x-kom hosting

Zainfekowany system. Pomocy!

Anania
utworzono
utworzono

Hej!
Mój komputer zostal zainfekowany. Poza internetem wiekszosc programow nie dziala. Chcialam uruchomic Combofix i Hijack, ale nie moge. Na kompie mam sporo waznych plikow. Chcialam je zgrac na plyte przy uzyciu Record Now, ale to tez nie dziala. Wyskakuja mi komunikaty, ze wiekszosc plikow systemowych jest zainfekowana. Nie wiem, co robic. Nie chcialabym stracic moich plikow, wiec mam nadzieje, ze instalacja
nowego systemu to nie jedyne wyjscie.
Wyskakuje mi caly czas okienko z prosba o zakupienie
oprogramowania Antispyware Soft.
Sorry, za brak polskich znakow, ale uzywam komputera za granica.
Mam nadzieje, ze znajdzie sie jakis ratunek.

PS Probowalam rano zainstalowac Spybot, ale nie moge uruchomic pliku. Chyba wszystkie moje pliki .exe nie dzialaja.
Nie moge rowniez wejsc w Dodaj/Usun programy. Chcialam sprawdzic wszystko, ale wlasciwie nic nie moge zrobic. Nie mogę uruchomić żadnych programów. Nawet z rozszerzeniem com, scr.
Mam problemy z uruchomieniem narzędzi systemowych. Chciałam uruchomić Oczyszczanie dysku
i nic. Wiersz poleceń się włączył, ale po sekundzie znikł.


Myślicie, że instalacja nakładkowa pomoże? Pozwoli mi chociaż uruchomić ComboFix, Hijack i inne programy.

[color="#ff0000"]//przenoszę do subforum Logi do sprawdzenia
//raaz[/color]

Sohei
komentarz
komentarz (edytowane)

Raczej nie pomoże

Pobierz i nagraj na płytkę na [b]niezainfekowanym[/b] komputerze [url=http://www.freedrweb.pl/livecd.php][b]DR Web LiveCD[/b][/url].
Włóż płytkę do zainfekowanego komputera, zakładając, że wcześniej ustawiłaś w BIOS-ie na startowanie kompa z CD/DVD, więc po restarcie powinien się uruchomić się skaner.
Wykonujesz pełny skan, leczysz co się da, reszta do usunięcia.
Skanujesz tyle razy, aż skaner nic nie znajdzie.
Jeśli po usuwaniu system się nie uruchomi, wkładasz do komputera płytkę z systemem i wykonujesz [url=http://www.searchengines.pl/index.php?showtopic=24500&view=findpost&p=109540]instalację nakładkową Windows[/url].

Coś mi to wygląda na infekcje viruta albo sality. Wszystkie pliki exe sa infekowane: >

Do tego zobacz czy dasz rade odpalic OTl jesli tak daj z niego loga.

sebus1989
komentarz
komentarz

skorzystaj z przeglądarki internet explorer, sciagnij combofix i nazwij go podczas zapisywania pliku jako 00124.com wtedy uruchom powinno sie uruchomic, daj log na forum [ log] [ /log] bez spacji. Przeskanuj system tym http://www.mks.com.pl/skaner/

Anania
komentarz
komentarz (edytowane)

Dzięki za wskazówki. Nie wiem jak, ale udało mi się uruchomić Combofix i OTL.
Oto logi:

OTL

[log]OTL logfile created on: 2010-05-20 15:11:01 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Ania\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

502,00 Mb Total Physical Memory | 93,00 Mb Available Physical Memory | 19,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73,12 Gb Total Space | 33,57 Gb Free Space | 45,91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-194B20088B
Current User Name: Ania
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
PRC - [2009-11-25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-31 09:02:28 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Ania\Ustawienia lokalne\Temp\RtkBtMnt.exe
PRC - [2007-08-09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007-01-31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006-12-19 15:16:20 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2005-04-08 13:08:52 | 000,483,328 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007-08-09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007-01-31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006-12-19 15:16:20 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2004-01-30 15:19:20 | 000,065,625 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR)
SRV - [2004-01-30 15:16:06 | 000,065,622 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-02-06 16:40:37 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-11-25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-04-13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-08 10:50:40 | 005,955,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007-09-20 21:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007-05-31 12:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-03-21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007-02-16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006-12-23 03:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006-12-23 03:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006-12-23 03:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006-12-19 15:16:24 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2004-08-13 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004-08-13 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004-08-13 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004-08-13 01:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004-08-13 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004-08-13 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004-08-13 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004-08-13 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004-08-13 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004-08-13 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004-08-04 03:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004-07-14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004-07-14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.90
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-20 20:11:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-19 19:22:10 | 000,000,000 | ---D | M]

