci \Device\USBFDO-3 8A0AF790 Device \Driver\usbehci \Device\USBFDO-4 8A020790 Device \Driver\Ftdisk \Device\FtControl 8A1CB1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{83AAC854-D937-4C8D-9F97-39138EE7AFAB} 89A681E8 Device \FileSystem\Fastfat \Fat 899E3790 Device \FileSystem\Cdfs \Cdfs 899E5790 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0x58 0x88 0x13 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0xD2 0x5B 0x1A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7D 0x75 0x2A 0xE7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCA 0x28 0x39 0xDA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 95 ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\Opera\Opera\cache\sesn\opr09YPS.tmp 230 bytes ---- EOF - GMER 1.0.15 ----

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2010-12-13 16:50:03 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = D:\instalki niezbedne\virus Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 30,00 Gb Total Space | 4,57 Gb Free Space | 15,25% Space Free | Partition Type: NTFS Drive D: | 67,66 Gb Total Space | 47,34 Gb Free Space | 69,97% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 31,69 Gb Free Space | 32,45% Space Free | Partition Type: NTFS Drive F: | 97,65 Gb Total Space | 10,32 Gb Free Space | 10,57% Space Free | Partition Type: NTFS Drive G: | 97,65 Gb Total Space | 49,35 Gb Free Space | 50,53% Space Free | Partition Type: NTFS Drive H: | 75,13 Gb Total Space | 1,99 Gb Free Space | 2,64% Space Free | Partition Type: NTFS Computer Name: SZAJS | User Name: adamo88 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Office\Office12\GROOVE.EXE" = C:\Program Files\Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Program Files\Gadu-Gadu 10\gg.exe" = C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- File not found "C:\Program Files\Konnekt\konnekt.exe" = C:\Program Files\Konnekt\konnekt.exe:*:Enabled:Konnekt - Core -- (Stamina) "C:\Program Files\CS\hl.exe" = C:\Program Files\CS\hl.exe:*:Enabled:Half-Life Launcher -- File not found "C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- () "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "D:\PPLive\PPLive.exe" = D:\PPLive\PPLive.exe:*:Enabled:PPLive -- File not found "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com) "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com) "C:\Program Files\SopCast\sopvod.exe" = C:\Program Files\SopCast\sopvod.exe:*:Enabled:sopvod -- () "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "E:\The Settlers II - Dziesięciolecie\bin\S2DNG.exe" = E:\The Settlers II - Dziesięciolecie\bin\S2DNG.exe:*:Enabled:S2DNG -- () "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- File not found "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool "{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09 "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision "{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{7B63B2922B174135AFC0E1377DD81EC2}" = "{7C906292-5CE0-4997-AA78-F7616DD2D76F}" = ZajePRO 2.0 "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63 "{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}" = A4 TECH USB PC Camera V "{8B743AA0-53B2-11D2-808A-00600895FB43}" = Heroes of Might and Magic III - Złota Edycja "{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12 "{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007 "{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007 "{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007 "{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007 "{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007 "{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007 "{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007 "{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007 "{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007 "{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{97bda673-1bbb-4363-b4aa-ca532607d48d}" = Nero 9 "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1 "{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 "{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager "{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4 "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed "{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{EB490160-A606-11D3-9B22-00A0C971727F}" = Protel 99 SE Trial Version "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0) "AC3Filter_is1" = AC3Filter 1.63b "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4 "Any Video Converter Professional_is1" = Any Video Converter Professional 3.0.5 "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1218 "ClocX" = ClocX (1.5b2) "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "cscCUVC" = Canopus HQ CODEC "D44822B3621EFD220D3A7DDA72DE5A4B6476748F" = Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00) "DC++" = DC++ 0.761 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "ETKA7.2V5i" = ETKA 7.2 V5 International 2010 "Google Chrome" = Google Chrome "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70 "Hardlock Device Drivers" = Hardlock Device Drivers "HijackThis" = HijackThis 2.0.2 "InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11 "JDownloader" = JDownloader "Konnekt" = Konnekt "Lexmark Z600 Series" = Lexmark Z600 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MPE" = MyPhoneExplorer "NVIDIA Drivers" = NVIDIA Drivers "Quintessential Media Player" = Quintessential Media Player "RealAlt_is1" = Real Alternative 2.0.2 "S2TNG" = The Settlers II - Dziesięciolecie "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set "SkanerOnline" = Skaner on-line mks_vir "SopCast" = SopCast 2.0.4 "Steam App 10" = Counter-Strike "SubEdit-Player_is1" = SubEdit-Player "Symfonia Handel" = Symfonia Handel "Tecar Forum ETKA v2" = Tecar Forum ETKA v2 "Total CMA Pack" = Total CMA Pack 0.50 "Unlocker" = Unlocker 1.8.7 "VLC media player" = VLC media player 1.0.3 "WinRAR archiver" = Archiwizator WinRAR "Xvid_is1" = Xvid 1.2.2 final uninstall [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-1214440339-1614895754-1935655697-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dr. DivX 2.0 OSS" = Dr. DivX 2.0 OSS [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 2010-10-25 16:18:59 | Computer Name = SZAJS | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd explorer.exe, wersja 6.0.2900.5512, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x017432c3. Error - 2010-10-25 16:19:05 | Computer Name = SZAJS | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd drwtsn32.exe, wersja 5.1.2600.0, moduł powodujący błąd dbghelp.dll, wersja 5.1.2600.5512, adres błędu 0x0001295d. Error - 2010-10-25 16:25:23 | Computer Name = SZAJS | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca konnekt.exe, wersja 0.6.22.137, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-10-25 16:29:01 | Computer Name = SZAJS | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2010-10-25 16:29:01 | Computer Name = SZAJS | Source = crypt32 | ID = 131083 Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>, wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji bieżącego zegara systemowego lub sygnatury czasowej. Error - 2010-11-06 10:26:28 | Computer Name = SZAJS | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd zauzeta.exe, wersja 0.0.0.0, moduł powodujący błąd zauzeta.exe, wersja 0.0.0.0, adres błędu 0x000015a0. Error - 2010-11-06 10:26:28 | Computer Name = SZAJS | Source = Application Error | ID = 1000 Description = Aplikacja powodująca błąd zauzeta.exe, wersja 0.0.0.0, moduł powodujący błąd zauzeta.exe, wersja 0.0.0.0, adres błędu 0x000015a0. Error - 2010-11-19 05:17:03 | Computer Name = SZAJS | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 7.0.5730.13, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-19 05:17:04 | Computer Name = SZAJS | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca IEXPLORE.EXE, wersja 7.0.5730.13, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2010-11-23 04:29:34 | Computer Name = SZAJS | Source = Application Hang | ID = 1002 Description = Aplikacja zawieszająca subedit.exe, wersja 1.0.0.4066, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. [ System Events ] Error - 2010-12-12 17:52:07 | Computer Name = SZAJS | Source = Service Control Manager | ID = 7031 Description = Usługa Nero BackItUp Scheduler 4.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 500 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error - 2010-12-12 18:08:08 | Computer Name = SZAJS | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi LexBce Server z powodu następującego błędu: %%2 Error - 2010-12-12 18:08:08 | Computer Name = SZAJS | Source = Service Control Manager | ID = 7001 Description = Usługa Bufor wydruku zależy od usługi LexBce Server, której nie można uruchomić z powodu następującego błędu: %%2 Error - 2010-12-12 18:08:08 | Computer Name = SZAJS | Source = Service Control Manager | ID = 7023 Description = Usługa Pomoc i obsługa techniczna zakończyła działanie; wystąpił następujący błąd: %%126 Error - 2010-12-12 18:09:06 | Computer Name = SZAJS | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi LexBce Server z powodu następującego błędu: %%2 Error - 2010-12-12 18:09:06 | Computer Name = SZAJS | Source = Service Control Manager | ID = 7001 Description = Usługa Bufor wydruku zależy od usługi LexBce Server, której nie można uruchomić z powodu następującego błędu: %%2 Error - 2010-12-12 18:09:57 | Computer Name = SZAJS | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi LexBce Server z powodu następującego błędu: %%2 Error - 2010-12-12 18:09:57 | Computer Name = SZAJS | Source = Service Control Manager | ID = 7001 Description = Usługa Bufor wydruku zależy od usługi LexBce Server, której nie można uruchomić z powodu następującego błędu: %%2 Error - 2010-12-12 18:11:00 | Computer Name = SZAJS | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi LexBce Server z powodu następującego błędu: %%2 Error - 2010-12-12 18:11:00 | Computer Name = SZAJS | Source = Service Control Manager | ID = 7001 Description = Usługa Bufor wydruku zależy od usługi LexBce Server, której nie można uruchomić z powodu następującego błędu: %%2 < End of report >

