Spowolnienie systemu i net /w32.gammina, 2.exe, 9u.exe

**Posty:** 2 · przez **artur_321** 25 Sie 2009, 09:57

Witam

Mam dwa problemy.

1. Programy typu Spybot albo AntiMalvare wykrywają mi masę robali ale nie potrafią ich usunąć. Np. AntiMalvare pokazuje najpierw liste wynikow z 20 robalami, mowi, ze czesc z nich mozna usunąc dopiero uruchamiając ponownie system. Robię restart i dla pewności robię kolejny skan - wykazuje mi np. 9 robali :-/

Używam XP.

Mam na stałe wyłączone przywracanie systemu.

2. Antivir wykrywa mi z kolei pliki o nazwach takich jak 2.exe, e.exe, i.exe, 9u.exe na dysku C albo na pendrive (e:\). Niby usuwa, ale też przy kolejnej próbie skanowania efekt jest taki, że te pliki dalej gdzieś siedzą. Jak się tego pozbyć?

Symantec wykrywa mi na pendrive - oprócz powyższych coś co nazywa W32.Gammina.AG, ale również ma problem z usunięciem...

3. Mam też problem z internetem. Od jakiegoś czasu nie otwierały mi się tylko niektóre strony, np. youtube, ale reszta działała tyle ze nieco wolniej niż zwykle. Natomiast od kilku dni otwierają się dosłownie pojedyncze strony (gazeta.pl, dfv.pl), ale cala masa takich jak onet.pl, interia.pl, google.pl - już nie (pojawia się komunikat identyczny jak wtedy, gdy mam odłączony kabelek z net).

Myślałem, że to może kwestia sterowników modemu, albo ustawień net, ale zaktualizowałem sterowniki i problem nadal występuje. Dlatego podejrzewam któregoś z tych robali, które wykrywa mi AntiMalvare...

Używam IE, wersja 6. Czy zmiana przeglądarki może coś zmienić (np. na firefox)?

Mam połączenie z UPC przez kabelek USB. Modem WebStar serii 2000, jeśli ma to jakieś znaczenie.

Robiłem czyszczenie plików temp, cookies i optymalizację ustawień pod kątem szybszego uruchamiania systemu. Myślałem, ze podczas tych czynności usunąłem coś istotnego, ale optymalizacja była robiona jakieś 3 miesiące temu, a problemy z net występują od zeszłego tyg...

4. Wklejam dwa logi:

z OTL z przed kilku dni:

Kod: Zaznacz wszystko: OTL logfile created on: 2009-08-20 21:31:03 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Mariusz\Moje dokumenty Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 758,42 Mb Total Physical Memory | 496,56 Mb Available Physical Memory | 65,47% Memory free 1,19 Gb Paging File | 0,97 Gb Available in Paging File | 81,83% Paging File free Paging file location(s): C:\pagefile.sys 500 1000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32,96 Gb Total Space | 1,87 Gb Free Space | 5,66% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: IBM-E22A06CD440 Current User Name: Mariusz Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2004-02-26 10:26:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\System32\ibmpmsvc.exe PRC - [2007-06-13 15:23:49 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2007-09-26 16:23:26 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe PRC - [2004-03-19 22:21:10 | 00,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe PRC - [2008-01-29 17:38:32 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe PRC - [2007-06-05 14:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe PRC - [2004-08-18 12:30:00 | 00,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\QCONSVC.EXE PRC - [2004-08-04 09:44:26 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AhnRpta.exe PRC - [2001-10-30 16:00:00 | 00,094,208 | ---- | M] (Sigma Designs Inc) -- C:\WINDOWS\System32\sofatnet.exe PRC - [2003-07-12 03:19:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe PRC - [2004-08-04 09:44:30 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2004-08-04 09:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe PRC - [2004-08-04 09:44:26 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe PRC - [2003-11-13 12:12:00 | 00,094,208 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\tp4serv.exe PRC - [2004-08-07 04:26:28 | 00,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe PRC - [2004-08-18 12:30:00 | 00,081,920 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE PRC - [2004-08-18 12:30:00 | 00,708,608 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE PRC - [2009-08-11 22:10:27 | 00,026,757 | ---- | M] () -- C:\WINDOWS\System32\msword98.exe PRC - [2004-07-30 20:03:54 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe PRC - [2004-03-19 21:12:10 | 00,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\UTILS\ibmprc.exe PRC - [2004-07-22 11:01:00 | 00,442,368 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe PRC - [2004-07-30 19:59:52 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe PRC - [2003-12-25 11:04:00 | 00,208,896 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe PRC - [2004-09-02 10:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe PRC - [2004-07-16 06:51:14 | 00,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe PRC - [2002-01-11 00:01:34 | 00,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe PRC - [2009-02-27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe PRC - [2009-08-11 22:10:27 | 00,026,757 | ---- | M] () -- C:\Documents and Settings\Mariusz\msword98.exe PRC - [2009-08-20 21:23:18 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mariusz\Moje dokumenty\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2004-08-17 20:00:00 | 00,073,728 | -H-- | M] () -- C:\WINDOWS\System32\6to4ex.dll -- (6to4 [Auto | Running]) SRV - [2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - File not found -- -- (CLTNetCnService [Auto | Stopped]) SRV - [2001-10-30 16:00:00 | 00,044,544 | ---- | M] (X-Ways Software Technology) -- C:\WINDOWS\System32\EvdoServer.dll -- (evdoserver [Auto | Running]) SRV - [2007-09-26 16:23:26 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Harmonogram automatycznej usługi LiveUpdate [Auto | Running]) SRV - [2004-08-04 09:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Disabled | Stopped]) SRV - [2004-03-19 22:21:10 | 00,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service [Auto | Running]) SRV - [2004-02-26 10:26:00 | 00,057,344 | ---- | M] () -- C:\WINDOWS\System32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running]) SRV - [2005-11-14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2004-08-04 09:44:02 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\Ipripv32.dll -- (iprip [Auto | Running]) SRV - [2007-09-26 16:23:26 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped]) SRV - File not found -- -- (LiveUpdate Notice Ex [Auto | Stopped]) SRV - [2008-01-29 17:38:32 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running]) SRV - [2006-12-14 03:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped]) SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2006-12-14 02:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped]) SRV - [2007-06-05 14:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe -- (ProtexisLicensing [Auto | Running]) SRV - [2005-05-22 20:18:52 | 00,032,256 | ---- | M] () -- C:\WINDOWS\System32\drivers\psasrv.exe -- (PsaSrv [On_Demand | Stopped]) SRV - [2004-08-18 12:30:00 | 00,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\QCONSVC.EXE -- (QCONSVC [Auto | Running]) SRV - [2007-02-08 16:13:46 | 00,212,480 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped]) SRV - [2001-10-30 16:00:00 | 00,094,208 | ---- | M] (Sigma Designs Inc) -- C:\WINDOWS\System32\sofatnet.exe -- (sofatnet [Auto | Running]) SRV - [2006-12-14 03:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped]) SRV - [2009-07-20 19:55:23 | 00,006,144 | ---- | M] (Default Company) -- C:\WINDOWS\System32\srsvc.dll -- (srservice [Auto | Running]) SRV - [2003-07-12 03:19:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe -- (TpKmpSVC [Auto | Running]) SRV - [2009-08-14 18:33:17 | 00,041,515 | ---- | M] () -- C:\WINDOWS\System32\win.dll -- (win [Auto | Running]) SRV - [2006-10-18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2001-08-18 05:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped]) DRV - [2004-04-07 16:41:38 | 00,116,176 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running]) DRV - [2003-12-08 12:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped]) DRV - [2003-12-08 12:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\System32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped]) DRV - [2001-08-18 06:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped]) DRV - [2004-08-04 08:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped]) DRV - [2004-08-18 12:30:00 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\drivers\ANC.SYS -- (ANC [System | Running]) DRV - [2001-08-18 06:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped]) DRV - [2001-08-18 06:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped]) DRV - [2006-10-04 09:16:02 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running]) DRV - [2001-10-27 01:58:28 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [On_Demand | Stopped]) DRV - [2001-08-18 06:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped]) DRV - [2004-08-17 12:21:00 | 00,087,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running]) DRV - [2004-07-14 11:56:00 | 00,040,448 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running]) DRV - [2003-09-17 20:44:42 | 00,145,408 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running]) DRV - [2004-03-19 21:03:58 | 00,005,120 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS -- (EGATHDRV [Auto | Running]) DRV - [2008-02-22 17:53:00 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys -- (GearAspiWDM [On_Demand | Running]) DRV - [2004-07-23 00:25:58 | 00,197,888 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running]) DRV - [2004-07-23 00:24:20 | 01,041,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running]) DRV - [2004-07-30 20:27:06 | 00,724,989 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running]) DRV - [2004-09-24 02:39:58 | 00,064,256 | ---- | M] (IBM) -- C:\WINDOWS\System32\drivers\ibmfilter.sys -- (ibmfilter [Auto | Running]) DRV - [2004-02-26 10:26:00 | 00,011,344 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running]) DRV - [2004-08-18 12:30:00 | 00,002,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS -- (IBMTPCHK [System | Running]) DRV - [2004-08-04 09:38:40 | 00,607,068 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Stopped]) DRV - [2003-04-09 23:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running]) DRV - [2001-08-18 06:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped]) DRV - [2003-08-10 02:32:14 | 00,014,336 | R--- | M] (Motorola Inc.) -- C:\WINDOWS\System32\DRIVERS\NetMotCM.sys -- (ndiscm [On_Demand | Stopped]) DRV - [2004-08-04 09:44:02 | 00,002,304 | ---- | M] () -- C:\WINDOWS\System32\netcard.sys -- (netcard [On_Demand | Stopped]) DRV - [2004-08-04 08:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Stopped]) DRV - [2009-08-11 22:10:42 | 00,619,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running]) DRV - [2002-09-20 03:41:28 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped]) DRV - [2000-06-01 05:29:54 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\PMEMNT.SYS -- (PMEM [Auto | Running]) DRV - [2005-05-22 20:18:52 | 00,013,312 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\Drivers\psadd.sys -- (psadd [On_Demand | Stopped]) DRV - [2001-10-30 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2004-08-18 12:30:00 | 00,012,288 | ---- | M] (IBM Corporation.) -- C:\WINDOWS\System32\drivers\qcndisif.SYS -- (QCNDISIF [On_Demand | Stopped]) DRV - [2001-08-18 06:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped]) DRV - [2001-08-18 06:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped]) DRV - [2001-08-18 06:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped]) DRV - [2001-11-01 12:57:14 | 00,095,104 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\DRIVERS\s3ssavm.sys -- (S3SSavage [On_Demand | Stopped]) DRV - [2007-11-13 12:25:55 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2004-08-04 08:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped]) DRV - [2004-07-29 10:36:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Smapint.sys -- (Smapint [System | Running]) DRV - [2004-06-23 19:42:46 | 00,266,880 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running]) DRV - [2001-08-18 07:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped]) DRV - [2004-07-14 20:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running]) DRV - [2004-07-14 20:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running]) DRV - [2001-08-18 07:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped]) DRV - [2001-08-18 07:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped]) DRV - [2001-08-18 07:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped]) DRV - [2001-08-18 07:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped]) DRV - [2004-07-29 10:36:00 | 00,009,341 | ---- | M] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS -- (TDSMAPI [System | Running]) DRV - [2004-09-02 10:05:00 | 00,025,723 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running]) DRV - [2004-09-02 10:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running]) DRV - [2004-09-02 10:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running]) DRV - [2004-09-02 10:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running]) DRV - [2004-09-02 10:05:00 | 00,086,202 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running]) DRV - [2004-09-02 10:05:00 | 00,014,715 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running]) DRV - [2004-09-02 10:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running]) DRV - [2004-09-02 10:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running]) DRV - [2004-09-02 10:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running]) DRV - [2003-11-13 12:12:00 | 00,013,904 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\DRIVERS\tp4track.sys -- (Tp4Track [On_Demand | Running]) DRV - [2004-06-10 05:19:46 | 00,016,340 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV [System | Running]) DRV - [2004-07-29 10:37:00 | 00,016,384 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\drivers\Tppwr.sys -- (TPPWR [System | Running]) DRV - [2004-07-15 11:31:00 | 00,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS -- (TSMAPIP [System | Running]) DRV - [2001-08-18 06:48:14 | 00,011,520 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\DRIVERS\TwoTrack.sys -- (TwoTrack [On_Demand | Stopped]) DRV - [2001-08-18 06:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped]) DRV - [2004-06-10 10:42:38 | 00,015,429 | R--- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Sacm2A.sys -- (USBCM [On_Demand | Stopped]) DRV - [2004-08-04 09:44:02 | 00,002,304 | ---- | M] () -- C:\WINDOWS\System32\usbwte.sys -- (usbwte [On_Demand | Stopped]) DRV - [2004-07-23 00:24:52 | 00,676,096 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=09 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (2880 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 115.47.207.146 www.myspace.com O1 - Hosts: 115.47.207.146 www.youtube.com O1 - Hosts: 115.47.207.146 www.facebook.com O1 - Hosts: 115.47.207.146 www.awrghunaewogddjaoiugr.com O1 - Hosts: 115.47.207.146 