x-kom hosting

Nie moge wejśc w dyski...

marcin1990v
utworzono
utworzono (edytowane)

Witam mam problem z wejsciem w dyski c,d,e gdy klikam dwukrotnie na dysk nie wyświetla mi zawartosci lecz przenosi mnie do wyników wyszukiwania prosze o porady i pomoc...
[color="#ff0000"]
//przenoszę do Bezpieczeństwa
//dan[/color]

danielek316
komentarz
komentarz

Wygląda jak infekcja. Daj loga z OTL: [url="http://www.forumpc.pl/index.php?showtopic=104338"]http://www.forumpc.p...howtopic=104338[/url]

marcin1990v
komentarz
komentarz (edytowane)

[log]OTL logfile created on: 2010-09-22 11:49:09 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Admin\Pulpit
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 480,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 13,49 Gb Free Space | 69,04% Space Free | Partition Type: NTFS
Drive D: | 46,12 Gb Total Space | 13,51 Gb Free Space | 29,29% Space Free | Partition Type: NTFS
Drive E: | 46,12 Gb Total Space | 22,33 Gb Free Space | 48,42% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-C0EAF8405
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color="#e56717"]========== Processes (All) ==========[/color]

PRC - [2010-09-22 10:49:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe
PRC - [2010-09-17 10:00:17 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010-09-17 10:00:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-03-30 16:20:33 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010-03-08 20:07:00 | 000,214,520 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2010-03-08 20:06:53 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2010-02-18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009-10-30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009-03-05 23:39:24 | 000,033,982 | ---- | M] () -- C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\FullSpeed Updater.exe
PRC - [2008-04-15 12:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-15 12:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-15 12:00:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2008-04-15 12:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-15 12:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-15 12:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\alg.exe
PRC - [2008-04-15 12:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
PRC - [2008-04-15 12:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-15 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-15 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-15 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-15 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-15 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-15 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-15 12:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2008-03-13 17:49:56 | 000,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008-03-13 17:48:30 | 001,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007-03-21 23:06:18 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
PRC - [2007-03-21 23:05:58 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
PRC - [2006-02-22 12:39:14 | 000,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006-01-02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004-07-20 15:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe


[color="#e56717"]========== Modules (All) ==========[/color]

MOD - [2010-09-22 10:49:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe
MOD - [2008-04-15 12:00:00 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-15 12:00:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-15 12:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008-04-15 12:00:00 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2008-04-15 12:00:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-15 12:00:00 | 000,822,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comres.dll
MOD - [2008-04-15 12:00:00 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008-04-15 12:00:00 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2008-04-15 12:00:00 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2008-04-15 12:00:00 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-15 12:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-15 12:00:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-15 12:00:00 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\clbcatq.dll
MOD - [2008-04-15 12:00:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-15 12:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-15 12:00:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2008-04-15 12:00:00 | 000,285,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-04-15 12:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-15 12:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-15 12:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-15 12:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-15 12:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008-04-15 12:00:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-15 12:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-15 12:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-04-15 12:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-15 12:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


[color="#e56717"]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2008-04-15 12:00:00 | 000,161,220 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\dhjeqomu.dll -- (htrzrvmf)
SRV - [2008-03-13 17:55:26 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008-03-13 17:49:56 | 000,472,320 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2004-07-20 15:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)


[color="#e56717"]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-09-19 15:27:22 | 000,010,578 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010-01-11 15:21:52 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-03-13 17:52:18 | 000,033,800 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008-03-13 17:44:36 | 000,029,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008-03-13 17:43:42 | 000,040,456 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007-03-08 15:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006-10-17 21:22:26 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006-07-05 14:50:52 | 000,683,791 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2006-02-22 12:46:24 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-08-09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004-08-09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004-07-20 15:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2004-07-19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004-05-26 16:08:00 | 000,007,296 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2003-12-01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003-08-12 13:51:00 | 000,060,255 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stmatm.sys -- (Stmatm)
DRV - [2003-07-02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)


[color="#e56717"]========== Standard Registry (SafeList) ==========[/color]


[color="#e56717"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507921405-583907252-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://search.speedbit.com/"]http://search.speedbit.com/[/url]
IE - HKU\S-1-5-21-507921405-583907252-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color="#e56717"]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://msn.gazeta.pl/msn/0,0.html"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-09-17 10:00:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-09-22 10:18:11 | 000,000,000 | ---D | M]

