Użycie procesora 100% + explorer

**Posty:** 28 · przez **Bartek-ksw** 28 Lut 2010, 12:28

Witam,
mój problem wygląda następująco:
Mks 9 wykrywa regularnie pliki Explorer.exe, xcopy.exe.... co jakis czas foldery ukrywają się i na ich miejsce tworzą się te same + końcówka .exe z tym ze po wejsciu na dany folder otwiera sie zawartosc dysku.

Automatycznie otwierają się strony z chińskimi reklamami.

Spowolniona praca systemu oraz brak możliwosci wejscia bezpośrednio na wybrany dysk przez mój komputer, pojawia się komunikat : System windows nie może znaleść pliku copy.exe.

Kod: Zaznacz wszystko: OTL logfile created on: 2010-02-28 10:08:57 - Run 1 OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Administrator\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 162,00 Mb Available Physical Memory | 32,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 49,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,64 Gb Total Space | 10,70 Gb Free Space | 57,42% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 97,58 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive E: | 55,88 Gb Total Space | 34,18 Gb Free Space | 61,16% Space Free | Partition Type: NTFS Drive F: | 368,10 Gb Total Space | 118,84 Gb Free Space | 32,28% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MX8PC Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-02-28 09:59:24 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe PRC - [2010-02-28 09:53:29 | 000,013,824 | ---- | M] () -- C:\WINDOWS\system32\26A74D\WX52EC74.EXE PRC - [2010-02-26 08:33:08 | 000,156,160 | ---- | M] () -- C:\WINDOWS\msa.exe PRC - [2010-02-25 09:51:03 | 000,340,496 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mks_services.exe PRC - [2010-02-25 09:50:10 | 001,185,088 | ---- | M] (Mks Sp. z o.o.) -- C:\Program Files\mks_vir_9\bin\mks_9.exe PRC - [2010-01-17 14:21:18 | 000,222,728 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe PRC - [2010-01-17 14:21:12 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010-01-17 11:56:08 | 000,113,664 | -HS- | M] () -- C:\WINDOWS\system32\26A74D\AA1152.EXE PRC - [2009-11-20 19:01:18 | 000,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009-11-12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009-09-24 07:50:10 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files\totalcmd\TOTALCMD.EXE PRC - [2009-06-27 16:16:26 | 003,642,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009-06-21 18:26:26 | 000,473,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe PRC - [2009-06-18 10:04:36 | 000,772,096 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe PRC - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2005-10-03 13:24:56 | 000,053,248 | ---- | M] ( Advanced Software Technologies) -- C:\WINDOWS\system32\AstSrv.exe PRC - [2005-03-31 10:18:49 | 000,790,528 | ---- | M] (sms-express.com) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2004-07-15 11:42:00 | 000,114,755 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2003-04-06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe PRC - [2003-04-06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe PRC - [2003-04-06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe PRC - [2003-04-06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe PRC - [2003-04-02 03:20:37 | 000,012,288 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-02-28 09:59:24 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (ALG) SRV - [2010-02-25 09:51:03 | 000,340,496 | ---- | M] () [Auto | Running] -- C:\Program Files\mks_vir_9\bin\mks_services.exe -- (mks_services) SRV - [2010-01-17 11:24:36 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-11-12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006-10-26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005-10-03 13:24:56 | 000,053,248 | ---- | M] ( Advanced Software Technologies) [Auto | Running] -- C:\WINDOWS\system32\AstSrv.exe -- (astcc) SRV - [2004-07-15 11:42:00 | 000,114,755 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2003-04-07 07:21:46 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-02-26 22:09:47 | 000,792,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) DRV - [2010-02-25 09:51:15 | 000,031,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\mks_vir_9\bin\mksmonfd.sys -- (MksMonFd) DRV - [2010-02-25 09:51:14 | 000,120,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\mks_vir_9\bin\mksmonev.sys -- (MksMonEv) DRV - [2010-02-25 09:51:13 | 000,517,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\mks_vir_9\bin\mksmonen.sys -- (MksMonEn) DRV - [2010-02-25 09:51:11 | 000,013,024 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\mksidsa.sys -- (mksidsa) DRV - [2010-02-25 09:51:08 | 000,022,320 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\mksfwallt.sys -- (mksfwallt) DRV - [2010-02-25 09:51:08 | 000,020,784 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\mksfwallf.sys -- (mksfwallf) DRV - [2010-02-25 09:51:08 | 000,018,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\mksidsf.sys -- (mksidsf) DRV - [2010-01-30 11:09:29 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-07-05 01:19:05 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112) DRV - [2009-07-04 22:08:22 | 000,027,165 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS) DRV - [2009-05-25 10:49:10 | 000,086,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM) DRV - [2009-05-25 10:49:08 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mdm.sys -- (s1029mdm) DRV - [2009-05-25 10:49:08 | 000,109,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) DRV - [2009-05-25 10:49:08 | 000,108,200 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) DRV - [2009-05-25 10:49:08 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029obex.sys -- (s1029obex) DRV - [2009-05-25 10:49:08 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) DRV - [2009-05-25 10:49:08 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mdfl.sys -- (s1029mdfl) DRV - [2008-04-13 23:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-01-09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2004-07-15 11:42:00 | 002,459,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2004-02-11 06:51:46 | 000,115,840 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM) DRV - [2003-09-04 03:37:04 | 000,041,984 | R--- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB) DRV - [2003-07-17 09:10:06 | 000,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ntsim.sys -- (NTSIM) DRV - [2003-07-01 21:42:00 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1) DRV - [2003-04-07 07:21:48 | 000,021,456 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2003-04-07 07:21:48 | 000,016,080 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2003-04-07 07:21:44 | 000,051,024 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412) DRV - [2001-08-18 00:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-507921405-879983540-1801674531-500\S-1-5-21-507921405-879983540-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010-01-26 13:10:58 | 000,000,746 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: () - {81A35F39-4850-474E-92C9-B4CF283207E0} - C:\WINDOWS\System32\iegfilt.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIA Technologies, INC\Audio Deck\ADeck.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [drvsys32.exe] C:\WINDOWS\drvsys32.exe () O4 - HKLM..\Run: [mks_9] C:\Program Files\mks_vir_9\bin\mks_9.exe (Mks Sp. z o.o.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe () O4 - HKU\.DEFAULT..\Run: [drvsys32.exe] C:\WINDOWS\drvsys32.exe () O4 - HKU\.DEFAULT..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware) O4 - HKU\S-1-5-18..\Run: [drvsys32.exe] C:\WINDOWS\drvsys32.exe () O4 - HKU\S-1-5-18..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware) O4 - HKU\S-1-5-20..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware) O4 - HKU\S-1-5-21-507921405-879983540-1801674531-500..\Run: [drvsys32.exe] C:\WINDOWS\drvsys32.exe () O4 - HKU\S-1-5-21-507921405-879983540-1801674531-500..\Run: [EXPLORER.EXE] C:\WINDOWS\explorer.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-507921405-879983540-1801674531-500..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (sms-express.com) O4 - HKU\S-1-5-21-507921405-879983540-1801674531-500..