Komputer muli się, skaner wykrył sporo wirusów

**Posty:** 203 · przez **matiz** 10 Sty 2010, 13:48

Witam serdecznie,
mój komputer wolniej chodzi i gdy przeskanowałem go skanerem online to wykrył sporo wirusów typu .trojan i worm, których nie do końca mógł usunąć . Proszę o pomoc.

Kod: Zaznacz wszystko: OTL logfile created on: 2010-01-10 12:41:43 - Run 2 OTL by OldTimer - Version 3.1.23.0 Folder = C:\ Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 511,00 Mb Total Physical Memory | 242,00 Mb Available Physical Memory | 47,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 18,56 Gb Total Space | 0,61 Gb Free Space | 3,28% Space Free | Partition Type: FAT32 Drive D: | 18,67 Gb Total Space | 0,19 Gb Free Space | 1,04% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MATIZ Current User Name: Mateusz Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: Off File Age = 30 Days Output = Standard [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010-01-10 12:39:20 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\OTL.exe PRC - [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008-10-04 14:08:56 | 00,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2008-10-02 07:00:38 | 01,124,352 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2008-08-07 11:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2008-08-05 14:11:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2008-08-05 14:10:58 | 00,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2008-06-17 16:00:34 | 01,249,280 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe PRC - [2008-05-22 15:05:06 | 00,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe PRC - [2007-09-20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe PRC - [2006-07-14 16:24:10 | 00,049,152 | ---- | M] (ZSMCSNAP) -- C:\WINDOWS\ZSSnp211.EXE PRC - [2004-12-14 04:44:30 | 00,065,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe PRC - [2004-08-03 23:44:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE PRC - [2004-08-03 22:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe PRC - [2004-08-03 22:44:26 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AhnRpta.exe PRC - [2004-08-03 22:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-07-15 11:42:00 | 00,114,755 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe PRC - [2004-01-26 11:38:38 | 00,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe PRC - [2003-10-16 19:07:12 | 00,626,688 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\NeostradaTP.exe PRC - [2003-10-16 19:07:12 | 00,020,480 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\Watch.exe PRC - [2003-10-16 19:07:10 | 00,200,704 | ---- | M] (France Télécom R&D) -- C:\Program Files\Neostrada TP\ComComp.exe PRC - [2003-10-16 19:07:10 | 00,024,576 | ---- | M] () -- C:\Program Files\Neostrada TP\CnxMon.exe PRC - [2000-08-04 02:50:00 | 00,044,032 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\News\NewsUpd.exe PRC - [2000-03-27 01:55:00 | 00,164,864 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe PRC - [1999-12-13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctsvccda.exe PRC - [1999-08-30 01:55:00 | 00,189,952 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010-01-10 12:39:20 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\OTL.exe MOD - [2010-01-10 11:52:44 | 00,095,232 | RHS- | M] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\temp\cvasds1.dll MOD - [2010-01-10 10:34:48 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\system32\gasretyw0.dll MOD - [2006-08-25 17:51:14 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [2004-08-03 22:44:20 | 00,065,326 | ---- | M] () -- C:\WINDOWS\system32\e8main0.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009-07-25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2008-08-07 11:17:30 | 00,575,488 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-03-23 10:17:24 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2007-09-20 15:35:38 | 00,382,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007-09-20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3) SRV - [2007-01-04 03:40:22 | 00,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2004-07-15 11:42:00 | 00,114,755 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc) SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003-02-20 19:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state) SRV - [1999-12-13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\Ctsvccda.exe -- (Creative Service for CDROM Access) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2008-06-06 09:24:44 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008-05-07 07:38:20 | 00,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2008-05-07 07:38:20 | 00,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2007-09-17 15:53:26 | 00,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-07-07 23:19:12 | 00,028,400 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20) DRV - [2007-01-15 17:41:52 | 00,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2006-07-25 11:47:56 | 00,391,791 | ---- | M] (ZSMC Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZS211.sys -- (ZSMC211) USB PC Camera (ZS211) DRV - [2005-04-26 15:32:36 | 00,012,738 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2005-04-22 17:31:20 | 00,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2005-02-25 16:49:18 | 00,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2004-08-23 13:55:54 | 00,029,440 | ---- | M] (Siemens AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\actser.sys -- (actser) DRV - [2004-08-09 13:33:26 | 00,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004-08-09 13:29:28 | 00,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2004-08-03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser) DRV - [2004-08-03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004-08-03 21:04:34 | 00,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2004-07-15 11:42:00 | 02,459,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003-12-08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003-12-08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) DRV - [2003-12-01 17:20:52 | 00,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003-09-19 16:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003-07-17 12:56:32 | 00,089,216 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\FO_PAnt.sys -- (FO_PAnt) DRV - [2003-04-03 12:04:28 | 00,058,752 | ---- | M] (Panda Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (pavdrv) DRV - [2002-10-09 13:53:54 | 00,043,904 | ---- | M] (Alfa Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AFPAnsi.sys -- (AFPAnsi) DRV - [2001-11-08 10:53:54 | 00,018,120 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x) DRV - [2001-08-17 22:02:40 | 00,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame) DRV - [2001-08-17 22:02:32 | 00,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame) DRV - [2001-08-17 21:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2001-08-17 20:19:34 | 00,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) DRV - [2001-01-03 02:00:00 | 00,500,677 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sbpci.sys -- (sbpci) Sound Blaster AudioPCI Audio Driver (WDM) DRV - [1999-12-17 01:00:00 | 00,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-299502267-725345543-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-299502267-725345543-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl IE - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll () IE - HKU\S-1-5-21-299502267-725345543-1801674531-1003\S-1-5-21-299502267-725345543-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://pl.