Kod: Zaznacz wszystko: OTL logfile created on: 2010-12-13 16:50:03 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = D:\instalki niezbedne\virus Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 30,00 Gb Total Space | 4,57 Gb Free Space | 15,25% Space Free | Partition Type: NTFS Drive D: | 67,66 Gb Total Space | 47,34 Gb Free Space | 69,97% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 31,69 Gb Free Space | 32,45% Space Free | Partition Type: NTFS Drive F: | 97,65 Gb Total Space | 10,32 Gb Free Space | 10,57% Space Free | Partition Type: NTFS Drive G: | 97,65 Gb Total Space | 49,35 Gb Free Space | 50,53% Space Free | Partition Type: NTFS Drive H: | 75,13 Gb Total Space | 1,99 Gb Free Space | 2,64% Space Free | Partition Type: NTFS Computer Name: SZAJS | User Name: adamo88 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-12-12 23:38:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\instalki niezbedne\virus\OTL.exe PRC - [2010-10-08 13:00:10 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2008-10-15 16:47:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe PRC - [2008-10-14 11:46:14 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe PRC - [2008-09-30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-08-16 17:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files\Razer\Lachesis\OSD.exe PRC - [2007-07-26 16:43:14 | 000,270,336 | ---- | M] (BonSoft) -- C:\Program Files\ClocX\ClocX.exe PRC - [2007-06-05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe PRC - [2007-03-06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe PRC - [2007-03-03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006-11-13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe PRC - [2006-11-13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe PRC - [2006-10-25 09:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EXPLORER.EXE PRC - [2005-08-05 15:15:04 | 000,061,440 | ---- | M] (Vimicro) -- C:\WINDOWS\VM305_STI.exe PRC - [2005-05-24 22:41:09 | 000,503,808 | ---- | M] (Stamina) -- C:\Program Files\Konnekt\konnekt.exe PRC - [1997-04-09 22:04:50 | 000,050,176 | ---- | M] () -- C:\WINDOWS\system32\CrypServ.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-12-12 23:38:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\instalki niezbedne\virus\OTL.exe MOD - [2010-12-12 23:24:30 | 000,093,184 | RHS- | M] () -- C:\WINDOWS\system32\nmdfgds0.dll MOD - [2009-07-12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll MOD - [2009-07-11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll MOD - [2008-04-13 22:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll MOD - [2006-10-27 00:48:42 | 002,210,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Office\Office12\GrooveShellExtensions.dll MOD - [2006-10-27 00:48:34 | 000,955,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Office\Office12\GrooveUtil.dll MOD - [2006-10-27 00:48:02 | 000,222,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Office\Office12\GrooveSystemServices.dll MOD - [2006-10-27 00:47:40 | 000,022,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Office\Office12\GrooveNew.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2009-12-17 23:41:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-09-30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2007-03-06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) SRV - [2007-03-03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [1997-04-09 22:04:50 | 000,050,176 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\CrypServ.exe -- (Crypkey License) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (AVPsys) DRV - [2009-12-01 12:18:37 | 000,685,816 | ---- | M] () [Kernel | Disabled | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-06-10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008-12-18 12:44:49 | 000,097,792 | ---- | M] (T0r0 & Tecar Forum 2009) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NSHE.SYS -- (NSHE) DRV - [2008-12-12 15:27:46 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice) DRV - [2008-12-12 15:27:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice) DRV - [2008-04-13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2008-04-13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-02-26 16:01:44 | 004,737,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-08-08 11:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lachesis.sys -- (LachesisFltr) DRV - [2007-01-25 21:04:30 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC) Quinnware CDDA Driver (by InfinaDyne) DRV - [2006-11-22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006-05-08 10:24:24 | 000,391,688 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM305.sys -- (ZSMC0305) DRV - [2005-12-21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Usbicp.sys -- (uisp) DRV - [2005-08-17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005-08-17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005-08-17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2005-06-13 11:08:36 | 000,085,664 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex) DRV - [2005-06-13 11:06:58 | 000,087,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt) DRV - [2005-06-13 11:05:16 | 000,096,224 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm) DRV - [2005-06-13 11:05:08 | 000,009,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl) DRV - [2005-06-13 11:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM) DRV - [2005-02-11 10:24:00 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex) DRV - [2005-02-11 10:22:00 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2005-02-11 10:21:00 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm) DRV - [2005-02-11 10:21:00 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2005-02-11 10:19:00 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [1997-04-09 21:31:22 | 000,020,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ IE - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2001-10-26 16:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE (Vimicro) O4 - HKLM..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe (BonSoft) O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe () O4 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003..\Run: [Konnekt] C:\Program Files\Konnekt\konnekt.exe (Stamina) O4 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003..\Run: [wsctf.exe] File not found O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.177.196.14 195.177.196.4 195.177.196.21 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\adamo88\utre.exe) - C:\Documents and Settings\adamo88\utre.exe File not found O20 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003 Winlogon: Shell - (C:\Documents and Settings\adamo88\utre.exe) - C:\Documents and Settings\adamo88\utre.exe File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-27 09:53:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010-12-13 16:50:22 | 000,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-12-13 16:50:22 | 000,000,053 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-12-13 16:50:22 | 000,000,053 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-12-13 16:50:22 | 000,000,053 | RHS- | M] () - F:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009-04-28 23:13:52 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010-12-13 16:50:22 | 000,000,053 | RHS- | M] () - G:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-12-11 17:36:44 | 000,000,000 | ---D | M] - H:\automapa 6.1 full 912a -- [ NTFS ] O32 - AutoRun File - [2010-01-09 20:38:42 | 345,323,520 | ---- | M] () - H:\AutoMapa_6.1.0_PL_Beta.iso -- [ NTFS ] O32 - AutoRun File - [2010-12-13 16:50:47 | 000,000,053 | RHS- | M] () - H:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{4b2333f8-81f8-11df-8174-000e2e3ab0f1}\Shell\AutoRun\command - "" = K:\pupica\makaroni.exe -- File not found O33 - MountPoints2\{4b2333f8-81f8-11df-8174-000e2e3ab0f1}\Shell\explore\command - "" = K:\pupica\\makaroni.exe -- File not found O33 - MountPoints2\{4b2333f8-81f8-11df-8174-000e2e3ab0f1}\Shell\open\command - "" = K:\pupica\\makaroni.exe -- File not found O33 - MountPoints2\{4d9285ae-2b58-11df-bf73-000e2e3ab0f1}\Shell\AutoRun\command - "" = K:\2u.com -- File not found O33 - MountPoints2\{4d9285ae-2b58-11df-bf73-000e2e3ab0f1}\Shell\explore\Command - "" = K:\2u.com -- File not found O33 - MountPoints2\{4d9285ae-2b58-11df-bf73-000e2e3ab0f1}\Shell\open\Command - "" = K:\2u.com -- File not found O33 - MountPoints2\{81d28814-db36-11de-9b35-806d6172696f}\Shell\AutoRun\command - "" = F:\yhh.bat -- [2009-05-29 07:46:26 | 000,104,475 | RHS- | M] () O33 - MountPoints2\{81d28814-db36-11de-9b35-806d6172696f}\Shell\open\Command - "" = F:\yhh.bat -- [2009-05-29 07:46:26 | 000,104,475 | RHS- | M] () O33 - MountPoints2\{81d28818-db36-11de-9b35-806d6172696f}\Shell\AutoRun\command - "" = C:\yhh.bat -- [2009-05-29 07:46:26 | 000,104,475 | RHS- | M] () O33 - MountPoints2\{81d28818-db36-11de-9b35-806d6172696f}\Shell\open\Command - "" = C:\yhh.bat -- [2009-05-29 07:46:26 | 000,104,475 | RHS- | M] () O33 - MountPoints2\{81d28819-db36-11de-9b35-806d6172696f}\Shell\AutoRun\command - "" = D:\yhh.bat -- [2009-05-29 07:46:26 | 000,104,475 | RHS- | M] () O33 - MountPoints2\{81d28819-db36-11de-9b35-806d6172696f}\Shell\open\Command - "" = D:\yhh.bat -- [2009-05-29 07:46:26 | 000,104,475 | RHS- | M] () O33 - MountPoints2\{ca7d6eee-0604-11e0-8463-000e2e3ab0f1}\Shell\AutoRun\command - "" = K:\yhh.bat -- File not found O33 - MountPoints2\{ca7d6eee-0604-11e0-8463-000e2e3ab0f1}\Shell\open\Command - "" = K:\yhh.bat -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-12-12 23:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2010-12-12 23:25:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010-12-12 23:12:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010-12-12 22:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2010-12-12 22:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\IObit [2010-12-12 16:39:14 | 000,036,864 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\EXPLORER.EXE [2010-11-24 14:49:23 | 000,000,000 | ---D | C] -- D:\dokumenty XP\adamo88\FIFA 09 [2010-11-24 14:24:14 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2010-11-24 14:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adamo88\Dane aplikacji\Leadertech [2010-11-24 14:14:38 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2010-11-24 14:14:37 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll [2010-11-24 14:14:36 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll [2010-11-24 14:14:36 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll [2010-11-24 14:14:34 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll [2010-11-24 14:14:34 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll [2010-11-24 14:14:33 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll [2010-11-23 09:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adamo88\Dane aplikacji\ZajePRO 2.0 [2010-11-22 19:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2010-11-21 11:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\ZajePRO 2.0 [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-12-13 16:51:12 | 000,000,053 | RHS- | M] () -- C:\autorun.inf [2010-12-13 16:34:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-12-13 08:34:00 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-12-12 23:29:34 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\adamo88\Pulpit\Counter-Strike.url [2010-12-12 23:29:15 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk [2010-12-12 23:24:30 | 000,093,184 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll [2010-12-12 23:24:29 | 000,236,123 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-12-12 23:24:24 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\adamo88\NTUSER.DAT [2010-12-12 23:24:24 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\adamo88\ntuser.ini [2010-12-12 23:23:14 | 000,000,288 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI [2010-12-12 23:06:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-12-12 