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O4 - HKU\S-1-5-21-507921405-879983540-1801674531-500..\Run: [wsctf.exe] File not found O4 - HKU\.DEFAULT..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\AA1152.lnk = C:\WINDOWS\system32\26A74D\AA1152.EXE () O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ihaupd32.exe (TWX Corp.) O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\sysfgs32.exe () O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.48.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\kbupdate: DllName - kbupdate.dll - C:\WINDOWS\System32\kbupdate.dll () O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-01-17 11:23:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006-05-09 20:36:18 | 000,000,034 | -HS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-02-22 11:51:56 | 000,000,154 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2006-05-09 20:36:18 | 000,000,034 | -HS- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010-02-22 11:52:05 | 000,000,154 | RHS- | M] () - F:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{77f95408-0db9-11df-971a-000fea1b02e9}\Shell - "" = AutoRun O33 - MountPoints2\{77f95408-0db9-11df-971a-000fea1b02e9}\Shell\1\Command - "" = H:\ O33 - MountPoints2\{77f95408-0db9-11df-971a-000fea1b02e9}\Shell\2\Command - "" = H:\ O33 - MountPoints2\{a03aa7be-082b-11df-96f1-000fea1b02e9}\Shell - "" = AutoRun O33 - MountPoints2\{a03aa7be-082b-11df-96f1-000fea1b02e9}\Shell\AutoRun\command - "" = H:\Startme.exe -- File not found O33 - MountPoints2\{f447b758-0b27-11df-9707-000fea1b02e9}\Shell - "" = AutoRun O33 - MountPoints2\{f447b758-0b27-11df-9707-000fea1b02e9}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{f447b75b-0b27-11df-9707-000fea1b02e9}\Shell - "" = AutoRun O33 - MountPoints2\{f447b75b-0b27-11df-9707-000fea1b02e9}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\C\Shell - "" = AutoRun O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\1\Command - "" = D:\Recycled.exe -- File not found O33 - MountPoints2\D\Shell\2\Command - "" = D:\Recycled.exe -- File not found O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\1\Command - "" = Recycled.exe O33 - MountPoints2\F\Shell\2\Command - "" = Recycled.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-02-28 09:59:23 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [2010-02-28 09:41:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Recent [2010-02-28 09:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2010-02-18 17:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Updater5 [2010-02-18 16:56:15 | 001,128,916 | ---- | C] (www.hellopdf.com ) -- C:\Documents and Settings\Administrator\Pulpit\pdf2wordsetup.exe [2010-02-18 16:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Editor 3 [2010-02-14 13:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles [2010-02-14 13:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview [2010-02-14 12:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2010-02-14 12:59:12 | 000,000,000 | ---D | C] -- C:\NVIDIA [2010-02-07 16:26:07 | 000,000,000 | ---D | C] -- C:\Downloads [2010-02-07 16:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\MajorShare [2010-02-07 13:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Tworzenie systemu inwestycyjnego [2010-01-31 15:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Macromedia [2010-01-31 15:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Adobe [2010-01-30 16:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Apple Computer [2010-01-30 11:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Hewlett-Packard [2010-01-30 11:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2010-01-30 11:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard [2010-01-23 15:42:56 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Dane aplikacji\hpe12E.dll [2010-01-17 11:37:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-01-17 11:23:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-01-17 11:22:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-01-17 11:19:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-02-28 11:08:27 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-02-28 11:05:04 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\AA1152.lnk [2010-02-28 09:59:24 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [2010-02-28 09:42:45 | 000,024,747 | ---- | M] () -- C:\WINDOWS\System32\8424560941.dll [2010-02-28 09:42:42 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-02-28 09:42:24 | 000,001,143 | ---- | M] () -- C:\WINDOWS\System32\kboem32.dat [2010-02-28 09:42:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-28 09:42:14 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\crt.dat [2010-02-28 09:42:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-28 09:42:02 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys [2010-02-28 09:41:16 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-02-28 09:41:16 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-02-28 09:41:14 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-28 09:40:26 | 000,003,562 | ---- | M] () -- C:\WINDOWS\System32\NOTEPAD.ini [2010-02-28 09:04:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-02-28 09:04:51 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010-02-28 09:04:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\win.ini [2010-02-28 00:20:48 | 000,169,984 | ---- | M] () -- C:\WINDOWS\System32\crt4.dll [2010-02-28 00:20:48 | 000,097,792 | ---- | M] () -- C:\WINDOWS\System32\kbdatat4.dll [2010-02-28 00:20:48 | 000,020,992 | ---- | M] () -- C:\WINDOWS\System32\kbupdate.dll [2010-02-27 21:08:02 | 000,000,132 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010-02-27 17:21:42 | 000,042,496 | ---- | M] () -- C:\WINDOWS\System32\msxsltsso.dll [2010-02-27 17:21:36 | 000,023,040 | ---- | M] () -- C:\lsass.exe [2010-02-26 22:09:47 | 000,792,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\aec.sys [2010-02-26 22:09:22 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat [2010-02-26 22:09:17 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\pdytbs.dat [2010-02-26 08:33:17 | 000,186,368 | ---- | M] () -- C:\WINDOWS\System32\sshnas21.dll [2010-02-26 08:33:08 | 000,156,160 | ---- | M] () -- C:\WINDOWS\msa.exe [2010-02-26 08:33:07 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\avdrn.dat [2010-02-25 09:51:11 | 000,013,024 | ---- | M] () -- C:\WINDOWS\System32\mksidsa.sys [2010-02-25 09:51:08 | 000,022,320 | ---- | M] () -- C:\WINDOWS\System32\mksfwallt.sys [2010-02-25 09:51:08 | 000,020,784 | ---- | M] () -- C:\WINDOWS\System32\mksfwallf.sys [2010-02-25 09:51:08 | 000,018,704 | ---- | M] () -- C:\WINDOWS\System32\mksidsf.sys [2010-02-22 13:26:13 | 000,000,523 | ---- | M] () -- C:\hpfr3420.xml [2010-02-22 13:16:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Office Word.docx [2010-02-20 18:23:10 | 000,418,061 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Wprowadzenie do gry na Gieldzie Walutowej Forex.pdf [2010-02-20 18:21:22 | 002,097,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\LeBeau, Charles --- Komputerowa analiza rynkow terminowych.doc [2010-02-20 14:21:00 | 000,200,704 | ---- | M] () -- C:\WINDOWS\ctfxmon.dll [2010-02-20 14:21:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\ctfxmon.exe [2010-02-20 10:41:29 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-18 16:56:23 | 001,128,916 | ---- | M] (www.hellopdf.com ) -- C:\Documents and Settings\Administrator\Pulpit\pdf2wordsetup.exe [2010-02-18 16:51:30 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\PDF Editor 3.0.lnk [2010-02-18 16:51:24 | 000,075,776 | ---- | M] () -- C:\WINDOWS\cadkasdeinst01e.exe [2010-02-18 16:49:37 | 003,866,247 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\pdfedit!.exe [2010-02-14 12:40:56 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Homeworld2.lnk [2010-02-13 17:55:02 | 000,011,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\dieta.docx [2010-02-13 17:37:16 | 004,061,654 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\beastie boys - beastie boys - intergalactic.mp3 [2010-02-04 08:23:06 | 000,842,785 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\GPW IV - Alternatywne metody analizy technicznej.pdf [2010-02-04 08:17:28 | 000,413,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\bzwbk_program_wiosna_2010.doc [2010-01-31 15:07:50 | 000,053,248 | ---- | M] () -- C:\WINDOWS\drvsys32.exe [2010-01-31 15:07:49 | 000,180,224 | ---- | M] () -- C:\WINDOWS\drvsys32.dll [2010-01-30 11:11:19 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1264846201.job [2010-01-30 11:10:10 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hp psc 1000 series.lnk [2010-01-30 11:09:57 | 000,020,458 | ---- | M] () -- C:\WINDOWS\hpoins01.dat [2010-01-30 11:09:49 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Dysk wspomnieniowy HP.lnk [2010-01-30 11:01:57 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\HP Photo & Imaging.lnk [2010-01-30 11:01:57 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\HP Director.lnk [2010-01-30 11:01:57 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hpoddt01.exe.lnk [2010-01-29 11:21:11 | 000,010,371 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\rapid.docx [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-02-28 09:42:45 | 000,024,747 | ---- | C] () -- C:\WINDOWS\System32\8424560941.dll [2010-02-28 09:42:02 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys [2010-02-28 00:20:51 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\crt.dat [2010-02-28 00:20:49 | 000,001,143 | ---- | C] () -- C:\WINDOWS\System32\kboem32.dat [2010-02-28 00:20:48 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\crt4.dll [2010-02-28 00:20:48 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\kbdatat4.dll [2010-02-28 00:20:48 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\kbupdate.dll [2010-02-26 22:09:22 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat [2010-02-26 22:09:16 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\pdytbs.dat [2010-02-26 08:35:49 | 000,156,160 | ---- | C] () -- C:\WINDOWS\msa.exe [2010-02-26 08:33:45 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010-02-26 08:33:17 | 000,186,368 | ---- | C] () -- C:\WINDOWS\System32\sshnas21.dll [2010-02-26 08:33:07 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\avdrn.dat [2010-02-26 08:32:34 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\wiaservg.log [2010-02-26 08:32:14 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\msxsltsso.dll [2010-02-26 08:32:05 | 000,023,040 | ---- | C] () -- C:\lsass.exe [2010-02-22 13:16:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Office Word.docx [2010-02-20 18:23:10 | 000,418,061 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Wprowadzenie do gry na Gieldzie Walutowej Forex.pdf [2010-02-20 18:21:07 | 002,097,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\LeBeau, Charles --- Komputerowa analiza rynkow terminowych.doc [2010-02-20 14:21:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\ctfxmon.dll [2010-02-20 14:21:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\ctfxmon.exe [2010-02-18 16:51:30 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\PDF Editor 3.0.lnk [2010-02-18 16:51:24 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe [2010-02-18 16:49:19 | 003,866,247 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\pdfedit!.exe [2010-02-14 13:00:27 | 000,013,474 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu [2010-02-14 12:40:56 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Homeworld2.lnk [2010-02-14 12:02:39 | 005,333,031 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Homeworld2.exe [2010-02-13 17:51:11 | 000,011,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\dieta.docx [2010-02-13 17:36:11 | 004,061,654 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\beastie boys - beastie boys - intergalactic.mp3 [2010-02-08 14:12:16 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\AA1152.lnk [2010-02-04 08:23:04 | 000,842,785 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\GPW IV - Alternatywne metody analizy technicznej.pdf [2010-02-04 08:17:27 | 000,413,696 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\bzwbk_program_wiosna_2010.doc [2010-01-31 15:07:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\drvsys32.exe [2010-01-31 15:07:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\drvsys32.dll [2010-01-30 11:12:22 | 000,000,523 | ---- | C] () -- C:\hpfr3420.xml [2010-01-30 11:11:17 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1264846201.job [2010-01-30 11:10:10 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hp psc 1000 series.lnk [2010-01-30 11:09:49 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Dysk wspomnieniowy HP.lnk [2010-01-30 11:01:57 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\HP Photo & Imaging.lnk [2010-01-30 11:01:57 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hpoddt01.exe.lnk [2010-01-30 11:01:56 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\HP Director.lnk [2010-01-30 10:59:45 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2010-01-30 10:59:44 | 000,020,458 | ---- | C] () -- C:\WINDOWS\hpoins01.dat [2010-01-30 10:59:44 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat [2010-01-26 14:18:04 | 000,018,704 | ---- | C] () -- C:\WINDOWS\System32\mksidsf.sys [2010-01-18 20:43:05 | 000,000,542 | ---- | C] () -- C:\WINDOWS\MsWin.INI [2010-01-18 20:40:34 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-01-18 20:37:31 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll [2010-01-18 20:37:31 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK32.DLL [2010-01-18 20:37:31 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK16.DLL [2010-01-18 20:37:29 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng61n.dll [2010-01-18 20:37:29 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL [2010-01-18 20:37:28 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL [2010-01-18 20:37:28 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL [2010-01-17 14:41:02 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini [2010-01-17 14:04:54 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010-01-17 12:46:21 | 000,003,562 | ---- | C] () -- C:\WINDOWS\System32\NOTEPAD.ini [2010-01-17 12:20:23 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-01-17 12:20:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-01-17 12:20:21 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-01-17 12:20:21 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-01-17 12:20:19 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-01-17 12:20:19 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-01-17 12:16:07 | 000,792,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec.sys [2010-01-17 12:08:29 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll [2010-01-17 11:56:00 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-01-17 11:31:16 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-01-17 11:25:42 | 000,000,047 | ---- | C] () -- C:\WINDOWS\TransBar.ini [2009-11-13 12:53:40 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\mksidsa.sys [2009-07-05 17:59:43 | 000,000,861 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009-04-06 22:11:54 | 000,022,320 | ---- | C] () -- C:\WINDOWS\System32\mksfwallt.sys [2009-04-06 22:11:52 | 000,020,784 | ---- | C] () -- C:\WINDOWS\System32\mksfwallf.sys [2003-04-07 07:21:58 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll [color=#E56717]========== LOP Check ==========[/color] [2010-02-11 19:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\BESTplayer [2010-01-17 14:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Canneverbe_Limited [2010-01-17 11:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Foxit [2010-01-17 14:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GHISLER [2010-01-17 13:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\MksVir2007 [2010-01-17 11:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera [2010-01-23 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Sony [2010-01-17 14:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2010-01-17 11:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Foxit [2010-01-30 11:11:19 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1264846201.job [2010-02-28 11:08:27 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [color=#E56717]========== Purity Check ==========[/color] < End of report >

