Mały problem z heur.w32

**Posty:** 3 · przez **Saiyd** 05 Cze 2009, 23:41

więc tak mam problem z tym wirusem heur.w32 stoi u mnie serwer jednej z gier online i nie moge go włączyć przez tego wirusa prosze o pomoc oto logi z OTListIt 2

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-06-05 23:24:32 - Run 1 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\deth\Pulpit Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 72,89% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 45,90 Gb Total Space | 29,43 Gb Free Space | 64,11% Space Free | Partition Type: NTFS Drive D: | 223,63 Gb Total Space | 201,55 Gb Free Space | 90,13% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 196,22 Gb Total Space | 177,87 Gb Free Space | 90,65% Space Free | Partition Type: NTFS Drive H: | 465,76 Gb Total Space | 306,56 Gb Free Space | 65,82% Space Free | Partition Type: NTFS Drive I: | 494,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: 1-B8261D56FEB34 Current User Name: deth Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe PRC - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe PRC - [2006-04-29 12:47:14 | 00,020,541 | ---- | M] (Apache Software Foundation) -- D:\AppServ\Apache2\bin\Apache.exe PRC - [2000-08-06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe PRC - [2006-04-29 12:47:14 | 00,020,541 | ---- | M] (Apache Software Foundation) -- D:\AppServ\Apache2\bin\Apache.exe PRC - [2006-05-25 23:50:24 | 04,149,248 | ---- | M] () -- D:\AppServ\MySQL\bin\mysqld-nt.exe PRC - [2004-08-04 14:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2007-03-11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe PRC - [2009-05-14 18:50:52 | 17,881,088 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2008-07-31 14:14:00 | 02,296,360 | ---- | M] (Gainward Co.) -- C:\Program Files\EXPERTool ATI\TBPanel.exe PRC - [2007-07-09 09:39:12 | 02,119,104 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2009-05-22 01:14:18 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\deth\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe PRC - [2008-12-18 14:32:52 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe PRC - [2000-08-06 01:03:20 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe PRC - [2009-04-19 17:20:31 | 00,625,952 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi.exe PRC - [2008-12-18 13:19:44 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe PRC - [2009-03-04 11:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2009-03-09 13:44:12 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2008-11-26 12:35:00 | 00,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009-06-05 16:46:43 | 00,158,208 | ---- | M] (SCFMT) -- D:\Server\SCF-Programs\SCFDB\SCFdb2.exe PRC - [2004-08-04 14:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-06-05 22:35:02 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\deth\Ustawienia lokalne\temp\winxkvsd.exe PRC - [2009-06-05 22:41:49 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\deth\Ustawienia lokalne\temp\winyikhk.exe PRC - [2009-06-05 23:01:07 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe PRC - [2009-06-05 16:53:08 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deth\Pulpit\OTListIt2.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2006-04-29 12:47:14 | 00,020,541 | ---- | M] (Apache Software Foundation) -- D:\AppServ\Apache2\bin\Apache.exe -- (Apache2 [Auto | Running]) SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009-03-16 22:15:12 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) SRV - [2009-03-17 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2004-08-04 14:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2007-06-04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running]) SRV - [2007-06-04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running]) SRV - [2009-02-19 00:30:20 | 00,199,184 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped]) SRV - [2000-08-06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Running]) SRV - [2000-08-06 01:50:18 | 00,139,330 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped]) SRV - [2006-05-25 23:50:24 | 04,149,248 | ---- | M] () -- D:\AppServ\MySQL\bin\mysqld-nt.exe -- (mysql [Auto | Running]) SRV - [2006-11-08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running]) SRV - [2006-11-08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running]) SRV - [2009-03-04 11:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running]) SRV - [2000-08-06 01:50:18 | 00,385,090 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT [On_Demand | Stopped]) SRV - [2008-06-12 11:42:26 | 02,217,328 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4 [Auto | Stopped]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2008-08-05 20:10:12 | 01,684,736 | ---- | M] (Creative) -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt [On_Demand | Stopped]) DRV - [2007-04-16 16:46:34 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdPPM.sys -- (AmdPPM [System | Running]) DRV - [2009-03-16 23:33:02 | 03,597,312 