23:06:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-12-12 23:05:18 | 000,016,004 | ---- | M] () -- C:\Documents and Settings\adamo88\Pulpit\berberysowa 2.docx [2010-12-12 19:27:27 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-12-12 11:10:17 | 000,014,244 | ---- | M] () -- C:\Documents and Settings\adamo88\Pulpit\Berberysowa.docx [2010-12-09 22:46:08 | 002,107,838 | -H-- | M] () -- C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-12-03 10:17:29 | 002,504,646 | ---- | M] () -- D:\dokumenty XP\adamo88\HandyWeather(Penreader).exe [2010-11-30 17:17:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-11-25 09:57:50 | 000,997,954 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-11-25 09:57:50 | 000,453,654 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-11-25 09:57:50 | 000,397,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-11-25 09:57:50 | 000,075,880 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-11-25 09:57:50 | 000,059,532 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-11-24 14:24:14 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2010-11-24 14:19:36 | 000,001,379 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\FIFA 09.lnk [2010-11-23 08:57:58 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\adamo88\Pulpit\ZajePRO 2.0.lnk [2010-11-22 19:20:21 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\JDownloader.lnk [2010-11-22 01:02:11 | 000,055,512 | ---- | M] () -- C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-11-19 12:13:10 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-12-13 05:39:04 | 000,000,053 | RHS- | C] () -- C:\autorun.inf [2010-12-13 03:07:09 | 000,104,475 | RHS- | C] () -- C:\yhh.bat [2010-12-12 23:29:34 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\adamo88\Pulpit\Counter-Strike.url [2010-12-12 23:27:43 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk [2010-12-12 23:08:49 | 000,298,496 | ---- | C] () -- C:\WINDOWS\unin0415.exe [2010-12-12 23:05:18 | 000,016,004 | ---- | C] () -- C:\Documents and Settings\adamo88\Pulpit\berberysowa 2.docx [2010-12-12 16:39:14 | 000,104,475 | RHS- | C] () -- C:\WINDOWS\System32\olhrwef.exe [2010-12-12 16:39:14 | 000,093,184 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll [2010-12-12 10:21:23 | 000,014,244 | ---- | C] () -- C:\Documents and Settings\adamo88\Pulpit\Berberysowa.docx [2010-12-03 10:17:26 | 002,504,646 | ---- | C] () -- D:\dokumenty XP\adamo88\HandyWeather(Penreader).exe [2010-11-24 14:19:36 | 000,001,379 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\FIFA 09.lnk [2010-11-22 19:20:21 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\JDownloader.lnk [2010-11-21 11:08:19 | 000,002,279 | ---- | C] () -- C:\Documents and Settings\adamo88\Pulpit\ZajePRO 2.0.lnk [2010-11-19 12:13:10 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-09-08 16:31:02 | 000,000,052 | ---- | C] () -- C:\WINDOWS\ETKINST.INI [2010-03-09 09:46:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\adamo88\Dane aplikacji\$_hpcst$.hpc [2010-03-03 22:30:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009-12-21 17:21:21 | 000,007,850 | ---- | C] () -- C:\WINDOWS\ADVPCB99SE.INI [2009-12-21 17:19:28 | 000,000,758 | ---- | C] () -- C:\WINDOWS\ProHelp99SE.INI [2009-12-21 17:18:21 | 000,020,768 | ---- | C] () -- C:\WINDOWS\System32\CKLDRV.sys [2009-12-21 17:18:17 | 000,005,858 | ---- | C] () -- C:\WINDOWS\Client99SE.INI [2009-12-21 17:18:17 | 000,000,385 | ---- | C] () -- C:\WINDOWS\AdvSch99SE.ini [2009-12-21 17:18:17 | 000,000,369 | ---- | C] () -- C:\WINDOWS\HelpAdvisor99SE.ini [2009-12-21 17:18:17 | 000,000,332 | ---- | C] () -- C:\WINDOWS\CRYPKEY.INI [2009-12-21 17:18:17 | 000,000,073 | ---- | C] () -- C:\WINDOWS\AdvSIM99SE.INI [2009-12-16 23:48:26 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009-12-16 23:48:26 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009-12-16 23:48:26 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009-12-16 23:48:26 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009-12-16 23:48:26 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009-12-16 23:48:26 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009-12-01 21:16:10 | 000,000,042 | ---- | C] () -- C:\WINDOWS\fiscprn.ini [2009-12-01 17:01:15 | 000,000,066 | ---- | C] () -- C:\WINDOWS\mxreader.INI [2009-12-01 17:00:21 | 000,000,647 | ---- | C] () -- C:\WINDOWS\amhm.ini [2009-12-01 16:57:03 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\BUTIL.DLL [2009-12-01 16:57:03 | 000,002,055 | R--- | C] () -- C:\WINDOWS\BTI.INI [2009-12-01 12:18:37 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-11-29 17:45:42 | 000,000,288 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2009-11-29 16:27:52 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-11-29 16:27:52 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-11-29 14:20:06 | 000,055,512 | ---- | C] () -- C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-11-27 10:40:18 | 000,997,954 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-11-27 10:40:16 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-11-27 10:39:21 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2009-11-27 10:11:26 | 002,107,838 | -H-- | C] () -- C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-11-27 10:05:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-11-27 10:00:48 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\adamo88\Dane aplikacji\desktop.ini [2009-11-27 09:53:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2009-11-27 09:48:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2009-11-27 09:48:51 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2009-11-27 09:48:05 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2009-11-27 09:48:04 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2009-06-10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009-06-10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009-06-10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009-06-10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-04-14 21:50:46 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2008-04-14 21:50:38 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2008-04-14 21:50:32 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2008-04-14 21:50:14 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll [2008-04-14 21:50:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2008-04-13 21:51:34 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2008-04-13 21:20:56 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2008-04-13 21:19:58 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2008-04-13 21:19:44 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2008-04-13 21:19:44 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2008-04-13 21:19:42 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2008-04-13 21:19:40 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2007-04-02 22:04:28 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2006-08-15 15:26:52 | 000,001,536 | --S- | C] () -- C:\WINDOWS\System32\pavedius.dll [2002-03-17 01:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000088.DLL [2001-10-26 18:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [2001-10-26 18:29:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2001-10-26 18:29:32 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2001-10-26 18:28:34 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2001-10-26 18:27:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2001-10-26 17:15:04 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2001-10-26 17:14:52 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2001-10-26 17:14:32 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2001-10-26 17:12:52 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2001-10-26 16:45:26 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2001-10-26 16:45:26 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2001-10-26 16:45:24 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2001-10-26 16:42:08 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2001-10-26 16:42:08 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2001-10-26 16:42:08 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2001-10-26 16:42:08 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2001-08-17 22:31:56 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2001-08-17 22:31:56 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2001-08-17 22:31:50 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2001-08-17 22:31:46 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2001-08-17 22:31:46 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2001-08-17 22:31:44 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2001-08-17 22:13:24 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2001-08-17 20:55:06 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2001-07-22 03:25:18 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2001-07-21 23:36:06 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2001-07-21 23:16:20 | 000,000,780 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-21 23:15:52 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2001-07-21 23:15:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [color=#E56717]========== LOP Check ==========[/color] [2010-03-09 00:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\AD ON Multimedia [2010-05-01 19:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\AnvSoft [2009-12-01 12:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\DAEMON Tools Pro [2010-12-11 01:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\DC++ [2009-11-28 15:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\Gadu-Gadu 10 [2010-11-24 14:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\Leadertech [2010-03-09 00:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\MyPhoneExplorer [2009-11-29 14:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\OpenFM [2009-11-27 10:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\Opera [2010-10-07 23:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\PDF Writer [2010-10-07 23:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\Smart PDF Converter [2010-04-01 17:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\Smart PDF Creator Pro [2009-12-16 23:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\Ulead Systems [2010-11-23 09:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\ZajePRO 2.0 [2010-04-01 17:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Cogniview [2009-12-16 23:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo [2010-12-12 22:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2009-12-01 11:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2009-11-29 14:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-10-07 23:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PDF Writer [2010-02-07 03:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PPLive [2010-02-07 03:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PPLiveVA [2010-02-09 16:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Razer [2009-12-01 17:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sage [2009-11-29 14:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\stamina [2009-12-01 17:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Symfonia [2010-05-01 19:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-12-16 23:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems [2009-11-28 15:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodzice\Dane aplikacji\Gadu-Gadu 10 [2009-11-27 17:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodzice\Dane aplikacji\Opera [2009-12-01 17:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodzice\Dane aplikacji\Sage [2009-12-01 17:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodzice\Dane aplikacji\stamina [2009-12-17 09:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodzice\Dane aplikacji\Ulead Systems [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:661DFA1C < End of report >