www.awrghunaewogdjaoiugr.com O1 - Hosts: 115.47.207.146 www.msn.com O1 - Hosts: 115.47.207.146 www.asdfasdfd.com O1 - Hosts: 115.47.207.146 www.gg.com O1 - Hosts: 115.47.207.146 www.asdfaasdhfd.com O1 - Hosts: 115.47.207.146 www.asdfasdfjd.com O1 - Hosts: 115.47.207.146 www.asdff1asdfkd.com O1 - Hosts: 115.47.207.146 www.yahoo.com O1 - Hosts: 115.47.207.146 www.google.com O1 - Hosts: 115.47.207.146 www.google.co.uk O1 - Hosts: 115.47.207.146 www.asdfasdfld.com O1 - Hosts: 115.47.207.146 www.antispy.com O1 - Hosts: 115.47.207.146 www.asxdfa3sdfd.com O1 - Hosts: 115.47.207.146 www.asdzfas2dfd.com O1 - Hosts: 115.47.207.146 www.asdcfasdfd.com O1 - Hosts: 115.47.207.146 www.asdfvasdfd.com O1 - Hosts: 115.47.207.146 www.asdf2absdfd.com O1 - Hosts: 115.47.207.146 www.yahoo.com O1 - Hosts: 115.47.207.146 www.yahoo.co.uk O1 - Hosts: 115.47.207.146 www.asdfasndfd.com O1 - Hosts: 115.47.207.146 www.asdfasd2mfd.com O1 - Hosts: 52 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [adobe reader speed launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [bluetoothauthenticationagent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation) O4 - HKLM..\Run: [bmmlref] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE () O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions) O4 - HKLM..\Run: [ezejmnap] C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.) O4 - HKLM..\Run: [hotkeyscmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM) O4 - HKLM..\Run: [ibmprc] C:\IBMTOOLS\UTILS\ibmprc.exe (IBM Corp.) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [msword98] C:\WINDOWS\System32\msword98.exe () O4 - HKLM..\Run: [qctray] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.) O4 - HKLM..\Run: [qcwlicon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.) O4 - HKLM..\Run: [quicktime task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found O4 - HKLM..\Run: [s3tray2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [tp4ex] C:\WINDOWS\System32\tp4ex.exe (IBM Corporation) O4 - HKLM..\Run: [tphotkey] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [tpkmaphelper] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.) O4 - HKLM..\Run: [trackpointsrv] C:\WINDOWS\System32\tp4serv.exe (IBM Corporation) O4 - HKCU..\Run: [amva] C:\WINDOWS\System32\amvo.exe File not found O4 - HKCU..\Run: [cbvcs] C:\WINDOWS\System32\urretnd.exe File not found O4 - HKCU..\Run: [cdoosoft] c:\temp\herss.exe () O4 - HKCU..\Run: [ctfmon.exe] c:\temp\774611610mmx.DLL File not found O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM) O4 - HKCU..\Run: [msword98] C:\Documents and Settings\Mariusz\msword98.exe () O4 - HKCU..\Run: [yahoo!] c:\temp\198777321519don.DLL File not found O4 - HKLM..\RunOnce: [OTL] C:\Documents and Settings\Mariusz\Moje dokumenty\OTL.exe (OldTimer Tools) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: com.pl ([skaner.mks] https in Zaufane witryny) O15 - HKCU\..Trusted Domains: 85 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool) O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx (get_atlcom Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/sezam/components/SignActivX.cab (SignActivX Control) O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Java Plug-in 1.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D27CDC6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\temp\382313usc.dll) - c:\temp\382313usc.dll () O20 - AppInit_DLLs: (c:\temp\413813usc.dll) - c:\temp\413813usc.dll () O20 - AppInit_DLLs: (c:\temp\361814usc.dll) - c:\temp\361814usc.dll () O20 - AppInit_DLLs: (c:\temp\181435kou.dll) - c:\temp\181435kou.dll () O20 - AppInit_DLLs: (c:\temp\133314usc.dll) - c:\temp\133314usc.dll () O20 - AppInit_DLLs: (c:\temp\22314usc.dll) - c:\temp\22314usc.dll () O20 - AppInit_DLLs: (c:\temp\143914usc.dll) - c:\temp\143914usc.dll () O20 - AppInit_DLLs: (c:\temp\241314usc.dll) - c:\temp\241314usc.dll () O20 - AppInit_DLLs: (c:\temp\542114usc.dll) - c:\temp\542114usc.dll () O20 - AppInit_DLLs: (c:\temp\481615usc.dll) - c:\temp\481615usc.dll () O20 - AppInit_DLLs: (c:\temp\584815usc.dll) - c:\temp\584815usc.dll () O20 - AppInit_DLLs: (c:\temp\545115usc.dll) - c:\temp\545115usc.dll () O20 - AppInit_DLLs: (c:\temp\233315usc.dll) - c:\temp\233315usc.dll () O20 - AppInit_DLLs: (c:\temp\54815usc.dll) - c:\temp\54815usc.dll () O20 - AppInit_DLLs: (c:\temp\51015usc.dll) - c:\temp\51015usc.dll () O20 - AppInit_DLLs: (c:\temp\63115usc.dll) - c:\temp\63115usc.dll () O20 - AppInit_DLLs: (c:\temp\572015usc.dll) - c:\temp\572015usc.dll () O20 - AppInit_DLLs: (c:\temp\42115mja.dll) - c:\temp\42115mja.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.) O24 - Desktop Components:0 () - http://th.interia.pl/20,g5d1018ef3423635/i831585.jpg O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {BB4C402F-882A-4526-8C08-51278EA437C1} - C:\WINDOWS\System32\e8main1.dll () O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005-07-02 11:12:37 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006-12-12 14:29:45 | 00,000,008 | ---- | M] () - C:\AUTOR.LIS -- [ NTFS ] O32 - AutoRun File - [2009-08-20 21:31:32 | 00,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{0b754104-ca2e-11dd-ac76-000ae430b386}\Shell\AutoRun\command - "" = E:\i.exe -- File not found O33 - MountPoints2\{0b754104-ca2e-11dd-ac76-000ae430b386}\Shell\explore\Command - "" = E:\i.exe -- File not found O33 - MountPoints2\{0b754104-ca2e-11dd-ac76-000ae430b386}\Shell\open\Command - "" = E:\i.exe -- File not found O33 - MountPoints2\{0b754108-ca2e-11dd-ac76-000ae430b386}\Shell\AutoRun\command - "" = E:\x2tpc.cmd -- File not found O33 - MountPoints2\{0b754108-ca2e-11dd-ac76-000ae430b386}\Shell\open\Command - "" = E:\x2tpc.cmd -- File not found O33 - MountPoints2\{38d8c690-f65e-11dd-ad15-000ae430b386}\Shell\AutoRun\command - "" = E:\2.exe -- File not found O33 - MountPoints2\{38d8c690-f65e-11dd-ad15-000ae430b386}\Shell\open\Command - "" = E:\2.exe -- File not found O33 - MountPoints2\{478a0b50-3c5e-11dd-ab7c-000ae430b386}\Shell\AutoRun\command - "" = E:\8.exe -- File not found O33 - MountPoints2\{478a0b50-3c5e-11dd-ab7c-000ae430b386}\Shell\open\Command - "" = E:\8.exe -- File not found O33 - MountPoints2\{49d94310-e8db-11db-aa2d-000ae430b386}\Shell\autorun\command - "" = F:\9u.exe -- File not found O33 - MountPoints2\{49d94310-e8db-11db-aa2d-000ae430b386}\Shell\open\command - "" = F:\9u.exe -- File not found O33 - MountPoints2\{7d8d8890-018e-11de-ad3b-0018688f9062}\Shell\AutoRun\command - "" = E:\gi2ky.exe -- File not found O33 - MountPoints2\{7d8d8890-018e-11de-ad3b-0018688f9062}\Shell\open\Command - "" = E:\gi2ky.exe -- File