x-kom hosting

Trojan.Win32.AutoRun.ws

Jurgen

Jurgen

utworzono
utworzono (edytowane)

Witam, mam bardzo podobny problem, czy mógłbym liczyć na szybką pomoc?

[log]
OTL logfile created on: 2010-01-16 17:54:36 - Run 3
OTL by OldTimer - Version 3.1.25.1 Folder = C:\Documents and Settings\Jurek\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,00 Mb Total Physical Memory | 106,00 Mb Available Physical Memory | 21,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15,00 Gb Total Space | 3,37 Gb Free Space | 22,49% Space Free | Partition Type: NTFS
Drive D: | 29,75 Gb Total Space | 13,72 Gb Free Space | 46,13% Space Free | Partition Type: FAT32
Drive E: | 29,75 Gb Total Space | 16,12 Gb Free Space | 54,21% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HENRYK
Current User Name: Jurek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-01-16 14:57:32 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jurek\Pulpit\OTL.exe
PRC - [2009-11-20 19:01:18 | 00,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009-10-11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-07-21 20:31:49 | 00,208,616 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
PRC - [2009-06-25 14:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009-06-02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009-05-28 12:45:00 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009-05-11 13:15:00 | 00,128,000 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009-03-30 09:11:14 | 00,120,320 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008-01-11 21:16:00 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007-06-27 02:49:20 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007-06-01 10:52:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2007-06-01 10:52:10 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007-01-01 22:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006-11-13 14:57:16 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006-11-13 14:57:06 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005-09-30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005-02-16 23:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005-01-12 14:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2004-08-04 13:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-03-03 12:00:00 | 00,335,872 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2003-12-08 17:35:14 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2003-08-15 08:34:50 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-01-16 17:51:32 | 00,093,696 | RHS- | M] () -- C:\Documents and Settings\Jurek\Ustawienia lokalne\Temp\cvasds1.dll
MOD - [2010-01-16 14:57:32 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jurek\Pulpit\OTL.exe
MOD - [2004-08-04 13:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004-08-04 13:00:00 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\security.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-07-21 20:31:49 | 00,208,616 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP)
SRV - [2009-06-02 09:10:08 | 00,637,952 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007-06-29 21:05:00 | 00,520,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2007-06-27 02:49:20 | 00,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005-09-30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004-03-18 16:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-05-12 10:09:51 | 00,226,832 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009-05-12 10:09:51 | 00,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009-02-09 07:37:56 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-02-09 07:37:48 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-02-09 07:37:46 | 00,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-02-09 07:37:46 | 00,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008-08-26 09:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-07-21 16:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008-03-13 17:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2007-06-27 02:58:16 | 02,303,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-11-06 17:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2006-03-01 09:22:23 | 00,010,373 | R--- | M] (Motic China Gruop Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MC1001200130012001B\cmiusb.sys -- (CMIUSB)
DRV - [2004-08-04 13:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004-08-04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-08-03 23:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2004-06-21 21:35:12 | 00,051,088 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412)
DRV - [2004-06-21 21:35:12 | 00,021,744 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004-06-21 21:35:12 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2003-08-15 08:53:12 | 00,462,684 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003-08-14 16:16:38 | 00,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003-04-21 07:18:00 | 00,052,608 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2003-03-19 08:51:00 | 00,018,688 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002-11-27 13:52:00 | 00,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-09-15 19:56:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009-05-12 09:52:05 | 00,000,000 | ---D | M]