[2008-09-08 08:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Extensions
[2010-05-20 13:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions
[2009-09-03 19:58:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-10-22 19:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008-09-10 12:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010-04-13 18:44:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010-03-13 22:15:10 | 000,000,000 | ---D | M] (myFireFox) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010-04-14 18:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\personas@christopher.beard
[2010-04-13 18:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\sort_tabs_by@codeoptimism.net
[2010-03-13 22:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010-02-06 16:41:50 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\searchplugins\daemon-search.xml
[2010-05-17 19:52:35 | 000,002,436 | ---- | M] () -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\searchplugins\google-us.xml
[2010-05-20 13:18:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008-01-23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2007-02-04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010-03-13 23:03:24 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-13 23:03:24 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-13 23:03:24 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-13 23:03:24 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-13 23:03:24 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-13 23:03:24 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2006-03-02 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ClientGW] File not found
O4 - HKLM..\Run: [eSnips] C:\Program Files\eSnips\ClientGW.exe File not found
O4 - HKLM..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe File not found
O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKCU..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe File not found
O4 - HKCU..\Run: [iuldgypb] C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel\vmcbhletssd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-03-25 21:08:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-05-20 13:36:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-05-20 13:28:54 | 000,000,000 | ---D | C] -- C:\327882R2FWJFW
[2010-05-20 13:18:41 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
[2010-05-20 13:15:44 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.com
[2010-05-20 07:55:46 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ania\Pulpit\spybotsd162.exe
[2010-05-19 22:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel
[2010-05-07 12:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Pulpit\D.Florczyk
[2010-05-03 14:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Dane aplikacji\Gadu-Gadu 10
[2010-05-03 14:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-05-03 14:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Gadu-Gadu 10
[2010-04-28 13:36:57 | 001,123,328 | ---- | C] (Broadcom Corp.) -- C:\WINDOWS\System32\drivers\BCMWL5.SYS
[2010-04-28 13:36:57 | 001,123,328 | ---- | C] (Broadcom Corp.) -- C:\WINDOWS\System32\bcmwl5.sys
[2010-04-28 13:36:55 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devIA64.exe
[2010-04-28 13:36:55 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devAMD64.exe
[2010-04-28 13:36:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devcon.exe
[2010-04-28 13:36:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2010-04-28 13:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Broadcom
[2010-04-28 13:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Dane aplikacji\InstallShield
[2010-04-22 11:42:38 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010-04-22 11:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Audio Converter
[2010-04-21 09:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Moje dokumenty\NoteBurner
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Pulpit\*.tmp files -> C:\Documents and Settings\Ania\Pulpit\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Ania\Moje dokumenty\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-05-20 15:14:19 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\Ania\NTUSER.DAT
[2010-05-20 15:09:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-20 15:08:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-20 14:44:43 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Ania\ntuser.ini
[2010-05-20 13:52:24 | 040,688,888 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\D.W.C.I.com
[2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.scr
[2010-05-20 13:23:32 | 040,701,552 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\kg8mtuzg.exe
[2010-05-20 13:14:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Pulpit\OTL.com
[2010-05-20 07:56:23 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ania\Pulpit\spybotsd162.exe
[2010-05-20 07:43:19 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-19 20:53:27 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\The Perfect CV.doc
[2010-05-18 11:10:12 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\Miejsca pracy.doc
[2010-05-10 15:04:14 | 000,011,587 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Plan tygodnia.xlsx