[2010-01-10 18:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Extensions
[2010-09-21 13:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\66ilpgzi.default\extensions
[2010-09-17 17:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\66ilpgzi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010-01-28 11:19:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\66ilpgzi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-01-11 15:22:34 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\66ilpgzi.default\searchplugins\daemon-search.xml
[2010-09-21 13:32:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-08-20 11:07:22 | 000,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll
[2010-03-12 19:43:42 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-03-12 19:43:42 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-03-12 19:43:42 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-03-12 19:43:42 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-03-12 19:43:42 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-03-12 19:43:42 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

Hosts file not found
O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL File not found
O3 - HKU\S-1-5-21-507921405-583907252-1177238915-1003\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL File not found
O4 - HKLM..\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics )
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-507921405-583907252-1177238915-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-507921405-583907252-1177238915-1003..\Run: [Gadu-Gadu 10] E:\gg new\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\FullSpeed Updater.exe ()
O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-583907252-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-583907252-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-507921405-583907252-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-507921405-583907252-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-507921405-583907252-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-507921405-583907252-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-507921405-583907252-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_18)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-10 15:05:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-09-22 09:50:55 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{35a3ab69-49fe-11df-ba00-00161718fcb9}\Shell\AutoRun\command - "" = I:\mi9al8rs.exe -- File not found
O33 - MountPoints2\{35a3ab69-49fe-11df-ba00-00161718fcb9}\Shell\open\Command - "" = I:\mi9al8rs.exe -- File not found
O33 - MountPoints2\{408fb963-fdfe-11de-b961-00161718fcb9}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: htrzrvmf - C:\WINDOWS\system32\dhjeqomu.dll ()


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

[color="#e56717"]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-09-22 10:48:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe
[2010-09-22 10:17:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-09-22 10:15:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-09-22 10:15:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-09-22 10:15:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-09-22 10:15:34 | 000,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2010-09-22 10:15:34 | 000,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-09-22 10:15:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-09-22 10:15:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-09-19 15:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\Hamachi
[2010-09-19 15:27:22 | 000,010,578 | ---- | C] (Applied Networking Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2010-09-19 15:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\pLan
[2010-09-17 17:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\DVDVideoSoftIEHelpers
[2010-09-17 17:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010-09-14 12:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Dane aplikacji\GanymedeNet
[2010-08-26 15:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2010-08-26 14:15:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010-08-17 09:34:37 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002ev.exe
[2010-08-09 12:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut
[2010-08-09 11:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\BearShare
[2010-08-09 11:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\PackageAware
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color="#e56717"]========== Files - Modified Within 60 Days ==========[/color]

[2010-09-22 11:03:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-09-22 11:02:38 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-09-22 11:00:43 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010-09-22 10:49:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Pulpit\OTL.exe
[2010-09-22 10:42:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-09-22 10:17:53 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-09-22 09:34:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-09-21 22:05:05 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010-09-21 19:26:05 | 000,000,632 | ---- | M] () -- C:\WINDOWS\CoDUO.INI
[2010-09-21 09:28:52 | 000,015,072 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-09-21 09:28:19 | 000,103,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-09-20 21:46:13 | 004,803,284 | -H-- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-09-19 15:27:22 | 000,010,578 | ---- | M] (Applied Networking Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2010-09-18 13:57:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-09-15 16:38:21 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-09-15 12:20:01 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-09-14 12:24:31 | 000,000,694 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-09-14 12:24:31 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\proc1395793746.bin
[2010-08-17 09:34:15 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002ev.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color="#e56717"]========== Files Created - No Company Name ==========[/color]

[2010-09-22 10:17:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-09-22 10:17:51 | 000,262,400 | ---- | C] () -- C:\cmldr
[2010-09-22 10:15:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-09-22 10:15:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-09-22 10:15:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-09-22 10:15:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2010-09-21 19:26:04 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2010-09-14 12:24:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc1395793746.bin
[2010-04-22 18:17:01 | 000,000,122 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2010-03-08 20:07:15 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-03-08 10:10:25 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2010-03-08 10:10:25 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2010-03-08 10:10:24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATKCheckDispIDs.dll
[2010-02-05 14:22:42 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010-02-01 19:54:34 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010-01-30 23:06:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\BCGPOleAcc.dll
[2010-01-20 15:34:46 | 000,000,440 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010-01-15 19:40:20 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-13 14:58:56 | 000,000,217 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2010-01-13 14:53:10 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2010-01-11 15:21:51 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010-01-10 17:30:47 | 000,683,791 | ---- | C] () -- C:\WINDOWS\System32\drivers\torususb.sys
[2010-01-10 17:30:47 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DSLSetup.ini
[2010-01-10 16:55:40 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2010-01-10 16:50:58 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010-01-10 16:08:52 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010-01-10 16:08:45 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2010-01-10 16:07:19 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008-04-15 12:00:00 | 000,161,220 | RHS- | C] () -- C:\WINDOWS\System32\dhjeqomu.dll
[2008-03-13 17:52:18 | 000,033,800 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