**Posty:** 18165 · przez **wojtas** 13 Gru 2010, 20:55

log z Gmera robiony w nieodpowiednich warunkach :

[Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

poczytaj programy emulujące napędy

infekcja z pendriva:

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe ()
O4 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003..\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003..\Run: [wsctf.exe] File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\adamo88\utre.exe) - C:\Documents and Settings\adamo88\utre.exe File not found
O20 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003 Winlogon: Shell - (C:\Documents and Settings\adamo88\utre.exe) - C:\Documents and Settings\adamo88\utre.exe File not found
O32 - AutoRun File - [2010-12-13 16:50:22 | 000,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-12-13 16:50:22 | 000,000,053 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-12-13 16:50:22 | 000,000,053 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-12-13 16:50:22 | 000,000,053 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-12-13 16:50:22 | 000,000,053 | RHS- | M] () - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-12-11 17:36:44 | 000,000,000 | ---D | M] - H:\automapa 6.1 full 912a -- [ NTFS ]
O32 - AutoRun File - [2010-01-09 20:38:42 | 345,323,520 | ---- | M] () - H:\AutoMapa_6.1.0_PL_Beta.iso -- [ NTFS ]
O32 - AutoRun File - [2010-12-13 16:50:47 | 000,000,053 | RHS- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4b2333f8-81f8-11df-8174-000e2e3ab0f1}\Shell\AutoRun\command - "" = K:\pupica\makaroni.exe -- File not found
O33 - MountPoints2\{4b2333f8-81f8-11df-8174-000e2e3ab0f1}\Shell\explore\command - "" = K:\pupica\\makaroni.exe -- File not found
O33 - MountPoints2\{4b2333f8-81f8-11df-8174-000e2e3ab0f1}\Shell\open\command - "" = K:\pupica\\makaroni.exe -- File not found
O33 - MountPoints2\{4d9285ae-2b58-11df-bf73-000e2e3ab0f1}\Shell\AutoRun\command - "" = K:\2u.com -- File not found
O33 - MountPoints2\{4d9285ae-2b58-11df-bf73-000e2e3ab0f1}\Shell\explore\Command - "" = K:\2u.com -- File not found
O33 - MountPoints2\{4d9285ae-2b58-11df-bf73-000e2e3ab0f1}\Shell\open\Command - "" = K:\2u.com -- File not found
O33 - MountPoints2\{81d28814-db36-11de-9b35-806d6172696f}\Shell\AutoRun\command - "" = F:\yhh.bat -- [2009-05-29 07:46:26 | 000,104,475 | RHS- | M] ()
O33 - MountPoints2\{81d28814-db36-11de-9b35-806d6172696f}\Shell\open\Command - "" = F:\yhh.bat -- [2009-05-29 07:46:26 | 000,104,475 | RHS- | M] ()
O33 - MountPoints2\{81d28818-db36-11de-9b35-806d6172696f}\Shell\AutoRun\command - "" = C:\yhh.bat -- [2009-05-29 07:46:26 | 000,104,475 | RHS- | M] ()
O33 - MountPoints2\{81d28818-db36-11de-9b35-806d6172696f}\Shell\open\Command - "" = C:\yhh.bat -- [2009-05-29 07:46:26 | 000,104,475 | RHS- | M] ()
O33 - MountPoints2\{81d28819-db36-11de-9b35-806d6172696f}\Shell\AutoRun\command - "" = D:\yhh.bat -- [2009-05-29 07:46:26 | 000,104,475 | RHS- | M] ()
O33 - MountPoints2\{81d28819-db36-11de-9b35-806d6172696f}\Shell\open\Command - "" = D:\yhh.bat -- [2009-05-29 07:46:26 | 000,104,475 | RHS- | M] ()
O33 - MountPoints2\{ca7d6eee-0604-11e0-8463-000e2e3ab0f1}\Shell\AutoRun\command - "" = K:\yhh.bat -- File not found
O33 - MountPoints2\{ca7d6eee-0604-11e0-8463-000e2e3ab0f1}\Shell\open\Command - "" = K:\yhh.bat -- File not found
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:661DFA1C

:Files
[override]
C:\WINDOWS\system32\EXPLORER.EXE
[stopoverride]
C:\WINDOWS\system32\nmdfgds0.dll
C:\WINDOWS\system32\nmdfgds1.dll
autorun.inf /alldrives
yhh.bat /alldrives

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Gadu-Gadu 10\gg.exe"=-
"C:\Program Files\CS\hl.exe"=-
"D:\PPLive\PPLive.exe"=-

:Commands
[emptytemp]
[emptyflash]
[clearallrestorepoints]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie). + z Gmera +
Przy podpiętym urządzeniu przenośnym (pendrive itp) , uruchom USBFIX z opcji Listing i pokaż raport na forum.