[2010-05-10 13:23:11 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\A letter.doc
[2010-05-08 23:45:23 | 000,232,770 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\That's our baby.docx
[2010-05-06 11:40:34 | 000,493,738 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-05-06 11:40:34 | 000,435,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-06 11:40:34 | 000,085,114 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-05-06 11:40:33 | 000,068,354 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-06 11:40:31 | 001,096,188 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-03 14:20:59 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2010-05-03 14:20:58 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-04-26 17:04:23 | 000,303,274 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line 2.JPG
[2010-04-26 17:02:38 | 000,314,073 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line.JPG
[2010-04-26 16:59:22 | 000,261,261 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\stacja metra.JPG
[2010-04-26 16:57:49 | 000,262,420 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\biblioteka.JPG
[2010-04-25 20:00:02 | 000,010,456 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Anna Florczyk address.docx
[2010-04-22 11:42:39 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\MP3 Audio Converter.lnk
[2010-04-22 11:34:52 | 000,001,300 | ---- | M] () -- C:\File List.htm
[2010-04-22 10:12:30 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Something.docx
[2010-04-22 08:55:34 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-20 20:08:57 | 000,071,112 | ---- | M] () -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Pulpit\*.tmp files -> C:\Documents and Settings\Ania\Pulpit\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Ania\Moje dokumenty\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-05-20 13:44:11 | 040,688,888 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\D.W.C.I.com
[2010-05-20 13:19:44 | 040,701,552 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\kg8mtuzg.exe
[2010-05-18 11:10:10 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\Miejsca pracy.doc
[2010-05-14 20:23:42 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\The Perfect CV.doc
[2010-05-10 15:04:13 | 000,011,587 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Plan tygodnia.xlsx
[2010-05-10 13:19:31 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\A letter.doc
[2010-05-08 23:45:18 | 000,232,770 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\That's our baby.docx
[2010-05-03 14:20:59 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\OpenFM.lnk
[2010-05-03 14:20:58 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Gadu-Gadu 10.lnk
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
[2010-04-28 13:36:57 | 000,614,534 | ---- | C] () -- C:\WINDOWS\System32\bcmwl5.inf
[2010-04-28 13:36:57 | 000,012,465 | ---- | C] () -- C:\WINDOWS\System32\bcm43xx.cat
[2010-04-28 13:36:57 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2010-04-28 13:36:57 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2010-04-28 13:36:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
[2010-04-28 13:36:55 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2010-04-26 17:04:17 | 000,303,274 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line 2.JPG
[2010-04-26 17:02:37 | 000,314,073 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\victoria green line.JPG
[2010-04-26 16:59:22 | 000,261,261 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\stacja metra.JPG
[2010-04-26 16:57:48 | 000,262,420 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\biblioteka.JPG
[2010-04-25 19:55:09 | 000,010,456 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Anna Florczyk address.docx
[2010-04-22 11:42:39 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\MP3 Audio Converter.lnk
[2010-04-22 11:34:52 | 000,001,300 | ---- | C] () -- C:\File List.htm
[2010-04-21 19:46:18 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Something.docx
[2010-02-06 16:40:35 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-05-10 18:46:57 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008-10-23 09:53:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2008-08-05 08:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2008-04-23 15:34:50 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2008-03-31 09:00:39 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-03-28 13:33:30 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008-03-26 16:56:08 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-03-26 10:42:55 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2008-03-26 09:51:39 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4924.dll
[2008-02-29 06:14:04 | 000,223,744 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
[2008-02-21 04:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-02-21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008-02-21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008-02-21 04:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2004-05-22 02:44:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002-10-16 00:54:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001-07-07 04:00:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
< End of report >
[/log]