[color="#e56717"]========== LOP Check ==========[/color]

[2010-06-15 11:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Atari
[2010-01-11 15:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\DAEMON Tools Lite
[2010-01-11 15:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\DMCache
[2010-09-17 17:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\DVDVideoSoftIEHelpers
[2010-04-22 18:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\fltk.org
[2010-05-19 11:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\Gadu-Gadu 10
[2010-09-14 12:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\GanymedeNet
[2010-03-13 13:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\GlarySoft
[2010-01-11 16:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\IDM
[2010-08-20 13:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\ipla
[2010-07-16 16:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\OpenFM
[2010-01-20 20:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Dane aplikacji\ubi.com
[2010-01-11 15:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite
[2010-01-10 15:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2010-05-19 11:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10
[2010-05-19 11:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla
[2010-09-20 11:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
[2010-01-11 17:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SpeedBit
[2010-01-11 17:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[color="#e56717"]========== Purity Check ==========[/color]



[color="#e56717"]========== Custom Scans ==========[/color]


[color="#a23bec"]< %systemdrive%\*.* >[/color]
[2010-01-29 11:47:14 | 000,100,864 | RHS- | M] () -- C:\0fpdq2dw.exe
[2010-05-12 08:21:14 | 000,112,128 | RHS- | M] () -- C:\12gn6id2.exe
[2010-02-02 14:03:27 | 000,090,624 | RHS- | M] () -- C:\1hqup.exe
[2010-05-04 08:38:25 | 000,111,104 | RHS- | M] () -- C:\1thes92p.exe
[2010-05-24 09:16:19 | 000,114,688 | RHS- | M] () -- C:\33r.exe
[2010-03-13 09:13:48 | 000,118,272 | RHS- | M] () -- C:\3dcs9.exe
[2010-02-24 13:32:24 | 000,097,792 | RHS- | M] () -- C:\62.exe
[2010-01-13 10:46:20 | 000,118,784 | RHS- | M] () -- C:\8xcrbho6.exe
[2010-02-04 14:25:54 | 000,094,208 | RHS- | M] () -- C:\9d6tpg.exe
[2010-01-21 10:06:19 | 000,118,272 | RHS- | M] () -- C:\9fo3ar0j.exe
[2010-02-11 12:48:25 | 000,091,648 | RHS- | M] () -- C:\9qqigqwf.exe
[2010-05-09 17:52:24 | 000,111,616 | RHS- | M] () -- C:\9rfpp.exe
[2010-03-27 08:39:03 | 000,132,608 | RHS- | M] () -- C:\affi8l.exe
[2010-01-10 15:05:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-03-25 09:03:13 | 000,125,440 | RHS- | M] () -- C:\bbjl2g.exe
[2010-01-10 14:58:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010-09-22 10:17:53 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2008-04-15 12:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2010-02-04 20:52:41 | 000,094,208 | RHS- | M] () -- C:\bveijo.exe
[2010-01-25 09:48:49 | 000,097,792 | RHS- | M] () -- C:\c2e.exe
[2010-05-01 08:15:02 | 000,110,592 | RHS- | M] () -- C:\ca.exe
[2004-08-03 23:00:14 | 000,262,400 | ---- | M] () -- C:\cmldr
[2010-05-20 09:21:22 | 000,114,176 | RHS- | M] () -- C:\cobn8w3.exe
[2010-09-22 11:03:38 | 000,007,764 | ---- | M] () -- C:\ComboFix.txt
[2010-01-10 15:05:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010-05-20 16:08:59 | 000,115,712 | RHS- | M] () -- C:\eer6ril9.exe
[2010-05-25 08:32:51 | 000,115,200 | RHS- | M] () -- C:\f662sjd.exe
[2010-03-03 12:41:06 | 000,097,280 | RHS- | M] () -- C:\fk.exe
[2010-03-17 14:23:14 | 000,133,632 | RHS- | M] () -- C:\ggpw.exe
[2010-04-25 08:56:37 | 000,128,512 | RHS- | M] () -- C:\hc3hvi0.exe
[2010-05-08 08:00:52 | 000,111,616 | RHS- | M] () -- C:\i8ikdjwt.exe
[2010-01-10 15:05:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-03-22 12:51:29 | 000,111,616 | RHS- | M] () -- C:\ji83j.exe
[2010-03-02 12:49:02 | 000,096,768 | RHS- | M] () -- C:\k1d.exe
[2010-01-17 09:07:55 | 000,120,320 | RHS- | M] () -- C:\kmj.exe
[2010-03-29 13:59:42 | 000,132,608 | RHS- | M] () -- C:\mi9al8rs.exe
[2010-01-10 15:05:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-01-31 11:03:09 | 000,097,280 | RHS- | M] () -- C:\mvmdh.exe
[2010-05-13 13:20:23 | 000,112,640 | RHS- | M] () -- C:\n6eyw.exe
[2010-03-15 14:56:52 | 000,116,736 | RHS- | M] () -- C:\nhx.exe
[2008-04-15 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-15 12:00:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-02-16 15:01:44 | 000,091,648 | RHS- | M] () -- C:\p3vwxx.exe
[2010-05-18 09:17:50 | 000,112,640 | RHS- | M] () -- C:\p6xebrnt.exe
[2010-05-15 08:34:54 | 000,112,640 | RHS- | M] () -- C:\p9rs.exe
[2010-09-22 10:42:09 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2009-11-12 11:02:50 | 000,113,817 | RHS- | M] () -- C:\pbudsara.exe
[2010-05-22 09:03:18 | 000,114,688 | RHS- | M] () -- C:\q0wfr.exe
[2010-05-10 18:58:04 | 000,112,640 | RHS- | M] () -- C:\qhbfqx.exe
[2010-05-18 19:49:52 | 000,114,176 | RHS- | M] () -- C:\rhwhin.exe
[2010-05-03 08:56:16 | 000,112,128 | RHS- | M] () -- C:\rpw.exe
[2010-03-01 14:52:53 | 000,097,792 | RHS- | M] () -- C:\s1.exe
[2010-01-20 09:02:22 | 000,123,392 | RHS- | M] () -- C:\sywyrl0q.exe
[2010-02-19 14:12:48 | 000,096,256 | RHS- | M] () -- C:\tgt.exe
[2010-04-24 09:19:56 | 000,128,000 | RHS- | M] () -- C:\twhvna.exe
[2010-04-23 08:42:33 | 000,128,512 | RHS- | M] () -- C:\vgyn6ewc.exe
[2010-04-27 18:15:04 | 000,110,592 | RHS- | M] () -- C:\wkimt.exe
[2010-02-08 12:35:52 | 000,091,648 | RHS- | M] () -- C:\ws.exe
[2010-01-30 13:06:28 | 000,100,864 | RHS- | M] () -- C:\y.exe


