Wirus z facebooka

Dla specjalistów Bezpieczeństwo
#1

Oczywiscie kliknelam w link rozsylany na facebooku :x Sciagnelam Malware, ale wciaz cos siedzi w plikach, bo facebook nie chodzi. Uruchomilam OTL, bo tak wyczytalam na innych forach. Nie wiem co dalej robic.

Prosze o pomoc.

OTL

OTL logfile created on: 2011-10-03 07:18:56 - Run 1

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


511,48 Mb Total Physical Memory | 108,75 Mb Available Physical Memory | 21,26% Memory free

1,21 Gb Paging File | 0,89 Gb Available in Paging File | 72,96% Paging File free

Paging file location(s): c:\pagefile.sys 768 1536 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 19,53 Gb Total Space | 1,03 Gb Free Space | 5,25% Space Free | Partition Type: NTFS

Drive D: | 20,22 Gb Total Space | 19,55 Gb Free Space | 96,68% Space Free | Partition Type: NTFS

Drive E: | 19,69 Gb Total Space | 0,89 Gb Free Space | 4,50% Space Free | Partition Type: NTFS

Drive F: | 15,08 Gb Total Space | 1,94 Gb Free Space | 12,87% Space Free | Partition Type: NTFS


Computer Name: DOM-7198BDFFD35 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2011-10-03 07:18:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL(3).exe

PRC - [2011-09-20 06:31:52 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2008-04-14 21:51:40 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\savedump.exe

PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe

PRC - [2002-01-02 12:56:27 | 000,382,464 | ---- | M] () -- C:\WINNT\update.7.1\svchostdriver.exe



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2011-09-20 06:31:51 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2010-12-10 15:48:27 | 005,971,408 | ---- | M] () -- C:\WINNT\system32\Macromed\Flash\NPSWF32.dll

MOD - [2002-01-02 12:56:27 | 000,382,464 | ---- | M] () -- C:\WINNT\update.7.1\svchostdriver.exe



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [Auto | Stopped] -- -- (AVP)

SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011-05-28 13:50:23 | 000,119,296 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{6339663B-F26F-4FE3-B813-0E1DEC4ED976}\Installer\InstallerService.exe -- (Installer Service)

SRV - [2002-01-02 12:56:27 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\WINNT\update.7.1\svchostdriver.exe -- (ddservice)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010-06-09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINNT\system32\drivers\kl2.sys -- (kl2)

DRV - [2010-06-09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\kl1.sys -- (KL1)

DRV - [2010-05-07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\klim5.sys -- (klim5)

DRV - [2009-11-02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2008-04-14 22:30:58 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008-04-14 22:09:56 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008-04-13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINNT\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2004-08-04 00:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2002-01-03 10:17:56 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINNT\system32\drivers\klif.sys -- (KLIF)

DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\msmpu401.sys -- (ms_mpu401)

DRV - [2001-08-17 22:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2001-08-17 22:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-20 06:31:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-19 04:15:24 | 000,000,000 | ---D | M]


[2010-11-20 19:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions

[2011-06-18 10:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6uaxgo7e.default\extensions

[2010-12-03 14:31:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6uaxgo7e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011-06-19 04:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010-11-26 20:36:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010-11-26 20:36:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011-09-20 06:31:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010-11-26 20:36:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011-09-20 06:31:47 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2011-09-20 06:31:47 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2011-09-20 06:31:47 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2011-09-20 06:31:47 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2011-09-20 06:31:47 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2011-09-20 06:31:46 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


[color=#E56717]========== Chrome ==========[/color]


CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}


O1 HOSTS File: ([2011-08-21 21:45:02 | 000,202,984 | -H-- | M]) - C:\WINNT\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 facebook.com