**Posty:** 18165 · przez **wojtas** 28 Lut 2010, 15:30

Daj loga z combofixa ale przed jego użyciem wykasuj jeśli masz programy emulujące napędy

**Posty:** 28 · przez **Bartek-ksw** 28 Lut 2010, 16:48

Z combofix-em mam problem, nie mogę go odpalić bo wyskakują błędy np: system windows nie moze odnalesc pliku Nircmdb.exe

**Posty:** 18165 · przez **wojtas** 28 Lut 2010, 18:27

wyłącz antywirusa i wtedy jeszcze raz pobierz o odpal

**Posty:** 28 · przez **Bartek-ksw** 28 Lut 2010, 22:01

Kolego a nie da rady obejść logów z combofix ?? np. po przez OTL ??
Wyłączyłem mks 9, ściągnąłem ponownie i przy próbie odpalenia pojawia sie : Error - Win32 only - Incompatible OS. Combofix works for workstation with windows 2000 and xp

**Posty:** 18165 · przez **wojtas** 28 Lut 2010, 22:15

Uruchom OTL i w oknie Custom Scans/Fixes wklej :

:OTL
O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\sysfgs32.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\AA1152.lnk = C:\WINDOWS\system32\26A74D\AA1152.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ihaupd32.exe (TWX Corp.)
O4 - HKU\S-1-5-18..\Run: [drvsys32.exe] C:\WINDOWS\drvsys32.exe ()
O4 - HKU\.DEFAULT..\Run: [drvsys32.exe] C:\WINDOWS\drvsys32.exe ()
O4 - HKLM..\Run: [drvsys32.exe] C:\WINDOWS\drvsys32.exe ()
O4 - HKU\S-1-5-21-507921405-879983540-1801674531-500..\Run: [drvsys32.exe] C:\WINDOWS\drvsys32.exe ()
O4 - HKU\S-1-5-21-507921405-879983540-1801674531-500..\Run: [EXPLORER.EXE] C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-507921405-879983540-1801674531-500..\Run: [wsctf.exe] File not found
O20 - Winlogon\Notify\kbupdate: DllName - kbupdate.dll - C:\WINDOWS\System32\kbupdate.dll ()
O32 - AutoRun File - [2006-05-09 20:36:18 | 000,000,034 | -HS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-02-22 11:51:56 | 000,000,154 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006-05-09 20:36:18 | 000,000,034 | -HS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-02-22 11:52:05 | 000,000,154 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{77f95408-0db9-11df-971a-000fea1b02e9}\Shell - "" = AutoRun
O33 - MountPoints2\{77f95408-0db9-11df-971a-000fea1b02e9}\Shell\1\Command - "" = H:\
O33 - MountPoints2\{77f95408-0db9-11df-971a-000fea1b02e9}\Shell\2\Command - "" = H:\
O33 - MountPoints2\{a03aa7be-082b-11df-96f1-000fea1b02e9}\Shell - "" = AutoRun
O33 - MountPoints2\{a03aa7be-082b-11df-96f1-000fea1b02e9}\Shell\AutoRun\command - "" = H:\Startme.exe -- File not found
O33 - MountPoints2\{f447b758-0b27-11df-9707-000fea1b02e9}\Shell - "" = AutoRun
O33 - MountPoints2\{f447b758-0b27-11df-9707-000fea1b02e9}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{f447b75b-0b27-11df-9707-000fea1b02e9}\Shell - "" = AutoRun
O33 - MountPoints2\{f447b75b-0b27-11df-9707-000fea1b02e9}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\C\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\1\Command - "" = D:\Recycled.exe -- File not found
O33 - MountPoints2\D\Shell\2\Command - "" = D:\Recycled.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\1\Command - "" = Recycled.exe
O33 - MountPoints2\F\Shell\2\Command - "" = Recycled.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

:Files
C:\WINDOWS\system32\26A74D\WX52EC74.EXE
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\26A74D\AA1152.EXE
C:\WINDOWS\system32\26A74D
C:\WINDOWS\drvsys32.exe
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\AA1152.lnk
C:\WINDOWS\System32\8424560941.dll
C:\WINDOWS\System32\nvapps.xml
C:\WINDOWS\System32\kboem32.dat
C:\WINDOWS\System32\crt.dat
C:\WINDOWS\System32\crt4.dll
c:\WINDOWS\System32\kbdatat4.dll
C:\WINDOWS\System32\kbupdate.dll
C:\WINDOWS\System32\msxsltsso.dll
C:\lsass.exe
C:\WINDOWS\System32\drivers\aec.sys
C:\WINDOWS\System32\fjhdyfhsn.bat
C:\Documents and Settings\Administrator\Dane aplikacji\pdytbs.dat
C:\WINDOWS\System32\sshnas21.dll
C:\WINDOWS\msa.exe
C:\Documents and Settings\Administrator\Dane aplikacji\avdrn.dat
C:\WINDOWS\ctfxmon.dll
C:\WINDOWS\ctfxmon.exe
C:\WINDOWS\cadkasdeinst01e.exe
C:\WINDOWS\drvsys32.exe
C:\WINDOWS\drvsys32.dll
C:\Documents and Settings\Administrator\Dane aplikacji\wiaservg.log
C:\WINDOWS\Tasks

