Log - antivirus pro 2010?

**Posty:** 112 · przez **Fever** 29 Wrz 2009, 23:52

Wyskakujące alerty 'Your computer is infected' oraz automatyczna instalacja czegoś o nazwie Antivirus Pro 2010 i ogolna zamuła kompa
Log:

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by matwiej at 2009-09-29 23:47:09 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 64 GB (84%) free of 76 GB Total RAM: 502 MB (43% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:47:10, on 2009-09-29 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Temp\wpv791254042811.exe C:\WINDOWS\system32\restorer32_a.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\matwiej\Dane aplikacji\seres.exe C:\Documents and Settings\matwiej\Dane aplikacji\svcst.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\matwiej\Moje dokumenty\Downloads\RSIT.exe C:\Program Files\Trend Micro\HijackThis\matwiej.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\Temp\wpv791254042811.exe O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\matwiej\restorer32_a.exe O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\matwiej\Dane aplikacji\seres.exe O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\matwiej\Dane aplikacji\svcst.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: ikowin32.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Usługa konfiguracji Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe -- End of file - 4855 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-28 41368] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-11-02 155648] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976] "LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2005-04-12 184320] "sysgif32"=C:\WINDOWS\Temp\wpv791254042811.exe [2009-09-29 36352] "restorer32_a"=C:\WINDOWS\system32\restorer32_a.exe [2009-09-29 43520] "Regedit32"=C:\WINDOWS\system32\regedit.exe [] "Antivirus Pro 2010"=C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe [2009-09-29 567808] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-08-31 11391592] "Google Update"=C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-09-29 133104] "restorer32_a"=C:\Documents and Settings\matwiej\restorer32_a.exe [2009-09-29 43520] "mserv"=C:\Documents and Settings\matwiej\Dane aplikacji\seres.exe [2009-09-29 13312] "svchost"=C:\Documents and Settings\matwiej\Dane aplikacji\svcst.exe [2009-09-29 13312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] C:\Program Files\BearShare\BearShare.exe /pause [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [2009-03-09 37888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk] C:\PROGRA~1\SAGEMW~1\WLANUTL.exe [2006-01-19 925696] C:\Documents and Settings\matwiej\Menu Start\Programy\Autostart ikowin32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-08 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "ForceClassicControlPanel"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74681008-bb07-11dd-8a45-000fb0877b0c}] shell\AutoRun\command - E:\abk.bat shell\explore\command - E:\abk.bat shell\open\command - E:\abk.bat ======List of files/folders created in the last 1 months====== 2009-09-29 23:47:09 ----D---- C:\rsit 2009-09-29 23:38:45 ----A---- C:\WINDOWS\system32\egunu.bat 2009-09-29 23:38:45 ----A---- C:\WINDOWS\ivasovo.bat 2009-09-29 23:38:45 ----A---- C:\WINDOWS\ihoneke.vbs 2009-09-29 23:38:45 ----A---- C:\Program Files\Common Files\owalipe.com 2009-09-29 23:38:45 ----A---- C:\Documents and Settings\All Users\Dane aplikacji\okidafej.vbs 2009-09-29 23:37:46 ----D---- C:\Program Files\AntivirusPro_2010 2009-09-29 23:36:20 ----A---- C:\Documents and Settings\matwiej\Dane aplikacji\lizkavd.exe 2009-09-29 23:35:59 ----A---- C:\Documents and Settings\matwiej\Dane aplikacji\svcst.exe 2009-09-29 23:35:59 ----A---- C:\Documents and Settings\matwiej\Dane aplikacji\seres.exe 2009-09-29 23:35:53 ----A---- C:\WINDOWS\system32\restorer32_a.exe 2009-09-29 18:30:06 ----D---- C:\WINDOWS\LastGood 2009-09-29 08:52:30 ----A---- C:\Program Files\ChromeSetup.exe 2009-09-29 05:16:58 ----D---- C:\Program Files\Trend Micro 2009-09-29 05:16:39 ----A---- C:\Program Files\HJTInstall.exe 2009-09-29 05:09:43 ----D---- C:\WINDOWS\pss 2009-09-29 04:56:08 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage 2009-09-29 04:43:07 ----D---- C:\Program Files\CCleaner 2009-09-13 11:57:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ ======List of files/folders modified in the last 1 months====== 2009-09-29 23:47:02 ----D---- C:\WINDOWS\Prefetch 2009-09-29 23:38:45 ----D---- C:\WINDOWS\system32 2009-09-29 23:38:45 ----D---- C:\WINDOWS 2009-09-29 23:38:45 ----D---- C:\Program Files\Common Files 2009-09-29 23:37:46 ----RD---- C:\Program Files 2009-09-29 23:35:48 ----D---- C:\WINDOWS\Temp 2009-09-29 23:34:25 ----D---- C:\Program Files\Mozilla Firefox 2009-09-29 18:31:23 ----HD---- C:\WINDOWS\inf 2009-09-29 18:30:05 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-29 12:45:48 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-29 12:03:08 ----D---- C:\Documents and Settings\matwiej\Dane aplikacji\Nowe Gadu-Gadu 2009-09-29 08:54:41 ----SHD---- C:\WINDOWS\Installer 2009-09-29 08:54:40 ----D---- C:\WINDOWS\WinSxS 2009-09-29 08:54:40 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-09-29 08:54:21 ----D---- C:\Program Files\Nowe Gadu-Gadu 2009-09-29 08:53:26 ----SD---- C:\WINDOWS\Tasks 2009-09-29 05:10:27 ----SH---- C:\boot.ini 2009-09-29 05:10:27 ----A---- C:\WINDOWS\win.ini 2009-09-29 05:10:27 ----A---- C:\WINDOWS\system.ini 2009-09-29 04:56:00 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-29 04:48:53 ----D---- C:\Program Files\DarkSwords 2009-09-29 04:48:37 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-29 04:48:11 ----D---- C:\Program Files\Sims 2009-09-29 04:46:52 ----D---- C:\Program Files\BearShare 2009-09-29 04:46:31 ----D---- C:\Program Files\BS.Player ControlBar 2009-09-29 04:44:07 ----D---- C:\WINDOWS\Debug 2009-09-29 04:44:06 ----D---- C:\WINDOWS\Minidump 2009-09-29 04:39:19 ----D---- C:\Program Files\Java 2009-09-29 04:39:04 ----D---- C:\WINDOWS\ie7updates 2009-09-24 19:53:39 ----D---- C:\Documents and Settings\matwiej\Dane aplikacji\Winamp 2009-09-13 11:56:53 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-08 12:56:22 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-06 10:39:53 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.7.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-25 21035] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-12 1066278] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504] R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-22 393600] R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-03-30 230400] S3 axogix2c;axogix2c; C:\WINDOWS\system32\drivers\axogix2c.sys [] S3 oflpydin;oflpydin; \??\C:\DOCUME~1\matwiej\USTAWI~1\Temp\oflpydin.sys [] S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver; C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 402432] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-08 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-08 82944] S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\system32\ZDCndis5.SYS [] S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2006-01-18 17664] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACS;Usługa konfiguracji Atheros; C:\WINDOWS\system32\acs.exe [2005-09-26 36864] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF-----------------