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) DRV - [2008-07-02 21:38:14 | 00,089,600 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Stopped]) DRV - [2002-11-28 16:18:04 | 00,015,360 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running]) DRV - [2002-11-29 13:38:16 | 00,016,320 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running]) DRV - [2002-11-28 12:43:49 | 00,022,016 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys -- (ElbyVCD [Boot | Running]) DRV - [2009-04-19 17:20:31 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running]) DRV - [2005-01-07 17:07:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2007-03-07 07:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Running]) DRV - [2007-03-07 07:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Running]) DRV - [2007-03-07 07:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Running]) DRV - [2009-05-15 17:19:06 | 05,080,064 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2008-12-18 23:43:06 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running]) DRV - [2008-12-18 23:43:40 | 00,035,472 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running]) DRV - [2008-12-18 23:43:48 | 00,037,392 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running]) DRV - [2006-01-04 15:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt [On_Demand | Stopped]) DRV - [2009-02-09 07:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped]) DRV - [2009-02-09 07:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped]) DRV - [2008-08-01 10:36:20 | 00,054,784 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running]) DRV - [2008-11-12 16:58:38 | 00,145,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts [Boot | Running]) DRV - [2008-08-01 10:36:26 | 00,022,016 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running]) DRV - [2008-08-25 02:22:40 | 00,014,208 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvsmu.sys -- (nvsmu [On_Demand | Running]) DRV - [2008-08-26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped]) DRV - [2004-08-04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2009-04-14 17:25:06 | 03,732,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService [On_Demand | Running]) DRV - [2004-08-04 14:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2009-02-09 07:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped]) DRV - [2004-08-03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped]) DRV - [2009-02-09 07:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped]) DRV - [2008-06-12 02:08:26 | 00,004,608 | ---- | M] (RealVNC Ltd.) -- C:\WINDOWS\system32\DRIVERS\vncmirror.sys -- (vncmirror [On_Demand | Running]) DRV - File not found -- -- (abp470n5 [On_Demand | Running]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [2009-04-21 01:27:16 | 00,000,000 | ---D | M] O1 HOSTS File: (749 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: whitehillmu.dyn.pl localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.) O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (Gadu-Gadu S.A.) O4 - HKCU..\Run: [Gainward] C:\Program Files\EXPERTool ATI\TBPanel.exe /A (Gainward Co.) O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\deth\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c (Google Inc.) O4 - HKCU..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\deth\Menu Start\Programy\Autostart\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: com.pl ([.www.mks] https in Zaufane witryny) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-03-30 08:44:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001-04-18 17:23:00 | 00,000,041 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2009-06-05 23:05:36 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [8 C:\WINDOWS\*.tmp files] [2009-06-05 23:05:36 | 00,002,076 | ---- | C] () -- C:\Documents and Settings\deth\Pulpit\Nowy Dokument tekstowy (2).rar [2009-06-05 23:01:07 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\deth\Pulpit\HijackThis.lnk [2009-06-05 22:41:23 | 00,005,537 | ---- | C] () -- C:\Documents and Settings\deth\Pulpit\Nowy Dokument tekstowy.rar [2009-06-05 22:34:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\deth\Ustawienia lokalne\temp [2009-06-05 22:31:15 | 00,000,235 | ---- | C] () -- C:\Boot.bak [2009-06-05 22:31:12 | 00,262,400 | ---- | C] () -- C:\cmldr [2009-06-05 22:31:12 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009-06-05 22:29:12 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009-06-05 22:29:12 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009-06-05 22:29:12 | 00,154,624 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009-06-05 22:29:12 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009-06-05 22:29:12 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009-06-05 22:29:12 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009-06-05 22:29:12 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009-06-05 22:29:12 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009-06-05 22:29:08 | 00,000,000 | --SD | C] -- C:\ComboFix [2009-06-05 22:29:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009-06-05 22:29:06 | 00,000,000 | ---D | C] -- C:\Qoobox [2009-06-05 18:52:56 | 01,273,734 | ---- | C] () -- C:\Documents and Settings\deth\Pulpit\animacja.gif [2009-06-05 17:09:41 | 00,022,582 | ---- | C] () -- C:\Documents and Settings\deth\Pulpit\sm23.jpg [2009-06-05 16:54:57 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro [2009-06-05 16:54:54 | 00,000,000 | ---D | C] -- C:\rsit [2009-06-05 16:53:43 | 00,851,541 | ---- | C] () -- C:\Documents and Settings\deth\Pulpit\RSIT.exe [2009-06-05 16:53:08 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\deth\Pulpit\OTListIt2.exe [2009-06-05 16:41:41 | 00,000,000 | ---D | C] -- C:\Program Files\RealVNC [2009-06-05 16:41:41 | 00,000,000 | ---D | C] -- C:\Program Files\ATI [2009-06-05 16:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI [2009-06-05 16:26:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009-06-05 16:26:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\deth\Dane aplikacji\gtk-2.0 [2009-06-05 12:55:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI(4) [2009-06-03 21:22:06 | 00,032,686 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat [2009-06-03 19:33:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI(3) [2009-06-02 21:15:21 | 00,000,000 | ---D | C] -- H:\Moje zeskanowane obrazy [2009-06-02 00:24:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ATI(2) [2009-06-01 22:36:10 | 00,000,000 | ---D | C] -- C:\Program Files\Lavalys [2009-05-28 15:11:06 | 00,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Dyn.pl DNSUpdate.lnk [2009-05-28 15:11:06 | 00,000,000 | ---D | C] -- C:\Program Files\Dyn.pl DNSUpdate [2009-05-27 18:56:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\deth\Pulpit\Kopia GS_CS [2009-05-22 01:15:22 | 00,000,000 | ---D | C] -- H:\Downloads [2009-05-22 01:15:21 | 00,002,295 | ---- | C] () -- C:\Documents and Settings\deth\Pulpit\Google Chrome.lnk [2009-05-22 01:14:18 | 00,001,076 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1677128483-725345543-1004.job [2009-05-21 22:22:51 | 00,000,000 | R--D | C] -- H:\Moja muzyka [2009-05-21 22:22:42 | 00,679,850 | ---- | C] () -- C:\Documents and Settings\deth\Pulpit\DEATH.jpg [2009-05-21 22:20:59 | 00,679,850 | ---- | C] () -- C:\Documents and Settings\deth\Pulpit\20090521291.jpg [2009-05-20 20:55:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2009-05-20 20:54:46 | 00,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nokia Software Updater.lnk [2009-05-20 20:54:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0 [2009-05-19 23:07:36 | 00,001,186 | ---- | C] () -- C:\Documents and Settings\deth\Pulpit\'Folding@Home'.lnk [2009-05-19 23:07:36 | 00,000,000 | ---D | C] -- C:\ATI [2009-05-19 23:03:06 | 00,006,045 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu [2009-05-19 22:57:57 | 00,000,000 | ---D | C] -- C:\NVIDIA [2009-05-19 22:55:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\deth\Dane aplikacji\Logitech [2009-05-19 22:54:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\LogiShrd [2009-05-19 22:54:03 | 00,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk [2009-05-19 22:54:03 | 00,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Ustawienia myszy i klawiatury firmy Logitech.lnk [2009-05-19 22:54:02 | 00,170,512 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\kemutb.dll [2009-05-19 22:54:02 | 00,145,936 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemUtil.dll [2009-05-19 22:54:02 | 00,117,264 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemWnd.dll [2009-05-19 22:54:02 | 00,084,496 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemXML.dll [2009-05-19 22:53:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Logitech [2009-05-19 22:53:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2009-05-19 22:53:51 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech [2009-05-19 22:52:27 | 00,290,816 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe [2009-05-19 22:52:26 | 00,122,880 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe [2009-05-19 22:52:25 | 01,684,736 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys [2009-05-19 22:10:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\deth\Pulpit\stery nowe [2009-05-19 21:42:13 | 00,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedCry.dll [2009-05-19 21:42:13 | 00,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XCEEDZIP.DLL [2009-05-19 21:42:13 | 00,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Tabctl32.ocx [2009-05-19 21:42:13 | 00,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msinet.ocx [2009-05-19 21:42:13 | 00,110,602 | ---- | C] () -- C:\WINDOWS\System32\xcdsfx32.bin [2009-05-19 21:42:13 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\deth\Pulpit\Driver Magician.lnk [2009-05-19 21:42:13 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Magician [2009-05-19 21:39:48 | 01,171,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80d.dll [2009-05-19 21:39:48 