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2007-05-01 19:19:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2007-05-01 19:19:34 | 00,000,000 | ---D | M] [2010-01-06 00:19:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Extensions [2007-05-01 19:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\g9lmhmdm.default\extensions [2010-01-09 23:20:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\g9lmhmdm.default\extensions\toolbar@ask.com [2007-05-01 19:19:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010-01-06 00:18:58 | 00,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-01-06 00:18:58 | 00,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-01-06 00:18:58 | 00,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-01-06 00:18:58 | 00,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-01-06 00:18:58 | 00,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-01-06 00:18:58 | 00,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll (BitComet) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found. O3 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WooCnxMon] C:\Program Files\Neostrada TP\CnxMon.exe () O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Neostrada TP\Watch.exe (France Télécom R&D) O4 - HKLM..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.EXE (ZSMCSNAP) O4 - HKU\S-1-5-21-299502267-725345543-1801674531-1003..\Run: [cdoosoft] C:\Documents and Settings\Mateusz\Ustawienia lokalne\temp\herss.exe () O4 - HKU\S-1-5-21-299502267-725345543-1801674531-1003..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe () O4 - HKU\S-1-5-21-299502267-725345543-1801674531-1003..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe (Time Information Services Ltd.) O4 - HKU\S-1-5-21-299502267-725345543-1801674531-1003..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O4 - HKU\S-1-5-21-299502267-725345543-1801674531-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKU\S-1-5-21-299502267-725345543-1801674531-1003..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-299502267-725345543-1801674531-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download all links using BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Download all videos using BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Download link using &BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..Trusted Domains: com.pl ([mks] http in Zaufane witryny) O15 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..Trusted Domains: com.pl ([www.mks] http in Zaufane witryny) O15 - HKU\S-1-5-21-299502267-725345543-1801674531-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} http://mks.com.pl/skaner/SkanerOnline.cab (MainControl Class) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} http://skaner.mks.com.pl/SkanerOnline.cab (MainControl Class) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {B03A4BE6-5E5A-483E-B9B3-C484D4B20B72} - C:\WINDOWS\system32\softqq0.dll () O28 - HKLM ShellExecuteHooks: {BB4C402F-882A-4526-8C08-51278EA437C1} - C:\WINDOWS\system32\e8main0.dll () O28 - HKLM ShellExecuteHooks: {BD344AF4-67AB-4E19-A630-7435587D320B} - C:\WINDOWS\system32\ahndoor0.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-13 19:58:26 | 00,000,000 | ---D | M] - C:\AutoRun -- [ FAT32 ] O32 - AutoRun File - [2006-09-13 19:58:02 | 00,593,920 | ---- | M] (Electronic Arts Inc.) - C:\AutoRunGUI.dll -- [ FAT32 ] O32 - AutoRun File - [2010-01-10 12:42:00 | 00,000,063 | RHS- | M] () - C:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010-01-10 12:42:00 | 00,000,063 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2007-12-29 19:51:00 | 00,000,081 | RHS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ] O33 - MountPoints2\{10d6c168-9571-11dc-af88-95678c586e99}\Shell\AutoRun\command - "" = H:\k8jc.exe -- File not found O33 - MountPoints2\{10d6c168-9571-11dc-af88-95678c586e99}\Shell\open\Command - "" = H:\k8jc.exe -- File not found O33 - MountPoints2\{892b3dd8-f764-11dc-b15b-000e50562a5d}\Shell\AutoRun\command - "" = H:\yudald.bat -- File not found O33 - MountPoints2\{892b3dd8-f764-11dc-b15b-000e50562a5d}\Shell\open\Command - "" = H:\yudald.bat -- File not found O33 - MountPoints2\{d3e1c514-8d80-11de-b792-000e50562a5d}\Shell\AutoRun\command - "" = H:\2u.com -- File not found O33 - MountPoints2\{d3e1c514-8d80-11de-b792-000e50562a5d}\Shell\explore\Command - "" = H:\2u.com -- File not found O33 - MountPoints2\{d3e1c514-8d80-11de-b792-000e50562a5d}\Shell\open\Command - "" = H:\2u.com -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010-01-10 12:39:18 | 00,543,744 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2010-01-10 11:40:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\AskToolbar [2010-01-09 23:20:05 | 00,000,000 | ---D | C] -- C:\Program Files\Ask.com [2010-01-09 23:19:44 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent [2007-05-19 13:38:52 | 00,018,120 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys [2005-05-15 22:26:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Symantec [2005-02-19 13:05:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2005-02-19 13:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2005-02-19 12:41:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2005-02-19 12:41:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010-01-10 12:44:04 | 00,000,063 | RHS- | M] () -- C:\autorun.inf [2010-01-10 12:39:20 | 00,543,744 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2010-01-10 12:01:04 | 00,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010-01-10 11:52:36 | 00,114,688 | RHS- | M] () -- C:\8xcrbho6.exe [2010-01-10 10:34:50 | 00,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010-01-10 10:34:48 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\System32\gasretyw0.dll [2010-01-10 10:34:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-01-10 10:34:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-01-10 10:34:14 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys [2010-01-10 08:46:04 | 08,126,464 | -H-- | M] () -- C:\Documents and Settings\Mateusz\NTUSER.DAT [2010-01-10 08:28:54 | 00,030,042 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\2012-Supernova.2009.DVDRip.XviD-BeStDivX.torrent [2010-01-09 23:19:46 | 00,000,534 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk [2010-01-08 22:56:10 | 00,114,688 | RHS- | M] () -- C:\31lyx.exe [2010-01-07 20:03:22 | 00,121,344 | RHS- | M] () -- C:\f2kmj.exe [2010-01-06 21:24:24 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Mateusz\ntuser.ini [2010-01-06 01:15:32 | 00,118,272 | RHS- | M] () -- C:\e9naq.exe [2010-01-01 19:20:14 | 00,115,200 | RHS- | M] () -- C:\h0.exe [2009-12-31 08:39:06 | 00,106,496 | RHS- | M] () -- C:\anoataly.exe [2009-12-29 19:19:54 | 00,221,678 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\P1010364-nowe3.jpg [2009-12-29 19:09:52 | 00,277,619 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\P1010364-000000.jpg [2009-12-29 18:50:54 | 00,000,020 | ---- | M] () -- C:\Documents and Settings\Mateusz\Pulpit\Picasa.ini [2009-12-29 15:28:00 | 00,098,816 | RHS- | M] () -- C:\wisf1.exe [2009-12-28 07:31:48 | 00,106,496 | RHS- | M] () -- C:\imghyva6.exe [2009-12-24 22:16:56 | 00,115,593 | RHS- | M] () -- C:\u16sqrqn.exe [2009-12-24 22:01:06 | 00,075,928 | RHS- | M] () -- C:\WINDOWS\System32\nmdfgds0.dll [2009-12-19 18:10:18 | 00,120,510 | RHS- | M] () -- C:\nx.exe [2009-12-15 20:48:24 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010-01-10 11:53:11 | 00,114,688 | RHS- | C] () -- C:\8xcrbho6.exe [2010-01-10 11:12:17 | 00,000,595 | RHS- | C] () -- C:\autorun.inf [2010-01-10 08:28:52 | 00,030,042 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\2012-Supernova.2009.DVDRip.XviD-BeStDivX.torrent [2010-01-09 23:20:12 | 00,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010-01-09 23:19:45 | 00,000,534 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\µTorrent.lnk [2010-01-08 22:56:36 | 00,114,688 | RHS- | C] () -- C:\31lyx.exe [2010-01-07 20:03:48 | 00,121,344 | RHS- | C] () -- C:\f2kmj.exe [2010-01-04 19:27:02 | 00,118,272 | RHS- | C] () -- C:\e9naq.exe [2010-01-01 19:20:40 | 00,115,200 | RHS- | C] () -- C:\h0.exe [2009-12-31 08:39:31 | 00,106,496 | RHS- | C] () -- C:\anoataly.exe [2009-12-29 19:19:07 | 00,221,678 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\P1010364-nowe3.jpg [2009-12-29 19:09:50 | 00,277,619 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\P1010364-000000.jpg [2009-12-29 18:50:52 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\Mateusz\Pulpit\Picasa.ini [2009-12-29 15:28:27 | 00,098,816 | RHS- | C] () -- C:\wisf1.exe [2009-12-28 07:32:13 | 00,106,496 | RHS- | C] () -- C:\imghyva6.exe [2009-12-24 22:17:22 | 00,115,593 | RHS- | C] () -- C:\u16sqrqn.exe [2009-12-19 18:10:43 | 00,120,510 | RHS- | C] () -- C:\nx.exe [2009-10-04 21:17:34 | 00,084,992 | -HS- | C] () -- C:\WINDOWS\System32\gasretyw0.dll [2009-08-24 23:30:55 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009-08-24 23:30:55 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009-08-24 23:30:53 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009-08-24 23:30:49 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009-08-24 23:30:49 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009-06-12 22:51:07 | 00,088,064 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds2.dll [2009-06-01 21:03:04 | 00,115,200 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds1.dll [2009-05-31 17:39:26 | 00,075,928 | RHS- | C] () -- C:\WINDOWS\System32\nmdfgds0.dll [2008-12-14 16:02:05 | 00,102,317 | ---- | C] () -- C:\Documents and Settings\Mateusz\Dane aplikacji\NMM-MetaData.db [2008-03-23 10:04:21 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2008-03-21 17:30:17 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2008-02-01 14:21:09 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll [2007-12-27 22:19:54 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat [2007-08-02 19:08:46 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-07-12 16:14:42 | 00,000,651 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007-05-19 13:41:57 | 00,000,375 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI [2007-05-09 16:00:48 | 00,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\QTSBandwidthCache [2007-03-31 17:00:21 | 00,000,486 | ---- | C] () -- C:\WINDOWS\naglos.INI [2007-03-29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2007-01-15 17:41:49 | 00,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006-11-23 15:23:31 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2006-04-19 15:55:28 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2005-10-14 11:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2005-09-19 19:15:59 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005-08-09 16:10:30 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2005-05-28 00:10:25 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll [2005-05-24 21:15:25 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\windblt.dll [2005-05-20 21:26:00 | 00,000,678 | ---- | C] () -- C:\WINDOWS\ChaseHQ2EvoConfig.ini [2005-04-30 17:15:40 | 00,000,771 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2005-04-22 19:29:01 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2005-04-22 19:28:43 | 00,000,009 | ---- | C] () -- C:\WINDOWS\Sierra.ini [2005-04-22 17:05:05 | 00,050,458 | ---- | C] () -- C:\WINDOWS\System32\interceptor.sys [2005-04-10 19:40:58 | 00,000,533 | ---- | C] () -- C:\WINDOWS\netdet.ini [2005-04-10 19:37:56 | 00,089,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FO_PAnt.sys [2005-02-25 16:44:52 | 00,009,965 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini [2005-02-25 15:20:55 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2005-02-21 15:55:37 | 00,208,896 | ---- | C] () -- C:\Documents and Settings\Mateusz\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005-02-19 15:07:34 | 00,001,563 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2005-02-19 15:03:49 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005-02-19 13:31:05 | 00,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll [2005-02-19 13:25:00 | 00,000,071 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2005-02-19 13:09:03 | 00,000,489 | ---- | C] () -- C:\WINDOWS\demo.INI [2004-08-03 22:44:20 | 00,065,774 | ---- | C] () -- C:\WINDOWS\System32\e8main1.dll [2004-08-03 22:44:20 | 00,065,326 | ---- | C] () -- C:\WINDOWS\System32\e8main0.dll [2004-08-03 22:44:20 | 00,063,359 | ---- | C] () -- C:\WINDOWS\System32\ahndoor0.dll [2004-08-03 22:44:20 | 00,061,182 | ---- | C] () -- C:\WINDOWS\System32\softqq0.dll [2004-08-03 22:44:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2004-07-17 09:36:38 | 00,028,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2002-12-10 00:00:00 | 01,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL [2002-12-10 00:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL [2001-09-17 13:20:02 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [1999-08-12 00:00:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1999-08-12 00:00:00 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL [1999-01-22 18:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [color=#E56717]========== LOP Check ==========[/color] [2005-06-16 22:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Kazaa Lite [2005-09-18 13:18:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Viewpoint [2005-11-26 13:28:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\stamina [2007-06-24 00:56:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft [2007-11-13 23:28:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\FlashFXP [2008-11-26 17:45:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2008-11-26 17:51:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2005-06-24 17:42:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Opera [2005-09-18 13:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Aim [2007-01-19 20:23:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\matiz [2007-02-15 14:24:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\uTorrent [2007-02-27 17:59:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Microgaming [2007-04-29 13:07:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\MusicIP [2007-09-16 11:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\BearShare [2008-03-21 17:33:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Panasonic [2008-07-20 12:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\HouseCall 6.6 [2008-11-26 17:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\Nokia [2008-11-26 17:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\PC Suite [2009-02-26 23:19:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mateusz\Dane aplikacji\EurekaLog [2010-01-10 12:01:04 | 00,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [color=#E56717]========== Purity Check ==========[/color] < End of report >