**Posty:** 44 · przez **adamo88** 14 Gru 2010, 06:59

Już mogę wchodzić na dyski :]
Faktycznie nie zrestartowałem kompa po użyciu SPTDinst, no i jaja z kompem zaczęły się po wgrywaniu Automapy dla kumpla na kartę pamięci, tej karty już nie mam (w końcu kumpla była). Czy teraz mam załadować własny pendrive i użyć USBfix??
Oto logi:

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1214440339-1614895754-1935655697-1003\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully. C:\WINDOWS\system32\olhrwef.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-1214440339-1614895754-1935655697-1003\Software\Microsoft\Windows\CurrentVersion\Run\\EXPLORER.EXE deleted successfully. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. Registry value HKEY_USERS\S-1-5-21-1214440339-1614895754-1935655697-1003\Software\Microsoft\Windows\CurrentVersion\Run\\wsctf.exe deleted successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully. Starting removal of ActiveX control {00000161-0000-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\msaudio.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000161-0000-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000161-0000-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000161-0000-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000161-0000-0010-8000-00AA00389B71}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:Explorer.exe deleted successfully. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:EXPLORER.EXE deleted successfully. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Documents and Settings\adamo88\utre.exe deleted successfully. Registry value HKEY_USERS\S-1-5-21-1214440339-1614895754-1935655697-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:explorer.exe deleted successfully. Item C:\WINDOWS\system32\EXPLORER.EXE is whitelisted and cannot be moved. Registry value HKEY_USERS\S-1-5-21-1214440339-1614895754-1935655697-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\adamo88\utre.exe deleted successfully. C:\autorun.inf moved successfully. D:\autorun.inf moved successfully. E:\autorun.inf moved successfully. F:\autorun.inf moved successfully. G:\autorun.inf moved successfully. File not found. H:\AutoMapa_6.1.0_PL_Beta.iso moved successfully. H:\autorun.inf moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b2333f8-81f8-11df-8174-000e2e3ab0f1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b2333f8-81f8-11df-8174-000e2e3ab0f1}\ not found. File K:\pupica\makaroni.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b2333f8-81f8-11df-8174-000e2e3ab0f1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b2333f8-81f8-11df-8174-000e2e3ab0f1}\ not found. File K:\pupica\\makaroni.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b2333f8-81f8-11df-8174-000e2e3ab0f1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b2333f8-81f8-11df-8174-000e2e3ab0f1}\ not found. File K:\pupica\\makaroni.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d9285ae-2b58-11df-bf73-000e2e3ab0f1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d9285ae-2b58-11df-bf73-000e2e3ab0f1}\ not found. File K:\2u.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d9285ae-2b58-11df-bf73-000e2e3ab0f1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d9285ae-2b58-11df-bf73-000e2e3ab0f1}\ not found. File K:\2u.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d9285ae-2b58-11df-bf73-000e2e3ab0f1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d9285ae-2b58-11df-bf73-000e2e3ab0f1}\ not found. File K:\2u.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81d28814-db36-11de-9b35-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81d28814-db36-11de-9b35-806d6172696f}\ not found. F:\yhh.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81d28814-db36-11de-9b35-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81d28814-db36-11de-9b35-806d6172696f}\ not found. File F:\yhh.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81d28818-db36-11de-9b35-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81d28818-db36-11de-9b35-806d6172696f}\ not found. C:\yhh.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81d28818-db36-11de-9b35-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81d28818-db36-11de-9b35-806d6172696f}\ not found. File C:\yhh.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81d28819-db36-11de-9b35-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81d28819-db36-11de-9b35-806d6172696f}\ not found. D:\yhh.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81d28819-db36-11de-9b35-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81d28819-db36-11de-9b35-806d6172696f}\ not found. File D:\yhh.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca7d6eee-0604-11e0-8463-000e2e3ab0f1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca7d6eee-0604-11e0-8463-000e2e3ab0f1}\ not found. File K:\yhh.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca7d6eee-0604-11e0-8463-000e2e3ab0f1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca7d6eee-0604-11e0-8463-000e2e3ab0f1}\ not found. File K:\yhh.bat not found. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:661DFA1C deleted successfully. ========== FILES ========== C:\WINDOWS\system32\EXPLORER.EXE moved successfully. C:\WINDOWS\system32\nmdfgds0.dll moved successfully. File\Folder C:\WINDOWS\system32\nmdfgds1.dll not found. autorun.inf not found in C:\ autorun.inf not found in D:\ autorun.inf not found in E:\ autorun.inf not found in F:\ autorun.inf not found in G:\ autorun.inf not found in H:\ yhh.bat not found in C:\ yhh.bat not found in D:\ E:\yhh.bat moved successfully. yhh.bat not found in F:\ G:\yhh.bat moved successfully. H:\yhh.bat moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\WINDOWS\system32\userinit.exe," /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Gadu-Gadu 10\gg.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\CS\hl.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\PPLive\PPLive.exe deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: adamo88 ->Temp folder emptied: 2437022812 bytes ->Temporary Internet Files folder emptied: 6073187 bytes ->Java cache emptied: 11324490 bytes ->Google Chrome cache emptied: 6081709 bytes ->Opera cache emptied: 2985355 bytes ->Flash cache emptied: 69943 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Rodzice ->Temp folder emptied: 919604 bytes ->Temporary Internet Files folder emptied: 51217142 bytes ->Java cache emptied: 0 bytes ->Opera cache emptied: 19583084 bytes ->Flash cache emptied: 69943 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2352022 bytes %systemroot%\System32 .tmp files removed: 2596 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10709248 bytes RecycleBin emptied: 135697 bytes Total Files Cleaned = 2 431,00 mb [EMPTYFLASH] User: adamo88 ->Flash cache emptied: 0 bytes User: All Users User: Default User User: LocalService User: NetworkService User: Rodzice ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb Restore points cleared and new OTL Restore Point set! OTL by OldTimer - Version 3.2.17.3 log created on 12132010_200009 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot. Registry entries deleted on Reboot...

Kod: Zaznacz wszystko: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-12-14 05:47:06 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3500320AS rev.SD15 Running: gmer.exe; Driver: C:\DOCUME~1\adamo88\USTAWI~1\Temp\kgtdypog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB75EE360, 0x3D46A5, 0xE8000020] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB41F5400, 0x87EE2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB4299620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB4299620] .protect˙˙˙˙hardlockunknown last code section [0xB4299400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB4299400, 0x5126, 0xE0000020] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0x58 0x88 0x13 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB3 0x58 0x88 0x13 ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\adamo88\Pulpit\12132010_200009.log 23004 bytes File C:\Documents and Settings\adamo88\Recent\12132010_200009.log.lnk 434 bytes ---- EOF - GMER 1.0.15 ----