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d10.dll [2009-05-19 21:39:48 | 00,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr90.dll [2009-05-19 21:39:48 | 00,635,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcrtnew.dll [2009-05-19 21:39:48 | 00,635,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll [2009-05-19 21:39:48 | 00,572,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp90.dll [2009-05-19 21:39:48 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll [2009-05-19 21:39:48 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll [2009-05-19 21:39:48 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll [2009-05-19 21:39:48 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm90.dll [2009-05-19 21:39:48 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dwmapi.dll [2009-05-19 21:39:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Pulpit\Game Fix [2009-05-19 21:39:47 | 00,940,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjava.dll [2009-05-19 21:39:47 | 00,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll [2009-05-19 21:39:47 | 00,061,440 | ---- | C] (Rafael & ZoRoNaX) -- C:\WINDOWS\System32\Vista.Emulation.dll [2009-05-19 21:39:46 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_40.dll [2009-05-19 21:39:46 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_39.dll [2009-05-19 21:39:46 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_38.dll [2009-05-19 21:39:46 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_37.dll [2009-05-19 21:39:46 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll [2009-05-19 21:39:46 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll [2009-05-19 21:39:46 | 00,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll [2009-05-19 21:39:45 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll [2009-05-19 21:39:45 | 00,730,121 | ---- | C] () -- C:\Program Files\Common Files\unins000.exe [2009-05-19 21:39:45 | 00,707,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d2d1.dll [2009-05-19 21:39:45 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll [2009-05-19 21:39:45 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll [2009-05-19 21:39:45 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll [2009-05-19 21:39:45 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll [2009-05-19 21:39:45 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll [2009-05-19 21:39:45 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll [2009-05-19 21:39:45 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll [2009-05-19 21:39:45 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10.dll [2009-05-19 21:39:45 | 00,430,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3D10SDKLayers.DLL [2009-05-19 21:39:45 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\CompressATI2.dll [2009-05-19 21:39:45 | 00,003,017 | ---- | C] () -- C:\Program Files\Common Files\unins000.dat [2009-05-19 20:44:39 | 00,559,650 | ---- | C] (Mateusz Kleina ) -- C:\Documents and Settings\deth\Pulpit\DNSUpdate10.exe [2009-05-19 18:12:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\deth\Dane aplikacji\TeamViewer [2009-05-19 18:12:47 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\TeamViewer 3.lnk [2009-05-19 18:12:46 | 00,000,000 | ---D | C] -- C:\Program Files\TeamViewer3 [2009-05-19 16:16:34 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2009-05-16 14:42:10 | 00,000,000 | ---D | C] -- H:\My eBooks [2009-05-13 22:52:59 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009-05-10 09:53:58 | 00,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2009-05-10 07:46:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2009-05-10 04:32:10 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll [2009-05-07 19:12:26 | 00,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak [2009-04-01 17:43:10 | 00,847,360 | ---- | C] () -- C:\WINDOWS\System32\JS32.dll [2006-07-13 11:14:38 | 00,039,899 | ---- | C] () -- C:\WINDOWS\php.ini [2006-01-13 09:07:22 | 00,385,024 | ---- | C] () -- C:\WINDOWS\System32\sablot.dll [2006-01-13 09:07:20 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll [2006-01-13 09:07:20 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\mSQL.dll [2006-01-13 09:07:18 | 00,165,643 | ---- | C] () -- C:\WINDOWS\System32\libmhash.dll [2006-01-13 09:07:16 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll [2004-10-04 14:05:10 | 00,000,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004-08-04 14:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004-08-04 14:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2004-08-04 14:00:00 | 00,000,523 | ---- | C] () -- C:\WINDOWS\win.ini [2004-08-04 14:00:00 | 00,000,265 | ---- | C] () -- C:\WINDOWS\system.ini [color=orange]========== Files - Modified Within 30 Days ==========[/color] [1 C:\WINDOWS\System32\*.tmp files] [8 C:\WINDOWS\*.tmp files] [2009-06-05 23:05:36 | 00,002,076 | ---- | M] () -- C:\Documents and Settings\deth\Pulpit\Nowy Dokument tekstowy (2).rar [2009-06-05 23:01:07 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\deth\Pulpit\HijackThis.lnk [2009-06-05 22:41:23 | 00,005,537 | ---- | M] () -- C:\Documents and Settings\deth\Pulpit\Nowy Dokument tekstowy.rar [2009-06-05 22:34:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-06-05 22:32:55 | 00,000,265 | ---- | M] () -- C:\WINDOWS\system.ini [2009-06-05 22:31:15 | 00,000,305 | RHS- | M] () -- C:\boot.ini [2009-06-05 22:01:13 | 00,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1677128483-725345543-1004.job [2009-06-05 18:52:56 | 01,273,734 | ---- | M] () -- C:\Documents and Settings\deth\Pulpit\animacja.gif [2009-06-05 18:48:05 | 00,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2009-06-05 17:09:41 | 00,022,582 | ---- | M] () -- C:\Documents and Settings\deth\Pulpit\sm23.jpg [2009-06-05 16:53:43 | 00,851,541 | ---- | M] () -- C:\Documents and Settings\deth\Pulpit\RSIT.exe [2009-06-05 16:53:08 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\deth\Pulpit\OTListIt2.exe [2009-06-05 16:44:14 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\deth\Ustawienia lokalne\desktop.ini [2009-06-05 16:44:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-06-04 20:36:45 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-06-04 18:06:04 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\deth\Pulpit\Komendy.doc [2009-06-03 21:30:44 | 00,032,686 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat [2009-06-02 01:41:32 | 01,250,556 | ---- | M] () -- C:\Documents and Settings\deth\Pulpit\Napi Project 1[1].0.6.2-sciaga napisy do filmow.zip [2009-05-31 11:47:49 | 00,000,523 | ---- | M] () -- C:\WINDOWS\win.ini [2009-05-31 11:08:41 | 00,154,624 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009-05-28 15:11:06 | 00,000,675 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Dyn.pl DNSUpdate.lnk [2009-05-26 11:28:56 | 00,000,235 | ---- | M] () -- C:\Boot.bak [2009-05-23 11:39:08 | 00,094,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-05-23 11:02:36 | 00,001,186 | ---- | M] () -- C:\Documents and Settings\deth\Pulpit\'Folding@Home'.lnk [2009-05-22 01:15:21 | 00,002,295 | ---- | M] () -- C:\Documents and Settings\deth\Pulpit\Google Chrome.lnk [2009-05-21 22:22:42 | 00,679,850 | ---- | M] () -- C:\Documents and Settings\deth\Pulpit\DEATH.jpg [2009-05-21 22:02:44 | 00,679,850 | ---- | M] () -- C:\Documents and Settings\deth\Pulpit\20090521291.jpg [2009-05-20 20:54:46 | 00,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nokia Software Updater.lnk [2009-05-20 20:48:59 | 01,036,426 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-05-20 20:48:59 | 00,465,834 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-05-20 20:48:59 | 00,410,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-05-20 20:48:59 | 00,081,574 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-05-20 20:48:59 | 00,065,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-05-19 22:54:03 | 00,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk [2009-05-19 22:54:03 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Ustawienia myszy i klawiatury firmy Logitech.lnk [2009-05-19 21:42:13 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\deth\Pulpit\Driver Magician.lnk [2009-05-19 21:39:49 | 00,003,017 | ---- | M] () -- C:\Program Files\Common Files\unins000.dat [2009-05-19 21:39:29 | 00,730,121 | ---- | M] () -- C:\Program Files\Common Files\unins000.exe [2009-05-19 20:44:39 | 00,559,650 | ---- | M] (Mateusz Kleina ) -- C:\Documents and Settings\deth\Pulpit\DNSUpdate10.exe [2009-05-19 18:12:47 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\TeamViewer 3.lnk [2009-05-13 22:52:59 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2009-05-10 07:46:15 | 21,453,86496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2009-05-07 19:12:24 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak < End of report >

**Posty:** 18165 · przez **wojtas** 06 Cze 2009, 11:19

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt +Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

**Posty:** 3 · przez **Saiyd** 06 Cze 2009, 16:35

nie mogłem zrobić logów sdfixe więc wklejam tlyko logi combofixa

Kod: Zaznacz wszystko: ComboFix 09-06-05.07 - deth 2009-06-06 16:20.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.2048.1581 [GMT 2:00] Uruchomiony z: h:\downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\AutoRun.inf c:\windows\system32\avrt.dll c:\windows\system32\d3d10core.dll c:\windows\system32\D3DX10d_39.dll c:\windows\system32\dxgi.dll . ((((((((((((((((((((((((( Pliki utworzone od 2009-05-06 do 2009-06-06 ))))))))))))))))))))))))))))))) . 2009-06-05 14:54 . 2009-06-06 12:21 -------- d-----w- c:\program files\trend micro 2009-06-05 14:54 . 2009-06-05 14:55 -------- d-----w- C:\rsit 2009-06-05 14:41 . 2009-06-06 12:21 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI(5) 2009-06-05 14:27 . 2009-06-05 14:27 -------- d-----w- c:\documents and settings\deth\Ustawienia lokalne\Dane aplikacji\Deployment 2009-06-05 14:26 . 2009-06-05 14:26 -------- d-----w- c:\documents and settings\deth\temp 2009-06-05 14:26 . 