**Posty:** 18165 · przez **wojtas** 10 Sty 2010, 22:05

Daj loga z combofixa ale zainstaluj wraz z nim konsolę odzyskiwania ( instrukcja programu )

**Posty:** 203 · przez **matiz** 11 Sty 2010, 22:59

Zrobione :

Kod: Zaznacz wszystko: ComboFix 10-01-11.01 - Mateusz 2010-01-11 21:41:44.31.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.247 [GMT 1:00] Uruchomiony z: C:\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\0fkk02x.exe C:\10nb.exe C:\1di1w.exe C:\1mteolu9.com C:\22yj2fy1.exe C:\28b6ry9r.exe C:\2o1ajagt.exe C:\2u.com C:\3c.exe C:\3j2h0tf.bat C:\3n8awsyg.exe C:\6rxt26.exe C:\86.exe C:\86l2qw.bat C:\9b9w3.exe C:\9jyhdim8.exe C:\9u.exe C:\a2g21.exe C:\aphqg.exe C:\Autorun.inf C:\b00ijwpu.exe C:\cfrdbyrp.bat C:\cj3k.exe C:\cv8j.exe C:\d9c.bat c:\docume~1\Mateusz\USTAWI~1\Temp\cvasds0.dll c:\docume~1\Mateusz\USTAWI~1\Temp\cvasds1.dll c:\documents and settings\Mateusz\Dane aplikacji\EurekaLog c:\documents and settings\Mateusz\Dane aplikacji\EurekaLog\EurekaLog.ini c:\documents and settings\Mateusz\Ustawienia lokalne\temp\cvasds0.dll C:\DOGYX90.EXE C:\eexyv.exe C:\f2.bat C:\fsaht.cmd C:\g8k.exe C:\gbm6n.exe C:\gcq6.exe C:\gpcdt.cmd C:\hjvjte.exe C:\hm1bfpuj.exe C:\hx.exe C:\i0yva6.exe C:\imghyva6.exe C:\l61yyp.exe C:\lcw.exe C:\ljnhwt.bat C:\m.com C:\mbdm.exe C:\metdgv.bat C:\mjafm.exe C:\mranjm.exe C:\nds0q.exe C:\nkbd1v.exe C:\nx.exe C:\o8tf6l.exe C:\o9bxu.exe C:\opdux.exe C:\P.EXE C:\p9dwwa61.exe C:\ph.exe C:\Pkkwng.exe C:\q1alx.exe C:\q8e6.bat C:\q9.cmd C:\qcoageh.exe C:\qcod.exe C:\qv9qc9f.exe C:\r2g20.exe C:\rx.exe C:\s3ek.exe C:\se12ydam.exe C:\sp1jensi.exe C:\srgo.exe C:\sv8c2bjw.bat C:\u16sqrqn.exe C:\ukfbi3aw.exe C:\uo10sn.cmd C:\uqgvf.exe C:\vb0hsoay.exe C:\vk0w.exe C:\w9hw8.exe C:\w9uxx92.exe C:\wbj.exe c:\windows\AhnRpta.exe c:\windows\system32\ahndoor0.dll c:\windows\system32\e8main0.dll c:\windows\system32\e8main1.dll c:\windows\system32\gasretyw0.dll c:\windows\system32\ieuinit.inf c:\windows\system32\kamsoft.exe c:\windows\system32\nmdfgds0.dll c:\windows\system32\nmdfgds1.dll c:\windows\system32\nmdfgds2.dll C:\xbvv0.exe C:\xdglur.bat C:\xs6kpr0.exe C:\y8.exe C:\ycvvj.exe D:\0fkk02x.exe D:\10nb.exe D:\1mteolu9.com D:\22yj2fy1.exe D:\28b6ry9r.exe D:\2o1ajagt.exe D:\2u.com D:\3c.exe D:\3j2h0tf.bat D:\3n8awsyg.exe D:\6rxt26.exe D:\86l2qw.bat D:\9b9w3.exe D:\9jyhdim8.exe D:\9u.exe D:\a2g21.exe D:\aphqg.exe D:\autorun.inf D:\cfrdbyrp.bat D:\cj3k.exe D:\cv8j.exe D:\d9c.bat D:\dogyx90.exe D:\eexyv.exe D:\f2.bat D:\fsaht.cmd D:\g8k.exe D:\gbm6n.exe D:\gclwpivc.cmd D:\gcq6.exe D:\gpcdt.cmd D:\hjvjte.exe D:\hm1bfpuj.exe D:\hx.exe D:\i0yva6.exe D:\imghyva6.exe D:\l61yyp.exe D:\lcw.exe D:\ljnhwt.bat D:\m.com D:\m.exe D:\mbdm.exe D:\metdgv.bat D:\mranjm.exe D:\nds0q.exe D:\nkbd1v.exe D:\nx.exe D:\o8tf6l.exe D:\o9bxu.exe D:\opdux.exe D:\p.exe D:\ph.exe D:\pkkwng.exe D:\q1alx.exe D:\q8e6.bat D:\q9.cmd D:\qcoageh.exe D:\qcod.exe D:\qv9qc9f.exe D:\r2g20.exe D:\rx.exe D:\s3ek.exe D:\se12ydam.exe D:\sp1jensi.exe D:\srgo.exe D:\sv8c2bjw.bat D:\u16sqrqn.exe D:\ucivd6xi.bat D:\ukfbi3aw.exe D:\uo10sn.cmd D:\uqgvf.exe D:\vk0w.exe D:\w9hw8.exe D:\wbj.exe D:\xbvv0.exe D:\xdglur.bat D:\xs6kpr0.exe D:\y8.exe D:\yudald.bat . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_AVPsys ((((((((((((((((((((((((( Pliki utworzone od 2009-12-11 do 2010-01-11 ))))))))))))))))))))))))))))))) . 2010-01-11 20:29 . 2010-01-11 20:30 3820564 ----a-r- C:\ComboFix.exe 2010-01-11 08:51 . 2010-01-11 08:56 56533320 ----a-w- C:\Norman_Malware_Cleaner.exe 2010-01-10 11:39 . 2010-01-10 11:39 543744 ----a-w- C:\OTL.exe 2010-01-10 10:40 . 2010-01-10 10:40 -------- d-----w- c:\documents and settings\Mateusz\Ustawienia lokalne\Dane aplikacji\AskToolbar 2010-01-09 22:20 . 2010-01-09 22:20 -------- d-----w- c:\program files\Ask.com 2010-01-09 22:19 . 2010-01-09 22:19 -------- d-----w- c:\program files\uTorrent 2010-01-08 21:56 . 2010-01-08 21:56 114688 --sh--r- C:\31lyx.exe 2010-01-07 19:03 . 2010-01-07 19:03 121344 --sh--r- C:\f2kmj.exe 2010-01-04 18:27 . 2010-01-06 00:15 118272 --sh--r- C:\e9naq.exe 2010-01-01 18:20 . 2010-01-01 18:20 115200 --sh--r- C:\h0.exe 2009-12-31 07:39 . 2009-12-31 07:39 106496 --sh--r- C:\anoataly.exe 2009-12-29 14:28 . 2009-12-29 14:28 98816 --sh--r- C:\wisf1.exe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-06 11:22 . 2009-12-05 08:01 115688 --sh--r- C:\k8jc.exe 2009-12-03 18:35 . 2009-12-03 18:35 113792 --sh--r- C:\mbvd.exe 2009-11-24 16:34 . 2009-11-24 16:34 113508 --sh--r- C:\wu1n.exe 2009-11-23 17:43 . 