O1 - Hosts: 127.0.0.1 www.facebook.com

O1 - Hosts: 127.0.0.1 af-za.facebook.com

O1 - Hosts: 127.0.0.1 az-az.facebook.com

O1 - Hosts: 127.0.0.1 id-id.facebook.com

O1 - Hosts: 127.0.0.1 ms-my.facebook.com

O1 - Hosts: 127.0.0.1 bs-ba.facebook.com

O1 - Hosts: 127.0.0.1 ca-es.facebook.com

O1 - Hosts: 127.0.0.1 cs-cz.facebook.com

O1 - Hosts: 127.0.0.1 cy-gb.facebook.com

O1 - Hosts: 127.0.0.1 da-dk.facebook.com

O1 - Hosts: 127.0.0.1 de-de.facebook.com

O1 - Hosts: 127.0.0.1 et-ee.facebook.com

O1 - Hosts: 127.0.0.1 en-gb.facebook.com

O1 - Hosts: 127.0.0.1 es-la.facebook.com

O1 - Hosts: 127.0.0.1 eo-eo.facebook.com

O1 - Hosts: 127.0.0.1 eu-es.facebook.com

O1 - Hosts: 127.0.0.1 tl-ph.facebook.com

O1 - Hosts: 127.0.0.1 fo-fo.facebook.com

O1 - Hosts: 127.0.0.1 fr-fr.facebook.com

O1 - Hosts: 127.0.0.1 fy-nl.facebook.com

O1 - Hosts: 127.0.0.1 ga-ie.facebook.com

O1 - Hosts: 127.0.0.1 gl-es.facebook.com

O1 - Hosts: 127.0.0.1 ko-kr.facebook.com

O1 - Hosts: 50053 more lines...

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll File not found

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll File not found

O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" File not found

O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [tray_ico] File not found

O4 - HKLM..\Run: [tray_ico2] File not found

O4 - HKLM..\Run: [tray_ico3] File not found

O4 - HKLM..\Run: [tray_ico4] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINNT\System32\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CE45EEA-5112-4D7C-A9E4-7299E1A17738}: DhcpNameServer = 192.168.1.1 0.0.0.0

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINNT\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\klogon: DllName - (C:\WINNT\system32\klogon.dll) - C:\WINNT\system32\klogon.dll (Kaspersky Lab ZAO)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp

O30 - LSA: Authentication Packages - (nwprovau) -C:\WINNT\System32\nwprovau.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - services32.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-11-18 22:20:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O33 - MountPoints2\{3d8e3c6f-f4c2-11df-bf42-00110979f55e}\Shell\AutoRun\command - "" = egmjjb.exe

O33 - MountPoints2\{3d8e3c6f-f4c2-11df-bf42-00110979f55e}\Shell\open\Command - "" = egmjjb.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (aswBoot.exe /M:4a7a0b7b)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[9 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp ->]

[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2011-10-03 07:17:17 | 000,000,256 | ---- | M] () -- C:\WINNT\tasks\WGASetup.job

[2011-10-03 07:17:16 | 000,001,046 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job

[2011-10-03 07:17:08 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat

[2011-10-03 07:01:45 | 536,436,736 | ---- | M] () -- C:\WINNT\MEMORY.DMP

[2011-10-03 06:52:30 | 000,001,050 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job

[2011-10-02 13:36:34 | 000,192,976 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT

[2011-10-02 11:58:40 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk

[2011-09-29 16:00:54 | 000,276,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\morska.jpg

[2011-09-27 22:17:27 | 000,062,225 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\dsc00141vi.jpg

[2011-09-19 22:22:00 | 000,270,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\krlo.jpg

[2011-09-19 22:21:31 | 000,273,052 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\usmiech.jpg

[2011-09-18 20:19:25 | 000,316,283 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\oko.jpg

[2011-09-18 20:19:09 | 000,216,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\krup.jpg

[2011-09-16 11:47:41 | 000,028,196 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\vvc.jpg

[2011-09-13 20:27:15 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl

[2011-09-08 08:53:31 | 000,523,418 | ---- | M] () -- C:\WINNT\System32\perfh015.dat

[2011-09-08 08:53:31 | 000,462,508 | ---- | M] () -- C:\WINNT\System32\perfh009.dat

[2011-09-08 08:53:31 | 000,100,532 | ---- | M] () -- C:\WINNT\System32\perfc015.dat

[2011-09-08 08:53:31 | 000,079,592 | ---- | M] () -- C:\WINNT\System32\perfc009.dat

[9 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp ->]

[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2011-09-29 16:00:49 | 000,276,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\morska.jpg

[2011-09-27 22:17:23 | 000,062,225 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\dsc00141vi.jpg

[2011-09-19 22:22:00 | 000,270,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\krlo.jpg