not found O33 - MountPoints2\{c4099751-0145-11de-ad35-000ae430b386}\Shell\AutoRun\command - "" = E:\x2tpc.cmd -- File not found O33 - MountPoints2\{c4099751-0145-11de-ad35-000ae430b386}\Shell\open\Command - "" = E:\x2tpc.cmd -- File not found O33 - MountPoints2\{cb79fe92-df7f-11dd-acab-000ae430b386}\Shell\AutoRun\command - "" = E:\qoes.bat -- File not found O33 - MountPoints2\{cb79fe92-df7f-11dd-acab-000ae430b386}\Shell\open\Command - "" = E:\qoes.bat -- File not found O33 - MountPoints2\{d3e49640-07c4-11de-ad5c-000ae430b386}\Shell\AutoRun\command - "" = E:\gi2ky.exe -- File not found O33 - MountPoints2\{d3e49640-07c4-11de-ad5c-000ae430b386}\Shell\open\Command - "" = E:\gi2ky.exe -- File not found O33 - MountPoints2\{e3ebb541-eb67-11dd-acec-000ae430b386}\Shell\AutoRun\command - "" = E:\x2tpc.cmd -- File not found O33 - MountPoints2\{e3ebb541-eb67-11dd-acec-000ae430b386}\Shell\open\Command - "" = E:\x2tpc.cmd -- File not found O33 - MountPoints2\C\Shell\AutoRun\command - "" = C:\gi2ky.exe -- File not found O33 - MountPoints2\C\Shell\open\Command - "" = C:\gi2ky.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-08-20 21:26:35 | 00,000,000 | ---D | C] -- C:\_OTL [2009-08-20 21:23:12 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mariusz\Moje dokumenty\OTL.exe [2009-08-20 21:15:05 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\Mariusz\Pulpit\CCleaner.lnk [2009-08-20 21:15:00 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009-08-20 21:07:54 | 03,278,552 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Mariusz\Moje dokumenty\ccsetup222.exe [2009-08-16 21:38:38 | 00,106,264 | RHS- | C] () -- C:\lcw.exe [2009-08-15 22:49:21 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\1950023.exe [2009-08-15 12:19:42 | 00,000,000 | ---D | C] -- C:\58ddad17e516f95ad7 [2009-08-14 23:14:04 | 00,104,802 | RHS- | C] () -- C:\m1eqos3.exe [2009-08-14 18:33:17 | 00,041,515 | ---- | C] () -- C:\WINDOWS\System32\win.dll [2009-08-14 00:12:05 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\Mariusz\Pulpit\IrfanView Thumbnails.lnk [2009-08-14 00:12:05 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\Mariusz\Pulpit\IrfanView.lnk [2009-08-13 23:24:15 | 00,106,620 | RHS- | C] () -- C:\y8.exe [2009-08-12 21:58:16 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Mariusz\Pulpit\HijackThis.lnk [2009-08-12 21:58:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-08-11 22:10:30 | 00,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\8492a431.sys [2009-08-11 22:10:27 | 00,026,757 | ---- | C] () -- C:\WINDOWS\System32\msword98.exe [2009-08-11 22:09:16 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\1082636.exe [2009-08-11 21:53:04 | 00,104,662 | RHS- | C] () -- C:\9u.exe [2009-08-10 18:11:30 | 00,106,711 | RHS- | C] () -- C:\wbj.exe [2009-08-07 22:31:56 | 00,107,691 | RHS- | C] () -- C:\ktly.exe [2009-08-06 21:00:47 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\2038451.exe [2009-08-06 20:29:21 | 00,000,974 | ---- | C] () -- C:\Documents and Settings\Mariusz\Pulpit\Spybot - Search & Destroy.lnk [2009-08-04 20:22:51 | 00,106,413 | RHS- | C] () -- C:\22yj2fy1.exe [2009-08-02 20:45:41 | 00,107,841 | RHS- | C] () -- C:\ukfbi3aw.exe [2009-08-01 23:14:41 | 00,106,995 | RHS- | C] () -- C:\mqhnawe.bat [2009-07-31 21:14:40 | 00,107,994 | RHS- | C] () -- C:\6rxt26.exe [2009-07-29 21:39:19 | 00,107,843 | RHS- | C] () -- C:\rx.exe [2009-07-26 21:38:28 | 00,108,204 | RHS- | C] () -- C:\hm1bfpuj.exe [2009-07-25 10:27:13 | 02,195,556 | ---- | C] () -- C:\Documents and Settings\Mariusz\Moje dokumenty\04072009.mp4 [2009-07-25 10:24:39 | 00,266,786 | ---- | C] () -- C:\Documents and Settings\Mariusz\Moje dokumenty\04072009_002.jpg [2009-07-25 10:24:12 | 00,231,894 | ---- | C] () -- C:\Documents and Settings\Mariusz\Moje dokumenty\04072009_003.jpg [2009-07-25 10:21:57 | 00,294,947 | ---- | C] () -- C:\Documents and Settings\Mariusz\Moje dokumenty\lukas.jpg [2009-07-24 07:49:32 | 00,107,797 | RHS- | C] () -- C:\p0ijj.bat [2009-07-22 18:46:05 | 00,109,631 | RHS- | C] () -- C:\8dtyjjf.exe [2009-07-20 20:56:19 | 00,000,095 | ---- | C] () -- C:\WINDOWS\TOCR.ini [2009-07-20 20:55:44 | 00,000,095 | ---- | C] () -- C:\WINDOWS\System32\TRSOCR.ini [2009-07-20 19:57:28 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\bversion.dll [2009-07-20 19:55:43 | 00,000,003 | ---- | C] () -- C:\WINDOWS\System32\fhpatch.dll [2009-07-20 19:55:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\fiplock.dll [2009-07-20 19:55:30 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\IPHACTION.dll [2009-07-20 19:55:24 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\iphy.dll [2009-03-20 11:57:10 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini [2009-03-03 14:25:11 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2009-01-02 05:15:06 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\0285D92970.sys [2009-01-02 05:07:20 | 00,002,672 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007-12-23 11:10:55 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2007-08-10 15:18:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll [2007-08-10 15:18:00 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll [2007-04-29 02:12:39 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll [2007-04-07 07:51:27 | 00,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys [2007-04-07 07:51:27 | 00,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys [2007-03-05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2006-11-07 00:49:36 | 00,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini [2006-10-04 09:17:24 | 00,052,858 | ---- | C] () -- C:\WINDOWS\System32\interceptor.sys [2006-04-01 03:01:43 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2005-07-25 11:30:17 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005-07-19 03:07:40 | 00,023,153 | ---- | C] () -- C:\WINDOWS\aku.ini [2005-07-19 03:05:10 | 00,004,482 | ---- | C] () -- C:\WINDOWS\polonica.ini [2005-07-03 01:35:38 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005-05-22 20:27:50 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005-05-22 20:25:03 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll [2005-05-22 20:24:24 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll [2005-05-22 20:24:24 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll [2005-05-22 20:23:42 | 00,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2005-05-22 20:11:12 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005-05-22 20:11:12 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005-05-22 20:11:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005-05-22 