2009-11-23 17:43 79488 ----a-w- c:\documents and settings\Mateusz\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll . ------- Sigcheck ------- [7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys [7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-09-02 13:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] "Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-09 289584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952] "NewsUpd"="c:\program files\Creative\News\NewsUpd.EXE" [2000-08-04 44032] "ZSSnp211"="c:\windows\ZSSnp211.exe" [2006-07-14 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384] "WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}"= "c:\windows\system32\softqq0.dll" [2004-08-03 61182] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^LUMIX Simple Viewer.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\LUMIX Simple Viewer.lnk backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Mateusz^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=c:\documents and settings\Mateusz\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] 2009-07-22 11:29 4777472 ----a-w- c:\progra~1\WapSter\WAPSTE~1\AQQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] 2002-12-02 19:56 40960 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino] 2006-07-04 13:16 49152 ----a-w- c:\windows\Domino.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2002-12-17 10:40 49152 ----a-r- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt] 2005-05-24 21:41 503808 ----a-w- c:\program files\Konnekt\konnekt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-09-20 08:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2004-07-15 10:42 843776 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-02-26 02:23 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-04-27 08:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2007-04-25 16:44 35328 ----a-w- d:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] 2003-10-16 18:07 53248 ------w- c:\progra~1\NEOSTR~1\TaskBarIcon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\WapSter\\AQQ\\AQQ.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R0 AFPAnsi;G-DATA Ukrywacz Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2005-04-10 43904] R0 FO_PAnt;FotoOffice VirtualDisc Driver;c:\windows\system32\drivers\FO_PAnt.sys [2005-04-10 89216] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-01-15 639224] S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?] S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2005-04-26 12738] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] . Zawartość folderu 'Zaplanowane zadania' 2009-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42] 2010-01-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-09-02 13:56] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = about:blank mSearch Bar = uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: { - c:\program files\Messenger\msmsgs.exe Trusted Zone: com.pl\mks Trusted Zone: com.pl\www.mks TCP: {CA05CC3A-0DDC-4789-A17A-C371BFC13DF8} = 194.204.152.34 194.204.159.1 DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - hxxp://skaner.mks.com.pl/SkanerOnline.cab FF - ProfilePath - c:\documents and settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\g9lmhmdm.default\ FF - prefs.js: browser.startup.homepage - hxxp://pl.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll . - - - - USUNIĘTO PUSTE WPISY - - - - ShellExecuteHooks-{BD344AF4-67AB-4E19-A630-7435587D320B} - c:\windows\system32\ahndoor0.dll MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe AddRemove-IMG Tool - c:\program files\GTA3Mods\IMG Tool\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-11 21:52 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???Z???????????? C?????Disc Detector?B???A???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ?????????w??????????@?U? ???????????????B?????,????????????????????`????????B skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x823D81D8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf857afc3 \Driver\ACPI -> ACPI.sys @ 0xf83fdcb8 \Driver\atapi -> 0x823d81d8 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876 ParseProcedure -> ntoskrnl.exe @ 0x8057016c \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059c876 ParseProcedure -> ntoskrnl.exe @ 0x8057016c NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(2792) c:\windows\system32\softqq0.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\CTSvcCDA.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\AhnRpta.exe c:\program files\Creative\ShareDLL\MediaDet.Exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe c:\program files\Neostrada TP\NeostradaTP.exe c:\program files\Neostrada TP\ComComp.exe c:\program files\Neostrada TP\Watch.exe . ************************************************************************** . Czas ukończenia: 2010-01-11 21:55:44 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2010-01-11 20:55 Przed: 526 024 704 bajtów wolnych Po: 494 993 408 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - A1129FBEBA503233FCFEC815FCDEE00B

Przy końcowym etapie pojawił się komunikat że wystąpił błąd z aplikacją 'catchme'.tmb' , nie wiem co to jest, ale pamiętam że czasem się to pojawia.