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]

Kliknij w Run Fix. I potwierdz reset kompa .

pobierz i zrób pełen skan http://www.programosy.pl/program,dr-web-cureit.html dajesz raport na forum Następnie uruchamiasz OTL z opcją Run Scan. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia komputera

**Posty:** 28 · przez **Bartek-ksw** 01 Mar 2010, 12:27

Dr. WEB

Kod: Zaznacz wszystko: ~TM9F.tmp C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp Trojan.Botnetlog.11 Usunięty. wnzip32.exe C:\RECYCLER\S-1-5-21-1727882327-8632533344-416421647-8946 Trojan.PWS.Panda.199 Usunięty. Dc271.exe C:\RECYCLER\S-1-5-21-507921405-879983540-1801674531-500 Trojan.Siggen1.4910 Niewyleczalny.Przeniesiony. A0043040.exe C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Trojan.Siggen1.4277 Usunięty. A0045039.exe C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Trojan.Siggen1.4277 Usunięty. A0045041.exe C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Trojan.Siggen1.4583 Niewyleczalny.Przeniesiony. A0045042.dll C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 BackDoor.Gootkit.15 Usunięty. A0045043.exe C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Trojan.Botnetlog.11 Usunięty. A0048063.exe C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Trojan.Siggen1.4277 Usunięty. A0049078.sys C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Trojan.Packed.142 Usunięty. A0053145.exe C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Trojan.PWS.Panda.199 Usunięty. A0053146.exe C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Trojan.Siggen1.4910 Niewyleczalny.Przeniesiony. A0002176.inf C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Trojan.Copyself Usunięty. A0012292.sys C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Trojan.Packed.142 Usunięty. A0012371.rbf C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Prawdopodobnie STPAGE.Trojan autorun.inf C:\WINDOWS Trojan.Copyself Usunięty. asc3550p.sys C:\WINDOWS\system32\drivers Trojan.Packed.142 Usunięty. hd1.tmp C:\WINDOWS\Temp Trojan.Siggen1.4550 Niewyleczalny.Przeniesiony. autorun.inf C:\_OTL\MovedFiles\03012010_084202\C_ Trojan.Copyself Usunięty. ihaupd32.exe C:\_OTL\MovedFiles\03012010_084202\C_Documents and Settings\Administrator\Menu Start\Programy\Autostart Trojan.Botnetlog.11 Usunięty. sysfgs32.exe C:\_OTL\MovedFiles\03012010_084202\C_Documents and Settings\Administrator\Menu Start\Programy\Autostart Trojan.Botnetlog.126 Usunięty. ctfxmon.exe C:\_OTL\MovedFiles\03012010_084202\C_WINDOWS Trojan.Siggen1.1852 Niewyleczalny.Przeniesiony. msa.exe C:\_OTL\MovedFiles\03012010_084202\C_WINDOWS Trojan.Fakealert.11885 Usunięty. crt4.dll C:\_OTL\MovedFiles\03012010_084202\C_WINDOWS\system32 BackDoor.Siggen.11041 Usunięty. kbdatat4.dll C:\_OTL\MovedFiles\03012010_084202\C_WINDOWS\system32 BackDoor.Siggen.11041 Usunięty. kbupdate.dll C:\_OTL\MovedFiles\03012010_084202\C_WINDOWS\system32 BackDoor.Siggen.11041 Usunięty. msxsltsso.dll C:\_OTL\MovedFiles\03012010_084202\C_WINDOWS\system32 BackDoor.Gootkit.15 Usunięty. sshnas21.dll C:\_OTL\MovedFiles\03012010_084202\C_WINDOWS\system32 BackDoor.Click.953 Usunięty. AA1152.EXE C:\_OTL\MovedFiles\03012010_084202\C_WINDOWS\system32\26A74D Win32.HLLW.Autoruner.6678 Usunięty. autorun.inf C:\_OTL\MovedFiles\03012010_084202\D_ Win32.HLLW.Autoruner.3257 Usunięty. autorun.inf C:\_OTL\MovedFiles\03012010_084202\E_ Trojan.Copyself Usunięty. autorun.inf C:\_OTL\MovedFiles\03012010_084202\F_ Win32.HLLW.Autoruner.3257 Usunięty. A0049090.exe D:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0050102.exe D:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0050103.exe D:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0053129.inf D:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.3257 Usunięty. A0053130.inf E:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Trojan.Copyself Usunięty. A0002086.inf E:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP3 Trojan.Copyself Usunięty. A0002101.inf E:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Trojan.Copyself Usunięty. A0002159.inf E:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Trojan.Copyself Usunięty. A0002166.exe E:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Trojan.Copyself.94 Niewyleczalny.Przeniesiony. A0002178.inf E:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Trojan.Copyself Usunięty. A0002189.inf E:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Trojan.Copyself Usunięty. A0002403.inf E:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP6 Trojan.Copyself Usunięty. A0002706.inf E:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP7 Trojan.Copyself Usunięty. A0002715.inf E:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP8 Trojan.Copyself Usunięty. A0011265.exe E:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Trojan.Copyself.94 Niewyleczalny.Przeniesiony. A0011266.exe E:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Trojan.MulDrop.4181 Usunięty. Df102.exe F:\RECYCLER\S-1-5-21-507921405-879983540-1801674531-500 Win32.HLLW.Autoruner.4360 Usunięty. Df103.exe F:\RECYCLER\S-1-5-21-507921405-879983540-1801674531-500 Win32.HLLW.Autoruner.4360 Usunięty. Df104.exe F:\RECYCLER\S-1-5-21-507921405-879983540-1801674531-500 Win32.HLLW.Autoruner.4360 Usunięty. Df105.exe F:\RECYCLER\S-1-5-21-507921405-879983540-1801674531-500 Win32.HLLW.Autoruner.4360 Usunięty. Df106.exe F:\RECYCLER\S-1-5-21-507921405-879983540-1801674531-500 Win32.HLLW.Autoruner.4360 Usunięty. Df107.exe F:\RECYCLER\S-1-5-21-507921405-879983540-1801674531-500 Win32.HLLW.Autoruner.4360 Usunięty. Df94.exe F:\RECYCLER\S-1-5-21-507921405-879983540-1801674531-500 Win32.HLLW.Autoruner.4360 Usunięty. Df95.exe F:\RECYCLER\S-1-5-21-507921405-879983540-1801674531-500 Win32.HLLW.Autoruner.4360 Usunięty. Df96.exe F:\RECYCLER\S-1-5-21-507921405-879983540-1801674531-500 Win32.HLLW.Autoruner.4360 Usunięty. Df97.exe F:\RECYCLER\S-1-5-21-507921405-879983540-1801674531-500 Win32.HLLW.Autoruner.4360 Usunięty. A0000050.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP1 Trojan.Copyself Usunięty. A0037930.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.3257 Usunięty. A0051130.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0051131.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0053131.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.3257 Usunięty. A0053163.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0053164.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0053165.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0053166.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0053167.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0053168.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0053169.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0053170.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0053171.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0053172.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP10 Win32.HLLW.Autoruner.4360 Usunięty. A0000054.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP2 Trojan.Copyself Usunięty. A0001361.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP2 Trojan.Copyself Usunięty. A0001574.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP2 Trojan.Copyself Usunięty. A0001576.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP2 Win32.HLLW.Autoruner.4360 Usunięty. A0001930.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP2 Trojan.Copyself Usunięty. A0002089.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP3 Win32.HLLW.Autoruner.4360 Usunięty. A0002090.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP3 Trojan.Copyself Usunięty. A0002102.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Trojan.Copyself Usunięty. A0002160.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Trojan.Copyself Usunięty. A0002167.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Trojan.Copyself.94 Niewyleczalny.Przeniesiony. A0002179.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Trojan.Copyself Usunięty. A0002190.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Trojan.Copyself Usunięty. A0002216.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Win32.HLLW.Autoruner.4360 Usunięty. A0002217.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Win32.HLLW.Autoruner.4360 Usunięty. A0002218.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Win32.HLLW.Autoruner.4360 Usunięty. A0002219.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Win32.HLLW.Autoruner.4360 Usunięty. A0002220.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Win32.HLLW.Autoruner.4360 Usunięty. A0002221.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Win32.HLLW.Autoruner.4360 Usunięty. A0002222.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Win32.HLLW.Autoruner.4360 Usunięty. A0002223.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP5 Win32.HLLW.Autoruner.4360 Usunięty. A0002404.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP6 Trojan.Copyself Usunięty. A0002707.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP7 Trojan.Copyself Usunięty. A0002716.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP8 Trojan.Copyself Usunięty. A0009998.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Trojan.Copyself Usunięty. A0010001.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.4360 Usunięty. A0010002.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.3257 Usunięty. A0011247.EXE F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 BackDoor.Generic.1451 Usunięty. A0011269.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Trojan.Copyself.94 Niewyleczalny.Przeniesiony. A0011270.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Trojan.MulDrop.4181 Usunięty. A0012285.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.4360 Usunięty. A0012286.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.4360 Usunięty. A0012287.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.4360 Usunięty. A0012288.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.4360 Usunięty. A0012289.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.4360 Usunięty. A0012290.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.4360 Usunięty. A0016619.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.3257 Usunięty. A0016645.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.4360 Usunięty. A0016646.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.4360 Usunięty. A0016647.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.4360 Usunięty. A0016648.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.4360 Usunięty. A0016649.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.4360 Usunięty. A0024052.exe F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.4360 Usunięty. A0031707.inf F:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP9 Win32.HLLW.Autoruner.3257 Usunięty.