20:11:12 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005-05-22 20:11:12 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005-05-22 20:11:12 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005-05-22 20:09:57 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005-05-22 20:03:53 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll [2005-05-22 20:03:36 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2005-05-22 20:03:10 | 00,009,341 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2005-05-22 19:51:48 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2005-05-22 18:45:08 | 00,002,273 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004-11-09 02:12:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004-08-17 20:00:00 | 00,073,728 | -H-- | C] () -- C:\WINDOWS\System32\6to4ex.dll [2004-03-19 21:12:10 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll [2004-03-19 21:12:10 | 00,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini [2004-01-09 15:10:32 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll [2001-10-30 16:00:00 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys [1999-01-22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1980-01-01 09:00:00 | 00,619,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys [1980-01-01 09:00:00 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll [1980-01-01 09:00:00 | 00,078,848 | ---- | C] () -- C:\WINDOWS\System32\e8main1.dll [1980-01-01 09:00:00 | 00,078,848 | ---- | C] () -- C:\WINDOWS\System32\e8main0.dll [1980-01-01 09:00:00 | 00,078,848 | ---- | C] () -- C:\WINDOWS\System32\afmain1.dll [1980-01-01 09:00:00 | 00,078,848 | ---- | C] () -- C:\WINDOWS\System32\afmain0.dll [1980-01-01 09:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\Ipripv32.dll [1980-01-01 09:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll [1980-01-01 09:00:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll [1980-01-01 09:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [1980-01-01 09:00:00 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\usbwte.sys [1980-01-01 09:00:00 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\netcard.sys [1980-01-01 09:00:00 | 00,000,716 | ---- | C] () -- C:\WINDOWS\win.ini [1980-01-01 09:00:00 | 00,000,274 | ---- | C] () -- C:\WINDOWS\system.ini [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2009-08-20 21:33:02 | 00,047,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\8492a431.sys [2009-08-20 21:32:48 | 00,000,053 | RHS- | M] () -- C:\autorun.inf [2009-08-20 21:29:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-08-20 21:29:14 | 79,533,2608 | -HS- | M] () -- C:\hiberfil.sys [2009-08-20 21:23:18 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mariusz\Moje dokumenty\OTL.exe [2009-08-20 21:15:05 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\Mariusz\Pulpit\CCleaner.lnk [2009-08-20 21:08:08 | 03,278,552 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Mariusz\Moje dokumenty\ccsetup222.exe [2009-08-20 20:42:42 | 00,159,337 | ---- | M] () -- C:\IbmEgath.XML [2009-08-20 20:18:55 | 00,000,716 | ---- | M] () -- C:\WINDOWS\win.ini [2009-08-19 22:17:06 | 00,000,274 | ---- | M] () -- C:\WINDOWS\system.ini [2009-08-19 22:17:06 | 00,000,205 | -HS- | M] () -- C:\BOOT.INI [2009-08-19 21:51:35 | 00,106,264 | RHS- | M] () -- C:\lcw.exe [2009-08-19 21:34:21 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-08-15 22:49:22 | 00,037,376 | ---- | M] () -- C:\WINDOWS\System32\1950023.exe [2009-08-15 17:21:00 | 00,008,192 | ---- | M] () -- C:\WINDOWS\System32\htmp.030 [2009-08-15 17:21:00 | 00,000,006 | ---- | M] () -- C:\WINDOWS\System32\iphy.dll [2009-08-15 17:20:59 | 00,005,120 | ---- | M] () -- C:\WINDOWS\System32\C2H3 [2009-08-14 23:13:37 | 00,104,802 | RHS- | M] () -- C:\m1eqos3.exe [2009-08-14 18:33:17 | 00,041,515 | ---- | M] () -- C:\WINDOWS\System32\win.dll [2009-08-14 00:12:05 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\Mariusz\Pulpit\IrfanView Thumbnails.lnk [2009-08-14 00:12:05 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\Mariusz\Pulpit\IrfanView.lnk [2009-08-13 23:23:48 | 00,106,620 | RHS- | M] () -- C:\y8.exe [2009-08-12 22:04:01 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Mariusz\Pulpit\HijackThis.lnk [2009-08-12 21:26:04 | 00,000,974 | ---- | M] () -- C:\Documents and Settings\Mariusz\Pulpit\Spybot - Search & Destroy.lnk [2009-08-12 19:31:32 | 00,104,662 | RHS- | M] () -- C:\9u.exe [2009-08-11 22:10:43 | 00,619,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntfs.sys [2009-08-11 22:10:42 | 00,619,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys [2009-08-11 22:10:27 | 00,026,757 | ---- | M] () -- C:\WINDOWS\System32\msword98.exe [2009-08-11 22:09:17 | 00,037,376 | ---- | M] () -- C:\WINDOWS\System32\1082636.exe [2009-08-10 22:43:24 | 00,106,711 | RHS- | M] () -- C:\wbj.exe [2009-08-08 20:12:50 | 00,107,691 | RHS- | M] () -- C:\ktly.exe [2009-08-07 22:14:33 | 03,870,924 | -H-- | M] () -- C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-08-06 21:00:48 | 00,037,376 | ---- | M] () -- C:\WINDOWS\System32\2038451.exe [2009-08-06 20:43:16 | 00,106,413 | RHS- | M] () -- C:\22yj2fy1.exe [2009-08-02 21:00:24 | 00,107,841 | RHS- | M] () -- C:\ukfbi3aw.exe [2009-08-02 09:10:52 | 01,012,492 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-08-02 09:10:52 | 00,458,260 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-08-02 09:10:52 | 00,401,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-08-02 09:10:52 | 00,079,606 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-08-02 09:10:52 | 00,062,678 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-08-01 23:14:14 | 00,106,995 | RHS- | M] () -- C:\mqhnawe.bat [2009-07-31 21:34:00 | 00,107,994 | RHS- | M] () -- C:\6rxt26.exe [2009-07-31 07:52:11 | 00,107,843 | RHS- | M] () -- C:\rx.exe [2009-07-29 17:49:16 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-07-26 21:38:01 | 00,108,204 | RHS- | M] () -- C:\hm1bfpuj.exe [2009-07-25 10:27:13 | 02,195,556 | ---- | M] () -- C:\Documents and Settings\Mariusz\Moje dokumenty\04072009.mp4 [2009-07-25 10:24:39 | 00,266,786 | ---- | M] () -- C:\Documents and Settings\Mariusz\Moje dokumenty\04072009_002.jpg [2009-07-25 10:24:12 | 00,231,894 | ---- | M] () -- C:\Documents and Settings\Mariusz\Moje dokumenty\04072009_003.jpg [2009-07-24 07:49:05 | 00,107,797 | RHS- | M] () -- C:\p0ijj.bat [2009-07-22 18:45:39 | 00,109,631 | RHS- | M] () -- C:\8dtyjjf.exe [2009-07-21 21:54:24 | 00,107,959 | RHS- | M] () -- C:\cv8j.exe [color=#E56717]========== Files - Unicode (All) ==========[/color] < End of report >