**Posty:** 2183 · przez **NieWiem** 30 Wrz 2009, 09:39

Przy tej infekcji użyj ComboFix, instrukcja obsługi tutaj i wklej z niego loga.

**Posty:** 14516 · przez **ToServeAndProtect** 30 Wrz 2009, 09:46

Antivirus Pro 2010 - widać że masz go zainstalowanego

on sam w sobie jest wirusem

**Posty:** 112 · przez **Fever** 30 Wrz 2009, 09:54

ToServeAndProtect napisał(a):Antivirus Pro 2010 - widać że masz go zainstalowanego on sam w sobie jest wirusem

tyle to i ja wiem ;D

Kod: Zaznacz wszystko: ComboFix 09-09-29.02 - matwiej 2009-09-30 9:46.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.502.145 [GMT 2:00] Uruchomiony z: c:\documents and settings\matwiej\Pulpit\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dane aplikacji\emawohugug._sy c:\documents and settings\All Users\Dane aplikacji\okidafej.vbs c:\documents and settings\All Users\Dokumenty\ityquz.bat c:\documents and settings\All Users\Dokumenty\oweb.inf c:\documents and settings\All Users\Dokumenty\ygodopa.dl c:\documents and settings\matwiej\Cookies\abizohuloh.bat c:\documents and settings\matwiej\Cookies\cojafab.bat c:\documents and settings\matwiej\Cookies\gepiw.dl c:\documents and settings\matwiej\Cookies\tixyqydof.bat c:\documents and settings\matwiej\Cookies\ubopak.scr c:\documents and settings\matwiej\Dane aplikacji\agazecixiv.reg c:\documents and settings\matwiej\Dane aplikacji\ebudydew.ban c:\documents and settings\matwiej\Dane aplikacji\lizkavd.exe c:\documents and settings\matwiej\Dane aplikacji\seres.exe c:\documents and settings\matwiej\Dane aplikacji\svcst.exe c:\documents and settings\matwiej\Dane aplikacji\wiaserva.log c:\documents and settings\matwiej\Menu Start\Programy\Autostart\ikowin32.exe c:\documents and settings\matwiej\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\lorot.scr c:\documents and settings\matwiej\Ustawienia lokalne\Temporary Internet Files\osemut.dl c:\documents and settings\matwiej\Ustawienia lokalne\Temporary Internet Files\poxopin.dat c:\documents and settings\matwiej\Ustawienia lokalne\Temporary Internet Files\uzyxew.vbs c:\program files\Common Files\mepywix.pif c:\program files\Common Files\owalipe.com c:\windows\ihoneke.vbs c:\windows\ivasovo.bat c:\windows\juduwowe.scr c:\windows\ofebodezox.reg c:\windows\system32\_000013_.tmp.dll c:\windows\system32\_scui.cpl c:\windows\system32\ajyvopaji.sys c:\windows\system32\egunu.bat . ((((((((((((((((((((((((( Pliki utworzone od 2009-08-28 do 2009-09-30 ))))))))))))))))))))))))))))))) . 2009-09-29 21:47 . 2009-09-29 21:47 -------- d-----w- C:\rsit 2009-09-29 21:35 . 2009-09-29 21:35 43520 ----a-w- c:\windows\system32\restorer32_a.exe 2009-09-29 21:35 . 2009-09-29 21:35 43520 ----a-w- c:\documents and settings\matwiej\restorer32_a.exe 2009-09-29 06:54 . 2009-09-29 06:54 -------- d-----w- c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\cache 2009-09-29 06:53 . 2009-09-29 07:02 -------- d-----w- c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Temp 2009-09-29 06:53 . 2009-09-29 07:02 -------- d-----w- c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google 2009-09-29 06:52 . 2009-09-29 06:52 570024 ----a-w- c:\program files\ChromeSetup.exe 2009-09-29 03:16 . 2009-09-29 03:16 -------- d-----w- c:\program files\Trend Micro 2009-09-29 03:16 . 2009-09-29 03:16 812344 ----a-w- c:\program files\HJTInstall.exe 2009-09-29 02:43 . 2009-09-29 02:43 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-30 06:23 . 2009-09-30 06:23 15223 ----a-w- c:\documents and settings\matwiej\Dane aplikacji\lexori.dat 2009-09-29 21:38 . 2009-09-29 21:38 10038 ----a-w- c:\documents and settings\All Users\Dane aplikacji\zekacyqi.dat 2009-09-29 10:03 . 2009-02-26 19:02 -------- d-----w- c:\documents and settings\matwiej\Dane aplikacji\Nowe Gadu-Gadu 2009-09-29 06:54 . 2009-03-13 21:18 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-09-29 02:48 . 2009-05-25 22:15 -------- d-----w- c:\program files\DarkSwords 2009-09-29 02:48 . 2008-11-25 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-29 02:48 . 2009-02-09 22:05 -------- d-----w- c:\program files\Sims 2009-09-29 02:46 . 2009-03-05 21:56 -------- d-----w- c:\program files\BearShare 2009-09-29 02:46 . 2008-11-25 17:11 -------- d-----w- c:\program files\BS.Player ControlBar 2009-09-29 02:39 . 2009-06-28 20:52 -------- d-----w- c:\program files\Java 2009-09-24 17:53 . 2009-04-03 19:59 -------- d-----w- c:\documents and settings\matwiej\Dane aplikacji\Winamp 2009-08-05 09:01 . 2008-04-14 20:50 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:04 . 2008-04-14 20:50 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2008-05-08 18:01 286208 ----a-w- c:\windows\system32\wmpdxm.dll . ------- Sigcheck ------- [-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592] "Google Update"="c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-09-29 133104] "restorer32_a"="c:\documents and settings\matwiej\restorer32_a.exe" [2009-09-29 43520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-04-12 184320] "restorer32_a"="c:\windows\system32\restorer32_a.exe" [2009-09-29 43520] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk backup=c:\windows\pss\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= S3 oflpydin;oflpydin;\??\c:\docume~1\matwiej\USTAWI~1\Temp\oflpydin.sys --> c:\docume~1\matwiej\USTAWI~1\Temp\oflpydin.sys [?] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2009-02-26 402432] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] . Zawartość folderu 'Zaplanowane zadania' 2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003Core.job - c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-09-29 06:53] 2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003UA.job - c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-09-29 06:53] . . ------- Skan uzupełniający ------- . FF - ProfilePath - c:\documents and settings\matwiej\Dane aplikacji\Mozilla\Firefox\Profiles\pjhfrlh6.default\ FF - prefs.js: browser.startup.homepage - googlepl FF - plugin: c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\npGoogleOneClick8.dll . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-mserv - c:\documents and settings\matwiej\Dane aplikacji\seres.exe AddRemove-Get Medieval - c:\games\Medieval\DeIsL1.isu ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-30 09:51 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-09-30 9:52 ComboFix-quarantined-files.txt 2009-09-30 07:52 Przed: 71 362 818 048 bajtów wolnych Po: 71 367 000 064 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 143 --- E O F --- 2009-09-30 06:45