[2011-09-19 22:21:30 | 000,273,052 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\usmiech.jpg

[2011-09-18 20:19:25 | 000,316,283 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\oko.jpg

[2011-09-18 20:19:08 | 000,216,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\krup.jpg

[2011-09-16 11:47:29 | 000,028,196 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\vvc.jpg

[2011-08-21 09:23:49 | 000,114,243 | ---- | C] () -- C:\WINNT\System32\drivers\klin.dat

[2011-08-21 09:23:49 | 000,097,859 | ---- | C] () -- C:\WINNT\System32\drivers\klick.dat

[2011-05-25 00:44:26 | 000,059,904 | ---- | C] () -- C:\WINNT\System32\OVDecode.dll

[2011-04-30 07:53:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt

[2011-04-30 07:51:47 | 000,005,632 | ---- | C] () -- C:\WINNT\System32\drivers\StarOpen.sys

[2011-02-27 18:22:11 | 000,000,056 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat

[2011-01-17 20:53:18 | 000,007,207 | R--- | C] () -- C:\WINNT\Disktool.INI

[2011-01-17 20:53:18 | 000,006,399 | R--- | C] () -- C:\WINNT\fwupgrade.ini

[2011-01-17 20:53:18 | 000,003,677 | R--- | C] () -- C:\WINNT\SoundCon.INI

[2010-11-28 13:55:57 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-11-20 19:45:24 | 000,178,176 | ---- | C] () -- C:\WINNT\System32\unrar.dll

[2010-11-20 19:45:24 | 000,000,038 | ---- | C] () -- C:\WINNT\avisplitter.ini

[2010-11-20 19:45:22 | 000,205,824 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll

[2010-11-20 19:45:20 | 000,085,504 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll

[2010-11-20 19:44:38 | 000,881,664 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll

[2010-11-20 19:44:05 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat

[2010-11-20 19:36:18 | 000,000,000 | ---- | C] () -- C:\WINNT\ativpsrm.bin

[2010-11-20 19:34:15 | 000,593,920 | ---- | C] () -- C:\WINNT\System32\ati2sgag.exe

[2010-11-20 19:24:59 | 000,000,092 | ---- | C] () -- C:\WINNT\CMISETUP.INI

[2010-11-20 19:24:59 | 000,000,026 | ---- | C] () -- C:\WINNT\CMCDPLAY.INI

[2010-11-20 19:24:48 | 000,233,472 | ---- | C] () -- C:\WINNT\System32\cmirmdrv.exe

[2010-11-20 19:24:48 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\cmirmdrv.dll

[2010-11-18 22:21:31 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat

[2010-11-18 22:16:54 | 000,023,044 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat

[2010-11-18 21:40:34 | 000,004,205 | ---- | C] () -- C:\WINNT\ODBCINST.INI

[2010-11-18 21:37:23 | 000,192,976 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT

[2010-02-11 06:12:00 | 003,107,788 | ---- | C] () -- C:\WINNT\System32\ativva5x.dat

[2010-02-11 06:12:00 | 000,887,724 | ---- | C] () -- C:\WINNT\System32\ativva6x.dat

[2009-09-09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINNT\System32\drivers\klopp.dat

[2009-04-24 00:29:16 | 000,189,051 | ---- | C] () -- C:\WINNT\System32\atiicdxx.dat

[2008-04-14 22:16:20 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\Dcache.bin

[2006-12-31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat

[2004-09-16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINNT\System32\drivers\ADFUUD.SYS

[2004-09-16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINNT\ADFUUD.SYS

[2002-01-02 12:56:02 | 000,246,272 | ---- | C] () -- C:\WINNT\unrar.exe

[2002-01-02 12:53:16 | 000,000,000 | ---- | C] () -- C:\WINNT\loader2.exe_ok

[2001-10-26 20:15:16 | 000,523,418 | ---- | C] () -- C:\WINNT\System32\perfh015.dat

[2001-10-26 20:15:16 | 000,100,532 | ---- | C] () -- C:\WINNT\System32\perfc015.dat

[2001-10-26 17:15:16 | 000,313,828 | ---- | C] () -- C:\WINNT\System32\perfi015.dat