... oraz z AntiMalvare z wczoraj:

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.40 Wersja bazy definicji: 2551 Windows 5.1.2600 Dodatek Service Pack 2 2009-08-24 22:39:05 mbam-log-2009-08-24 (22-39-05).txt Typ skanowania: Szybkie skanowanie Przeskanowane obiekty: 89595 Upłynęło: 8 minute(s), 41 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 3 Zainfekowane klucze rejestru: 3 Zainfekowane wartości rejestru: 11 Zainfekowane pliki rejestru: 1 Zainfekowane foldery: 0 Zainfekowane pliki: 13 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: C:\WINDOWS\system32\IPHACTION.dll (Trojan.Proscks) -> Delete on reboot. C:\WINDOWS\system32\AdvOcr.dll (Trojan.Hacktool) -> Delete on reboot. c:\WINDOWS\system32\evdoserver.dll (Backdoor.Bot) -> Delete on reboot. Zainfekowane klucze rejestru: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\evdoserver (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\evdoserver (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Backdoor.Bot) -> Quarantined and deleted successfully. Zainfekowane wartości rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mEv (Malware.Trace) -> Quarantined and deleted successfully. Zainfekowane pliki rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\WINDOWS\system32\IPHACTION.dll (Trojan.Proscks) -> Delete on reboot. C:\WINDOWS\system32\AdvOcr.dll (Trojan.Hacktool) -> Delete on reboot. c:\WINDOWS\system32\evdoserver.dll (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\dvdpaly.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wiwow64.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\t4m0_18716248148.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully. c:\temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TRSOCR.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fiplock.dll (Malware.Trace) -> Delete on reboot. C:\WINDOWS\system32\fhpatch.dll (Malware.Trace) -> Quarantined and deleted successfully.