**Posty:** 2183 · przez **NieWiem** 30 Wrz 2009, 10:10

Wklej do systemowego notatnika:

File::
c:\windows\system32\restorer32_a.exe
c:\documents and settings\matwiej\restorer32_a.exe
c:\documents and settings\matwiej\Dane aplikacji\lexori.dat
c:\documents and settings\All Users\Dane aplikacji\zekacyqi.dat
c:\docume~1\matwiej\USTAWI~1\Temp\oflpydin.sys

Service::
oflpydin

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"restorer32_a"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"restorer32_a"=-

Plik zapisz jako CFScript.txt, po czym przeciągnij go i upuść na ikonę ComboFixa. Daj loga, który powstanie później.

Ściągnij program TFC i wyczyść nim lokalizacje tymczasowe. Alternatywnie możesz użyć też ATF Cleanera, ale do niego nie mam linka

**Posty:** 14516 · przez **ToServeAndProtect** 30 Wrz 2009, 10:11

ATF Cleaner

**Posty:** 112 · przez **Fever** 30 Wrz 2009, 10:14

w czymś jest gorszy od CCleanera? btw po ponownym uruchomieniu ompa problem wrócił

**Posty:** 2183 · przez **NieWiem** 30 Wrz 2009, 10:16

To może pokażesz nowego loga do oceny??