O1 HOSTS File: (742 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Jurek\Ustawienia lokalne\Temp\herss.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O9 - Extra Button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} https://www.bph.pl/pi/components/bph/SignActivX.cab (SignActivX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.62 62.179.1.63
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\Kaspersky Internet Security 2009\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\Kaspersky Internet Security 2009\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\Kaspersky Internet Security 2009\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\Kaspersky Internet Security 2009\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jurek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jurek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-02-25 17:54:31 | 00,000,666 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2005-11-12 16:24:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-01-16 17:54:30 | 00,000,051 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-01-16 17:54:32 | 00,000,051 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010-01-16 17:54:32 | 00,000,051 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{3e1959c1-7602-11dd-b3c9-000d619bbf10}\Shell\AutoRun\command - "" = G:\kmj.exe -- File not found
O33 - MountPoints2\{3e1959c1-7602-11dd-b3c9-000d619bbf10}\Shell\open\Command - "" = G:\kmj.exe -- File not found
O33 - MountPoints2\{d93c2d83-5392-11da-9a02-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d93c2d83-5392-11da-9a02-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005-11-12 16:24:03 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-01-16 15:12:39 | 00,000,000 | ---D | C] -- C:\_OTL
[2010-01-16 14:57:32 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jurek\Pulpit\OTL.exe
[2010-01-04 14:42:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jurek\Pulpit\CKD
[2010-01-03 13:20:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jurek\Pulpit\240CANON
[2009-12-28 22:53:42 | 13,398,8440 | ---- | C] (IMAGIS S.A. ) -- E:\Moje dokumenty\MMSDTop632_3034.exe
[2009-04-11 17:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Softland
[2008-12-09 13:41:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2007-03-27 17:11:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2005-11-12 16:28:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2005-11-12 16:24:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-01-16 17:57:00 | 00,000,051 | RHS- | M] () -- C:\autorun.inf
[2010-01-16 17:51:17 | 00,118,784 | RHS- | M] () -- C:\mh.exe
[2010-01-16 17:49:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-16 17:49:14 | 00,013,754 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-16 17:49:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-16 17:49:04 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2010-01-16 14:57:32 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jurek\Pulpit\OTL.exe
[2010-01-16 13:58:29 | 10,485,760 | -H-- | M] () -- C:\Documents and Settings\Jurek\NTUSER.DAT
[2010-01-16 13:50:28 | 01,852,960 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010-01-16 13:50:28 | 00,442,400 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010-01-16 13:50:28 | 00,015,556 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010-01-16 13:50:28 | 00,002,592 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010-01-16 13:49:55 | 00,000,292 | -HS- | M] () -- C:\Documents and Settings\Jurek\ntuser.ini
[2010-01-16 13:15:45 | 00,120,320 | RHS- | M] () -- C:\kmj.exe
[2010-01-14 22:44:32 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\Jurek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-14 22:24:10 | 00,005,308 | -H-- | M] () -- C:\Documents and Settings\Jurek\Pulpit\ZbThumbnail.info
[2010-01-14 22:10:55 | 00,503,174 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-01-14 22:10:55 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-01-14 22:10:55 | 00,089,874 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-01-14 22:10:55 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-01-14 22:10:54 | 01,124,078 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-01-14 17:42:30 | 00,001,822 | ---- | M] () -- E:\Moje dokumenty\efv0091467653.sig
[2010-01-09 21:12:08 | 00,114,688 | RHS- | M] () -- C:\8xcrbho6.exe
[2010-01-04 22:47:01 | 00,020,083 | ---- | M] () -- C:\Documents and Settings\Jurek\Pulpit\800px-Piedbiche.jpg
[2009-12-28 23:41:29 | 00,208,778 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2009-12-28 23:40:06 | 00,709,641 | ---- | M] () -- C:\WINDOWS\unins000.exe
[2009-12-28 23:17:02 | 13,398,8440 | ---- | M] (IMAGIS S.A. ) -- E:\Moje dokumenty\MMSDTop632_3034.exe
[2009-12-26 15:06:46 | 03,913,271 | ---- | M] () -- C:\Documents and Settings\Jurek\Pulpit\MapaMap_przewodnik_uzytkownika.pdf
[2009-12-23 10:22:50 | 00,182,314 | ---- | M] () -- C:\Documents and Settings\Jurek\Pulpit\Jak_zainstalowac_MapaMap.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-01-16 17:51:59 | 00,118,784 | RHS- | C] () -- C:\mh.exe
[2010-01-16 17:51:59 | 00,000,051 | RHS- | C] () -- C:\autorun.inf
[2010-01-14 22:24:40 | 00,120,320 | RHS- | C] () -- C:\kmj.exe
[2010-01-14 22:23:45 | 00,114,688 | RHS- | C] () -- C:\8xcrbho6.exe
[2010-01-14 17:42:29 | 00,001,822 | ---- | C] () -- E:\Moje dokumenty\efv0091467653.sig
[2010-01-04 22:47:01 | 00,020,083 | ---- | C] () -- C:\Documents and Settings\Jurek\Pulpit\800px-Piedbiche.jpg
[2009-12-26 15:06:46 | 03,913,271 | ---- | C] () -- C:\Documents and Settings\Jurek\Pulpit\MapaMap_przewodnik_uzytkownika.pdf
[2009-12-23 10:22:50 | 00,182,314 | ---- | C] () -- C:\Documents and Settings\Jurek\Pulpit\Jak_zainstalowac_MapaMap.pdf
[2009-10-23 14:43:22 | 00,114,976 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2009-07-01 15:50:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Route.INI
[2008-05-20 13:12:02 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Jurek\Dane aplikacji\$_hpcst$.hpc
[2007-02-09 12:31:35 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Jurek\Ustawienia lokalne\Dane aplikacji\PUTTY.RND
[2007-01-20 08:41:49 | 00,001,687 | ---- | C] () -- C:\Documents and Settings\Jurek\Dane aplikacji\HPCOM_48BitScanUpdate.log
[2007-01-20 08:41:49 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006-10-14 16:01:08 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2006-09-20 11:30:05 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TransCom.dll
[2006-09-20 11:29:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\FirmwareID.dll
[2006-09-14 16:55:34 | 00,005,825 | ---- | C] () -- C:\Documents and Settings\Jurek\Dane aplikacji\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006-09-14 16:55:34 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006-07-13 17:02:13 | 00,000,887 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2006-07-13 16:58:26 | 00,000,981 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI
[2006-06-27 18:22:17 | 00,000,949 | ---- | C] () -- C:\WINDOWS\AZPR3.INI
[2006-06-10 13:59:44 | 01,597,440 | ---- | C] () -- C:\Documents and Settings\Jurek\Dane aplikacji\SecureTraveler.exe
[2006-03-23 19:46:43 | 00,000,051 | ---- | C] () -- C:\WINDOWS\P2kRotate.ini
[2006-02-12 14:38:28 | 00,000,222 | ---- | C] () -- C:\WINDOWS\VOGEL.INI
[2006-01-04 20:18:56 | 00,000,520 | ---- | C] () -- C:\WINDOWS\UstawieniaOkienTerminarza.ini
[2005-12-18 17:49:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005-12-15 23:18:36 | 00,038,106 | ---- | C] () -- C:\Documents and Settings\Jurek\Dane aplikacji\Microsoft Access.ADR
[2005-12-08 22:02:36 | 00,000,173 | ---- | C] () -- C:\WINDOWS\jzk_Columns.ini
[2005-11-25 22:58:07 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005-11-13 20:45:04 | 00,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2005-11-13 12:54:58 | 00,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2005-11-12 19:45:53 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\Jurek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005-11-12 17:39:44 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Jurek\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2005-11-12 17:27:26 | 00,005,270 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2005-11-12 17:12:24 | 00,000,556 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005-11-12 16:42:28 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005-11-12 16:39:53 | 00,032,768 | R--- | C] () -- C:\WINDOWS\System32\idecoi.dll
[2004-08-04 13:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2008-12-09 13:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations
[2009-09-15 19:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations
[2006-05-17 12:18:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\MSScanAppDataDir
[2008-12-09 13:40:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
[2009-01-24 16:12:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jurek\Dane aplikacji\bdec
[2008-11-25 21:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jurek\Dane aplikacji\Datalayer
[2005-11-13 13:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jurek\Dane aplikacji\DIMAGE
[2009-01-10 16:55:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jurek\Dane aplikacji\gtk-2.0
[2009-04-17 17:51:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jurek\Dane aplikacji\iplamvc.F619225B40F229F897AAB23BD67E522C2BCA7333.1
[2006-09-20 11:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jurek\Dane aplikacji\Motic
[2010-01-14 22:10:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jurek\Dane aplikacji\Nokia
[2007-10-02 18:37:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jurek\Dane aplikacji\Notepad++
[2008-05-22 18:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jurek\Dane aplikacji\Opera
[2008-12-09 13:40:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jurek\Dane aplikacji\PC Suite
[2009-04-07 21:40:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jurek\Dane aplikacji\Smart PC Solutions
[2008-11-05 14:30:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jurek\Dane aplikacji\Stellarium
[2005-11-23 08:59:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jurek\Dane aplikacji\Visicom Media