[2001-10-26 17:15:16 | 000,034,990 | ---- | C] () -- C:\WINNT\System32\perfd015.dat

[2001-08-23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin

[2001-08-23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINNT\System32\oembios.dat

[2001-08-18 01:30:24 | 000,462,508 | ---- | C] () -- C:\WINNT\System32\perfh009.dat

[2001-08-18 01:30:22 | 000,079,592 | ---- | C] () -- C:\WINNT\System32\perfc009.dat

[2001-08-17 22:30:24 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat

[2001-08-17 22:30:24 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat

[2001-08-17 22:15:38 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin

[2001-07-22 02:24:16 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat

[2001-07-21 23:36:48 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat

[2001-07-21 23:36:04 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat


< End of report >

EXTRAS

OTL Extras logfile created on: 2011-10-03 07:18:56 - Run 1

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


511,48 Mb Total Physical Memory | 108,75 Mb Available Physical Memory | 21,26% Memory free

1,21 Gb Paging File | 0,89 Gb Available in Paging File | 72,96% Paging File free

Paging file location(s): c:\pagefile.sys 768 1536 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 19,53 Gb Total Space | 1,03 Gb Free Space | 5,25% Space Free | Partition Type: NTFS

Drive D: | 20,22 Gb Total Space | 19,55 Gb Free Space | 96,68% Space Free | Partition Type: NTFS

Drive E: | 19,69 Gb Total Space | 0,89 Gb Free Space | 4,50% Space Free | Partition Type: NTFS

Drive F: | 15,08 Gb Total Space | 1,94 Gb Free Space | 12,87% Space Free | Partition Type: NTFS


Computer Name: DOM-7198BDFFD35 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Extra Registry (SafeList) ==========[/color]



[color=#E56717]========== File Associations ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l


[HKEY_CURRENT_USER\SOFTWARE\Classes\]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)


[color=#E56717]========== Shell Spawning ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)


[color=#E56717]========== Security Center Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 1

"DisableThumbnailCache" = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[color=#E56717]========== System Restore Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2


[color=#E56717]========== Firewall Settings ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0


[color=#E56717]========== Authorized Applications List ==========[/color]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINNT\update.1\svchost.exe" = C:\WINNT\update.1\svchost.exe:*:Enabled:C:\WINNT\update.1\svchost.exe

"C:\WINNT\services32.exe" = C:\WINNT\services32.exe:*:Enabled:C:\WINNT\services32.exe

"C:\WINNT\update.2\svchost.exe" = C:\WINNT\update.2\svchost.exe:*:Enabled:C:\WINNT\update.2\svchost.exe



[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish

"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common

"{1DA75811-6C2C-ABFA-7DBF-9B9EDAA005E3}" = ATI Catalyst Install Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish

"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard

"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22

"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish

"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English

"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation

"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German

"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins

"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French

"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish

"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch

"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities

"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional

"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek

"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full

"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New

"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding

"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12

"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007

"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007

"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007

"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007

"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007

"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007

"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007

"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007

"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007

"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007

"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007

"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X

"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian

"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish

"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai

"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All

"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish

"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static

"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light

"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility

"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ALLPlayer_is1" = ALLPlayer V4.X

"Ares" = Ares 2.1.7

"ATI Display Driver" = ATI Display Driver

"C-Media Audio Driver" = C-Media WDM Audio Driver

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30

"FotoSender_is1" = FotoSender 3.0

"Gadu-Gadu 10" = Gadu-Gadu 10

"Google Chrome" = Google Chrome

"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 6.0.2 (x86 pl)" = Mozilla Firefox 6.0.2 (x86 pl)

"Picasa 3" = Picasa 3

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"WinRAR archiver" = Archiwizator WinRAR

"WMFDist11" = Windows Media Format 11 runtime


[color=#E56717]========== Last 10 Event Log Errors ==========[/color]


[Application Events]

Error - 2002-01-02 17:31:25 | Computer Name = DOM-7198BDFFD35 | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

 aktualizacji z: ,

 wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

 bieżącego zegara systemowego lub sygnatury czasowej.  


Error - 2002-01-02 17:31:26 | Computer Name = DOM-7198BDFFD35 | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

 aktualizacji z: ,

 wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

 bieżącego zegara systemowego lub sygnatury czasowej.  


