zamulony komputer wirus z pendriva LOGI OTL do sprawdzenia

Michal_krakow · 28 Lipca 2010

wczoraj z pendriva wkradl sie wirus. Nie posiadalem zadnego antywirusa. Przeskanowalem spybotem i combofixem jednak nadal sieje spustoszenie. Oto logi z OTL

OTL logfile created on: 2010-07-28 09:07:35 - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Michał\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 434,00 Mb Available Physical Memory | 42,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19,53 Gb Total Space | 6,43 Gb Free Space | 32,92% Space Free | Partition Type: NTFS

Drive D: | 213,34 Gb Total Space | 6,02 Gb Free Space | 2,82% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DOM-C4F8E76BC9A

Current User Name: Michał

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-07-28 09:05:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michał\Pulpit\OTL.exe

PRC - [2010-07-26 18:49:44 | 000,138,240 | RHS- | M] () -- C:\Documents and Settings\Michał\jiedu.exe

PRC - [2010-07-24 11:48:42 | 000,014,808 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010-07-24 11:48:40 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-10-28 14:44:08 | 011,539,048 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe

PRC - [2009-10-28 13:43:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

PRC - [2007-12-04 15:36:33 | 000,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2007-12-04 14:00:16 | 000,140,664 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2007-12-04 13:59:53 | 000,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2007-12-04 13:59:01 | 000,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2007-03-19 00:05:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

PRC - [2006-05-24 08:49:14 | 000,024,576 | R--- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe

PRC - [2006-05-21 09:43:14 | 000,155,648 | ---- | M] (Y'z@Home) -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

PRC - [2006-05-21 09:43:08 | 000,180,224 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

PRC - [2004-08-04 02:44:20 | 000,975,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010-07-28 09:05:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michał\Pulpit\OTL.exe

MOD - [2007-12-04 13:57:49 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll

MOD - [2007-03-19 00:04:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll

MOD - [2006-05-21 09:43:14 | 000,053,248 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll

MOD - [2006-05-21 09:43:08 | 000,065,536 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll

MOD - [2004-08-04 02:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

MOD - [2004-08-04 01:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010-02-16 19:17:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007-12-04 15:36:33 | 000,017,272 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2007-12-04 14:00:16 | 000,140,664 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2007-12-04 13:59:53 | 000,247,160 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2007-12-04 13:59:01 | 000,345,464 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2007-05-18 21:53:29 | 000,407,152 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\WINDOWS\System32\pr2ah4nc.exe -- (pr2ah4nc) DiRT Drivers Auto Removal (pr2ah4nc)

SRV - [2006-05-24 08:49:14 | 000,024,576 | R--- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\gtermddo.sys -- (gtermddo)

DRV - [2010-02-03 06:52:08 | 004,605,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2009-03-11 00:45:25 | 000,004,501 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2007-12-04 15:55:46 | 000,094,544 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2007-12-04 15:53:39 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2007-12-04 15:51:52 | 000,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2007-12-04 15:49:02 | 000,026,624 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2007-05-18 21:53:01 | 000,064,880 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pe3ah4nc.sys -- (pe3ah4nc) DiRT Environment Driver (pe3ah4nc)

DRV - [2007-05-18 21:52:38 | 000,055,160 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ps6ah4nc.sys -- (ps6ah4nc) DiRT Synchronization Driver (ps6ah4nc)

DRV - [2006-09-27 05:01:36 | 000,241,628 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)

DRV - [2006-08-02 08:44:04 | 000,004,772 | R--- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)

DRV - [2006-05-26 07:20:58 | 004,279,296 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006-03-22 08:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2006-03-22 08:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005-01-31 12:20:04 | 000,211,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)

DRV - [2005-01-31 12:12:48 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2005-01-07 18:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004-08-22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)

DRV - [2004-08-22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)

DRV - [2004-08-03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Allegro"

FF - prefs.js..browser.startup.homepage: "www.google.pl"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-07-24 11:48:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-07-24 11:48:44 | 000,000,000 | ---D | M]

[2008-11-10 15:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michał\Dane aplikacji\Mozilla\Extensions

[2010-07-28 08:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michał\Dane aplikacji\Mozilla\Firefox\Profiles\mpj6cf98.default\extensions