Combofix

[log]ComboFix 10-05-19.03 - Ania 2010-05-20 17:19:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.502.120 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Ania\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100520-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Utworzono nowy punkt przywracania
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

Zainfekowana kopia c:\windows\system32\drivers\rasacd.sys została znaleziona. Problem naprawiono
Plik odzyskano z - Kitty had a snack :P
.
((((((((((((((((((((((((( Pliki utworzone od 2010-04-20 do 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-20 13:22 . 2010-05-20 13:22 -------- d-----w- c:\documents and settings\Ania\DoctorWeb
2010-05-20 13:21 . 2008-04-14 17:21 396288 ----a-w- c:\windows\system32\CF25796.exe
2010-05-19 20:47 . 2010-05-20 13:09 -------- d-----w- c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel
2010-05-03 12:21 . 2010-05-03 12:26 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\Gadu-Gadu 10
2010-05-03 12:20 . 2010-05-03 12:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-05-03 12:19 . 2010-05-03 12:20 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-04-22 09:42 . 2002-01-05 13:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-04-22 09:42 . 2010-04-22 09:42 -------- d-----w- c:\program files\MP3 Audio Converter
2010-04-21 08:40 . 2010-04-21 08:40 42080 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2010-04-21 08:39 . 2010-04-21 08:39 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 19:57 . 2008-03-26 10:00 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\uTorrent
2010-05-18 18:57 . 2009-09-27 08:24 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\vlc
2010-05-12 10:54 . 2009-04-05 12:10 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-05-06 09:40 . 2006-03-02 12:00 85114 ----a-w- c:\windows\system32\perfc015.dat
2010-05-06 09:40 . 2006-03-02 12:00 493738 ----a-w- c:\windows\system32\perfh015.dat
2010-04-28 11:36 . 2008-03-26 07:53 -------- d-----w- c:\program files\Broadcom
2010-04-28 11:36 . 2008-03-26 14:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-28 11:36 . 2010-04-28 11:36 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Broadcom
2010-04-28 11:36 . 2010-04-28 11:36 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\InstallShield
2010-04-28 11:20 . 2010-04-05 19:34 -------- d-----w- c:\program files\Logia
2010-04-22 18:09 . 2008-03-30 16:21 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\dvdcss
2010-04-20 18:08 . 2008-03-25 19:13 71112 ----a-w- c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-04-20 10:35 . 2010-04-19 17:22 -------- d-----w- c:\program files\Microsoft Works
2010-04-19 17:21 . 2009-04-05 12:17 -------- d-----w- c:\program files\MSBuild
2010-04-19 17:19 . 2010-04-19 17:19 -------- d-----w- c:\program files\Microsoft.NET
2010-04-19 17:17 . 2010-04-19 17:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-05 19:35 . 2010-04-05 19:34 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\Logia
2010-03-25 09:36 . 2009-06-11 08:44 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\ZoomBrowser EX
2010-03-25 09:36 . 2009-06-11 08:43 -------- d-----w- c:\documents and settings\Ania\Dane aplikacji\CameraWindowDC
2010-03-24 21:39 . 2009-05-10 16:46 -------- d-----w- c:\program files\Nitro PDF
2010-03-21 18:19 . 2008-03-26 10:01 -------- d-----w- c:\program files\uTorrent
2010-03-10 06:17 . 2006-03-02 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:19 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-03-02 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-08 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-08 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-08 131072]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-12 122939]
"pdfFactory Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-04-08 483328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kyodai Mahjongg 2006\\kmj.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20898:TCP"= 20898:TCP:BitComet 20898 TCP
"20898:UDP"= 20898:UDP:BitComet 20898 UDP
"56315:TCP"= 56315:TCP:Pando P2P TCP Listening Port
"56315:UDP"= 56315:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 114768]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-06 20560]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-02-06 691696]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKCU-Run-iuldgypb - c:\documents and settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel\vmcbhletssd.exe
HKLM-Run-ClientGW - (no file)
HKLM-Run-eSnips - c:\program files\eSnips\ClientGW.exe
HKLM-Run-NoteBurner - c:\program files\NoteBurner\VTBurnerGUI.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 17:33
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-796845957-616249376-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{193DBEDF-3912-0FFB-B553-ABE763F10E64}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadphigpifnhgkhiae"=hex:6b,61,68,6b,69,64,66,62,67,66,62,69,67,62,70,6b,66,70,
65,69,6d,6e,00,00
"hanojgojefpmfkdm"=hex:6b,61,68,6b,69,64,66,62,67,66,62,69,67,62,6e,6b,70,6e,
64,63,64,6e,00,00
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'explorer.exe'(3900)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2010-05-20 17:38:31
ComboFix-quarantined-files.txt 2010-05-20 15:38

Przed: 36 201 553 920 bajtów wolnych
Po: 37 309 833 216 bajtów wolnych

WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3037CC1CD3168E74376FC865946A05C0
[/log]

sebus1989
komentarz
komentarz (edytowane)

teraz to samo zrób z [url="http://www.malwarebytes.org/mbam.php"]tym[/url] i daj loga po skanowaniu i jeszcze hijackthis tak samo jak z combofixem

Sohei
komentarz
komentarz (edytowane)

[code]:Processes
Explorer.exe

:OTL

O4 - HKCU..\Run: [iuldgypb] C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel\vmcbhletssd.exe File not found

[2010-04-28 13:36:57 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2010-04-28 13:36:57 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2010-04-28 13:36:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT

:Files
C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel\vmcbhletssd.exe
C:\Documents and Settings\Ania\Pulpit\kg8mtuzg.exe

:Commadns
[emptytemp]
[reboot][/code]

Wklejasz do OTL i klikasz run fix.
Wykonaj pełny skan [url=http://dobreprogramy.pl/index.php?dz=2&id=1998][b]DR WEB CureIt[/b][/url]
Wykonaj pełny skan[url=http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html][b]MBAM[/b][/url]
Co znajdą usun + daj log.
Potem dajesz nowy log z OTL

@@Sebus mała prośba nie wcinaj mi sie w watek:)
Bo Autor wątku ma najpierw wykonac skrypt w OTL dopiero potem programy antyvirusowe;)

sebus1989
komentarz
komentarz

Chciałem wiedzieć czym sie zaraziła, sality ma różne wesje, ale każda pozwoli uruchomić prog po ściągnięciu po rozszerzeniu .com na odpalenie.

Sohei
komentarz
komentarz (edytowane)

Dowiadujemy sie tego poprzez analize loga : )
Sality nie ma tutaj

Do autroa przosze jeszcze przeskanowac c:\windows\system32\msvcr70.dll ten plik na virustotal.com

HijackThis nic nie daje w dzisiejszych czasach :)
Wszystkie potrzebne dane znajdziemy w OTL i combofix

Tomek01
komentarz
komentarz

Sohei, to też do wywalenia: C:\WINDOWS\System32\Desktop_.ini (wygląda na to że ten plik rozpoczął infekcję) :)

Sohei
komentarz
komentarz

[code]:Processes
Explorer.exe

:OTL

O4 - HKCU..\Run: [iuldgypb] C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel\vmcbhletssd.exe File not found

[2010-04-28 13:36:57 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2010-04-28 13:36:57 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2010-04-28 13:36:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT

:Files
C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel\vmcbhletssd.exe
C:\Documents and Settings\Ania\Pulpit\kg8mtuzg.exe
C:\WINDOWS\System32\Desktop_.ini

:Commadns
[emptytemp]
[reboot][/code]

A no:) Do autora zacznij od tego posta
Wklejasz do OTL i run fix
Wykonaj pełny skan DR WEB CureIt
Wykonaj pełny skanMBAM
Co znajdą usun + daj log.
Potem dajesz nowy log z OTL
przosze jeszcze przeskanowac c:\windows\system32\msvcr70.dll ten plik na virustotal.com

Anania
komentarz
komentarz (edytowane)

Nie mogę przeskanować plików za pomocą Dr Web Cure It. Komputer mi się zawiesza przy pliku nr 4220. Próbowałam kilka razy i zawsze to samo.
Zrobiłam skan tego pojedynczego pliku na VirusTotal i czysty.
Skan z MBAM też czysty

Oto log:
[log]Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Wersja bazy: 4123

Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 8.0.6001.18702

2010-05-21 14:10:47
mbam-log-2010-05-21 (14-10-47).txt

Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 123764
Upłynęło: 10 minut(y), 31 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 0

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
(Nie znaleziono zagrożeń)
[/log]

Log z OTL

[log]OTL logfile created on: 2010-05-21 14:28:20 - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Ania\Moje dokumenty\Aplikacje - Help
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

502,00 Mb Total Physical Memory | 90,00 Mb Available Physical Memory | 18,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 43,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73,12 Gb Total Space | 34,55 Gb Free Space | 47,26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-194B20088B
Current User Name: Ania
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-05-20 20:04:51 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Ania\Ustawienia lokalne\temp\RtkBtMnt.exe
PRC - [2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Moje dokumenty\Aplikacje - Help\OTL.scr
PRC - [2010-04-03 20:15:56 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-11-25 01:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-01-26 15:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-04-14 19:21:16 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-01-31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006-12-19 15:16:20 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2005-04-08 13:08:52 | 000,483,328 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-05-20 13:25:52 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ania\Moje dokumenty\Aplikacje - Help\OTL.scr
MOD - [2008-04-14 19:16:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-11-25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007-08-09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007-01-31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006-12-19 15:16:20 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2004-01-30 15:19:20 | 000,065,625 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe -- (PACSPTISVR)
SRV - [2004-01-30 15:16:06 | 000,065,622 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- (SPTISRV)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-02-06 16:40:37 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009-11-25 01:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-11-25 01:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-11-25 01:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-11-25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008-04-13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008-04-13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-02-08 10:50:40 | 005,955,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007-09-20 21:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007-05-31 12:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-03-21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007-02-16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006-12-23 03:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006-12-23 03:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006-12-23 03:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006-12-19 15:16:24 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2004-08-13 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004-08-13 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004-08-13 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004-08-13 01:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004-08-13 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004-08-13 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004-08-13 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004-08-13 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004-08-13 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004-08-13 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004-08-04 03:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004-07-14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004-07-14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.90
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-20 20:11:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-19 19:22:10 | 000,000,000 | ---D | M]