2009-06-05 14:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-05 14:26 . 2009-06-05 14:26 -------- d-----w- c:\documents and settings\deth\Dane aplikacji\gtk-2.0 2009-06-05 10:55 . 2009-06-06 12:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI(4) 2009-06-03 19:29 . 2009-06-03 19:29 21840 ----a-w- c:\windows\system32\SIntfNT.dll 2009-06-03 19:29 . 2009-06-03 19:29 17212 ----a-w- c:\windows\system32\SIntf32.dll 2009-06-03 19:29 . 2009-06-03 19:29 12067 ----a-w- c:\windows\system32\SIntf16.dll 2009-06-03 19:22 . 2009-06-03 19:30 32686 ----a-w- c:\windows\DIIUnin.dat 2009-06-03 19:22 . 2009-06-03 19:22 2829 ----a-w- c:\windows\DIIUnin.pif 2009-06-03 19:22 . 2009-06-03 19:22 106496 ----a-w- c:\windows\DIIUnin.exe 2009-06-03 17:33 . 2009-06-06 12:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI 2009-06-01 22:24 . 2009-06-06 12:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\ATI(2) 2009-06-01 20:36 . 2009-06-01 20:36 -------- d-----w- c:\program files\Lavalys 2009-05-28 13:11 . 2009-06-05 14:22 -------- d-----w- c:\program files\Dyn.pl DNSUpdate 2009-05-21 23:14 . 2009-06-05 14:22 -------- d-----w- c:\documents and settings\deth\Ustawienia lokalne\Dane aplikacji\Google 2009-05-20 18:55 . 2009-05-20 18:55 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Nokia 2009-05-20 18:54 . 2009-05-20 18:50 24627752 ----a-r- c:\documents and settings\All Users\Dane aplikacji\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_pl.exe 2009-05-20 18:54 . 2009-05-20 18:54 -------- d-----w- c:\program files\MSXML 6.0 2009-05-20 18:54 . 2009-05-20 18:54 3421444 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe 2009-05-20 18:54 . 2009-05-20 18:54 3251244 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe 2009-05-20 18:54 . 2009-05-20 18:54 110592 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe 2009-05-19 21:07 . 2009-05-19 21:07 -------- d-----w- C:\ATI 2009-05-19 21:03 . 2008-07-29 10:33 446464 ----a-w- c:\windows\system32\nvunrm.exe 2009-05-19 20:57 . 2009-05-19 20:57 -------- d-----w- C:\NVIDIA 2009-05-19 20:55 . 2009-05-19 20:55 -------- d-----w- c:\documents and settings\deth\Dane aplikacji\Logitech 2009-05-19 20:54 . 2009-05-19 20:54 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\LogiShrd 2009-05-19 20:54 . 2009-02-18 22:26 301656 ----a-w- c:\windows\system32\BtCoreIf.dll 2009-05-19 20:54 . 2009-02-18 22:27 84496 ----a-w- c:\windows\system32\KemXML.dll 2009-05-19 20:54 . 2009-02-18 22:27 117264 ----a-w- c:\windows\system32\KemWnd.dll 2009-05-19 20:54 . 2009-02-18 22:27 145936 ----a-w- c:\windows\system32\KemUtil.dll 2009-05-19 20:54 . 2009-02-18 22:27 170512 ----a-w- c:\windows\system32\kemutb.dll 2009-05-19 20:53 . 2009-05-19 20:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Logitech 2009-05-19 20:53 . 2009-05-19 20:54 -------- d-----w- c:\program files\Common Files\Logishrd 2009-05-19 20:53 . 2009-05-19 20:53 -------- d-----w- c:\program files\Logitech 2009-05-19 20:52 . 2008-10-23 15:42 290816 ----a-w- c:\windows\vncutil.exe 2009-05-19 20:52 . 2009-05-14 13:21 36864 ----a-w- c:\windows\system32\RtkCoInstXP.dll 2009-05-19 20:52 . 2009-03-17 12:07 122880 ----a-w- c:\windows\RtkAudioService.exe 2009-05-19 20:52 . 2008-08-05 18:10 1684736 ----a-w- c:\windows\system32\drivers\Ambfilt.sys 2009-05-19 20:52 . 2006-01-04 13:41 1389056 ----a-w- c:\windows\system32\drivers\Monfilt.sys 2009-05-19 20:51 . 2009-04-14 15:25 3732608 ----a-w- c:\windows\system32\drivers\RtKHDMI.sys 2009-05-19 20:51 . 2009-04-01 07:58 1200128 ----a-w- c:\windows\RtkUpd.exe 2009-05-19 20:51 . 2009-03-31 12:15 39936 ----a-w- c:\windows\system32\RHCoInstXP.dll 2009-05-19 19:42 . 2009-06-06 12:24 -------- d-----w- c:\program files\Driver Magician 2009-05-19 19:42 . 2005-01-12 09:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL 2009-05-19 19:42 . 2004-09-28 09:13 526184 ----a-w- c:\windows\system32\XceedCry.dll 2009-05-19 19:42 . 2004-08-11 13:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin 2009-05-19 16:12 . 2009-06-01 20:32 -------- d-----w- c:\documents and settings\deth\Dane aplikacji\TeamViewer 2009-05-19 16:12 . 2009-06-06 12:25 -------- d-----w- c:\program files\TeamViewer3 2009-05-19 14:16 . 2009-06-05 14:23 -------- d-----w- c:\program files\SkanerOnline 2009-05-10 07:59 . 2009-05-10 07:59 -------- d-----w- c:\documents and settings\deth\.thumbnails 2009-05-10 07:54 . 2009-06-05 14:26 -------- d-----w- c:\documents and settings\deth\.gimp-2.4 2009-05-10 07:53 . 2009-06-05 14:24 -------- d-----w- c:\program files\GIMP-2.0 2009-05-10 02:32 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-06 14:18 . 2009-04-19 15:20 -------- d-----w- c:\documents and settings\deth\Dane aplikacji\Hamachi 2009-06-06 12:24 . 2009-03-31 00:16 -------- d-----w- c:\program files\ATI Technologies 2009-06-06 12:24 . 2009-04-05 13:53 -------- d-----w- c:\program files\HP 2009-06-06 12:23 . 2009-04-16 09:29 -------- d-----w- c:\documents and settings\deth\Dane aplikacji\uTorrent 2009-06-06 12:23 . 2009-03-30 09:23 -------- d-----w- c:\documents and settings\deth\Dane aplikacji\dvdcss 2009-05-23 09:39 . 