**Posty:** 18165 · przez **wojtas** 11 Sty 2010, 23:07

Podepnij dysk przenośny (pendrive, kara pamięci). Wejdź w Start >>> Uruchom >>> CMD i wpisz polecenie:

X:

(za X podstaw literę pod jaką jest widoczny dysk przenośny)

Następnie wpisz polecenie tworzenia raportu:

DIR /A:H >C:\LOG.TXT & start notepad C:\LOG.TXT

Wklejasz zawartość pliku log.txt na forum

**Posty:** 203 · przez **matiz** 11 Sty 2010, 23:17

Kod: Zaznacz wszystko: Wolumin w stacji H nie ma etykiety. Numer seryjny woluminu: 0000-0000 Katalog: H:\ 2004-01-01 00:00 15 LIBB.PLT 2004-01-01 00:00 15 LIBA.PLT 2004-01-01 00:00 15 LIBC.PLT 2004-01-01 00:00 51 LIBROOT.PLT 2009-04-24 11:20 109 167 vwewav8.com 2009-03-16 13:18 110 629 luk1ylq.com 2009-04-07 10:06 109 400 1ogf.exe 2010-01-11 22:17 63 autorun.inf 2009-03-23 11:10 112 185 jm3cx96.bat 2009-03-27 14:11 109 692 em8tqm.cmd 2009-04-01 11:23 108 693 0bcobed.exe 2009-04-02 11:20 108 083 o3n9k.com 2009-04-20 12:15 108 855 ej10fkdo.bat 2009-04-06 10:44 110 480 upw.bat 2009-04-23 09:29 109 601 g1ljsm.com 2009-05-11 10:00 108 772 ysep1.exe 2009-05-04 14:30 108 617 mt.bat 2009-05-07 09:24 107 719 boyedt.com 2009-06-29 00:10 106 748 uo10sn.cmd 2009-05-12 13:24 107 662 lc.exe 2009-05-15 10:18 105 213 j.cmd 2009-06-05 15:40 103 180 gclwpivc.cmd 2009-06-22 18:58 106 074 m.com 2009-07-05 19:30 107 500 3j2h0tf.bat 2009-07-13 19:50 110 765 nkbd1v.exe 2009-07-06 08:50 111 475 aphqg.exe 2009-08-30 16:35 113 919 xbvv0.exe 2009-08-05 08:59 106 110 22yj2fy1.exe 2009-08-16 20:38 106 049 lcw.exe 2009-08-30 17:06 114 321 cfrdbyrp.bat 2009-01-05 17:51 104 421 2u.com 2009-10-08 20:57 117 508 1di1w.exe 2009-11-09 17:21 114 778 vk0w.exe 2009-12-06 12:22 115 688 k8jc.exe 2010-01-11 22:08 118 784 8xcrbho6.exe 2008-12-04 23:41 <DIR> RECYCLER 35 plik(ów) 3 292 247 bajtów 1 katalog(ów) 4 571 136 bajtów wolnych

**Posty:** 18165 · przez **wojtas** 11 Sty 2010, 23:23

zostaw go podpiętego:

Otworz notatnik i wklej w nim to:

File::
C:\31lyx.exe
C:\f2kmj.exe
C:\e9naq.exe
C:\h0.exe
C:\anoataly.exe
C:\wisf1.exe
C:\k8jc.exe
C:\mbvd.exe
C:\wu1n.exe
d:\31lyx.exe
d:\f2kmj.exe
d:\e9naq.exe
d:\h0.exe
d:\anoataly.exe
d:\wisf1.exe
d:\k8jc.exe
d:\mbvd.exe
d:\wu1n.exe
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\system32\softqq0.dll
C:\vwewav8.com
C:\109 167 vwewav8.com
C:\luk1ylq.com
C:\1ogf.exe
C:\autorun.inf
C:\jm3cx96.bat
C:\em8tqm.cmd
C:\0bcobed.exe
C:\o3n9k.com
C:\ej10fkdo.bat
C:\upw.bat
C:\g1ljsm.com
C:\ysep1.exe
C:\mt.bat
C:\boyedt.com
C:\uo10sn.cmd
C:\lc.exe
C:\j.cmd
C:\gclwpivc.cmd
C:\m.com
C:\3j2h0tf.bat
C:\nkbd1v.exe
C:\aphqg.exe
C:\xbvv0.exe
C:\22yj2fy1.exe
C:\lcw.exe
C:\cfrdbyrp.bat
C:\2u.com
C:\1di1w.exe
C:\778 vk0w.exe
C:\688 k8jc.exe
C:\8xcrbho6.exe
D:\vwewav8.com
D:\109 167 vwewav8.com
D:\luk1ylq.com
D:\1ogf.exe
D:\autorun.inf
D:\jm3cx96.bat
D:\em8tqm.cmd
D:\0bcobed.exe
D:\o3n9k.com
D:\ej10fkdo.bat
D:\upw.bat
D:\g1ljsm.com
D:\ysep1.exe
D:\mt.bat
D:\boyedt.com
D:\uo10sn.cmd
D:\lc.exe
D:\j.cmd
D:\gclwpivc.cmd
D:\m.com
D:\3j2h0tf.bat
D:\nkbd1v.exe
D:\aphqg.exe
D:\xbvv0.exe
D:\22yj2fy1.exe
D:\lcw.exe
D:\cfrdbyrp.bat
D:\2u.com
D:\1di1w.exe
D:\778 vk0w.exe
D:\688 k8jc.exe
D:\8xcrbho6.exe
H:\vwewav8.com
H:\109 167 vwewav8.com
H:\luk1ylq.com
H:\1ogf.exe
H:\autorun.inf
H:\jm3cx96.bat
H:\em8tqm.cmd
H:\0bcobed.exe
H:\o3n9k.com
H:\ej10fkdo.bat
H:\upw.bat
H:\g1ljsm.com
H:\ysep1.exe
H:\mt.bat
H:\boyedt.com
H:\uo10sn.cmd
H:\lc.exe
H:\j.cmd
H:\gclwpivc.cmd
H:\m.com
H:\3j2h0tf.bat
H:\nkbd1v.exe
H:\aphqg.exe
H:\xbvv0.exe
H:\22yj2fy1.exe
H:\lcw.exe
H:\cfrdbyrp.bat
H:\2u.com
H:\1di1w.exe
H:\778 vk0w.exe
H:\688 k8jc.exe
H:\8xcrbho6.exe