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-01-09 21:12:08 | 00,114,688 | RHS- | M] () -- C:\8xcrbho6.exe
[2006-02-25 17:54:31 | 00,000,666 | ---- | M] () -- C:\autoAlbum.log
[2005-11-12 16:24:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-01-16 17:59:06 | 00,000,051 | RHS- | M] () -- C:\autorun.inf
[2006-09-18 15:39:50 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2004-08-04 13:00:00 | 00,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2005-11-12 16:24:39 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-01-16 17:49:04 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2005-11-12 16:24:39 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-01-16 13:15:45 | 00,120,320 | RHS- | M] () -- C:\kmj.exe
[2010-01-16 17:51:17 | 00,118,784 | RHS- | M] () -- C:\mh.exe
[2009-01-09 10:53:34 | 00,000,241 | ---- | M] () -- C:\moduleName.txt
[2005-11-12 16:24:39 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-04 13:00:00 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-04 13:00:00 | 00,250,624 | RHS- | M] () -- C:\ntldr
[2010-01-16 17:49:03 | 80,530,6368 | -HS- | M] () -- C:\pagefile.sys
[2009-11-28 11:30:53 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2006-01-17 21:38:23 | 00,117,640 | ---- | M] () -- C:\test.htm
[2006-11-18 21:49:35 | 00,003,222 | ---- | M] () -- C:\_Sid.txt