**Posty:** 112 · przez **Fever** 30 Wrz 2009, 10:29

już daję nie doczytałem

Kod: Zaznacz wszystko: ComboFix 09-09-29.02 - matwiej 2009-09-30 10:18.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.502.170 [GMT 2:00] Uruchomiony z: c:\documents and settings\matwiej\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\matwiej\Pulpit\CFScript.txt AV: avast! antivirus 4.8.1356 [VPS 090929-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\docume~1\matwiej\USTAWI~1\Temp\oflpydin.sys" "c:\documents and settings\All Users\Dane aplikacji\zekacyqi.dat" "c:\documents and settings\matwiej\Dane aplikacji\lexori.dat" "c:\documents and settings\matwiej\restorer32_a.exe" "c:\windows\system32\restorer32_a.exe" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dane aplikacji\apyli.dl c:\documents and settings\All Users\Dane aplikacji\lakuqatiw.bat c:\documents and settings\All Users\Dane aplikacji\zekacyqi.dat c:\documents and settings\All Users\Dokumenty\qidin.ban c:\documents and settings\matwiej\Dane aplikacji\lexori.dat c:\documents and settings\matwiej\Dane aplikacji\lizkavd.exe c:\documents and settings\matwiej\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk c:\documents and settings\matwiej\Dane aplikacji\seres.exe c:\documents and settings\matwiej\Dane aplikacji\svcst.exe c:\documents and settings\matwiej\Dane aplikacji\ypafuxom.scr c:\documents and settings\matwiej\Menu Start\Programy\AntivirusPro_2010 c:\documents and settings\matwiej\Menu Start\Programy\AntivirusPro_2010\AntivirusPro_2010.lnk c:\documents and settings\matwiej\Menu Start\Programy\AntivirusPro_2010\Uninstall.lnk c:\documents and settings\matwiej\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\matwiej\Pulpit\AntivirusPro_2010.lnk c:\documents and settings\matwiej\restorer32_a.exe c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\ikowizumo.reg c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\jiwygudyhi._dl c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\yrimywox.com c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\ysolof.scr c:\documents and settings\matwiej\Ustawienia lokalne\Temporary Internet Files\ilok.sys c:\documents and settings\matwiej\Ustawienia lokalne\Temporary Internet Files\jupon.reg c:\documents and settings\matwiej\Ustawienia lokalne\Temporary Internet Files\sonyhuze.com c:\program files\AntivirusPro_2010 c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe c:\program files\Common Files\hapeq.vbs c:\program files\Common Files\uwyc.sys c:\windows\ocuv.bin c:\windows\orefa.exe c:\windows\syfusoteru._dl c:\windows\system32\_scui.cpl c:\windows\system32\liwetekufo.vbs c:\windows\system32\restorer32_a.exe c:\windows\system32\yjinopu.vbs c:\windows\ziluf.bin . ((((((((((((((((((((((((( Pliki utworzone od 2009-08-28 do 2009-09-30 ))))))))))))))))))))))))))))))) . 2009-09-30 08:08 . 2009-09-30 08:08 18574 ----a-w- c:\windows\system32\umumejece.dat 2009-09-30 08:08 . 2009-09-30 08:08 16248 ----a-w- c:\windows\qaqevymepa.com 2009-09-30 08:08 . 2009-09-30 08:08 15619 ----a-w- c:\windows\system32\dadu.com 2009-09-30 08:04 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-30 08:04 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-30 08:04 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-30 08:04 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-30 08:04 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-30 08:04 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-30 08:04 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-30 08:04 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-30 08:03 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-30 08:03 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-09-30 08:03 . 2009-09-30 08:03 -------- d-----w- c:\program files\Alwil Software 2009-09-30 08:00 . 2009-09-30 08:02 38898248 ----a-w- c:\program files\setuppol.exe 2009-09-29 21:47 . 2009-09-29 21:47 -------- d-----w- C:\rsit 2009-09-29 06:54 . 2009-09-29 06:54 -------- d-----w- c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\cache 2009-09-29 06:53 . 2009-09-29 07:02 -------- d-----w- c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Temp 2009-09-29 06:53 . 2009-09-29 07:02 -------- d-----w- c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google 2009-09-29 06:52 . 2009-09-29 06:52 570024 ----a-w- c:\program files\ChromeSetup.exe 2009-09-29 03:16 . 2009-09-29 03:16 -------- d-----w- c:\program files\Trend Micro 2009-09-29 03:16 . 2009-09-29 03:16 812344 ----a-w- c:\program files\HJTInstall.exe 2009-09-29 02:43 . 2009-09-29 02:43 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-30 08:08 . 2009-09-30 08:08 13965 ----a-w- c:\program files\Common Files\gozos.lib 2009-09-29 10:03 . 2009-02-26 19:02 -------- d-----w- c:\documents and settings\matwiej\Dane aplikacji\Nowe Gadu-Gadu 2009-09-29 06:54 . 2009-03-13 21:18 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-09-29 02:48 . 2009-05-25 22:15 -------- d-----w- c:\program files\DarkSwords 2009-09-29 02:48 . 2008-11-25 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-29 02:48 . 2009-02-09 22:05 -------- d-----w- c:\program files\Sims 2009-09-29 02:46 . 2009-03-05 21:56 -------- d-----w- c:\program files\BearShare 2009-09-29 02:46 . 2008-11-25 17:11 -------- d-----w- c:\program files\BS.Player ControlBar 2009-09-29 02:39 . 2009-06-28 20:52 -------- d-----w- c:\program files\Java 2009-09-24 17:53 . 2009-04-03 19:59 -------- d-----w- c:\documents and settings\matwiej\Dane aplikacji\Winamp 2009-08-05 09:01 . 2008-04-14 20:50 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:04 . 2008-04-14 20:50 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2008-05-08 18:01 286208 ----a-w- c:\windows\system32\wmpdxm.dll . ------- Sigcheck ------- [-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-30_07.51.11 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-30 08:06 . 2009-09-30 08:06 16384 c:\windows\temp\Perflib_Perfdata_750.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592] "Google Update"="c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-09-29 133104] "mserv"="c:\documents and settings\matwiej\Dane aplikacji\seres.exe" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-04-12 184320] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk backup=c:\windows\pss\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-09-30 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-09-30 20560] S3 oflpydin;oflpydin;\??\c:\docume~1\matwiej\USTAWI~1\Temp\oflpydin.sys --> c:\docume~1\matwiej\USTAWI~1\Temp\oflpydin.sys [?] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2009-02-26 402432] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - AAVMKER4 *NewlyCreated* - ASWFSBLK *NewlyCreated* - ASWMON2 *NewlyCreated* - ASWRDR *NewlyCreated* - ASWSP *NewlyCreated* - ASWTDI *NewlyCreated* - ASWUPDSV *NewlyCreated* - AVAST!_ANTIVIRUS *NewlyCreated* - AVAST!_MAIL_SCANNER *NewlyCreated* - AVAST!_WEB_SCANNER . Zawartość folderu 'Zaplanowane zadania' 2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003Core.job - c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-09-29 06:53] 2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003UA.job - c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-09-29 06:53] . . ------- Skan uzupełniający ------- . FF - ProfilePath - c:\documents and settings\matwiej\Dane aplikacji\Mozilla\Firefox\Profiles\pjhfrlh6.default\ FF - prefs.js: browser.startup.homepage - googlepl FF - plugin: c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\npGoogleOneClick8.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-30 10:24 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... c:\windows\TEMP\_av_proI.tm~a02752\stamp.tmp.dld 10 bytes skanowanie pomyślnie ukończone ukryte pliki: 1 ************************************************************************** . Czas ukończenia: 2009-09-30 10:26 ComboFix-quarantined-files.txt 2009-09-30 08:26 ComboFix2.txt 2009-09-30 07:52 Przed: 71 190 450 176 bajtów wolnych Po: 71 164 149 760 bajtów wolnych 176 --- E O F --- 2009-09-30 06:45

**Posty:** 2183 · przez **NieWiem** 30 Wrz 2009, 10:47

Widzę, że zamontowałeś sobie niedawno program antywirusowopodobny... Cóż, ze względu na punkt w regulaminie o wulgaryzmach nie wypowiem się co do niego. Powiedzmy, że jest tylko trochę lepszy od Antivirus Pro 2010

Montuj taki skrypt:

File::
c:\windows\system32\umumejece.dat
c:\windows\qaqevymepa.com
c:\windows\system32\dadu.com
c:\program files\Common Files\gozos.lib
c:\documents and settings\matwiej\Dane aplikacji\seres.exe
c:\docume~1\matwiej\USTAWI~1\Temp\oflpydin.sys
c:\windows\TEMP\_av_proI.tm~a02752\stamp.tmp.dld

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mserv"=-

Ta sama procedura co ostatnio, nowy log do oceny, dodatkowo skan programem Malwarebytes Anti-Malware.