Kod: Zaznacz wszystko: OTL logfile created on: 2010-12-13 20:06:58 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = D:\instalki niezbedne\virus Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 30,00 Gb Total Space | 7,04 Gb Free Space | 23,47% Space Free | Partition Type: NTFS Drive D: | 67,66 Gb Total Space | 47,02 Gb Free Space | 69,50% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 31,69 Gb Free Space | 32,45% Space Free | Partition Type: NTFS Drive F: | 97,65 Gb Total Space | 10,32 Gb Free Space | 10,57% Space Free | Partition Type: NTFS Drive G: | 97,65 Gb Total Space | 49,35 Gb Free Space | 50,54% Space Free | Partition Type: NTFS Drive H: | 75,13 Gb Total Space | 2,31 Gb Free Space | 3,07% Space Free | Partition Type: NTFS Computer Name: SZAJS | User Name: adamo88 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-12-12 23:38:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\instalki niezbedne\virus\OTL.exe PRC - [2010-10-08 13:00:10 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009-09-24 06:50:10 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files\Total CMA Pack\TOTALCMD.EXE PRC - [2008-10-15 16:47:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe PRC - [2008-10-14 11:46:14 | 000,172,032 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe PRC - [2008-09-30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-08-16 17:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files\Razer\Lachesis\OSD.exe PRC - [2007-07-26 16:43:14 | 000,270,336 | ---- | M] (BonSoft) -- C:\Program Files\ClocX\ClocX.exe PRC - [2007-06-05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe PRC - [2007-03-06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe PRC - [2007-03-03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006-11-13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe PRC - [2006-11-13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe PRC - [2005-08-05 15:15:04 | 000,061,440 | ---- | M] (Vimicro) -- C:\WINDOWS\VM305_STI.exe PRC - [2005-05-24 22:41:09 | 000,503,808 | ---- | M] (Stamina) -- C:\Program Files\Konnekt\konnekt.exe PRC - [1997-04-09 22:04:50 | 000,050,176 | ---- | M] () -- C:\WINDOWS\system32\CrypServ.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-12-12 23:38:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\instalki niezbedne\virus\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2009-12-17 23:41:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008-09-30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2007-03-06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) SRV - [2007-03-03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [1997-04-09 22:04:50 | 000,050,176 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\CrypServ.exe -- (Crypkey License) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (AVPsys) DRV - [2009-06-10 06:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008-12-18 12:44:49 | 000,097,792 | ---- | M] (T0r0 & Tecar Forum 2009) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NSHE.SYS -- (NSHE) DRV - [2008-12-12 15:27:46 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice) DRV - [2008-12-12 15:27:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice) DRV - [2008-04-13 23:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2008-04-13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008-02-26 16:01:44 | 004,737,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-08-08 11:04:16 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lachesis.sys -- (LachesisFltr) DRV - [2007-01-25 21:04:30 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC) Quinnware CDDA Driver (by InfinaDyne) DRV - [2006-11-22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2006-05-08 10:24:24 | 000,391,688 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM305.sys -- (ZSMC0305) DRV - [2005-12-21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Usbicp.sys -- (uisp) DRV - [2005-08-17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005-08-17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005-08-17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2005-06-13 11:08:36 | 000,085,664 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex) DRV - [2005-06-13 11:06:58 | 000,087,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt) DRV - [2005-06-13 11:05:16 | 000,096,224 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm) DRV - [2005-06-13 11:05:08 | 000,009,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl) DRV - [2005-06-13 11:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM) DRV - [2005-02-11 10:24:00 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex) DRV - [2005-02-11 10:22:00 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2005-02-11 10:21:00 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm) DRV - [2005-02-11 10:21:00 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2005-02-11 10:19:00 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) DRV - [1997-04-09 21:31:22 | 000,020,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ IE - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2001-10-26 16:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE (Vimicro) O4 - HKLM..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe (BonSoft) O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003..\Run: [Konnekt] C:\Program Files\Konnekt\konnekt.exe (Stamina) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.177.196.14 195.177.196.4 195.177.196.21 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: TaskMan - (c:\documents and settings\adamo88\utre.exe) - c:\documents and settings\adamo88\utre.exe File not found O20 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1214440339-1614895754-1935655697-1003 Winlogon: Shell - (C:\Documents and Settings\adamo88\utre.exe) - C:\Documents and Settings\adamo88\utre.exe File not found O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-11-27 09:53:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009-04-28 23:13:52 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010-12-11 17:36:44 | 000,000,000 | ---D | M] - H:\automapa 6.1 full 912a -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-12-12 23:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2010-12-12 23:25:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010-12-12 22:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2010-12-12 22:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\IObit [2010-11-24 14:49:23 | 000,000,000 | ---D | C] -- D:\dokumenty XP\adamo88\FIFA 09 [2010-11-24 14:24:14 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2010-11-24 14:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adamo88\Dane aplikacji\Leadertech [2010-11-24 14:14:38 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll [2010-11-24 14:14:37 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll [2010-11-24 14:14:36 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll [2010-11-24 14:14:36 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll [2010-11-24 14:14:34 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll [2010-11-24 14:14:34 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll [2010-11-24 14:14:33 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll [2010-11-23 09:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\adamo88\Dane aplikacji\ZajePRO 2.0 [2010-11-22 19:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2010-11-21 11:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\ZajePRO 2.0 [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-12-13 20:04:08 | 000,236,123 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010-12-13 20:04:06 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010-12-13 20:03:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-12-13 20:03:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-12-13 20:02:41 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\adamo88\NTUSER.DAT [2010-12-13 20:02:41 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\adamo88\ntuser.ini [2010-12-13 19:34:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010-12-12 23:29:34 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\adamo88\Pulpit\Counter-Strike.url [2010-12-12 23:29:15 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk [2010-12-12 23:23:14 | 000,000,288 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI [2010-12-12 23:05:18 | 000,016,004 | ---- | M] () -- C:\Documents and Settings\adamo88\Pulpit\berberysowa 2.docx [2010-12-12 19:27:27 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk [2010-12-12 11:10:17 | 000,014,244 | ---- | M] () -- C:\Documents and Settings\adamo88\Pulpit\Berberysowa.docx [2010-12-09 22:46:08 | 002,107,838 | -H-- | M] () -- C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-12-03 10:17:29 | 002,504,646 | ---- | M] () -- D:\dokumenty XP\adamo88\HandyWeather(Penreader).exe [2010-11-30 17:17:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-11-25 09:57:50 | 000,997,954 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010-11-25 09:57:50 | 000,453,654 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2010-11-25 09:57:50 | 000,397,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010-11-25 09:57:50 | 000,075,880 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2010-11-25 09:57:50 | 000,059,532 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010-11-24 14:24:14 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll [2010-11-24 14:19:36 | 000,001,379 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\FIFA 09.lnk [2010-11-23 08:57:58 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\adamo88\Pulpit\ZajePRO 2.0.lnk [2010-11-22 19:20:21 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\JDownloader.lnk [2010-11-22 01:02:11 | 000,055,512 | ---- | M] () -- C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-11-19 12:13:10 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-12-12 23:29:34 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\adamo88\Pulpit\Counter-Strike.url [2010-12-12 23:27:43 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Steam.lnk [2010-12-12 23:08:49 | 000,298,496 | ---- | C] () -- C:\WINDOWS\unin0415.exe [2010-12-12 23:05:18 | 000,016,004 | ---- | C] () -- C:\Documents and Settings\adamo88\Pulpit\berberysowa 2.docx [2010-12-12 10:21:23 | 000,014,244 | ---- | C] () -- C:\Documents and Settings\adamo88\Pulpit\Berberysowa.docx [2010-12-03 10:17:26 | 002,504,646 | ---- | C] () -- D:\dokumenty XP\adamo88\HandyWeather(Penreader).exe [2010-11-24 14:19:36 | 000,001,379 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\FIFA 09.lnk [2010-11-22 19:20:21 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\JDownloader.lnk [2010-11-21 11:08:19 | 000,002,279 | ---- | C] () -- C:\Documents and Settings\adamo88\Pulpit\ZajePRO 2.0.lnk [2010-11-19 12:13:10 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2010-09-08 16:31:02 | 000,000,052 | ---- | C] () -- C:\WINDOWS\ETKINST.INI [2010-03-09 09:46:10 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\adamo88\Dane aplikacji\$_hpcst$.hpc [2010-03-03 22:30:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini [2009-12-21 17:21:21 | 000,007,850 | ---- | C] () -- C:\WINDOWS\ADVPCB99SE.INI [2009-12-21 17:19:28 | 000,000,758 | ---- | C] () -- C:\WINDOWS\ProHelp99SE.INI [2009-12-21 17:18:21 | 000,020,768 | ---- | C] () -- C:\WINDOWS\System32\CKLDRV.sys [2009-12-21 17:18:17 | 000,005,858 | ---- | C] () -- C:\WINDOWS\Client99SE.INI [2009-12-21 17:18:17 | 000,000,385 | ---- | C] () -- C:\WINDOWS\AdvSch99SE.ini [2009-12-21 17:18:17 | 000,000,369 | ---- | C] () -- C:\WINDOWS\HelpAdvisor99SE.ini [2009-12-21 17:18:17 | 000,000,332 | ---- | C] () -- C:\WINDOWS\CRYPKEY.INI [2009-12-21 17:18:17 | 000,000,073 | ---- | C] () -- C:\WINDOWS\AdvSIM99SE.INI [2009-12-16 23:48:26 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009-12-16 23:48:26 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009-12-16 23:48:26 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009-12-16 23:48:26 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009-12-16 23:48:26 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009-12-16 23:48:26 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009-12-01 21:16:10 | 000,000,042 | ---- | C] () -- C:\WINDOWS\fiscprn.ini [2009-12-01 17:01:15 | 000,000,066 | ---- | C] () -- C:\WINDOWS\mxreader.INI [2009-12-01 17:00:21 | 000,000,647 | ---- | C] () -- C:\WINDOWS\amhm.ini [2009-12-01 16:57:03 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\BUTIL.DLL [2009-12-01 16:57:03 | 000,002,055 | R--- | C] () -- C:\WINDOWS\BTI.INI [2009-11-29 17:45:42 | 000,000,288 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2009-11-29 16:27:52 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-11-29 16:27:52 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-11-29 14:20:06 | 000,055,512 | ---- | C] () -- C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-11-27 10:40:18 | 000,997,954 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-11-27 10:40:16 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009-11-27 10:39:21 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini [2009-11-27 10:11:26 | 002,107,838 | -H-- | C] () -- C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-11-27 10:05:08 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\adamo88\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-11-27 10:00:48 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\adamo88\Dane aplikacji\desktop.ini [2009-11-27 09:53:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2009-11-27 09:48:51 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2009-11-27 09:48:51 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2009-11-27 09:48:05 | 000,026,717 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2009-11-27 09:48:04 | 000,003,813 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2009-06-10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009-06-10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009-06-10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009-06-10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008-04-14 21:50:46 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2008-04-14 21:50:38 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2008-04-14 21:50:32 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2008-04-14 21:50:14 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll [2008-04-14 21:50:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2008-04-13 21:51:34 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2008-04-13 21:20:56 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2008-04-13 21:19:58 | 000,033,936 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2008-04-13 21:19:44 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2008-04-13 21:19:44 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2008-04-13 21:19:42 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2008-04-13 21:19:40 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2007-04-02 22:04:28 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2006-08-15 15:26:52 | 000,001,536 | --S- | C] () -- C:\WINDOWS\System32\pavedius.dll [2002-03-17 01:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000088.DLL [2001-10-26 18:29:42 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [2001-10-26 18:29:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2001-10-26 18:29:32 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2001-10-26 18:28:34 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2001-10-26 18:27:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2001-10-26 17:15:04 | 000,027,898 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2001-10-26 17:14:52 | 000,004,976 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2001-10-26 17:14:32 | 000,009,043 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2001-10-26 17:12:52 | 000,000,359 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2001-10-26 16:45:26 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2001-10-26 16:45:26 | 000,006,074 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2001-10-26 16:45:24 | 000,013,819 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2001-10-26 16:42:08 | 000,020,629 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2001-10-26 16:42:08 | 000,002,992 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2001-10-26 16:42:08 | 000,002,890 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2001-10-26 16:42:08 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2001-08-17 22:31:56 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2001-08-17 22:31:56 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2001-08-17 22:31:50 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2001-08-17 22:31:46 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2001-08-17 22:31:46 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2001-08-17 22:31:44 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2001-08-17 22:13:24 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2001-08-17 20:55:06 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2001-07-22 03:25:18 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2001-07-21 23:36:06 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2001-07-21 23:16:20 | 000,000,780 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-21 23:15:52 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2001-07-21 23:15:50 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [color=#E56717]========== LOP Check ==========[/color] [2010-03-09 00:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\AD ON Multimedia [2010-05-01 19:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\AnvSoft [2009-12-01 12:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\DAEMON Tools Pro [2010-12-11 01:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\DC++ [2009-11-28 15:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\Gadu-Gadu 10 [2010-11-24 14:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\Leadertech [2010-03-09 00:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\MyPhoneExplorer [2009-11-29 14:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\OpenFM [2009-11-27 10:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\Opera [2010-10-07 23:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\PDF Writer [2010-10-07 23:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\Smart PDF Converter [2010-04-01 17:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\Smart PDF Creator Pro [2009-12-16 23:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\Ulead Systems [2010-11-23 09:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\adamo88\Dane aplikacji\ZajePRO 2.0 [2010-04-01 17:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Cogniview [2009-12-16 23:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\InterVideo [2010-12-12 22:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IObit [2009-12-01 11:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe [2009-11-29 14:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM [2010-10-07 23:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PDF Writer [2010-02-07 03:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PPLive [2010-02-07 03:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PPLiveVA [2010-02-09 16:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Razer [2009-12-01 17:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sage [2009-11-29 14:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\stamina [2009-12-01 17:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Symfonia [2010-05-01 19:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-12-16 23:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems [2009-11-28 15:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodzice\Dane aplikacji\Gadu-Gadu 10 [2009-11-27 17:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodzice\Dane aplikacji\Opera [2009-12-01 17:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodzice\Dane aplikacji\Sage [2009-12-01 17:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodzice\Dane aplikacji\stamina [2009-12-17 09:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodzice\Dane aplikacji\Ulead Systems [color=#E56717]========== Purity Check ==========[/color] < End of report >