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 88 bytes -> C:\Program Files\Uninstall_CDS.exe:SummaryInformation
< End of report >

[/log]

Edytowane przez jesiona
Wydzielam jako nowy temat //jesiona

MarekM25

MarekM25

komentarz
komentarz

Załóż oddzielny temat;)

Mateusz J.

Mateusz J.

komentarz
komentarz

Uruchom OTLi w oknie Custom Scans/Fixes wklej[code]
:OTL
MOD - [2010-01-16 17:51:32 | 00,093,696 | RHS- | M] () -- C:\Documents and Settings\Jurek\Ustawienia lokalne\Temp\cvasds1.dll
O32 - AutoRun File - [2010-01-16 17:54:30 | 00,000,051 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-01-16 17:54:32 | 00,000,051 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010-01-16 17:54:32 | 00,000,051 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{3e1959c1-7602-11dd-b3c9-000d619bbf10}\Shell\AutoRun\command - "" = G:\kmj.exe -- File not found
O33 - MountPoints2\{3e1959c1-7602-11dd-b3c9-000d619bbf10}\Shell\open\Command - "" = G:\kmj.exe -- File not found
O33 - MountPoints2\{d93c2d83-5392-11da-9a02-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d93c2d83-5392-11da-9a02-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found

:Files
C:\Documents and Settings\Jurek\Ustawienia lokalne\Temp\cvasds1.dll
C:\autorun.inf
D:\autorun.inf
E:\autorun.inf
C:\kmj.exe
D:\kmj.exe
E:\kmj.exe
C:\mh.exe
D:\mh.exe
E:\mh.exe
C:\8xcrbho6.exe
D:\8xcrbho6.exe
E:\8xcrbho6.exe

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\ mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[Reboot][/code]
Kliknij Run Fix. Zatwierdź restart komputera.
Po ponownym uruchomieniu komputera tworzysz nowy log i pokazujesz do kontroli.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

Zadaj pytanie bez logowania
Przejdź do listy tematów
×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.

  Akceptuję