[2008-09-08 08:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Extensions
[2010-05-20 16:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions
[2009-09-03 19:58:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-10-22 19:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008-09-10 12:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010-04-13 18:44:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010-03-13 22:15:10 | 000,000,000 | ---D | M] (myFireFox) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010-04-14 18:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\personas@christopher.beard
[2010-04-13 18:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\sort_tabs_by@codeoptimism.net
[2010-03-13 22:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010-02-06 16:41:50 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\searchplugins\daemon-search.xml
[2010-05-17 19:52:35 | 000,002,436 | ---- | M] () -- C:\Documents and Settings\Ania\Dane aplikacji\Mozilla\Firefox\Profiles\1gjw7wro.default\searchplugins\google-us.xml
[2010-05-20 16:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008-01-23 08:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2007-02-04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2010-03-13 23:03:24 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-13 23:03:24 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-13 23:03:24 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-13 23:03:24 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-13 23:03:24 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-13 23:03:24 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-05-21 13:50:21 | 000,395,300 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13652 more lines...
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.24.139.140 62.24.139.139 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-03-25 21:08:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-05-21 13:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Dane aplikacji\Malwarebytes
[2010-05-21 13:57:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-05-21 13:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-05-21 13:57:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-05-21 13:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-05-21 13:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-05-21 13:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
[2010-05-20 20:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Moje dokumenty\Aplikacje - Help
[2010-05-20 20:02:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-05-20 20:01:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-05-20 19:13:49 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline
[2010-05-20 17:05:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-05-20 16:57:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-05-20 16:57:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-05-20 16:57:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-05-20 16:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-05-20 16:46:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-05-20 15:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\DoctorWeb
[2010-05-20 15:21:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2010-05-20 15:21:12 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF25796.exe
[2010-05-20 13:36:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-05-19 22:47:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\fyiitcwel
[2010-05-03 14:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Dane aplikacji\Gadu-Gadu 10
[2010-05-03 14:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-04-28 13:36:57 | 001,123,328 | ---- | C] (Broadcom Corp.) -- C:\WINDOWS\System32\drivers\BCMWL5.SYS
[2010-04-28 13:36:57 | 001,123,328 | ---- | C] (Broadcom Corp.) -- C:\WINDOWS\System32\bcmwl5.sys
[2010-04-28 13:36:55 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devIA64.exe
[2010-04-28 13:36:55 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devAMD64.exe
[2010-04-28 13:36:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devcon.exe
[2010-04-28 13:36:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2010-04-28 13:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Broadcom
[2010-04-28 13:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ania\Dane aplikacji\InstallShield
[2010-04-22 11:42:38 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010-04-22 11:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 Audio Converter
[1 C:\Documents and Settings\Ania\Pulpit\*.tmp files -> C:\Documents and Settings\Ania\Pulpit\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Ania\Moje dokumenty\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-05-21 14:28:40 | 011,796,480 | -H-- | M] () -- C:\Documents and Settings\Ania\NTUSER.DAT
[2010-05-21 13:57:58 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-05-21 13:50:21 | 000,395,300 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-05-21 13:15:04 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\Spybot - Search & Destroy.lnk
[2010-05-21 13:08:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-21 13:08:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-20 20:53:58 | 000,002,645 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-05-20 20:03:07 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Ania\ntuser.ini
[2010-05-20 17:33:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-05-20 17:12:21 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-20 17:05:50 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-05-20 16:45:12 | 003,692,173 | R--- | M] () -- C:\Documents and Settings\Ania\Pulpit\ComboFix.exe
[2010-05-20 13:52:24 | 040,688,888 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\D.W.C.I.com
[2010-05-19 20:53:27 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\The Perfect CV.doc