**Posty:** 112 · przez **Fever** 30 Wrz 2009, 12:38

Kod: Zaznacz wszystko: ComboFix 09-09-29.02 - matwiej 2009-09-30 12:29.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.502.226 [GMT 2:00] Uruchomiony z: c:\documents and settings\matwiej\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\matwiej\Pulpit\CFScript.txt AV: avast! antivirus 4.8.1356 [VPS 090929-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\docume~1\matwiej\USTAWI~1\Temp\oflpydin.sys" "c:\documents and settings\matwiej\Dane aplikacji\seres.exe" "c:\program files\Common Files\gozos.lib" "c:\windows\qaqevymepa.com" "c:\windows\system32\dadu.com" "c:\windows\system32\umumejece.dat" "c:\windows\TEMP\_av_proI.tm~a02752\stamp.tmp.dld" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\gozos.lib c:\windows\qaqevymepa.com c:\windows\system32\dadu.com c:\windows\system32\umumejece.dat . ((((((((((((((((((((((((( Pliki utworzone od 2009-08-28 do 2009-09-30 ))))))))))))))))))))))))))))))) . 2009-09-30 08:04 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-30 08:04 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-30 08:04 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-30 08:04 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-30 08:04 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-30 08:04 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-30 08:04 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-30 08:04 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-30 08:03 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-30 08:03 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-09-30 08:03 . 2009-09-30 08:03 -------- d-----w- c:\program files\Alwil Software 2009-09-30 08:00 . 2009-09-30 08:02 38898248 ----a-w- c:\program files\setuppol.exe 2009-09-29 21:47 . 2009-09-29 21:47 -------- d-----w- C:\rsit 2009-09-29 06:54 . 2009-09-29 06:54 -------- d-----w- c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\cache 2009-09-29 06:53 . 2009-09-29 07:02 -------- d-----w- c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Temp 2009-09-29 06:53 . 2009-09-29 07:02 -------- d-----w- c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google 2009-09-29 06:52 . 2009-09-29 06:52 570024 ----a-w- c:\program files\ChromeSetup.exe 2009-09-29 03:16 . 2009-09-29 03:16 -------- d-----w- c:\program files\Trend Micro 2009-09-29 03:16 . 2009-09-29 03:16 812344 ----a-w- c:\program files\HJTInstall.exe 2009-09-29 02:43 . 2009-09-29 02:43 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-29 10:03 . 2009-02-26 19:02 -------- d-----w- c:\documents and settings\matwiej\Dane aplikacji\Nowe Gadu-Gadu 2009-09-29 06:54 . 2009-03-13 21:18 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-09-29 02:48 . 2009-05-25 22:15 -------- d-----w- c:\program files\DarkSwords 2009-09-29 02:48 . 2008-11-25 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-29 02:46 . 2008-11-25 17:11 -------- d-----w- c:\program files\BS.Player ControlBar 2009-09-29 02:39 . 2009-06-28 20:52 -------- d-----w- c:\program files\Java 2009-09-24 17:53 . 2009-04-03 19:59 -------- d-----w- c:\documents and settings\matwiej\Dane aplikacji\Winamp 2009-08-05 09:01 . 2008-04-14 20:50 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:04 . 2008-04-14 20:50 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2008-05-08 18:01 286208 ----a-w- c:\windows\system32\wmpdxm.dll . ------- Sigcheck ------- [-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-30_07.51.11 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-30 08:06 . 2009-09-30 08:06 16384 c:\windows\temp\Perflib_Perfdata_750.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592] "Google Update"="c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-09-29 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-04-12 184320] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk backup=c:\windows\pss\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-09-30 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-09-30 20560] S3 oflpydin;oflpydin;\??\c:\docume~1\matwiej\USTAWI~1\Temp\oflpydin.sys --> c:\docume~1\matwiej\USTAWI~1\Temp\oflpydin.sys [?] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2009-02-26 402432] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - AAVMKER4 *NewlyCreated* - ASWFSBLK *NewlyCreated* - ASWMON2 *NewlyCreated* - ASWRDR *NewlyCreated* - ASWSP *NewlyCreated* - ASWTDI *NewlyCreated* - ASWUPDSV *NewlyCreated* - AVAST!_ANTIVIRUS *NewlyCreated* - AVAST!_MAIL_SCANNER *NewlyCreated* - AVAST!_WEB_SCANNER . Zawartość folderu 'Zaplanowane zadania' 2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003Core.job - c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-09-29 06:53] 2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003UA.job - c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-09-29 06:53] . . ------- Skan uzupełniający ------- . FF - ProfilePath - c:\documents and settings\matwiej\Dane aplikacji\Mozilla\Firefox\Profiles\pjhfrlh6.default\ FF - prefs.js: browser.startup.homepage - googlepl FF - plugin: c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\npGoogleOneClick8.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-30 12:34 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(736) c:\windows\system32\igfxsrvc.dll c:\windows\system32\hccutils.DLL . Czas ukończenia: 2009-09-30 12:36 ComboFix-quarantined-files.txt 2009-09-30 10:36 ComboFix2.txt 2009-09-30 08:26 ComboFix3.txt 2009-09-30 07:52 Przed: 71 441 534 976 bajtów wolnych Po: 71 434 911 744 bajtów wolnych 144 --- E O F --- 2009-09-30 06:45

z malware za chwilę
co do avasta to nie narzekałem przez 5 lat

**Posty:** 4459 · przez **jarski185** 30 Wrz 2009, 12:43

Fever napisał(a):co do avasta to nie narzekałem przez 5 lat

regularni bywalcy dzialu bezpieczenstwo, czytaj dajacy logi do sprawdzania bo maja syf, sa takiego samego zdania