OTL

Kod: Zaznacz wszystko: OTL logfile created on: 2010-03-01 11:23:20 - Run 2 OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Administrator\Pulpit Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 409,00 Mb Available Physical Memory | 80,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,64 Gb Total Space | 11,10 Gb Free Space | 59,54% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 97,59 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive E: | 55,88 Gb Total Space | 34,18 Gb Free Space | 61,16% Space Free | Partition Type: NTFS Drive F: | 368,10 Gb Total Space | 128,08 Gb Free Space | 34,79% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MX8PC Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-03-01 08:48:10 | 032,413,232 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe PRC - [2010-02-28 09:59:24 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe PRC - [2010-02-18 17:14:46 | 001,983,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\RarSFX0\s4aslxp.exe PRC - [2009-11-20 19:01:18 | 000,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009-10-30 15:08:00 | 000,124,216 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\RarSFX0\477t48.exe PRC - [2009-06-27 16:16:26 | 003,642,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-02-28 09:59:24 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- -- (ALG) SRV - [2010-02-25 09:51:03 | 000,340,496 | ---- | M] () [Auto | Stopped] -- C:\Program Files\mks_vir_9\bin\mks_services.exe -- (mks_services) SRV - [2010-01-17 11:24:36 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-11-12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009-04-30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006-10-26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005-10-03 13:24:56 | 000,053,248 | ---- | M] ( Advanced Software Technologies) [Auto | Stopped] -- C:\WINDOWS\system32\AstSrv.exe -- (astcc) SRV - [2004-07-15 11:42:00 | 000,114,755 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2003-04-07 07:21:46 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010-02-25 09:51:15 | 000,031,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\mks_vir_9\bin\mksmonfd.sys -- (MksMonFd) DRV - [2010-02-25 09:51:14 | 000,120,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\mks_vir_9\bin\mksmonev.sys -- (MksMonEv) DRV - [2010-02-25 09:51:13 | 000,517,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\mks_vir_9\bin\mksmonen.sys -- (MksMonEn) DRV - [2010-02-25 09:51:11 | 000,013,024 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\mksidsa.sys -- (mksidsa) DRV - [2010-02-25 09:51:08 | 000,022,320 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\mksfwallt.sys -- (mksfwallt) DRV - [2010-02-25 09:51:08 | 000,020,784 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\mksfwallf.sys -- (mksfwallf) DRV - [2010-02-25 09:51:08 | 000,018,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\mksidsf.sys -- (mksidsf) DRV - [2010-01-30 11:09:29 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-07-05 01:19:05 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112) DRV - [2009-07-04 22:08:22 | 000,027,165 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS) DRV - [2009-07-04 21:08:12 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys.bak -- (aec) DRV - [2009-05-25 10:49:10 | 000,086,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM) DRV - [2009-05-25 10:49:08 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mdm.sys -- (s1029mdm) DRV - [2009-05-25 10:49:08 | 000,109,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) DRV - [2009-05-25 10:49:08 | 000,108,200 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) DRV - [2009-05-25 10:49:08 | 000,104,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029obex.sys -- (s1029obex) DRV - [2009-05-25 10:49:08 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) DRV - [2009-05-25 10:49:08 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mdfl.sys -- (s1029mdfl) DRV - [2008-04-13 23:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-01-09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2004-07-15 11:42:00 | 002,459,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2004-02-11 06:51:46 | 000,115,840 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viaudios.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM) DRV - [2003-09-04 03:37:04 | 000,041,984 | R--- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB) DRV - [2003-07-17 09:10:06 | 000,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ntsim.sys -- (NTSIM) DRV - [2003-07-01 21:42:00 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1) DRV - [2003-04-07 07:21:48 | 000,021,456 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2003-04-07 07:21:48 | 000,016,080 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2003-04-07 07:21:44 | 000,051,024 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412) DRV - [2001-08-18 00:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-507921405-879983540-1801674531-500\S-1-5-21-507921405-879983540-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010-01-26 13:10:58 | 000,000,746 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: () - {81A35F39-4850-474E-92C9-B4CF283207E0} - C:\WINDOWS\System32\iegfilt.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIA Technologies, INC\Audio Deck\ADeck.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [mks_9] C:\Program Files\mks_vir_9\bin\mks_9.exe (Mks Sp. z o.o.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe () O4 - HKU\.DEFAULT..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware) O4 - HKU\S-1-5-18..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware) O4 - HKU\S-1-5-20..\Run: [TransBar] C:\WINDOWS\TransBar.exe (AKSoftware) O4 - HKU\S-1-5-21-507921405-879983540-1801674531-500..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (sms-express.com) O4 - HKU\S-1-5-21-507921405-879983540-1801674531-500..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O4 - HKU\.DEFAULT..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-507921405-879983540-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.48.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\kbupdate: DllName - kbupdate.dll - File not found O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-01-17 11:23:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-03-01 10:41:51 | 000,222,832 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwshd.sys [2010-03-01 09:33:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Recent [2010-03-01 08:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb [2010-03-01 08:44:33 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2010-03-01 08:42:02 | 000,000,000 | ---D | C] -- C:\_OTL [2010-02-28 20:57:51 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010-02-28 20:48:28 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.2.tmp [2010-02-28 20:46:25 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp [2010-02-28 20:18:59 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp [2010-02-28 09:59:23 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [2010-02-28 09:11:57 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2010-02-18 17:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Updater5 [2010-02-18 16:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Editor 3 [2010-02-14 13:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles [2010-02-14 13:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview [2010-02-14 12:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2010-02-14 12:59:12 | 000,000,000 | ---D | C] -- C:\NVIDIA [2010-02-07 16:26:07 | 000,000,000 | ---D | C] -- C:\Downloads [2010-02-07 16:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\MajorShare [2010-02-07 13:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Tworzenie systemu inwestycyjnego [2010-01-31 15:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Macromedia [2010-01-31 15:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Adobe [2010-01-30 16:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Apple