[2010-05-18 11:10:12 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Miejsca pracy.doc
[2010-05-10 15:04:14 | 000,011,587 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Plan tygodnia.xlsx
[2010-05-10 13:23:11 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\A letter.doc
[2010-05-08 23:45:23 | 000,232,770 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\That's our baby.docx
[2010-05-06 11:40:34 | 000,493,738 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-05-06 11:40:34 | 000,435,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-06 11:40:34 | 000,085,114 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-05-06 11:40:33 | 000,068,354 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-06 11:40:31 | 001,096,188 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010-04-25 20:00:02 | 000,010,456 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Anna Florczyk address.docx
[2010-04-22 11:42:39 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\Ania\Pulpit\MP3 Audio Converter.lnk
[2010-04-22 11:34:52 | 000,001,300 | ---- | M] () -- C:\File List.htm
[2010-04-22 10:12:30 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Ania\Moje dokumenty\Something.docx
[2010-04-22 08:55:34 | 000,175,104 | ---- | M] () -- C:\Documents and Settings\Ania\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Documents and Settings\Ania\Pulpit\*.tmp files -> C:\Documents and Settings\Ania\Pulpit\*.tmp -> ]
[1 C:\Documents and Settings\Ania\Moje dokumenty\*.tmp files -> C:\Documents and Settings\Ania\Moje dokumenty\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-05-21 13:57:58 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes' Anti-Malware.lnk
[2010-05-21 13:15:04 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\Spybot - Search & Destroy.lnk
[2010-05-20 17:05:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-05-20 17:05:45 | 000,262,400 | ---- | C] () -- C:\cmldr
[2010-05-20 16:57:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-05-20 16:57:50 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-05-20 16:57:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-05-20 16:57:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-05-20 16:57:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-05-20 16:44:24 | 003,692,173 | R--- | C] () -- C:\Documents and Settings\Ania\Pulpit\ComboFix.exe
[2010-05-20 13:44:11 | 040,688,888 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\D.W.C.I.com
[2010-05-18 11:10:10 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Miejsca pracy.doc
[2010-05-14 20:23:42 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\The Perfect CV.doc
[2010-05-10 15:04:13 | 000,011,587 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Plan tygodnia.xlsx
[2010-05-10 13:19:31 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\A letter.doc
[2010-05-08 23:45:18 | 000,232,770 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\That's our baby.docx
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32D.BAT
[2010-04-28 13:36:58 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4315_Update32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0312_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4318_0311_Remove32C.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32D.BAT
[2010-04-28 13:36:58 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4315_Remove32C.BAT
[2010-04-28 13:36:57 | 000,614,534 | ---- | C] () -- C:\WINDOWS\System32\bcmwl5.inf
[2010-04-28 13:36:57 | 000,012,465 | ---- | C] () -- C:\WINDOWS\System32\bcm43xx.cat
[2010-04-28 13:36:57 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32C.BAT
[2010-04-28 13:36:57 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32C.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4328_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32D.BAT
[2010-04-28 13:36:56 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\4311_Update32C.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32D.BAT
[2010-04-28 13:36:56 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4328_Remove32C.BAT
[2010-04-28 13:36:55 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\4311_Remove32D.BAT
[2010-04-25 19:55:09 | 000,010,456 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Anna Florczyk address.docx
[2010-04-22 11:42:39 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\Ania\Pulpit\MP3 Audio Converter.lnk
[2010-04-22 11:34:52 | 000,001,300 | ---- | C] () -- C:\File List.htm
[2010-04-21 19:46:18 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Ania\Moje dokumenty\Something.docx
[2009-05-10 18:46:57 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008-10-23 09:53:30 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\virport.dll
[2008-08-05 08:07:20 | 000,065,216 | ---- | C] () -- C:\WINDOWS\System32\PDFreDirectMonNT.dll
[2008-04-23 15:34:50 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2008-03-31 09:00:39 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-03-28 13:33:30 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008-03-26 16:56:08 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-03-26 10:42:55 | 000,020,333 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2008-03-26 09:51:39 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4924.dll
[2008-02-29 06:14:04 | 000,223,744 | ---- | C] () -- C:\WINDOWS\System32\b4fm.dll
[2008-02-21 04:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-02-21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008-02-21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008-02-21 04:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2004-05-22 02:44:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002-10-16 00:54:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001-07-07 04:00:02 | 000,003,234 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
< End of report >
[/log]

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.