**Posty:** 18165 · przez **wojtas** 30 Wrz 2009, 12:49

Otworz notatnik i wklej w nim to:

File::
c:\docume~1\matwiej\USTAWI~1\Temp\oflpydin.sys

Driver::
oflpydin

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie )

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

Autor postu otrzymał pochwałę

**Posty:** 112 · przez **Fever** 30 Wrz 2009, 13:24

Kod: Zaznacz wszystko: ComboFix 09-09-29.03 - matwiej 2009-09-30 13:00.4.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.502.173 [GMT 2:00] Uruchomiony z: c:\documents and settings\matwiej\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\matwiej\Pulpit\CFScript.txt AV: avast! antivirus 4.8.1356 [VPS 090929-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\docume~1\matwiej\USTAWI~1\Temp\oflpydin.sys" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OFLPYDIN -------\Service_oflpydin ((((((((((((((((((((((((( Pliki utworzone od 2009-08-28 do 2009-09-30 ))))))))))))))))))))))))))))))) . 2009-09-30 08:04 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-09-30 08:04 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-09-30 08:04 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-09-30 08:04 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-09-30 08:04 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-09-30 08:04 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-09-30 08:04 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-09-30 08:04 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-09-30 08:03 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe 2009-09-30 08:03 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll 2009-09-30 08:03 . 2009-09-30 08:03 -------- d-----w- c:\program files\Alwil Software 2009-09-30 08:00 . 2009-09-30 08:02 38898248 ----a-w- c:\program files\setuppol.exe 2009-09-29 21:47 . 2009-09-29 21:47 -------- d-----w- C:\rsit 2009-09-29 06:54 . 2009-09-29 06:54 -------- d-----w- c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\cache 2009-09-29 06:53 . 2009-09-29 07:02 -------- d-----w- c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Temp 2009-09-29 06:53 . 2009-09-29 07:02 -------- d-----w- c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google 2009-09-29 06:52 . 2009-09-29 06:52 570024 ----a-w- c:\program files\ChromeSetup.exe 2009-09-29 03:16 . 2009-09-29 03:16 -------- d-----w- c:\program files\Trend Micro 2009-09-29 03:16 . 2009-09-29 03:16 812344 ----a-w- c:\program files\HJTInstall.exe 2009-09-29 02:43 . 2009-09-29 02:43 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-29 10:03 . 2009-02-26 19:02 -------- d-----w- c:\documents and settings\matwiej\Dane aplikacji\Nowe Gadu-Gadu 2009-09-29 06:54 . 2009-03-13 21:18 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-09-29 02:48 . 2009-05-25 22:15 -------- d-----w- c:\program files\DarkSwords 2009-09-29 02:48 . 2008-11-25 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-29 02:46 . 2008-11-25 17:11 -------- d-----w- c:\program files\BS.Player ControlBar 2009-09-29 02:39 . 2009-06-28 20:52 -------- d-----w- c:\program files\Java 2009-09-24 17:53 . 2009-04-03 19:59 -------- d-----w- c:\documents and settings\matwiej\Dane aplikacji\Winamp 2009-08-05 09:01 . 2008-04-14 20:50 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:04 . 2008-04-14 20:50 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2008-05-08 18:01 286208 ----a-w- c:\windows\system32\wmpdxm.dll . ------- Sigcheck ------- [-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-30_07.51.11 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-30 11:09 . 2009-09-30 11:09 16384 c:\windows\temp\Perflib_Perfdata_744.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592] "Google Update"="c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-09-29 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-04-12 184320] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk backup=c:\windows\pss\Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-09-30 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-09-30 20560] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2009-02-26 402432] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] . Zawartość folderu 'Zaplanowane zadania' 2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003Core.job - c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-09-29 06:53] 2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003UA.job - c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-09-29 06:53] . . ------- Skan uzupełniający ------- . FF - ProfilePath - c:\documents and settings\matwiej\Dane aplikacji\Mozilla\Firefox\Profiles\pjhfrlh6.default\ FF - prefs.js: browser.startup.homepage - googlepl FF - plugin: c:\documents and settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\npGoogleOneClick8.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-30 13:08 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(2080) c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\acs.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Czas ukończenia: 2009-09-30 13:12 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-09-30 11:12 ComboFix2.txt 2009-09-30 10:36 ComboFix3.txt 2009-09-30 08:26 ComboFix4.txt 2009-09-30 07:52 Przed: 71 281 807 360 bajtów wolnych Po: 71 214 362 624 bajtów wolnych 138 --- E O F --- 2009-09-30 06:45

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.41 Wersja bazy definicji: 2876 Windows 5.1.2600 Dodatek Service Pack 3 2009-09-30 13:23:09 mbam-log-2009-09-30 (13-23-09).txt Typ skanowania: Szybkie skanowanie Przeskanowane obiekty: 83672 Upłynęło: 6 minute(s), 2 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 24 Zainfekowane wartości rejestru: 1 Zainfekowane pliki rejestru: 1 Zainfekowane foldery: 0 Zainfekowane pliki: 1 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a916af3c-976d-4358-8736-95bea0b5fd2c} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{be45f056-e005-437b-be88-23acf70b0b6a} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully. Zainfekowane wartości rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Zainfekowane pliki rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenU) -> Quarantined and deleted successfully.

**Posty:** 2183 · przez **NieWiem** 30 Wrz 2009, 15:04

Log OK.

Wywal co znalazł MBAM i po sprawie, usuń instalkę ComboFixa oraz ściągnij i odpal programik OTC - doczyści resztki.

Autor postu otrzymał pochwałę

**Posty:** 112 · przez **Fever** 01 Paź 2009, 10:02

a jednak wrócę do tematu. dzisiaj pojawiły się problemy w rozruchu kompa, wszysto dziala straszliwie wolno, wiesza się na kilkadziesiąt sekund, wykonuje jakąś akcję i znowu. teraz wyskoczył mi jakiś błąd o zamknieciu aplikacji MRT.exe. CHDSk także po pewnym czasie nie dawal rady, awaryjny dziala. obecnie skorzystalem z przywracania ustawien i jest jakby lepiej, ale dalej do perfekcji daleko. o co moze chodzic?

