OTL.Txt

Jak usunąć wirusa Ukash (Weelsof) z Windows XP bez płyty instalacyjnej?

Witam mam problem ze "wzmocnioną" wersją tego wirusa. Nie działają na niego podstawowe metody jak: -generator kodów ukash -tryb awaryjny (reseruje tryb i blokuje system jak przy zwykłym starcie) -tryb awaryjny z wierszem poleceń (jak wyżej) -Kaspersky Rescue disk 10 Nie ukrywam, że chciałbym się pozbyć szkodnika bez korzystania z płyty z windowsem. W załączniku zamieszczam loga z OTLPE Pozdrawiam

OTL logfile created on: 10/25/2013 5:09:07 PM - Run
OTLPE by OldTimer - Version 3.1.30.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Dodatek Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 62.00% Memory free
459.00 Mb Paging File | 337.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14.65 Gb Total Space | 1.21 Gb Free Space | 8.27% Space Free | Partition Type: NTFS
Drive D: | 29.28 Gb Total Space | 17.69 Gb Free Space | 60.42% Space Free | Partition Type: FAT32
Drive E: | 32.38 Gb Total Space | 16.58 Gb Free Space | 51.21% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto] -- -- (BrowserProtect)
SRV - [2013/10/22 01:45:44 | 000,131,072 | ---- | M] () [Auto] -- C:\DOCUME~1\ALLUSE~1\DANEAP~1\8alwz884.dss -- (winmgmt)
SRV - [2013/08/22 13:36:19 | 003,233,806 | ---- | M] () [Auto] -- C:\Program Files\Tor\tor.exe -- (tor)
SRV - [2013/03/12 13:00:19 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/10/07 03:17:11 | 000,116,648 | ---- | M] (Google Inc.) [On_Demand] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) Usługa Google Update (gupdatem)
SRV - [2012/10/07 03:17:11 | 000,116,648 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Usługa Google Update (gupdate)
SRV - [2011/10/03 00:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/24 15:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS.exe -- (DfSdkS)
SRV - [2008/02/28 13:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/02/18 12:29:12 | 000,877,864 | ---- | M] (Nero AG) [Auto] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2006/12/19 05:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/03 16:10:00 | 000,516,096 | ---- | M] () [Auto] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2004/08/03 09:35:08 | 000,389,120 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2003/07/28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/09/27 10:26:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/01 05:43:16 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2010/03/01 05:43:12 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2010/03/01 05:43:12 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2010/03/01 05:43:12 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2010/03/01 05:43:12 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2010/03/01 05:43:10 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2010/03/01 05:43:10 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2008/12/21 07:17:08 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2008/12/21 07:14:31 | 000,642,560 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/03/28 22:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2006/04/21 19:00:00 | 000,032,128 | ---- | M] (WinAbility® Software Corporation) [Kernel | Auto] -- E:\PROGRAMY\MySecretFolder\MSF32.SYS -- (MSF32)
DRV - [2004/10/15 07:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/03 17:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 09:36:50 | 000,768,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/04/23 23:28:04 | 000,041,984 | R--- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB)
DRV - [2002/09/28 18:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2002/09/28 18:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/09/28 18:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2002/09/28 18:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2001/10/30 08:01:50 | 000,280,782 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001/08/17 17:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wyborcza.pl/0,0.html?p=139


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

IE - HKU\Plonki_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\Plonki_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

FF - HKLM\software\mozilla\Firefox\extensions\\crossriderapp498@crossrider.com: C:\Documents and Settings\Plonki\Ustawienia lokalne\Dane aplikacji\RewardsArcade\498\Firefox [2011/12/01 11:58:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/12 13:00:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/09 05:36:09 | 000,000,000 | ---D | M]