2009-03-31 00:22 12328 ----a-w- c:\documents and settings\deth\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-05-20 19:00 . 2009-03-30 10:01 -------- d-----w- c:\documents and settings\deth\Dane aplikacji\Nokia 2009-05-20 18:54 . 2009-03-30 09:59 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Installations 2009-05-20 18:54 . 2009-04-20 23:27 -------- d-----w- c:\program files\Common Files\Nokia 2009-05-20 18:54 . 2009-04-06 10:52 -------- d-----w- c:\program files\Nokia 2009-05-20 18:48 . 2004-08-04 12:00 81574 ----a-w- c:\windows\system32\perfc015.dat 2009-05-20 18:48 . 2004-08-04 12:00 465834 ----a-w- c:\windows\system32\perfh015.dat 2009-05-19 20:53 . 2009-03-30 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-19 19:39 . 2009-05-19 19:39 3017 ----a-w- c:\program files\Common Files\unins000.dat 2009-05-19 19:39 . 2009-05-19 19:39 730121 ----a-w- c:\program files\Common Files\unins000.exe 2009-05-19 16:51 . 2009-03-30 10:47 -------- d-----w- c:\documents and settings\deth\Dane aplikacji\AdobeUM 2009-05-15 15:19 . 2009-03-30 18:51 5080064 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2009-05-14 16:50 . 2009-03-30 18:51 17881088 ----a-w- c:\windows\RTHDCPL.EXE 2009-04-29 01:17 . 2008-09-11 01:17 303104 ----a-w- c:\windows\system32\atiok3x2(2).dll 2009-04-28 13:53 . 2009-04-28 13:53 -------- d-----w- c:\program files\Sunbelt Software 2009-04-20 23:27 . 2009-04-20 23:27 -------- d-----w- c:\program files\Common Files\PCSuite 2009-04-20 23:26 . 2009-04-20 23:26 -------- d-----w- c:\program files\PC Connectivity Solution 2009-04-20 23:26 . 2009-04-20 23:26 81920 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe 2009-04-20 23:26 . 2009-04-20 23:26 131072 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-04-20 23:26 . 2009-04-20 23:26 34793368 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_pol.exe 2009-04-19 18:42 . 2009-04-19 18:42 -------- d-----w- c:\program files\Microsoft SQL Server 2009-04-19 18:20 . 2009-04-19 18:20 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\HPAppData 2009-04-19 15:20 . 2009-04-19 15:20 -------- d-----w- c:\program files\Hamachi 2009-04-19 15:20 . 2009-04-19 15:20 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-04-17 14:10 . 2009-04-17 14:09 -------- d-----w- c:\program files\NAPI-PROJEKT 2009-04-16 15:23 . 2009-03-30 18:50 540672 ----a-w- c:\windows\RtlExUpd.dll 2009-04-16 09:30 . 2009-04-16 09:30 -------- d-----w- c:\program files\uTorrent 2009-04-07 15:34 . 2009-04-05 13:55 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\HPSSUPPLY 2009-04-07 15:33 . 2009-04-07 15:33 -------- d-----w- c:\documents and settings\deth\Dane aplikacji\HP 2009-04-05 13:57 . 2009-04-05 13:52 155221 ----a-w- c:\windows\hpoins14.dat 2009-04-05 13:55 . 2009-04-05 13:55 12328 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-04-01 19:59 . 2009-03-31 00:17 188348 ----a-w- c:\windows\system32\atiicdxx.dat 2009-04-01 07:58 . 2009-03-30 18:51 1200128 ----a-w- c:\windows\RtlUpd.exe 2009-03-31 00:22 . 2009-03-31 00:22 0 ----a-w- c:\windows\ativpsrm.bin 2009-03-31 00:19 . 2009-03-31 00:19 9158 ----a-r- c:\documents and settings\deth\Dane aplikacji\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe 2009-03-30 20:50 . 2009-03-30 06:43 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-03-30 10:00 . 2009-03-30 10:00 90112 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\UninstCCD.exe 2009-03-30 10:00 . 2009-03-30 10:00 88064 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\UninstPCS.exe 2009-03-30 10:00 . 2009-03-30 10:00 139264 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-03-30 06:42 . 2009-03-30 06:42 21856 ----a-w- c:\windows\system32\emptyregdb.dat 2009-03-17 19:05 . 2009-03-31 00:17 593920 ------w- c:\windows\system32\ati2sgag.exe 2009-03-16 21:33 . 2008-09-11 03:08 3597312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys 2009-03-16 20:27 . 2009-03-31 00:17 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2009-03-16 20:27 . 2009-03-31 00:17 442368 ----a-w- c:\windows\system32\ATIDEMGX(2).dll 2009-03-16 20:26 . 2008-09-11 02:20 328704 ----a-w- c:\windows\system32\ati2dvag.dll 2009-03-16 20:26 . 2008-09-11 02:20 328704 ----a-w- c:\windows\system32\ati2dvag(3)(3).dll 2009-03-16 20:17 . 2009-03-31 00:17 307200 ----a-w- c:\windows\system32\atiiiexx.dll 2009-03-16 20:17 . 2008-09-11 02:10 204800 ----a-w- c:\windows\system32\atipdlxx.dll 2009-03-16 20:17 . 2008-09-11 02:10 204800 ----a-w- c:\windows\system32\atipdlxx(2).dll 2009-03-16 20:16 . 2008-09-11 02:10 155648 ----a-w- c:\windows\system32\Oemdspif.dll 2009-03-16 20:16 . 2008-09-11 02:09 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe 2009-03-16 20:16 . 2008-09-11 02:09 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2009-03-16 20:16 . 2008-09-11 02:09 43520 ----a-w- c:\windows\system32\ati2edxx(2).dll 2009-03-16 20:16 . 2008-09-11 02:09 155648 ----a-w- c:\windows\system32\ati2evxx.dll 2009-03-16 20:16 . 2008-09-11 02:09 155648 ----a-w- c:\windows\system32\ati2evxx(3)(3).dll 2009-03-16 20:15 . 