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Rozpocznie się usuwanie i powstanie log daj go. oraz nowy raport z pena

**Posty:** 203 · przez **matiz** 11 Sty 2010, 23:48

Kod: Zaznacz wszystko: ComboFix 10-01-11.01 - Mateusz 2010-01-11 22:34:28.32.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.343 [GMT 1:00] Uruchomiony z: C:\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Mateusz\Pulpit\CFScript.txt FILE :: "C:\0bcobed.exe" "C:\109 167 vwewav8.com" "C:\1di1w.exe" "C:\1ogf.exe" "C:\22yj2fy1.exe" "C:\2u.com" "C:\31lyx.exe" "C:\3j2h0tf.bat" "C:\688 k8jc.exe" "C:\778 vk0w.exe" "C:\8xcrbho6.exe" "C:\anoataly.exe" "C:\aphqg.exe" "C:\autorun.inf" "C:\boyedt.com" "C:\cfrdbyrp.bat" "C:\e9naq.exe" "C:\ej10fkdo.bat" "C:\em8tqm.cmd" "C:\f2kmj.exe" "C:\g1ljsm.com" "C:\gclwpivc.cmd" "C:\h0.exe" "C:\j.cmd" "C:\jm3cx96.bat" "C:\k8jc.exe" "C:\lc.exe" "C:\lcw.exe" "C:\luk1ylq.com" "C:\m.com" "C:\mbvd.exe" "C:\mt.bat" "C:\nkbd1v.exe" "C:\o3n9k.com" "C:\uo10sn.cmd" "C:\upw.bat" "C:\vwewav8.com" "c:\windows\system32\softqq0.dll" "c:\windows\Tasks\Scheduled Update for Ask Toolbar.job" "C:\wisf1.exe" "C:\wu1n.exe" "C:\xbvv0.exe" "C:\ysep1.exe" "D:\0bcobed.exe" "D:\109 167 vwewav8.com" "D:\1di1w.exe" "D:\1ogf.exe" "D:\22yj2fy1.exe" "D:\2u.com" "d:\31lyx.exe" "D:\3j2h0tf.bat" "D:\688 k8jc.exe" "D:\778 vk0w.exe" "D:\8xcrbho6.exe" "d:\anoataly.exe" "D:\aphqg.exe" "D:\autorun.inf" "D:\boyedt.com" "D:\cfrdbyrp.bat" "d:\e9naq.exe" "D:\ej10fkdo.bat" "D:\em8tqm.cmd" "d:\f2kmj.exe" "D:\g1ljsm.com" "D:\gclwpivc.cmd" "d:\h0.exe" "D:\j.cmd" "D:\jm3cx96.bat" "d:\k8jc.exe" "D:\lc.exe" "D:\lcw.exe" "D:\luk1ylq.com" "D:\m.com" "d:\mbvd.exe" "D:\mt.bat" "D:\nkbd1v.exe" "D:\o3n9k.com" "D:\uo10sn.cmd" "D:\upw.bat" "D:\vwewav8.com" "d:\wisf1.exe" "d:\wu1n.exe" "D:\xbvv0.exe" "D:\ysep1.exe" "H:\0bcobed.exe" "H:\109 167 vwewav8.com" "H:\1di1w.exe" "H:\1ogf.exe" "H:\22yj2fy1.exe" "H:\2u.com" "H:\3j2h0tf.bat" "H:\688 k8jc.exe" "H:\778 vk0w.exe" "H:\8xcrbho6.exe" "H:\aphqg.exe" "H:\autorun.inf" "H:\boyedt.com" "H:\cfrdbyrp.bat" "H:\ej10fkdo.bat" "H:\em8tqm.cmd" "H:\g1ljsm.com" "H:\gclwpivc.cmd" "H:\j.cmd" "H:\jm3cx96.bat" "H:\lc.exe" "H:\lcw.exe" "H:\luk1ylq.com" "H:\m.com" "H:\mt.bat" "H:\nkbd1v.exe" "H:\o3n9k.com" "H:\uo10sn.cmd" "H:\upw.bat" "H:\vwewav8.com" "H:\xbvv0.exe" "H:\ysep1.exe" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\31lyx.exe C:\8xcrbho6.exe C:\anoataly.exe C:\autorun.inf c:\docume~1\Mateusz\USTAWI~1\Temp\cvasds1.dll C:\e9naq.exe C:\f2kmj.exe C:\h0.exe C:\k8jc.exe C:\LOG.TXT C:\mbvd.exe c:\program files\Ask.com c:\program files\Ask.com\cobrand.ico c:\program files\Ask.com\config.xml c:\program files\Ask.com\favicon.ico c:\program files\Ask.com\GenericAskToolbar.dll c:\program files\Ask.com\mupcfg.xml c:\program files\Ask.com\SaUpdate.exe c:\program files\Ask.com\UpdateTask.exe c:\windows\AhnRpta.exe c:\windows\system32\softqq0.dll c:\windows\Tasks\Scheduled Update for Ask Toolbar.job C:\wisf1.exe C:\wu1n.exe D:\1di1w.exe d:\31lyx.exe D:\8xcrbho6.exe d:\anoataly.exe D:\Autorun.inf d:\e9naq.exe d:\f2kmj.exe d:\h0.exe d:\k8jc.exe d:\mbvd.exe d:\wisf1.exe d:\wu1n.exe H:\0bcobed.exe H:\1di1w.exe H:\1ogf.exe H:\22yj2fy1.exe H:\2u.com H:\3j2h0tf.bat H:\8xcrbho6.exe H:\aphqg.exe H:\autorun.inf H:\boyedt.com H:\cfrdbyrp.bat H:\ej10fkdo.bat H:\em8tqm.cmd H:\g1ljsm.com H:\gclwpivc.cmd H:\j.cmd H:\jm3cx96.bat H:\lc.exe H:\lcw.exe H:\luk1ylq.com H:\m.com H:\mt.bat H:\nkbd1v.exe H:\o3n9k.com H:\uo10sn.cmd H:\upw.bat H:\vwewav8.com H:\xbvv0.exe H:\ysep1.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-12-11 do 2010-01-11 ))))))))))))))))))))))))))))))) . 2010-01-11 20:29 . 2010-01-11 20:30 3820564 ----a-r- C:\ComboFix.exe 2010-01-11 08:51 . 2010-01-11 08:56 56533320 ----a-w- C:\Norman_Malware_Cleaner.exe 2010-01-10 11:39 . 2010-01-10 11:39 543744 ----a-w- C:\OTL.exe 2010-01-10 10:40 . 2010-01-10 10:40 -------- d-----w- c:\documents and settings\Mateusz\Ustawienia lokalne\Dane aplikacji\AskToolbar 2010-01-09 22:19 . 2010-01-09 22:19 -------- d-----w- c:\program files\uTorrent . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-23 17:43 . 