Ta strona używa cookie do personalizacji treści i reklam oraz analizowania ruchu. Dowiedz się więcej w polityce prywatności.
Zgadzam się

OTL.Txt

Problem z Trojan.Win32.Generic

Jest jeszcze trochę śmieci do wyrzucenia.Daj logi z OTL http://oldtimer.geekstogo.com/OTL.exe Zaznacz-Wszyscy użytkownicy.Rejestr-Skan dodatkowy-Użyj filtrowania.Zaznacz-infekcja LOP iPurity.Komenda Skanuj. Skan zrobiony oto logi


OTL logfile created on: 2010-11-01 10:22:21 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = D:\Documents and Settings\pinokio\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,00 Mb Total Physical Memory | 202,00 Mb Available Physical Memory | 40,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): D:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 28,64 Gb Total Space | 4,36 Gb Free Space | 15,24% Space Free | Partition Type: NTFS
Drive D: | 15,02 Gb Total Space | 4,36 Gb Free Space | 29,02% Space Free | Partition Type: NTFS
Drive E: | 73,24 Gb Total Space | 35,73 Gb Free Space | 48,78% Space Free | Partition Type: NTFS
Drive F: | 98,04 Gb Total Space | 7,38 Gb Free Space | 7,53% Space Free | Partition Type: NTFS

Computer Name: PINOKIO-E4E807A | User Name: pinokio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-11-01 10:20:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\pinokio\Pulpit\OTL.exe
PRC - [2010-10-29 08:59:26 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-10-03 11:43:34 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) -- D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010-08-26 21:10:00 | 000,493,568 | ---- | M] (NETIA S.A.) -- D:\Program Files\Netia\Net\netianet.exe
PRC - [2010-07-01 21:34:46 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2008-12-05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) -- D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2007-02-13 15:20:50 | 001,205,840 | ---- | M] () -- D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-11-01 10:20:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\pinokio\Pulpit\OTL.exe
MOD - [2004-08-03 23:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2010-10-03 11:43:34 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2009-10-27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- D:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008-12-05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- H:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\ComboFix\catchme.sys -- (catchme)
DRV - [2010-10-31 15:15:52 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- D:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010-06-09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010-06-09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010-05-07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009-11-02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009-10-06 10:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-10-06 10:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-10-06 10:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009-10-06 10:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-03-25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009-03-25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009-03-25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009-03-25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009-03-25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009-03-25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009-03-25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008-08-26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-05-16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008-03-13 13:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008-03-13 13:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007-01-04 12:48:04 | 000,104,344 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2007-01-04 12:47:48 | 000,069,656 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\e4ldr.sys -- (E4LOADER) General Purpose USB Driver (e4ldr.sys)
DRV - [2005-09-22 09:34:18 | 003,727,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004-08-25 06:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0



IE - HKU\S-1-5-21-1275210071-1715567821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15003 & l=dis
IE - HKU\S-1-5-21-1275210071-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: " Ask.com "
FF - prefs.js..browser.search.defaultenginename: " Ask.com "
FF - prefs.js..browser.search.order.1: " Ask.com "
FF - prefs.js..browser.search.selectedEngine: " Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: " http://www.onet.pl/ "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..keyword.URL: " http://www.google.com/search?ie=UTF-8 & oe=UTF-8 & sourceid=navclient & gfns=1 & q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-10-29 08:59:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-10-29 08:59:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010-10-31 15:04:49 | 000,000,000 | ---D | M]