[2012/12/09 05:36:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/12 13:00:20 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/10/03 00:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2012/11/20 04:04:07 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2013/03/08 10:00:12 | 000,006,484 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2012/11/20 04:04:08 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2012/11/20 04:04:08 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2012/11/20 04:04:07 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2012/11/20 04:04:07 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2012/11/20 04:04:07 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2011/01/02 09:23:02 | 000,000,744 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\PROGRAMY\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Plonki_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme ()
O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRAMY\office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Plonki_ON_C\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.172.224.160 89.231.1.206
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/06 11:35:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- " %1 " %*
O35 - exefile [open] -- " %1 " %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/10/25 17:07:24 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2013/10/25 17:04:57 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2013/10/25 17:04:56 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2013/10/25 17:04:56 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2013/10/25 17:04:56 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2013/10/25 17:04:56 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2013/10/25 17:04:56 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2013/10/25 17:04:56 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2013/10/25 17:04:56 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2013/10/25 17:04:56 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2013/10/25 17:04:56 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2013/10/25 17:04:56 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2013/10/25 17:04:56 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2013/10/25 17:04:56 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2013/10/25 17:04:56 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2013/10/25 17:04:56 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2013/10/25 17:04:56 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2013/10/25 17:04:56 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2013/10/24 15:21:38 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/10/22 14:57:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft
[2013/10/22 14:57:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft
[2013/10/22 14:57:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/10/22 14:57:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji
[2013/10/22 14:57:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Menu Start
[2013/10/22 14:57:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/10/22 14:57:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/10/22 14:57:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/10/22 14:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit
[2013/10/22 14:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty
[2013/10/22 14:57:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/10/22 14:57:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne
[2013/10/22 14:57:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Szablony
[2013/10/22 14:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ulubione
[2013/10/17 14:23:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plonki\Pulpit\Nowy folder (2)
[2013/10/12 16:02:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Plonki\Recent
[2013/10/10 14:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plonki\Pulpit\fiza
[2013/09/27 10:25:36 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/06 12:02:29 | 000,135,168 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[3 C:\WINDOWS\*.tmp files - & gt; C:\WINDOWS\*.tmp - & gt; ]
[2 C:\WINDOWS\System32\*.tmp files - & gt; C:\WINDOWS\System32\*.tmp - & gt; ]
[1 C:\Documents and Settings\Plonki\Moje dokumenty\*.tmp files - & gt; C:\Documents and Settings\Plonki\Moje dokumenty\*.tmp - & gt; ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/10/25 17:08:40 | 000,233,472 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2013/10/25 17:07:59 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2013/10/25 09:31:52 | 000,233,472 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2013/10/25 09:31:52 | 000,233,472 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2013/10/25 09:31:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/25 09:31:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2013/10/25 06:33:16 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/24 16:21:16 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2013/10/22 15:04:30 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\CPU Grid Computing.job
[2013/10/22 14:32:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/22 03:58:44 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Plonki\NTUSER.DAT
[2013/10/22 03:58:44 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Plonki\ntuser.ini
[2013/10/22 01:45:49 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Plonki\Menu Start\Programy\Autostart\488zwla8.lnk
[2013/10/22 01:44:46 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/20 07:00:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/04 11:40:00 | 000,272,047 | ---- | M] () -- C:\Documents and Settings\Plonki\Pulpit\1237457_529697293773573_1671120652_o.jpg
[2013/09/27 10:26:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[3 C:\WINDOWS\*.tmp files - & gt; C:\WINDOWS\*.tmp - & gt; ]
[2 C:\WINDOWS\System32\*.tmp files - & gt; C:\WINDOWS\System32\*.tmp - & gt; ]
[1 C:\Documents and Settings\Plonki\Moje dokumenty\*.tmp files - & gt; C:\Documents and Settings\Plonki\Moje dokumenty\*.tmp - & gt; ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/10/25 17:04:57 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2013/10/25 17:04:57 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2013/10/25 17:04:57 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2013/10/25 17:04:57 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2013/10/25 17:04:57 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2013/10/25 17:04:57 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2013/10/25 17:04:57 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2013/10/25 17:04:57 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2013/10/25 17:04:57 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2013/10/25 17:04:57 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2013/10/25 17:04:57 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2013/10/25 17:04:57 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2013/10/25 17:04:57 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2013/10/25 17:04:57 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2013/10/25 17:04:57 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2013/10/25 17:04:57 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2013/10/25 17:04:57 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2013/10/22 14:57:31 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2013/10/22 14:57:29 | 000,233,472 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2013/10/22 01:45:49 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Plonki\Menu Start\Programy\Autostart\488zwla8.lnk
[2013/10/04 11:40:00 | 000,272,047 | ---- | C] () -- C:\Documents and Settings\Plonki\Pulpit\1237457_529697293773573_1671120652_o.jpg
[2013/09/28 09:17:58 | 048,826,628 | ---- | C] () -- C:\Documents and Settings\Plonki\Pulpit\Fizyka, wybor testow, zestawy pytan zamknietych i otwartych, tom 2, Andrzej Person(1).pdf
[2013/08/17 12:13:12 | 000,152,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2013/03/18 12:14:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/03/18 12:09:40 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2012/10/07 03:21:44 | 000,290,500 | ---- | C] () -- C:\Documents and Settings\Plonki\Ustawienia lokalne\Dane aplikacji\funmoods-speeddial_sf.crx
[2012/10/07 03:21:43 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\Plonki\Ustawienia lokalne\Dane aplikacji\funmoods.crx
[2010/10/24 07:19:44 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Plonki\Ustawienia lokalne\Dane aplikacji\kodakpcd.ini
[2010/01/08 09:45:43 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/08 10:48:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/03/16 15:59:16 | 000,000,084 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2009/02/18 17:50:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/27 12:02:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\naglos.INI
[2008/12/20 14:47:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/06 13:29:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/12/06 12:49:17 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Plonki\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/06 11:57:32 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/12/06 11:57:27 | 000,004,346 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008/12/06 11:56:43 | 000,000,284 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008/12/06 11:56:43 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2004/10/12 01:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 01:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 01:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 01:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 03:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/03 09:35:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003/04/08 05:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/28 18:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[color=#E56717]========== LOP Check ==========[/color]

[2009/11/08 07:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plonki\Dane aplikacji\AbsoluteTelnet
[2013/03/08 15:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plonki\Dane aplikacji\Delta
[2012/10/12 14:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plonki\Dane aplikacji\EurekaLog
[2013/03/12 13:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plonki\Dane aplikacji\Funmoods
[2013/08/17 12:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plonki\Dane aplikacji\Grupa IMAGE
[2008/12/06 13:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plonki\Dane aplikacji\InterTrust
[2012/10/07 03:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plonki\Dane aplikacji\Opera
[2010/10/01 14:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plonki\Dane aplikacji\Sony
[2013/10/22 15:04:30 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\CPU Grid Computing.job

[color=#E56717]========== Purity Check ==========[/color]


& lt; End of report & gt;