2009-11-23 17:43 79488 ----a-w- c:\documents and settings\Mateusz\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll . ------- Sigcheck ------- [7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . B4E29943B4B04BD5E7381546848E6669 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\system32\dllcache\tcpip.sys [7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] "Odkurzacz-MCD"="c:\program files\Odkurzacz\odk_mcd.exe" [2008-08-16 264704] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-01-09 289584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 189952] "NewsUpd"="c:\program files\Creative\News\NewsUpd.EXE" [2000-08-04 44032] "ZSSnp211"="c:\windows\ZSSnp211.exe" [2006-07-14 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384] "WooCnxMon"="c:\progra~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2003-10-16 20480] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^LUMIX Simple Viewer.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\LUMIX Simple Viewer.lnk backup=c:\windows\pss\LUMIX Simple Viewer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Mateusz^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=c:\documents and settings\Mateusz\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] 2009-07-22 11:29 4777472 ----a-w- c:\progra~1\WapSter\WAPSTE~1\AQQ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] 2002-12-02 19:56 40960 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino] 2006-07-04 13:16 49152 ----a-w- c:\windows\Domino.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2002-12-17 10:40 49152 ----a-r- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt] 2005-05-24 21:41 503808 ----a-w- c:\program files\Konnekt\konnekt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-09-20 08:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2004-07-15 10:42 843776 ----a-w- c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-02-26 02:23 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-04-27 08:41 282624 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2007-04-25 16:44 35328 ----a-w- d:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] 2003-10-16 18:07 53248 ------w- c:\progra~1\NEOSTR~1\TaskBarIcon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\WapSter\\AQQ\\AQQ.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R0 AFPAnsi;G-DATA Ukrywacz Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2005-04-10 43904] R0 FO_PAnt;FotoOffice VirtualDisc Driver;c:\windows\system32\drivers\FO_PAnt.sys [2005-04-10 89216] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2007-01-15 639224] S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?] S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2005-04-26 12738] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] . Zawartość folderu 'Zaplanowane zadania' 2009-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.neostrada.pl uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = about:blank mSearch Bar = uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: { - c:\program files\Messenger\msmsgs.exe Trusted Zone: com.pl\mks Trusted Zone: com.pl\www.mks DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - hxxp://skaner.mks.com.pl/SkanerOnline.cab FF - ProfilePath - c:\documents and settings\Mateusz\Dane aplikacji\Mozilla\Firefox\Profiles\g9lmhmdm.default\ FF - prefs.js: browser.startup.homepage - hxxp://pl.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll . ************************************************************************** skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???Z???????????? C?????Disc Detector?B???A???????A?? ????B???@?$?@?? C?????U?@?????????@?B???A???????A? ?????B???@?????P???$?@?? ?????????w??????????@?U? ???????????????B?????,????????????????????`????????B skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: ************************************************************************** . Czas ukończenia: 2010-01-11 22:44:35 ComboFix-quarantined-files.txt 2010-01-11 21:44 ComboFix2.txt 2010-01-11 20:55 Przed: 458 096 640 bajtów wolnych Po: 421 036 032 bajtów wolnych - - End Of File - - 191E5095712C498DF5A173C5F33C8B06

Kod: Zaznacz wszystko: Wolumin w stacji H nie ma etykiety. Numer seryjny woluminu: 0000-0000 Katalog: H:\ 2004-01-01 00:00 15 LIBB.PLT 2004-01-01 00:00 15 LIBA.PLT 2004-01-01 00:00 15 LIBC.PLT 2004-01-01 00:00 51 LIBROOT.PLT 2009-11-09 17:21 114 778 vk0w.exe 2009-12-06 12:22 115 688 k8jc.exe 2008-12-04 23:41 <DIR> RECYCLER 6 plik(ów) 230 562 bajtów 1 katalog(ów) 4 521 984 bajtów wolnych

**Posty:** 18165 · przez **wojtas** 12 Sty 2010, 00:32

Otworz notatnik i wklej w nim to:

File::
H:\vk0w.exe
H:\k8jc.exe

i ta sama procedura..

2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem]
4. zrób skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie ) i daj raport ze skanu

Zabezpiecz się przed infekcją z pendriva

Kto jest na forum