Computer [2010-01-23 15:42:56 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Dane aplikacji\hpe12E.dll [2010-01-17 11:37:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2010-01-17 11:23:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-01-17 11:22:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2010-01-17 11:19:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [3 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-03-01 11:22:27 | 000,014,039 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\DrWeb.csv [2010-03-01 11:21:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Office Word (2).docx [2010-03-01 10:41:51 | 000,222,832 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwshd.sys [2010-03-01 09:34:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-03-01 09:34:03 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010-03-01 09:34:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-03-01 09:30:44 | 004,834,706 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-03-01 08:48:10 | 032,413,232 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe [2010-03-01 08:47:11 | 000,003,562 | ---- | M] () -- C:\WINDOWS\System32\NOTEPAD.ini [2010-03-01 08:31:24 | 000,000,043 | ---- | M] () -- C:\WINDOWS\System32\7312317141.dll [2010-02-28 22:23:49 | 000,000,132 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010-02-28 20:15:21 | 003,874,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe [2010-02-28 09:59:24 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe [2010-02-28 09:41:16 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010-02-28 09:04:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010-02-28 09:04:51 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010-02-28 09:04:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\win.ini [2010-02-25 09:51:11 | 000,013,024 | ---- | M] () -- C:\WINDOWS\System32\mksidsa.sys [2010-02-25 09:51:08 | 000,022,320 | ---- | M] () -- C:\WINDOWS\System32\mksfwallt.sys [2010-02-25 09:51:08 | 000,020,784 | ---- | M] () -- C:\WINDOWS\System32\mksfwallf.sys [2010-02-25 09:51:08 | 000,018,704 | ---- | M] () -- C:\WINDOWS\System32\mksidsf.sys [2010-02-22 13:26:13 | 000,000,523 | ---- | M] () -- C:\hpfr3420.xml [2010-02-22 13:16:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Office Word.docx [2010-02-20 18:23:10 | 000,418,061 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Wprowadzenie do gry na Gieldzie Walutowej Forex.pdf [2010-02-20 18:21:22 | 002,097,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\LeBeau, Charles --- Komputerowa analiza rynkow terminowych.doc [2010-02-20 10:41:29 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-14 12:40:56 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Homeworld2.lnk [2010-02-13 17:55:02 | 000,011,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\dieta.docx [2010-02-13 17:37:16 | 004,061,654 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\beastie boys - beastie boys - intergalactic.mp3 [2010-02-04 08:23:06 | 000,842,785 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\GPW IV - Alternatywne metody analizy technicznej.pdf [2010-02-04 08:17:28 | 000,413,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\bzwbk_program_wiosna_2010.doc [3 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-03-01 11:22:27 | 000,014,039 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\DrWeb.csv [2010-03-01 11:21:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Office Word (2).docx [2010-03-01 08:46:36 | 032,413,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe [2010-03-01 08:31:24 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\7312317141.dll [2010-02-28 20:15:02 | 003,874,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe [2010-02-22 13:16:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Nowy Dokument programu Microsoft Office Word.docx [2010-02-20 18:23:10 | 000,418,061 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Wprowadzenie do gry na Gieldzie Walutowej Forex.pdf [2010-02-20 18:21:07 | 002,097,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\LeBeau, Charles --- Komputerowa analiza rynkow terminowych.doc [2010-02-14 13:00:27 | 000,013,474 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu [2010-02-14 12:40:56 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Homeworld2.lnk [2010-02-14 12:02:39 | 005,333,031 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Homeworld2.exe [2010-02-13 17:51:11 | 000,011,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\dieta.docx [2010-02-13 17:36:11 | 004,061,654 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\beastie boys - beastie boys - intergalactic.mp3 [2010-02-04 08:23:04 | 000,842,785 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\GPW IV - Alternatywne metody analizy technicznej.pdf [2010-02-04 08:17:27 | 000,413,696 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\bzwbk_program_wiosna_2010.doc [2010-01-30 10:59:45 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log [2010-01-26 14:18:04 | 000,018,704 | ---- | C] () -- C:\WINDOWS\System32\mksidsf.sys [2010-01-18 20:43:05 | 000,000,542 | ---- | C] () -- C:\WINDOWS\MsWin.INI [2010-01-18 20:40:34 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-01-18 20:37:31 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll [2010-01-18 20:37:31 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK32.DLL [2010-01-18 20:37:31 | 000,003,360 | ---- | C] () -- C:\WINDOWS\System32\MSWTHK16.DLL [2010-01-18 20:37:29 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\Lfpng61n.dll [2010-01-18 20:37:29 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL61N.DLL [2010-01-18 20:37:28 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP61N.DLL [2010-01-18 20:37:28 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL [2010-01-17 14:41:02 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini [2010-01-17 14:04:54 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010-01-17 12:46:21 | 000,003,562 | ---- | C] () -- C:\WINDOWS\System32\NOTEPAD.ini [2010-01-17 12:20:23 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-01-17 12:20:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010-01-17 12:20:21 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010-01-17 12:20:21 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010-01-17 12:20:19 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010-01-17 12:20:19 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2010-01-17 12:08:29 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll [2010-01-17 11:56:00 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-01-17 11:31:16 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2010-01-17 11:25:42 | 000,000,047 | ---- | C] () -- C:\WINDOWS\TransBar.ini [2009-11-13 12:53:40 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\mksidsa.sys [2009-07-05 17:59:43 | 000,000,861 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009-04-06 22:11:54 | 000,022,320 | ---- | C] () -- C:\WINDOWS\System32\mksfwallt.sys [2009-04-06 22:11:52 | 000,020,784 | ---- | C] () -- C:\WINDOWS\System32\mksfwallf.sys [2003-04-07 07:21:58 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll [color=#E56717]========== LOP Check ==========[/color] [2010-02-11 19:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\BESTplayer [2010-01-17 14:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Canneverbe_Limited [2010-01-17 11:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Foxit [2010-01-17 14:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\GHISLER [2010-01-17 13:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\MksVir2007 [2010-01-17 11:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Opera [2010-01-23 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Sony [2010-01-17 14:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Canneverbe Limited [2010-01-17 11:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dane aplikacji\Foxit [color=#E56717]========== Purity Check ==========[/color] < End of report >