2008-09-11 02:07 602112 ----a-w- c:\windows\system32\ati2evxx.exe 2009-03-16 20:15 . 2008-09-11 02:07 602112 ----a-w- c:\windows\system32\ati2evxx(2).exe 2009-03-16 20:13 . 2008-09-11 02:06 53248 ----a-w- c:\windows\system32\ATIDDC.DLL 2009-03-16 20:06 . 2008-09-11 01:56 3820736 ----a-w- c:\windows\system32\ati3duag.dll 2009-03-16 20:06 . 2008-09-11 01:56 3820736 ----a-w- c:\windows\system32\ati3duag(3)(3).dll 2009-03-16 20:04 . 2008-09-11 02:08 11563008 ----a-w- c:\windows\system32\atioglxx.dll 2009-03-16 19:53 . 2008-09-11 01:40 2675328 ----a-w- c:\windows\system32\ativvaxx.dll 2009-03-16 19:53 . 2008-09-11 01:40 2675328 ----a-w- c:\windows\system32\ativvaxx(3)(3).dll 2009-03-16 19:40 . 2009-03-16 19:40 49664 ----a-w- c:\windows\system32\atimpc32.dll 2009-03-16 19:40 . 2008-09-11 01:24 49664 ----a-w- c:\windows\system32\amdpcom32.dll 2009-03-16 19:36 . 2008-09-11 01:20 475136 ----a-w- c:\windows\system32\atikvmag.dll 2009-03-16 19:36 . 2008-09-11 01:20 475136 ----a-w- c:\windows\system32\atikvmag(3)(3).dll 2009-03-16 19:35 . 2008-09-11 01:17 303104 ----a-w- c:\windows\system32\atiok3x2.dll 2009-03-16 19:35 . 2008-09-11 01:17 303104 ----a-w- c:\windows\system32\atiok3x2(3)(3).dll 2009-03-16 19:35 . 2009-03-16 19:35 45056 ----a-w- c:\windows\system32\aticalrt.dll 2009-03-16 19:35 . 2008-09-11 01:19 131072 ----a-w- c:\windows\system32\atiadlxx.dll 2009-03-16 19:35 . 2008-09-11 01:19 131072 ----a-w- c:\windows\system32\atiadlxx(2).dll 2009-03-16 19:34 . 2009-03-16 19:34 45056 ----a-w- c:\windows\system32\aticalcl.dll 2009-03-16 19:34 . 2008-09-11 01:19 17408 ----a-w- c:\windows\system32\atitvo32.dll 2009-03-16 19:34 . 2008-09-11 01:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2009-03-16 19:33 . 2009-03-16 19:33 3264512 ----a-w- c:\windows\system32\aticaldd.dll 2009-03-16 19:28 . 2008-09-11 01:12 630784 ----a-w- c:\windows\system32\ati2cqag.dll 2009-03-16 19:28 . 2008-09-11 01:12 630784 ----a-w- c:\windows\system32\ati2cqag(3)(3).dll 2009-03-10 12:32 . 2009-03-30 18:51 2168320 ----a-w- c:\windows\MicCal.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Gainward"="c:\program files\EXPERTool ATI\TBPanel.exe" [2008-07-31 2296360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1390080] "Google Update"="c:\documents and settings\deth\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2009-05-21 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 126976] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-17 131072] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-05-14 17881088] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 154128] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\deth\Menu Start\Programy\Autostart\ hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-4-19 625952] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2009-4-19 69632] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-02-18 22:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [COLOR=RED] Klucz Trybu Awaryjnego wymaga naprawy. Komputer nie może wejść w Tryb Awaryjny. [/COLOR] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Dyn.pl DNSUpdate\\DNSUpdate.exe"= "c:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe"= "c:\\WINDOWS\\KHALMNPR.EXE"= "c:\\Program Files\\PC Connectivity Solution\\NclInstaller.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"= "c:\\WINDOWS\\system32\\CF23261.exe"= R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016] R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\tolsfm.sys --> c:\windows\system32\drivers\tolsfm.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-05-19 1684736] S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-03-31 89600] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Zawartość folderu 'Zaplanowane zadania' 2009-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1677128483-725345543-1004.job - c:\documents and settings\deth\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-05-21 23:14] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ Trusted Zone: com.pl\.www.mks DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-06 16:21 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql] "ImagePath"="d:\appserv\MySQL\bin\mysqld-nt --defaults-file=d:\appserv\MySQL\my.ini mysql" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-861567501-1677128483-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(768) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Czas ukończenia: 2009-06-06 16:23 ComboFix-quarantined-files.txt 2009-06-06 14:23 ComboFix2.txt 2009-06-05 20:34 Przed: 31 505 608 704 bajtów wolnych Po: 31 515 533 312 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /maxmem=2048 /numproc=3 283

**Posty:** 18165 · przez **wojtas** 06 Cze 2009, 16:54

http://www.searchengines.pl/Infekcje-plikow-wykonywalnych-exe-dll-scr-t122692.html

wykonaj plyte LiveCD Dr Web i skanuj nim kompa... daj znac co znalazł i nowy log z combo (oczywiscie plytke rob na innym nie zainfekowanym kompie )

**Posty:** 3 · przez **Saiyd** 06 Cze 2009, 17:15

yyy Wiec tak mam problem bo nie wiem o co chodzi z tą płytką Oo wiem nuubek jestem

pomóż