W razie czego podpiąłem swój pendrive i oto listing

Kod: Zaznacz wszystko: ############################## | UsbFix 7.035 | [Listing] User: adamo88 (Administrator) # SZAJS [ ] Updated 05/12/10 by El Desaparecido / C_XX Started at 05:50:57 | 14/12/2010 Website: http://www.teamxscript.org Contact: eldesaparecido@teamxscript.org CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz CPU 2: Intel(R) Pentium(R) 4 CPU 2.80GHz Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3 Internet Explorer 7.0.5730.13 Windows Firewall: Enabled RAM -> 2559 Mb C:\ (%systemdrive%) -> Fixed drive # 30 Gb (7 Mb free - 23%) [WinXP] # NTFS D:\ -> Fixed drive # 68 Gb (47 Mb free - 69%) [DokumentyXP] # NTFS E:\ -> Fixed drive # 98 Gb (32 Mb free - 32%) [] # NTFS F:\ -> Fixed drive # 98 Gb (10 Mb free - 11%) [] # NTFS G:\ -> Fixed drive # 98 Gb (49 Mb free - 51%) [] # NTFS H:\ -> Fixed drive # 75 Gb (2 Mb free - 3%) [] # NTFS J:\ -> CD-ROM L:\ -> Removable drive # 2 Gb (956 Mb free - 50%) [ADAMO88] # FAT32 ################## | Listing | [27/11/2009 - 09:53:16 | A | 0] C:\AUTOEXEC.BAT [05/09/2010 - 15:56:46 | A | 82807] C:\blankiet wplaty.pdf [06/12/2009 - 07:28:43 | SHD ] C:\Boot [24/09/2010 - 13:26:04 | SH | 211] C:\boot.ini [21/07/2001 - 23:13:54 | RASH | 4952] C:\Bootfont.bin [27/11/2009 - 09:53:16 | A | 0] C:\CONFIG.SYS [27/11/2009 - 17:39:16 | D ] C:\Documents and Settings [31/10/2010 - 00:12:25 | D ] C:\Downloads [25/04/2010 - 08:13:04 | A | 319] C:\drmHeader.bin [13/12/2010 - 20:03:28 | A | 119790] C:\error.log [08/09/2010 - 16:46:18 | D ] C:\ETCLIENT [15/08/2010 - 01:36:43 | D ] C:\ETKA [31/12/2009 - 10:10:01 | D ] C:\etka zaktualizowana [27/11/2009 - 09:53:16 | RASH | 0] C:\IO.SYS [13/12/2010 - 19:57:11 | A | 22702] C:\mksbasel.cpp.log [27/11/2009 - 09:53:16 | RASH | 0] C:\MSDOS.SYS [27/11/2009 - 10:34:56 | RHD ] C:\MSOCache [13/04/2008 - 21:13:04 | RASH | 47564] C:\NTDETECT.COM [13/04/2008 - 23:02:00 | RASH | 251152] C:\ntldr [27/11/2009 - 10:09:04 | D ] C:\NVIDIA [13/12/2010 - 20:03:15 | ASH | 1610612736] C:\pagefile.sys [12/12/2010 - 23:27:43 | RD ] C:\Program Files [29/11/2009 - 14:15:37 | SHD ] C:\RECYCLER [18/01/2010 - 11:49:28 | D ] C:\Symfonia [13/12/2010 - 20:02:36 | SHD ] C:\System Volume Information [24/09/2010 - 11:41:39 | D ] C:\Tecar Forum [14/12/2010 - 05:49:37 | D ] C:\UsbFix [14/12/2010 - 05:49:37 | A | 0] C:\UsbFix.txt [13/12/2010 - 20:04:05 | D ] C:\WINDOWS [18/12/2009 - 00:04:39 | D ] D:\adobe premiere projekty [27/11/2009 - 10:17:58 | D ] D:\dokumenty XP [31/10/2010 - 00:12:17 | D ] D:\etka z aktualizacjami [12/12/2010 - 23:36:29 | D ] D:\instalki niezbedne [10/09/2010 - 23:03:10 | D ] D:\opera dane [07/02/2010 - 03:50:52 | D ] D:\PPLive [29/11/2009 - 17:30:29 | SHD ] D:\RECYCLER [13/12/2010 - 20:04:07 | SHD ] D:\System Volume Information [13/12/2010 - 20:00:09 | D ] D:\_OTL [25/11/2009 - 07:38:44 | SHD ] E:\$RECYCLE.BIN [24/08/2010 - 19:53:23 | D ] E:\bajki [24/08/2010 - 20:06:04 | D ] E:\dc [16/12/2008 - 22:40:53 | D ] E:\do navi [03/11/2008 - 23:44:12 | D ] E:\dreamweaver [14/08/2010 - 14:07:42 | A | 209715202] E:\ETKA.7.2.V5.International.2010.Incl.Online.Update.part01.rar [14/08/2010 - 19:55:28 | A | 2374964162] E:\ETKA.7.2.V5.International.2010.rar [07/12/2009 - 01:32:58 | D ] E:\Film [23/11/2008 - 19:58:08 | D ] E:\muza [11/11/2008 - 20:18:59 | D ] E:\Muzyka [15/11/2010 - 11:08:51 | HD ] E:\ojj [16/05/2009 - 09:29:59 | D ] E:\Prison break 4 seria [22/09/2009 - 19:26:05 | D ] E:\project edius [29/11/2009 - 17:30:29 | SHD ] E:\RECYCLER [13/07/2010 - 14:53:06 | D ] E:\settlers [13/12/2010 - 20:02:36 | SHD ] E:\System Volume Information [13/07/2010 - 15:03:07 | D ] E:\The Settlers II - Dziesięciolecie [22/09/2009 - 21:30:02 | D ] E:\wstawki-wes [25/11/2009 - 07:38:44 | SHD ] F:\$RECYCLE.BIN [28/05/2009 - 19:13:04 | D ] F:\Altium2004 [24/02/2009 - 01:51:17 | D ] F:\CSS [10/02/2009 - 21:15:01 | D ] F:\diagnostyka [06/12/2010 - 12:25:52 | D ] F:\downloads [01/12/2009 - 12:12:13 | D ] F:\edius [24/11/2010 - 14:49:08 | D ] F:\FIFA 09 [24/11/2010 - 14:49:02 | D ] F:\fifa crack [03/10/2008 - 07:37:52 | A | 6074368000] F:\FIFA.09.PL-DA.iso [27/02/2009 - 11:52:48 | D ] F:\OrCAD_Data [12/11/2009 - 03:09:57 | A | 13388] F:\PROGRAM.TXT [29/11/2009 - 17:30:29 | SHD ] F:\RECYCLER [13/12/2010 - 20:02:36 | SHD ] F:\System Volume Information [07/11/2009 - 02:54:11 | A | 1703968] F:\VirtualDub-1.9.7[www.instalki.pl].zip [11/07/2009 - 00:10:11 | A | 291] F:\win 7 key.rtf [25/11/2009 - 07:38:44 | SHD ] G:\$Recycle.Bin [22/09/2009 - 22:26:19 | D ] G:\6ee65b871d542eecf863ffccba0d29 [28/04/2009 - 23:13:52 | A | 24] G:\autoexec.bat [28/04/2009 - 23:13:52 | A | 10] G:\config.sys [02/06/2009 - 09:04:21 | SHD ] G:\Documents and Settings [26/11/2009 - 23:57:19 | D ] G:\easy recovery [11/09/2010 - 00:31:24 | D ] G:\filmy gerwaz [10/07/2009 - 14:36:16 | D ] G:\help [27/11/2009 - 09:13:50 | ASH | 804708352] G:\hiberfil.sys [26/10/2009 - 22:14:55 | RASH | 0] G:\IO.SYS [26/10/2009 - 22:14:55 | RASH | 0] G:\MSDOS.SYS [10/07/2009 - 23:39:07 | D ] G:\NVIDIA [02/06/2009 - 07:19:41 | D ] G:\PerfLogs [27/11/2009 - 09:18:09 | RD ] G:\Program Files [27/11/2009 - 09:18:09 | HD ] G:\ProgramData [07/07/2009 - 13:43:44 | SHD ] G:\Recovery [29/11/2009 - 17:30:29 | SHD ] G:\RECYCLER [13/12/2010 - 20:02:36 | SHD ] G:\System Volume Information [25/11/2009 - 07:38:38 | RD ] G:\Users [25/11/2009 - 22:08:56 | D ] G:\Windows [25/11/2009 - 07:38:44 | SHD ] H:\$RECYCLE.BIN [12/01/2010 - 00:33:39 | A | 209715200] H:\AM6.1a_EU.part02.rar [09/01/2010 - 20:29:43 | A | 419020] H:\AM6.1PL.rar [11/01/2010 - 00:42:52 | A | 209715200] H:\AM_6.1a_EU.part01.exe [11/12/2010 - 17:36:44 | D ] H:\automapa 6.1 full 912a [09/01/2010 - 20:59:20 | A | 9987598] H:\Czesio 6.0.voice [09/01/2010 - 21:02:58 | A | 8623833] H:\czesiovoiceformapamap.zip [09/01/2010 - 20:57:23 | A | 1008701] H:\Czesio_baza.rar [11/12/2010 - 00:02:46 | D ] H:\dc7 [11/10/2009 - 22:56:46 | D ] H:\do edycji [13/12/2010 - 18:49:41 | D ] H:\dual survival [27/11/2009 - 07:16:28 | D ] H:\easy recovery [08/01/2010 - 00:38:51 | D ] H:\heroes 3 [12/12/2010 - 16:38:15 | D ] H:\jdownloader [25/03/2009 - 01:22:13 | D ] H:\MapaMap [25/11/2009 - 15:07:19 | D ] H:\Muza do edycji [07/02/2010 - 03:48:43 | AH | 1073741824] H:\pfsvoddata.bbv [07/10/2009 - 12:50:51 | D ] H:\premiere project [25/11/2009 - 17:08:11 | D ] H:\recovery [29/11/2009 - 17:30:29 | SHD ] H:\RECYCLER [13/12/2010 - 20:02:36 | SHD ] H:\System Volume Information [29/11/2009 - 17:27:57 | ASH | 5632] H:\Thumbs.db [19/03/2010 - 20:54:57 | A | 6921995] H:\unwand odzyskanie hasel z opery.rar [19/03/2010 - 20:48:40 | A | 3868] H:\unwand.cpp [09/01/2010 - 20:57:10 | A | 1604223] H:\wielebny_głos_baza.rar ################## | E.O.F |

**Posty:** 18165 · przez **wojtas** 14 Gru 2010, 18:05

1.Uruchom OTL z opcji sprzątanie.
2. wykonaj optymalizację Windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )

Zaktualizuj zabezpieczenia:
>>> Adobe Reader (bez Free McAfee® Security Scan Plus)
>>> Internet Explorer 8
>>> Java™ 6 Update 23

**Posty:** 44 · przez **adamo88** 20 Gru 2010, 01:13

Dzięki wielkie, kolejny raz udało się odratować mojego winXP :]

**Posty:** 589 · przez **sieman0** 20 Gru 2010, 12:07

Polecam również zainstalować Autorun Virus Remover .

Pozdrawiam