[2010-06-02 10:58:35 | 000,000,000 | ---D | M] -- D:\Documents and Settings\pinokio\Dane aplikacji\Mozilla\Extensions
[2010-10-05 09:04:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\pinokio\Dane aplikacji\Mozilla\Firefox\Profiles\a0huy3py.default\extensions
[2010-10-05 09:03:36 | 000,002,425 | ---- | M] () -- D:\Documents and Settings\pinokio\Dane aplikacji\Mozilla\Firefox\Profiles\a0huy3py.default\searchplugins\askcom.xml
[2010-10-31 14:32:02 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2010-07-07 09:00:23 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-10-03 11:33:19 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010-10-03 11:33:17 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010-07-07 09:00:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-04-01 18:33:11 | 000,002,767 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-04-01 18:33:11 | 000,001,406 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-04-01 18:33:11 | 000,000,917 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-04-01 18:33:11 | 000,000,858 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-04-01 18:33:11 | 000,001,183 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-04-01 18:33:11 | 000,001,683 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-10-31 21:54:56 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-1275210071-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVP] D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NETIANET] D:\Program Files\Netia\Net\netianet.exe (NETIA S.A.)
O4 - HKU\S-1-5-21-1275210071-1715567821-839522115-1003..\Run: [ALLUpdate] D:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - Startup: D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-1715567821-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: & Klawiatura wirtualna - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: & Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\klogon: DllName - D:\WINDOWS\system32\klogon.dll - D:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: D:\Documents and Settings\pinokio\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\pinokio\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-05-11 16:22:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- " %1 " %*
O35 - HKLM\..exefile [open] -- " %1 " %*
O37 - HKLM\...com [@ = ComFile] -- " %1 " %*
O37 - HKLM\...exe [@ = exefile] -- " %1 " %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-11-01 10:20:40 | 000,576,000 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\pinokio\Pulpit\OTL.exe
[2010-10-31 23:14:14 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\appmgmt
[2010-10-31 22:26:57 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2010-10-31 21:48:13 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2010-10-31 21:48:13 | 000,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2010-10-31 21:48:13 | 000,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2010-10-31 21:48:13 | 000,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2010-10-31 21:48:09 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2010-10-31 21:46:38 | 000,000,000 | ---D | C] -- D:\Qoobox
[2010-10-31 21:20:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\pinokio\Dane aplikacji\Malwarebytes
[2010-10-31 21:20:07 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2010-10-31 21:20:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-10-31 14:21:06 | 000,000,000 | ---D | C] -- D:\WINDOWS\Minidump
[2010-10-24 19:58:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\pinokio\Pulpit\nowe nie wystawione
[2010-10-15 07:17:23 | 000,000,000 | ---D | C] -- D:\Program Files\ALLPlayer
[2010-10-10 09:32:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\pinokio\Pulpit\foto
[2010-10-05 09:05:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\pinokio\Moje dokumenty\Pobieranie
[2010-10-05 08:52:46 | 000,000,000 | ---D | C] -- D:\Program Files\MSXML 6.0
[2010-10-05 08:42:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\pinokio\Dane aplikacji\HTML Executable
[2010-10-03 11:31:41 | 000,000,000 | ---D | C] -- D:\Program Files\Kaspersky Lab
[2010-10-03 11:31:25 | 000,475,736 | ---- | C] (Kaspersky Lab) -- D:\WINDOWS\System32\drivers\klif.sys
[2010-06-02 10:27:40 | 000,151,552 | R--- | C] ( ) -- D:\WINDOWS\System32\ATIDEMGR.dll
[3 D:\WINDOWS\*.tmp files - & gt; D:\WINDOWS\*.tmp - & gt; ]
[1 D:\WINDOWS\System32\*.tmp files - & gt; D:\WINDOWS\System32\*.tmp - & gt; ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-11-01 10:20:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\pinokio\Pulpit\OTL.exe
[2010-11-01 10:12:47 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010-11-01 10:12:43 | 536,399,872 | -HS- | M] () -- D:\hiberfil.sys
[2010-10-31 21:54:56 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2010-10-31 21:45:07 | 003,896,823 | R--- | M] () -- D:\Documents and Settings\pinokio\Pulpit\ComboFix.exe