Będę wdzięczny za komentarz i pomoc.

Pozdrawiam,
artur

**Posty:** 18165 · przez **wojtas** 25 Sie 2009, 14:13

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

**Posty:** 2 · przez **artur_321** 25 Sie 2009, 19:28

Dziękuję za podpowiedź. Właśnie zrobiłem scan Combofixem. Wyrzucił mi te cholerne pliki 2.exe 9u.exe itp.

No i przede wszystkim net zaczął śmigać

Dzięki temu od razu odpisuję z domu a nie z pracy.

Oto log

Kod: Zaznacz wszystko: ComboFix 09-08-24.06 - Mariusz 2009-08-25 18:55.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.758.508 [GMT 2:00] Uruchomiony z: c:\documents and settings\Mariusz\Pulpit\ComboFix.exe FW: G DATA Personal Firewall *disabled* {6E6F4BA6-C07D-443F-A130-0A57DA59A082} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\22yj2fy1.exe C:\6bgke.exe C:\6rxt26.exe C:\8dtyjjf.exe C:\9u.exe C:\autorun.inf C:\be2trf.bat C:\cahpcg.cmd C:\cv8j.exe c:\documents and settings\Mariusz\Dane aplikacji\.# c:\documents and settings\Mariusz\Moje dokumenty\cc_20090820_214615.reg C:\kgji.exe C:\ktly.exe C:\lcw.exe C:\m.com C:\m1eqos3.exe C:\metdgv.bat C:\ml.com C:\p0ijj.bat C:\rx.exe c:\temp\133314usc.dll c:\temp\143914usc.dll c:\temp\181435kou.dll c:\temp\22314usc.dll c:\temp\233315usc.dll c:\temp\241314usc.dll c:\temp\361814usc.dll c:\temp\382313usc.dll c:\temp\413813usc.dll c:\temp\42115mja.dll c:\temp\481615usc.dll c:\temp\51015usc.dll c:\temp\542114usc.dll c:\temp\545115usc.dll c:\temp\54815usc.dll c:\temp\572015usc.dll c:\temp\584815usc.dll c:\temp\63115usc.dll c:\temp\cvasds0.dll c:\temp\cvasds1.dll C:\ukfbi3aw.exe C:\uo10sn.cmd C:\wbj.exe c:\windows\system32\1082636.exe c:\windows\system32\1950023.exe c:\windows\system32\2038451.exe c:\windows\system32\bversion.dll c:\windows\system32\drivers\8492a431.sys c:\windows\system32\ieuinit.inf c:\windows\system32\Install.txt c:\windows\system32\Ipripv32.dll c:\windows\system32\pwdmon.dll c:\windows\system32\win.dll c:\windows\TEMP\mpj65607.dll C:\xhah66s.cmd C:\y8.exe Zainfekowana kopia c:\windows\system32\srsvc.dll została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\system32\dllcache\srsvc.dll . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6to4 -------\Legacy_IAS -------\Legacy_iprip -------\Legacy_KAVSYS -------\Legacy_netcard -------\Legacy_USBWTE -------\Legacy_win -------\Service_Ias -------\Service_iprip -------\Service_win -------\Service_8492a431 ((((((((((((((((((((((((( Pliki utworzone od 2009-07-25 do 2009-08-25 ))))))))))))))))))))))))))))))) . 2009-08-23 17:16 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-23 17:16 . 2009-08-23 17:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-23 17:16 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-20 19:15 . 2009-08-20 19:15 -------- d-----w- c:\program files\CCleaner 2009-08-20 18:12 . 2009-08-25 17:06 -------- d-----w- c:\temp\PCDr 2009-08-17 19:43 . 2009-08-17 19:43 -------- d-----w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\Adobe 2009-08-15 10:19 . 2009-08-15 10:19 -------- d-----w- C:\58ddad17e516f95ad7 2009-08-12 19:58 . 2009-08-12 19:58 -------- d-----w- c:\program files\Trend Micro 2009-08-09 14:51 . 2009-08-09 14:51 152576 ----a-w- c:\documents and settings\Mariusz\Dane aplikacji\Sun\Java\jre1.6.0_15\lzma.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-24 19:31 . 2006-10-15 01:15 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-08-24 18:34 . 2009-07-20 17:57 94208 ----a-w- c:\windows\system32\TRSOCR.dll 2009-08-24 18:03 . 1980-01-01 07:00 625824 ----a-w- c:\windows\system32\drivers\ntfs.sys 2009-08-13 22:11 . 2008-05-29 11:40 -------- d-----w- c:\program files\IrfanView 2009-08-06 18:31 . 2006-10-15 01:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-02 07:10 . 1980-01-01 07:00 79606 ----a-w- c:\windows\system32\perfc015.dat 2009-08-02 07:10 . 1980-01-01 07:00 458260 ----a-w- c:\windows\system32\perfh015.dat 2009-07-20 18:56 . 2009-07-20 17:57 -------- d-----w- c:\program files\LanqiEngine 2009-07-20 18:55 . 2009-07-20 18:56 94208 ----a-w- c:\windows\system32\TOCRdll.dll 2009-07-11 13:23 . 2006-10-04 07:15 -------- d-----w- c:\program files\G DATA 2009-07-11 13:23 . 2006-10-04 07:15 -------- d-----w- c:\program files\Common Files\G DATA 2009-07-11 13:23 . 2006-10-04 07:17 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\G DATA 2009-07-10 15:05 . 2009-07-10 15:05 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-07-05 15:50 . 2005-07-02 09:12 31416 ----a-w- c:\documents and settings\Mariusz\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-06-30 20:50 . 2009-06-30 20:50 68424 ----a-w- c:\windows\system32\drivers\GRD.sys 2009-06-30 20:47 . 2006-10-04 07:16 51016 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys 2009-06-30 20:43 . 2009-06-30 20:43 48712 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2009-06-29 20:42 . 2009-05-20 19:18 -------- d-----w- c:\program files\NortonInstaller 2009-06-29 20:41 . 2009-05-20 19:20 -------- d-----w- c:\program files\Norton AntiVirus 2009-06-29 20:41 . 2005-05-22 18:11 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-29 20:41 . 2005-05-22 18:11 -------- d-----w- c:\program files\Symantec 2009-06-27 07:00 . 2007-06-11 09:18 -------- d-----w- c:\program files\SkanerOnline 2009-01-08 11:07 . 2009-01-02 03:15 88 --sh--r- c:\windows\system32\0285D92970.sys 2009-01-08 11:27 . 2009-01-02 03:07 2672 --sha-w- c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- [-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\dd64aa87403cfac627c6c8f37d245aa4\ntfs.sys [-] 2009-08-24 18:03 625824 818784B5388C098EE88F5E5C154F86D3 c:\windows\system32\dllcache\ntfs.sys [-] 2009-08-24 18:03 625824 818784B5388C098EE88F5E5C154F86D3 c:\windows\system32\drivers\ntfs.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-07-22 442368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "tpkmaphelper"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024] "tphotkey"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-07 94208] "quicktime task"="c:\program files\QuickTime\qttask.exe" [2009-05-02 413696] "qcwlicon"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 81920] "qctray"="c:\program files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2004-08-18 708608] "igfxtray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648] "ibmprc"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112] "ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-07-22 442368] "hotkeyscmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784] "ezejmnap"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035] "bmmlref"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480] "adobe reader speed launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "trackpointsrv"="tp4serv.exe" - c:\windows\system32\tp4serv.exe [2003-11-13 94208] "tp4ex"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2002-09-04 53248] "s3tray2"="S3Tray2.exe" - c:\windows\system32\S3Tray2.exe [2001-10-12 69632] "bluetoothauthenticationagent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina] 2004-08-18 10:30 258048 ----a-w- c:\windows\system32\QConGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"= "%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"= "c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"= "c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2005-05-22 16384] R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-04-08 554352] R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-09-24 64256] R2 sofatnet;sofatnet Service;c:\windows\system32\sofatnet.exe [2001-10-30 128512] R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-01-01 13904] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-05-22 12288] . Zawartość folderu 'Zaplanowane zadania' 2005-05-22 c:\windows\Tasks\BMMTask.job - c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2005-05-22 08:37] 2005-07-02 c:\windows\Tasks\Przypomnienie o rejestracji 1.job - c:\windows\system32\OOBE\oobebaln.exe [2003-03-13 07:44] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.gazeta.pl/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: com.pl\skaner.mks DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/sezam/components/SignActivX.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-25 19:10 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(528) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe c:\windows\system32\PSIService.exe c:\windows\system32\QCONSVC.EXE c:\windows\system32\TpKmpSvc.exe c:\windows\system32\wscntfy.exe c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe c:\progra~1\ThinkPad\CONNEC~1\QCTRAY.EXE c:\windows\system32\rundll32.exe . ************************************************************************** . Czas ukończenia: 2009-08-25 19:14 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-08-25 17:14 Przed: 1 644 810 240 bajtów wolnych Po: 1 566 752 768 bajtów wolnych 226 --- E O F --- 2009-03-02 02:27

Nie zainstalowalem konsoli odzyskiwania bo Combo aby to zrobic chcial polaczyc sie z net, z ktorym... nie dalo sie połączyc przed dokonaniem scana.

Czy coś jeszcze powinienem zrobić aby mieć pewność, że jest OK?

Czy jest sposób aby usunąć niebezpieczene pliki z pendrive (podejrzewam ze cos tam jest)?

Pozdrawiam i jeszcze raz bardzo dziękuję.
artur

**Posty:** 18165 · przez **wojtas** 25 Sie 2009, 20:40

najlepiej go sformatuj

potem odpal dla pewnosci combofixa i

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (usuń co znajdzie )