Error - 2002-01-02 17:31:27 | Computer Name = DOM-7198BDFFD35 | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

 aktualizacji z: ,

 wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

 bieżącego zegara systemowego lub sygnatury czasowej.  


Error - 2002-01-02 17:31:27 | Computer Name = DOM-7198BDFFD35 | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

 aktualizacji z: ,

 wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

 bieżącego zegara systemowego lub sygnatury czasowej.  


Error - 2002-01-02 17:31:27 | Computer Name = DOM-7198BDFFD35 | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

 aktualizacji z: ,

 wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

 bieżącego zegara systemowego lub sygnatury czasowej.  


Error - 2002-01-02 17:31:27 | Computer Name = DOM-7198BDFFD35 | Source = crypt32 | ID = 131083

Description = Nie można wyodrębnić głównej listy innych firm z pliku cab automatycznej

 aktualizacji z: ,

 wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji

 bieżącego zegara systemowego lub sygnatury czasowej.  


Error - 2002-01-05 08:15:42 | Computer Name = DOM-7198BDFFD35 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.0.4240, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2002-01-08 05:22:10 | Computer Name = DOM-7198BDFFD35 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.0.4240, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2011-09-09 09:34:17 | Computer Name = DOM-7198BDFFD35 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.0.4240, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Error - 2011-09-14 14:20:21 | Computer Name = DOM-7198BDFFD35 | Source = Application Hang | ID = 1002

Description = Aplikacja zawieszająca firefox.exe, wersja 6.0.0.4240, moduł zawieszenia

 hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


[System Events]

Error - 2011-10-01 06:51:43 | Computer Name = DOM-7198BDFFD35 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa Kaspersky Anti-Virus z powodu następującego

 błędu: %%3


Error - 2011-10-01 11:18:24 | Computer Name = DOM-7198BDFFD35 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa Kaspersky Anti-Virus z powodu następującego

 błędu: %%3


Error - 2011-10-01 12:37:54 | Computer Name = DOM-7198BDFFD35 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa Kaspersky Anti-Virus z powodu następującego

 błędu: %%3


Error - 2011-10-02 00:20:11 | Computer Name = DOM-7198BDFFD35 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa Kaspersky Anti-Virus z powodu następującego

 błędu: %%3


Error - 2011-10-02 07:37:32 | Computer Name = DOM-7198BDFFD35 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa Kaspersky Anti-Virus z powodu następującego

 błędu: %%3


Error - 2011-10-02 11:26:51 | Computer Name = DOM-7198BDFFD35 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa Kaspersky Anti-Virus z powodu następującego

 błędu: %%3


Error - 2011-10-02 13:22:15 | Computer Name = DOM-7198BDFFD35 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa Kaspersky Anti-Virus z powodu następującego

 błędu: %%3


Error - 2011-10-03 00:11:30 | Computer Name = DOM-7198BDFFD35 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa Kaspersky Anti-Virus z powodu następującego

 błędu: %%3


Error - 2011-10-03 01:03:06 | Computer Name = DOM-7198BDFFD35 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa Kaspersky Anti-Virus z powodu następującego

 błędu: %%3


Error - 2011-10-03 01:18:14 | Computer Name = DOM-7198BDFFD35 | Source = Service Control Manager | ID = 7000

Description = Nie można uruchomić usługi Usługa Kaspersky Anti-Virus z powodu następującego

 błędu: %%3



< End of report >
#2

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

Kliknij Wykonaj skrypt .Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

Logi umieść na wklej.org -bardziej czytelne.

#3

Witam a czy i mi może ktoś pomóc?

Mam to samo i myslę że zaatakował mnie wirus koobeface?

mój otl

http://www.wklej.eu/index.php?id=84ccfbb4ee

#4

Ech Wy niewolnicy facebooka :frowning: Narazie wirus, następnie laptop do śmietnika. Bawcie się dalej tym g…

#5

Raport po restarcie http://wklej.org/id/602498/

All processes killed

========== OTL ==========

Service AVP stopped successfully!

Service AVP deleted successfully!

Service ddservice stopped successfully!

Service ddservice deleted successfully!

C:\WINNT\update.7.1\svchostdriver.exe moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E33CF602-D945-461A-83F0-819F76A199F8}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVP deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll deleted successfully.