[2008-11-10 19:00:10 | 000,000,000 | ---D | M] (Vista Nature) -- C:\Documents and Settings\Michał\Dane aplikacji\Mozilla\Firefox\Profiles\mpj6cf98.default\extensions\{9864f3b8-68ba-463e-9589-20a4da429bb7}

O1 HOSTS File: ([2010-07-27 16:13:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Michał\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [jiedu] C:\Documents and Settings\Michał\jiedu.exe ()

O4 - Startup: C:\Documents and Settings\Michał\Menu Start\Programy\Autostart\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()

O4 - Startup: C:\Documents and Settings\Michał\Menu Start\Programy\Autostart\TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (AKSoftware)

O4 - Startup: C:\Documents and Settings\Michał\Menu Start\Programy\Autostart\UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe ()

O4 - Startup: C:\Documents and Settings\Michał\Menu Start\Programy\Autostart\Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe (Y'z@Home)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.0.2.2 192.0.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Michał\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michał\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-11-10 13:19:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007-12-14 21:42:08 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-07-28 09:05:34 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michał\Pulpit\OTL.exe

[2010-07-28 08:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\Codemasters

[2010-07-27 22:07:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010-07-27 16:02:50 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010-07-27 15:55:59 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF16324.exe

[2010-07-27 15:47:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010-07-26 16:05:32 | 000,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010-07-26 16:05:31 | 000,042,912 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010-07-26 16:05:30 | 000,026,624 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010-07-26 16:05:29 | 000,095,608 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr

[2010-07-26 16:05:29 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010-07-26 16:05:29 | 000,093,264 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010-07-26 16:05:20 | 000,837,496 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010-07-26 16:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010-07-26 16:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010-07-26 15:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Pulpit\Nowy folder (2)

[2010-07-26 15:40:37 | 000,073,728 | ---- | C] (MaresWEB) -- C:\Documents and Settings\Michał\4x.exe

[2010-07-24 10:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Moje dokumenty\SaveGames

[2010-07-22 17:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michał\Pulpit\Nowy folder

[2008-11-11 20:00:35 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys

[2008-11-11 20:00:35 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-07-28 09:05:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michał\Pulpit\OTL.exe

[2010-07-28 08:03:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-07-28 08:03:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-07-28 06:16:14 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\Michał\NTUSER.DAT

[2010-07-28 06:16:10 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Michał\ntuser.ini

[2010-07-28 06:15:50 | 000,000,192 | ---- | M] () -- C:\WINDOWS\winamp.ini

[2010-07-28 06:04:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010-07-27 22:53:41 | 001,578,952 | -H-- | M] () -- C:\Documents and Settings\Michał\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-07-27 16:13:54 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010-07-27 16:13:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010-07-27 16:02:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010-07-27 15:55:02 | 000,422,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF16324.exe

[2010-07-27 15:51:17 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini

[2010-07-27 15:51:17 | 000,000,281 | ---- | M] () -- C:\Boot.bak

[2010-07-27 15:36:23 | 004,596,096 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\ice_cube-drink_the_kool-aid.mp3

[2010-07-26 18:49:44 | 000,138,240 | RHS- | M] () -- C:\Documents and Settings\Michał\jiedu.exe

[2010-07-26 16:35:44 | 000,073,728 | ---- | M] (MaresWEB) -- C:\Documents and Settings\Michał\4x.exe

[2010-07-26 16:05:32 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk

[2010-07-26 16:05:30 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010-07-26 16:03:37 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Spybot - Search & Destroy.lnk

[2010-07-26 15:40:29 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\Michał\foipee.exe

[2010-07-24 16:14:52 | 000,127,855 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\DSC01440a.jpg

[2010-07-24 14:08:54 | 003,813,108 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\DSC01441.JPG

[2010-07-24 14:08:44 | 003,684,889 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\DSC01440.JPG

[2010-07-21 21:31:05 | 002,756,054 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Ela Rose feat David DeeJay - I Can Feel.mp3

[2010-07-21 21:24:01 | 003,394,696 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Verona - Up To The Stars.mp3

[2010-07-21 21:22:20 | 003,723,630 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Flo-Rida - Club Can't Handle Me (Feat. David Guetta).mp3

[2010-07-21 21:16:55 | 003,638,784 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Adam Lambert - Whataya Want From Me.mp3