[2010-10-31 15:15:52 | 000,475,736 | ---- | M] (Kaspersky Lab) -- D:\WINDOWS\System32\drivers\klif.sys
[2010-10-31 13:42:30 | 000,007,680 | ---- | M] () -- D:\Documents and Settings\pinokio\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-31 10:58:08 | 000,457,678 | ---- | M] () -- D:\WINDOWS\System32\perfh015.dat
[2010-10-31 10:58:08 | 000,401,064 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010-10-31 10:58:08 | 000,079,188 | ---- | M] () -- D:\WINDOWS\System32\perfc015.dat
[2010-10-31 10:58:08 | 000,062,344 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010-10-31 10:34:25 | 000,085,504 | ---- | M] () -- D:\WINDOWS\MBR.exe
[2010-10-24 18:08:11 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010-10-14 19:05:49 | 000,000,000 | -H-- | M] () -- D:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010-10-14 19:05:38 | 000,000,000 | -H-- | M] () -- D:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2010-10-05 08:53:18 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2010-10-03 11:33:07 | 000,113,933 | ---- | M] () -- D:\WINDOWS\System32\drivers\klin.dat
[2010-10-03 11:33:07 | 000,097,549 | ---- | M] () -- D:\WINDOWS\System32\drivers\klick.dat
[3 D:\WINDOWS\*.tmp files - & gt; D:\WINDOWS\*.tmp - & gt; ]
[1 D:\WINDOWS\System32\*.tmp files - & gt; D:\WINDOWS\System32\*.tmp - & gt; ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-10-31 21:48:13 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2010-10-31 21:48:13 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2010-10-31 21:48:13 | 000,085,504 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2010-10-31 21:48:13 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2010-10-31 21:48:13 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2010-10-31 21:44:40 | 003,896,823 | R--- | C] () -- D:\Documents and Settings\pinokio\Pulpit\ComboFix.exe
[2010-10-15 07:17:30 | 000,881,664 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2010-10-15 07:17:30 | 000,797,184 | ---- | C] () -- D:\WINDOWS\System32\ac3filter.ax
[2010-10-15 07:17:30 | 000,258,048 | ---- | C] () -- D:\WINDOWS\System32\libFLAC.dll
[2010-10-14 19:05:49 | 000,000,000 | -H-- | C] () -- D:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010-10-14 19:05:38 | 000,000,000 | -H-- | C] () -- D:\WINDOWS\System32\drivers\MsftWdf_user_01_07_00.Wdf
[2010-10-03 11:33:07 | 000,113,933 | ---- | C] () -- D:\WINDOWS\System32\drivers\klin.dat
[2010-10-03 11:33:07 | 000,097,549 | ---- | C] () -- D:\WINDOWS\System32\drivers\klick.dat
[2010-09-12 16:45:15 | 000,004,990 | ---- | C] () -- D:\Documents and Settings\All Users\Dane aplikacji\mtbjfghn.xbe
[2010-08-29 17:14:33 | 000,007,680 | ---- | C] () -- D:\Documents and Settings\pinokio\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-26 12:20:20 | 000,000,169 | ---- | C] () -- D:\WINDOWS\adidsl.ini
[2010-08-26 12:20:20 | 000,000,021 | ---- | C] () -- D:\WINDOWS\Fast800.ini
[2010-08-26 12:19:28 | 000,200,704 | ---- | C] () -- D:\WINDOWS\System32\coclassfast.dll
[2010-08-26 12:19:27 | 000,046,892 | ---- | C] () -- D:\WINDOWS\System32\ADADIX16.DLL
[2010-07-08 19:38:08 | 000,004,767 | ---- | C] () -- D:\WINDOWS\Irremote.ini
[2010-06-16 21:27:56 | 000,000,041 | ---- | C] () -- D:\Documents and Settings\pinokio\Ustawienia lokalne\Dane aplikacji\DiegoG3-3.0.4.2.INI
[2010-06-02 12:24:45 | 000,000,427 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2010-06-02 11:54:19 | 000,004,293 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2010-06-02 11:31:55 | 000,157,184 | R--- | C] () -- D:\WINDOWS\System32\RtlCPAPI.dll
[2010-06-02 11:28:13 | 000,010,379 | ---- | C] () -- D:\WINDOWS\hpdj3600.ini
[2010-06-02 10:47:01 | 000,000,990 | ---- | C] () -- D:\WINDOWS\adiras.ini
[2004-08-25 06:27:00 | 000,086,016 | ---- | C] () -- D:\WINDOWS\System32\ati2evxx.dll
[2004-08-03 23:44:00 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll
[2004-07-17 10:36:38 | 000,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010-09-12 17:05:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
[2010-06-18 19:58:58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\Installations
[2010-10-14 19:04:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2010-09-01 12:16:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\pinokio\Dane aplikacji\aerix
[2010-09-12 16:45:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\pinokio\Dane aplikacji\Carambis
[2010-10-05 08:42:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\pinokio\Dane aplikacji\HTML Executable
[2010-06-18 20:01:45 | 000,000,000 | ---D | M] -- D:\Documents and Settings\pinokio\Dane aplikacji\Nokia
[2010-07-20 14:39:27 | 000,000,000 | ---D | M] -- D:\Documents and Settings\pinokio\Dane aplikacji\PC Suite

[color=#E56717]========== Purity Check ==========[/color]



& lt; End of report & gt;


Pobierz plik - link do postu