C:\WINNT\tasks\WGASetup.job moved successfully.

C:\WINNT\loader2.exe_ok moved successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\"AlternateShell"|"cmd.exe" /E : value set successfully!

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.

========== COMMANDS ==========


[EMPTYTEMP]


User: Administrator

->Temp folder emptied: 2263734883 bytes

->Temporary Internet Files folder emptied: 148880601 bytes

->Java cache emptied: 65112000 bytes

->FireFox cache emptied: 57508407 bytes

->Google Chrome cache emptied: 23252563 bytes

->Flash cache emptied: 9559971 bytes


User: All Users


User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56502 bytes


User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 2381079 bytes


User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes


%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 6818628 bytes

%systemroot%\System32 .tmp files removed: 2596 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 118270211 bytes

RecycleBin emptied: 3514402 bytes


Total Files Cleaned = 2 574,00 mb


C:\WINNT\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully


OTL by OldTimer - Version 3.2.29.1 log created on 10032011_112107


Files\Folders moved on Reboot...


Registry entries deleted on Reboot...

NOWY log OTL: http://wklej.org/id/602500/

OTL logfile created on: 2011-10-03 11:29:07 - Run 2

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


511,48 Mb Total Physical Memory | 73,42 Mb Available Physical Memory | 14,35% Memory free

1,21 Gb Paging File | 0,85 Gb Available in Paging File | 69,93% Paging File free

Paging file location(s): c:\pagefile.sys 768 1536 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 19,53 Gb Total Space | 3,52 Gb Free Space | 18,04% Space Free | Partition Type: NTFS

Drive D: | 20,22 Gb Total Space | 19,55 Gb Free Space | 96,68% Space Free | Partition Type: NTFS

Drive E: | 19,69 Gb Total Space | 0,89 Gb Free Space | 4,52% Space Free | Partition Type: NTFS

Drive F: | 15,08 Gb Total Space | 1,94 Gb Free Space | 12,87% Space Free | Partition Type: NTFS


Computer Name: DOM-7198BDFFD35 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2011-10-03 11:27:27 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie\OTL(5).exe

PRC - [2011-09-20 06:31:52 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011-07-06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2008-04-14 21:51:40 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\savedump.exe

PRC - [2008-04-14 21:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe



[color=#E56717]========== Modules (No Company Name) ==========[/color]


MOD - [2011-09-20 06:31:51 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2010-12-10 15:48:27 | 005,971,408 | ---- | M] () -- C:\WINNT\system32\Macromed\Flash\NPSWF32.dll

MOD - [2009-02-14 06:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2011-07-06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011-05-28 13:50:23 | 000,119,296 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{6339663B-F26F-4FE3-B813-0E1DEC4ED976}\Installer\InstallerService.exe -- (Installer Service)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010-06-09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINNT\system32\drivers\kl2.sys -- (kl2)

DRV - [2010-06-09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\kl1.sys -- (KL1)

DRV - [2010-05-07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\klim5.sys -- (klim5)

DRV - [2009-11-02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2008-04-14 22:30:58 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008-04-14 22:09:56 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008-04-13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINNT\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2004-08-04 00:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2002-01-03 10:17:56 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINNT\system32\drivers\klif.sys -- (KLIF)

DRV - [2001-08-18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\msmpu401.sys -- (ms_mpu401)

DRV - [2001-08-17 22:54:18 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2001-08-17 22:54:18 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)


FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-20 06:31:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-19 04:15:24 | 000,000,000 | ---D | M]


[2010-11-20 19:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions

[2011-06-18 10:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6uaxgo7e.default\extensions

[2010-12-03 14:31:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\6uaxgo7e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011-06-19 04:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010-11-26 20:36:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010-11-26 20:36:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011-09-20 06:31:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010-11-26 20:36:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011-09-20 06:31:47 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2011-09-20 06:31:47 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2011-09-20 06:31:47 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2011-09-20 06:31:47 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2011-09-20 06:31:47 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2011-09-20 06:31:46 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


[color=#E56717]========== Chrome ==========[/color]


CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}


O1 HOSTS File: ([2011-10-03 11:23:30 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINNT\System32\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CE45EEA-5112-4D7C-A9E4-7299E1A17738}: DhcpNameServer = 192.168.1.1 0.0.0.0

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINNT\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\klogon: DllName - (C:\WINNT\system32\klogon.dll) - C:\WINNT\system32\klogon.dll (Kaspersky Lab ZAO)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp

O30 - LSA: Authentication Packages - (nwprovau) -C:\WINNT\System32\nwprovau.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010-11-18 22:20:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (aswBoot.exe /M:4a7a0b7b)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2011-10-03 11:21:07 | 000,000,000 | ---D | C] -- C:\_OTL


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2011-10-03 11:24:36 | 000,001,046 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job

[2011-10-03 11:24:29 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat

[2011-10-03 11:23:30 | 000,000,098 | ---- | M] () -- C:\WINNT\System32\drivers\etc\Hosts

[2011-10-03 08:52:00 | 000,001,050 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job

[2011-10-03 07:01:45 | 536,436,736 | ---- | M] () -- C:\WINNT\MEMORY.DMP

[2011-10-02 13:36:34 | 000,192,976 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT

[2011-10-02 11:58:40 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk

[2011-09-29 16:00:54 | 000,276,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\morska.jpg

[2011-09-27 22:17:27 | 000,062,225 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\dsc00141vi.jpg

[2011-09-19 22:22:00 | 000,270,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\krlo.jpg

[2011-09-19 22:21:31 | 000,273,052 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\usmiech.jpg

[2011-09-18 20:19:25 | 000,316,283 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\oko.jpg

[2011-09-18 20:19:09 | 000,216,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\krup.jpg

[2011-09-16 11:47:41 | 000,028,196 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\vvc.jpg

[2011-09-13 20:27:15 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl

[2011-09-08 08:53:31 | 000,523,418 | ---- | M] () -- C:\WINNT\System32\perfh015.dat

[2011-09-08 08:53:31 | 000,462,508 | ---- | M] () -- C:\WINNT\System32\perfh009.dat

[2011-09-08 08:53:31 | 000,100,532 | ---- | M] () -- C:\WINNT\System32\perfc015.dat

[2011-09-08 08:53:31 | 000,079,592 | ---- | M] () -- C:\WINNT\System32\perfc009.dat


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2011-09-29 16:00:49 | 000,276,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\morska.jpg

[2011-09-27 22:17:23 | 000,062,225 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\dsc00141vi.jpg

[2011-09-19 22:22:00 | 000,270,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\krlo.jpg

[2011-09-19 22:21:30 | 000,273,052 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\usmiech.jpg

[2011-09-18 20:19:25 | 000,316,283 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\oko.jpg

[2011-09-18 20:19:08 | 000,216,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\krup.jpg

[2011-09-16 11:47:29 | 000,028,196 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\vvc.jpg

[2011-08-21 09:23:49 | 000,114,243 | ---- | C] () -- C:\WINNT\System32\drivers\klin.dat

[2011-08-21 09:23:49 | 000,097,859 | ---- | C] () -- C:\WINNT\System32\drivers\klick.dat

[2011-05-25 00:44:26 | 000,059,904 | ---- | C] () -- C:\WINNT\System32\OVDecode.dll

[2011-04-30 07:53:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt

[2011-04-30 07:51:47 | 000,005,632 | ---- | C] () -- C:\WINNT\System32\drivers\StarOpen.sys

[2011-02-27 18:22:11 | 000,000,056 | -H-- | C] () -- C:\WINNT\System32\ezsidmv.dat

[2011-01-17 20:53:18 | 000,007,207 | R--- | C] () -- C:\WINNT\Disktool.INI

[2011-01-17 20:53:18 | 000,006,399 | R--- | C] () -- C:\WINNT\fwupgrade.ini

[2011-01-17 20:53:18 | 000,003,677 | R--- | C] () -- C:\WINNT\SoundCon.INI

[2010-11-28 13:55:57 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-11-20 19:45:24 | 000,178,176 | ---- | C] () -- C:\WINNT\System32\unrar.dll

[2010-11-20 19:45:24 | 000,000,038 | ---- | C] () -- C:\WINNT\avisplitter.ini

[2010-11-20 19:45:22 | 000,205,824 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll

[2010-11-20 19:45:20 | 000,085,504 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll

[2010-11-20 19:44:38 | 000,881,664 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll

[2010-11-20 19:44:05 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat

[2010-11-20 19:36:18 | 000,000,000 | ---- | C] () -- C:\WINNT\ativpsrm.bin

[2010-11-20 19:34:15 | 000,593,920 | ---- | C] () -- C:\WINNT\System32\ati2sgag.exe

[2010-11-20 19:24:59 | 000,000,092 | ---- | C] () -- C:\WINNT\CMISETUP.INI

[2010-11-20 19:24:59 | 000,000,026 | ---- | C] () -- C:\WINNT\CMCDPLAY.INI

[2010-11-20 19:24:48 | 000,233,472 | ---- | C] () -- C:\WINNT\System32\cmirmdrv.exe

[2010-11-20 19:24:48 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\cmirmdrv.dll

[2010-11-18 22:21:31 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat

[2010-11-18 22:16:54 | 000,023,044 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat

[2010-11-18 21:40:34 | 000,004,205 | ---- | C] () -- C:\WINNT\ODBCINST.INI

[2010-11-18 21:37:23 | 000,192,976 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT

[2010-02-11 06:12:00 | 003,107,788 | ---- | C] () -- C:\WINNT\System32\ativva5x.dat

[2010-02-11 06:12:00 | 000,887,724 | ---- | C] () -- C:\WINNT\System32\ativva6x.dat

[2009-09-09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINNT\System32\drivers\klopp.dat

[2009-04-24 00:29:16 | 000,189,051 | ---- | C] () -- C:\WINNT\System32\atiicdxx.dat

[2008-04-14 22:16:20 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\Dcache.bin

[2006-12-31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat

[2004-09-16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINNT\System32\drivers\ADFUUD.SYS

[2004-09-16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINNT\ADFUUD.SYS

[2002-01-02 12:56:02 | 000,246,272 | ---- | C] () -- C:\WINNT\unrar.exe

[2001-10-26 20:15:16 | 000,523,418 | ---- | C] () -- C:\WINNT\System32\perfh015.dat

[2001-10-26 20:15:16 | 000,100,532 | ---- | C] () -- C:\WINNT\System32\perfc015.dat

[2001-10-26 17:15:16 | 000,313,828 | ---- | C] () -- C:\WINNT\System32\perfi015.dat

[2001-10-26 17:15:16 | 000,034,990 | ---- | C] () -- C:\WINNT\System32\perfd015.dat

[2001-08-23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin

[2001-08-23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINNT\System32\oembios.dat

[2001-08-18 01:30:24 | 000,462,508 | ---- | C] () -- C:\WINNT\System32\perfh009.dat

[2001-08-18 01:30:22 | 000,079,592 | ---- | C] () -- C:\WINNT\System32\perfc009.dat

[2001-08-17 22:30:24 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat

[2001-08-17 22:30:24 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat

[2001-08-17 22:15:38 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin

[2001-07-22 02:24:16 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat

[2001-07-21 23:36:48 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat

[2001-07-21 23:36:04 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat


< End of report >

Nie wiem o jaki raport usuwania chodzi… nic mi takiego nie wuskoczylo :?

Ale facebook dziala :smiley:

Bardzo dziekuje :slight_smile:

#6

W OTL użyj opcji Sprzątanie.Wyłącz i włącz przywracanie systemu.

http://www.searchengines.pl/Czyszczenie … 41981.html

Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe jako out of date.

#7

Całe to pisanie było na marne, bo chyba jakis wirus usunal mi pliki systemowe i musialam zainstalowac windowsa, ale nie wiem dlaczego zamiast zostawic wszystkie pliki bez zmian zrobil sie format i wszystko mi zniknelo wrr… programy itd.

No, a teraz chce zainstalowac jakis program antyvirusowy i myslalam o Avascie 6, ale znowu jakis blad wyskakuje i nie moge nic zrobic :shock:

#8

Taki lekki off-topic… mam prośbę czy mógłby mi ktoś podesłać link do tego wirusa, np na prywatną wiadomość ? Nie mam konta na facebooku :frowning: więc nie mam skąd wziąć a jest mi potrzebny do celów naukowych :slight_smile:

pozdrawiam