[2010-07-21 21:14:18 | 003,337,018 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Rihanna - Te Amo.mp3

[2010-07-21 21:11:54 | 002,858,454 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Yolanda Be Cool Vs DCUP - We No Speak Americano (Radio Edit).mp3

[2010-07-21 21:07:38 | 002,862,634 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\B.o.B - Airplanes (Feat. Hayley Williams).mp3

[2010-07-21 21:06:00 | 003,520,084 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\David Guetta feat. Kelly Rowland - Commander.mp3

[2010-07-21 20:56:14 | 003,640,874 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Tom Boxer - Morena.mp3

[2010-07-21 20:54:26 | 003,875,767 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Katy Perry feat. Snoop Dogg - California Girls.mp3

[2010-07-21 20:42:39 | 003,410,161 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\move town - girl you know it's true.mp3

[2010-07-21 20:41:02 | 003,330,748 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Stromae - Alors On Danse.mp3

[2010-07-19 06:00:19 | 000,204,288 | ---- | M] () -- C:\Documents and Settings\Michał\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-07-17 23:45:15 | 000,120,464 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\1136545939.jpg

[2010-07-15 21:04:10 | 003,376,694 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\DSC01439.JPG

[2010-07-11 12:06:43 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\SAWA.doc

[2010-07-06 23:22:05 | 000,124,928 | ---- | M] () -- C:\Documents and Settings\Michał\Moje dokumenty\CURRICULUM VITAE.doc

[2010-07-06 23:17:56 | 000,023,935 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\sylwia2.JPG

[2010-07-06 23:17:09 | 000,014,588 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\ja2.JPG

[2010-07-06 14:05:48 | 000,173,918 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\ZDJECIA.jpg

[2010-07-05 13:10:48 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Sylwia Kaczor.doc

[2010-07-02 23:34:50 | 000,097,280 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\CURRICULUM VITAE..doc

[2010-07-02 23:26:04 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\CURRICULUM VITAE.doc

[2010-07-02 23:02:33 | 000,070,825 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\ja.JPG

[2010-07-02 22:31:18 | 002,107,420 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\mys.JPG

[2010-07-02 20:29:02 | 003,600,925 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\DSC01349.JPG

[2010-07-01 21:17:45 | 004,122,363 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Tede - Muzyka Miejska feat. Pezet.mp3

[2010-07-01 21:12:18 | 005,771,630 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\Future Mind - Drum 'n' Bass.mp3

[2010-06-29 10:33:48 | 000,020,727 | ---- | M] () -- C:\Documents and Settings\Michał\Pulpit\fela.JPG

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-07-27 15:34:05 | 004,596,096 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\ice_cube-drink_the_kool-aid.mp3

[2010-07-26 18:49:44 | 000,138,240 | RHS- | C] () -- C:\Documents and Settings\Michał\jiedu.exe

[2010-07-26 16:05:32 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk

[2010-07-26 16:05:20 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx

[2010-07-26 16:03:37 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Spybot - Search & Destroy.lnk

[2010-07-26 15:40:29 | 000,138,240 | ---- | C] () -- C:\Documents and Settings\Michał\foipee.exe

[2010-07-24 16:13:28 | 000,127,855 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\DSC01440a.jpg

[2010-07-24 16:12:58 | 003,813,108 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\DSC01441.JPG

[2010-07-24 16:12:57 | 003,684,889 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\DSC01440.JPG

[2010-07-21 21:30:06 | 002,756,054 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Ela Rose feat David DeeJay - I Can Feel.mp3

[2010-07-21 21:22:38 | 003,394,696 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Verona - Up To The Stars.mp3

[2010-07-21 21:20:50 | 003,723,630 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Flo-Rida - Club Can't Handle Me (Feat. David Guetta).mp3

[2010-07-21 21:15:50 | 003,638,784 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Adam Lambert - Whataya Want From Me.mp3

[2010-07-21 21:13:17 | 003,337,018 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Rihanna - Te Amo.mp3

[2010-07-21 21:11:04 | 002,858,454 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Yolanda Be Cool Vs DCUP - We No Speak Americano (Radio Edit).mp3

[2010-07-21 21:06:11 | 002,862,634 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\B.o.B - Airplanes (Feat. Hayley Williams).mp3