**Posty:** 18165 · przez **wojtas** 01 Mar 2010, 19:49

Pobierz i uruchom narzędzie
The Avenger
Wklej do okienka programu

Files to delete:

C:\WINDOWS\System32\7312317141.dll

Klikasz Execute, potem wykonaj:
Czynności końcowe :

1.Uruchom OTL z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie ) pokaż raport

**Posty:** 28 · przez **Bartek-ksw** 03 Mar 2010, 20:47

Malwarebytes RAPORT

Kod: Zaznacz wszystko: Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3821 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 8.0.6001.18702 2010-03-03 19:45:08 mbam-log-2010-03-03 (19-45-00).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|) Przeskanowane obiekty: 170397 Upłynęło: 29 minute(s), 56 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 8 Zainfekowane wartości rejestru: 1 Zainfekowane pliki rejestru: 2 Zainfekowane foldery: 0 Zainfekowane pliki: 13 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_CLASSES_ROOT\installshieldsrv.minstallshield (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{81a35f39-4850-474e-92c9-b4cf283207e0} (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81a35f39-4850-474e-92c9-b4cf283207e0} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81a35f39-4850-474e-92c9-b4cf283207e0} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kbupdate (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken. Zainfekowane wartości rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken. Zainfekowane pliki rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0002166.exe (Worm.Perlovga) -> No action taken. C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0002167.exe (Worm.Perlovga) -> No action taken. C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0011265.exe (Worm.Perlovga) -> No action taken. C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0011269.exe (Worm.Perlovga) -> No action taken. C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0053146.exe (Trojan.BackDoor) -> No action taken. C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\Dc271.exe (Trojan.BackDoor) -> No action taken. C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\qqplwca.exe (Trojan.BackDoor) -> No action taken. C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP11\A0055317.exe (Worm.Perlovga) -> No action taken. C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP11\A0055318.exe (Worm.Perlovga) -> No action taken. C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP11\A0055319.exe (Worm.Perlovga) -> No action taken. C:\System Volume Information\_restore{9CD04698-A5FB-4066-8C7A-D455C9C8F106}\RP11\A0055320.exe (Worm.Perlovga) -> No action taken. E:\System Volume Information\_restore{289AA8D9-F683-4F5C-83BA-06935EA3A6BD}\RP18\A0028477.exe (Malware.Packer.Gen) -> No action taken. E:\Gry\DSJ 3.1.2 + zawodnicy\Deluxe Ski Jump 3\DSJ[1].v3.1.1.Crack.exe (Malware.Packer.Gen) -> No action taken.

**Posty:** 18165 · przez **wojtas** 03 Mar 2010, 20:49

usuń co znalazł i napisz jak sytuacja?

Autor postu otrzymał pochwałę

**Posty:** 28 · przez **Bartek-ksw** 10 Mar 2010, 21:52

Wykonałem optymalizację systemu, trochę to trwało... Przy użyciu Malwarebyte usunąłem pliki, które znalazł i po kolejnym skanowaniu jest czysto.

Dzięki za pomoc i do zobaczenia na szlaku kibicowskim.

Kto jest na forum