**Posty:** 2183 · przez **NieWiem** 01 Paź 2009, 10:41

Pokaż logi z OTL.

**Posty:** 112 · przez **Fever** 01 Paź 2009, 11:00

Kod: Zaznacz wszystko: OTL logfile created on: 2009-10-01 10:55:07 - Run 1 OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\matwiej\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 502,42 Mb Total Physical Memory | 84,78 Mb Available Physical Memory | 16,87% Memory free 1,20 Gb Paging File | 0,57 Gb Available in Paging File | 47,73% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74,53 Gb Total Space | 66,06 Gb Free Space | 88,64% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HTRWHTRW-CF5795 Current User Name: matwiej Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2005-09-26 12:22:28 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\acs.exe PRC - [2008-04-14 22:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2004-11-02 10:03:44 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe PRC - [2004-11-02 09:59:42 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe PRC - [2005-04-12 17:18:46 | 00,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\Ltmoh.exe PRC - [2009-09-15 12:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009-08-31 18:07:34 | 11,391,592 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009-08-31 16:56:26 | 00,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2009-09-12 07:00:54 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2009-09-12 07:00:54 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2009-09-12 07:00:54 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2009-09-12 07:00:54 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2009-09-12 07:00:54 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2009-09-12 07:00:54 | 00,919,024 | ---- | M] (Google Inc.) -- C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2009-10-01 10:54:20 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\matwiej\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2005-09-26 12:22:28 | 00,036,864 | ---- | M] () -- C:\WINDOWS\System32\acs.exe -- (ACS [Auto | Running]) SRV - [2009-09-15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - [2009-09-15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2009-09-15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running]) SRV - [2009-09-15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) SRV - [2008-04-14 22:50:46 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2009-09-15 12:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running]) DRV - [2008-11-25 17:41:41 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running]) DRV - [2005-04-12 17:19:42 | 01,066,278 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running]) DRV - [2005-04-19 11:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) DRV - [2004-12-22 17:45:36 | 00,393,600 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running]) DRV - [2009-09-15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) DRV - [2009-09-15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) DRV - [2009-09-15 12:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) DRV - [2009-09-15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running]) DRV - [2009-09-15 12:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running]) DRV - [2004-11-02 10:27:20 | 00,773,565 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running]) DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008-08-20 19:58:58 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2008-04-13 22:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2005-12-22 15:45:18 | 00,402,432 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\DRIVERS\WlanBZXP.sys -- (SG762_XP [On_Demand | Stopped]) DRV - [2008-11-25 19:12:29 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2005-03-30 18:18:40 | 00,230,400 | ---- | M] (Marvell) -- C:\WINDOWS\System32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running]) DRV - [2006-01-18 15:09:40 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50 [On_Demand | Stopped]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-776561741-1972579041-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-776561741-1972579041-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-776561741-1972579041-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-776561741-1972579041-1606980848-1003\S-1-5-21-776561741-1972579041-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "googlepl" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-09-29 05:12:32 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-29 05:12:31 | 00,000,000 | ---D | M] [2009-02-28 23:59:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\matwiej\Dane aplikacji\mozilla\Extensions [2009-02-28 23:59:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\matwiej\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009-02-28 23:59:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\matwiej\Dane aplikacji\mozilla\Firefox\Profiles\pjhfrlh6.default\extensions [2009-09-29 04:37:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009-09-29 05:12:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-06-28 22:53:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009-08-24 22:23:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009-08-24 22:23:38 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-06-28 22:52:54 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009-08-24 22:23:38 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2003-05-15 11:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-09-10 21:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2008-09-10 21:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2009-08-24 21:19:13 | 00,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2009-08-24 21:19:13 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2009-08-24 21:19:13 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009-08-24 21:19:13 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2009-08-24 21:19:13 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2009-08-24 21:19:13 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2009-08-24 21:19:13 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-776561741-1972579041-1606980848-1003\..\Toolbar\WebBrowser: (no name) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - No CLSID value found. O3 - HKU\S-1-5-21-776561741-1972579041-1606980848-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems) O4 - HKU\S-1-5-21-776561741-1972579041-1606980848-1003..\Run: [Google Update] C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKU\S-1-5-21-776561741-1972579041-1606980848-1003..\Run: [Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-776561741-1972579041-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-776561741-1972579041-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-776561741-1972579041-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-776561741-1972579041-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-776561741-1972579041-1606980848-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.173.193.3 217.173.193.11 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-11-25 14:51:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [1 C:\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-10-01 10:54:20 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\matwiej\Pulpit\OTL.exe [2009-10-01 09:54:21 | 24,689,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-09-30 19:23:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm [2009-09-30 19:22:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Last.fm [2009-09-30 19:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\Last.fm [2009-09-30 13:51:24 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009-09-30 13:48:45 | 36,579,8736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\matwiej\Pulpit\X12-30283.exe [2009-09-30 13:15:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\matwiej\Dane aplikacji\Malwarebytes [2009-09-30 13:15:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-09-30 13:15:53 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009-09-30 13:15:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009-09-30 13:15:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes [2009-09-30 12:40:01 | 00,061,440 | ---- | C] () -- C:\Documents and Settings\matwiej\Pulpit\I-rok-sem.zimowy-2009-2010.doc [2009-09-30 10:08:50 | 00,017,470 | ---- | C] () -- C:\WINDOWS\edobyla.lib [2009-09-30 10:08:50 | 00,016,603 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\ilofozo.db [2009-09-30 10:08:50 | 00,014,847 | ---- | C] () -- C:\WINDOWS\yvyduvutic._sy [2009-09-30 10:08:50 | 00,011,596 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\pajexyha.db [2009-09-30 10:04:09 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk [2009-09-30 10:04:08 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009-09-30 10:04:07 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009-09-30 10:04:06 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009-09-30 10:04:04 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009-09-30 10:04:03 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009-09-30 10:04:03 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009-09-30 10:04:02 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009-09-30 10:04:02 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009-09-30 10:03:32 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009-09-30 10:03:32 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll [2009-09-30 10:03:32 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009-09-30 10:03:29 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009-09-30 10:00:33 | 38,898,248 | ---- | C] () -- C:\Program Files\setuppol.exe [2009-09-30 09:52:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009-09-30 09:45:38 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009-09-30 09:45:31 | 00,262,400 | ---- | C] () -- C:\cmldr [2009-09-30 09:45:30 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009-09-30 09:44:52 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009-09-30 09:44:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009-09-29 23:38:45 | 00,017,005 | ---- | C] () -- C:\WINDOWS\uzelaq.db [2009-09-29 23:38:45 | 00,016,281 | ---- | C] () -- C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\zuzylig.db [2009-09-29 09:16:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\matwiej\Moje dokumenty\Downloads [2009-09-29 08:54:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\cache [2009-09-29 08:53:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Temp [2009-09-29 08:53:26 | 00,001,140 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003UA.job [2009-09-29 08:53:25 | 00,001,088 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003Core.job [2009-09-29 08:53:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\Google [2009-09-29 05:16:58 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\matwiej\Pulpit\HijackThis.lnk [2009-09-29 05:16:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-09-29 05:16:39 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe [2009-09-29 05:09:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009-09-29 04:56:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Windows Genuine Advantage [2009-09-29 04:43:08 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\matwiej\Pulpit\CCleaner.lnk [2009-09-29 04:43:07 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009-02-26 20:16:11 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll [2008-12-09 12:49:48 | 00,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL [2008-12-02 12:55:51 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008-11-25 19:12:28 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-11-25 19:12:04 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008-11-25 19:12:03 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008-11-25 19:12:03 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008-11-25 15:08:21 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2008-11-25 15:07:42 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2008-11-25 15:07:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2008-11-25 15:07:42 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2008-11-25 15:07:42 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2001-07-22 00:16:20 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini [2001-07-22 00:15:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [1 C:\*.tmp files] [6 C:\WINDOWS\System32\*.tmp files] [3 C:\WINDOWS\*.tmp files] [2009-10-01 10:58:08 | 00,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003UA.job [2009-10-01 10:54:20 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\matwiej\Pulpit\OTL.exe [2009-10-01 10:04:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-10-01 10:04:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-10-01 09:52:29 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini [2009-10-01 09:52:29 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009-10-01 09:52:29 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009-09-30 14:16:56 | 36,579,8736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\matwiej\Pulpit\X12-30283.exe [2009-09-30 13:08:45 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009-09-30 12:40:01 | 00,061,440 | ---- | M] () -- C:\Documents and Settings\matwiej\Pulpit\I-rok-sem.zimowy-2009-2010.doc [2009-09-30 10:08:50 | 00,017,470 | ---- | M] () -- C:\WINDOWS\edobyla.lib [2009-09-30 10:08:50 | 00,016,603 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\ilofozo.db [2009-09-30 10:08:50 | 00,014,847 | ---- | M] () -- C:\WINDOWS\yvyduvutic._sy [2009-09-30 10:08:50 | 00,011,596 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\pajexyha.db [2009-09-30 10:04:09 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk [2009-09-30 10:04:03 | 00,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009-09-30 10:02:28 | 38,898,248 | ---- | M] () -- C:\Program Files\setuppol.exe [2009-09-30 08:58:01 | 00,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003Core.job [2009-09-30 08:41:58 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-09-30 08:39:57 | 06,425,734 | -H-- | M] () -- C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-09-29 23:38:45 | 00,017,005 | ---- | M] () -- C:\WINDOWS\uzelaq.db [2009-09-29 23:38:45 | 00,016,281 | ---- | M] () -- C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\zuzylig.db [2009-09-29 05:16:58 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\matwiej\Pulpit\HijackThis.lnk [2009-09-29 05:16:40 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HJTInstall.exe [2009-09-29 05:10:27 | 00,000,211 | ---- | M] () -- C:\Boot.bak [2009-09-29 04:43:08 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\matwiej\Pulpit\CCleaner.lnk [2009-09-15 12:59:36 | 01,279,968 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009-09-15 12:56:21 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009-09-15 12:56:14 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009-09-15 12:55:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009-09-15 12:55:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009-09-15 12:54:30 | 00,052,368 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009-09-15 12:54:21 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009-09-15 12:53:24 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009-09-15 12:53:01 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009-09-14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009-09-10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009-09-10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [color=#E56717]========== LOP Check ==========[/color] [2008-10-24 16:35:29 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji [2009-09-30 19:23:03 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji [2009-09-30 19:23:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Last.fm [2009-03-21 00:38:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Wru [2008-10-24 16:35:29 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Dane aplikacji [2008-11-25 14:57:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji [2009-09-30 13:15:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\matwiej\Dane aplikacji [2008-11-25 19:11:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\matwiej\Dane aplikacji\BSplayer Pro [2008-11-25 19:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\matwiej\Dane aplikacji\DAEMON Tools [2009-06-18 00:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\matwiej\Dane aplikacji\Meg@byte [2009-09-29 12:03:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\matwiej\Dane aplikacji\Nowe Gadu-Gadu [2008-11-25 14:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji [2001-07-22 00:17:50 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-09-30 08:58:01 | 00,001,088 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003Core.job [2009-10-01 10:58:08 | 00,001,140 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1972579041-1606980848-1003UA.job [2009-10-01 10:04:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color]

< End of report >

**Posty:** 18165 · przez **wojtas** 01 Paź 2009, 17:08

C:\WINDOWS\edobyla.lib
C:\Documents and Settings\All Users\Dokumenty\ilofozo.db
C:\WINDOWS\yvyduvutic._sy
C:\Documents and Settings\All Users\Dokumenty\pajexyha.db
C:\Documents and Settings\matwiej\Ustawienia lokalne\Dane aplikacji\zuzylig.db

skasuj

**Posty:** 112 · przez **Fever** 01 Paź 2009, 17:28

cuś wrzucać jeszcze?

Kto jest na forum