[2010-07-21 21:03:49 | 003,520,084 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\David Guetta feat. Kelly Rowland - Commander.mp3

[2010-07-21 20:54:53 | 003,640,874 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Tom Boxer - Morena.mp3

[2010-07-21 20:53:29 | 003,875,767 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Katy Perry feat. Snoop Dogg - California Girls.mp3

[2010-07-21 20:41:24 | 003,410,161 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\move town - girl you know it's true.mp3

[2010-07-21 20:39:37 | 003,330,748 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Stromae - Alors On Danse.mp3

[2010-07-17 23:45:15 | 000,120,464 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\1136545939.jpg

[2010-07-15 23:08:50 | 003,376,694 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\DSC01439.JPG

[2010-07-11 12:06:41 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\SAWA.doc

[2010-07-06 23:21:44 | 000,124,928 | ---- | C] () -- C:\Documents and Settings\Michał\Moje dokumenty\CURRICULUM VITAE.doc

[2010-07-06 23:17:56 | 000,023,935 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\sylwia2.JPG

[2010-07-06 23:17:09 | 000,014,588 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\ja2.JPG

[2010-07-06 23:02:18 | 000,173,918 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\ZDJECIA.jpg

[2010-07-05 13:10:47 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Sylwia Kaczor.doc

[2010-07-02 23:02:33 | 000,070,825 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\ja.JPG

[2010-07-02 23:00:00 | 003,600,925 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\DSC01349.JPG

[2010-07-02 22:30:44 | 002,107,420 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\mys.JPG

[2010-07-01 21:16:51 | 004,122,363 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Tede - Muzyka Miejska feat. Pezet.mp3

[2010-07-01 21:09:03 | 005,771,630 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\Future Mind - Drum 'n' Bass.mp3

[2010-06-30 12:06:43 | 000,097,280 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\CURRICULUM VITAE..doc

[2010-06-30 10:57:52 | 000,110,080 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\CURRICULUM VITAE.doc

[2010-06-29 10:33:48 | 000,020,727 | ---- | C] () -- C:\Documents and Settings\Michał\Pulpit\fela.JPG

[2010-02-14 14:10:14 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010-02-14 14:10:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010-02-14 14:10:12 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010-02-14 14:10:12 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010-02-14 14:10:09 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010-02-14 14:10:09 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009-07-16 20:47:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2008-12-25 22:25:29 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2008-11-15 17:21:50 | 000,000,507 | ---- | C] () -- C:\WINDOWS\wincmd.ini

[2008-11-13 16:08:01 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2008-11-11 01:32:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008-11-10 15:31:21 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008-11-10 15:18:41 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2008-11-10 14:49:24 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004-08-04 02:44:02 | 000,163,185 | RHS- | C] () -- C:\WINDOWS\System32\nwegj.dll

[2004-08-04 02:44:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2004-07-17 13:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2003-04-08 13:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:05EE1EEF

< End of report >

Jestem juz skłonny robic formata i na nowo stawiac system jednak chcialbym zeby udalo sie bez tego. Prosze o pomoc

BuMeL · 28 Lipca 2010

Przede wszystkim zaktualizuj system i zainstaluj antywirusa, np. Microsoft Security Essentials i zobacz co powie. Przypilnuj instalacji Windows Defendera.

D:\autorun.inf / z innych partycji również

wsio do wyautowania.

Edytowane 28 Lipca 2010 przez BuMeL

Michal_krakow · 28 Lipca 2010

Niestety format... doszło do tego ze nie miałem neta a wejscie w moj komputer liczyło sie z 3restartami i czekaniem 5min.. ale teraz mam pytanie jak zapobiec takiej infekcji z pendrive? jakiego programu antywirusowego uzywac? i przedewszystkim jak sie pozbyc tego wirusa z pendriva!? bo ciagle tam tkwi? nie chce znowu go podłaczyc i nowy format.

BuMeL · 28 Lipca 2010

np. Ninja Pendisk.

Zaloguj się

zamulony komputer wirus z pendriva LOGI OTL do sprawdzenia

Rekomendowane odpowiedzi

Michal_krakow

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

BuMeL

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Michal_krakow

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

BuMeL

Udostępnij tę odpowiedź

Odnośnik do odpowiedzi

Udostępnij na innych stronach

Dołącz do dyskusji

Przeglądaj

Cała aktywność