[color="#a23bec"]< MD5 for: AGP440.SYS >[/color]
[2008-04-15 12:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[color="#a23bec"]< MD5 for: ATAPI.SYS >[/color]
[2008-04-15 12:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-15 12:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-15 12:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

[color="#a23bec"]< MD5 for: BEEP.SYS >[/color]
[2008-04-15 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2008-04-15 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color="#a23bec"]< MD5 for: CDROM.SYS >[/color]
[2008-04-15 12:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-15 12:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color="#a23bec"]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-15 12:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008-04-15 12:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color="#a23bec"]< MD5 for: NDIS.SYS >[/color]
[2008-04-15 12:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008-04-15 12:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color="#a23bec"]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-15 12:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008-04-15 12:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe

[color="#e56717"]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A9662AE0
< End of report >[/log]

danielek316 coś wywnioskowałes???

danielek316
komentarz
komentarz

Nie wywnioskowałem ponieważ się na tym nie znam. Musisz poczekać aż Twojego loga przeanalizują fachowcy. Dlatego przeniosłem Twój temat właśnie tutaj

Tomek01
komentarz
komentarz

Czemu nie piszesz, że używałeś Combofix'a. Nie radzę więcej tego robić na własną rękę. To tak na marginesie.
Jak masz log z niego to go pokaż.

Problem z wejściem na dyski oznacza infekcję z pendrive'a. Log to potwierdza.

Poza tym to: C:\WINDOWS\system32\dhjeqomu.dll -- (htrzrvmf) wygląda mi na rootkit'a



Odinstaluj z panelu: MyGlobalSearch

Zastosuj [b][color=#0000CD][url=http://download.bleepingcomputer.com//sUBs/Flash_Disinfector.exe]Flash Disinfector[/url][/color][/b], najlepiej z podpiętym pendrive'm czy innymi pamięciami USB.

W OTL, w oknie Custom scan/fixes wklej:
[code]:Processes
Explorer.exe

:OTL
SRV - [2008-04-15 12:00:00 | 000,161,220 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\dhjeqomu.dll -- (htrzrvmf)
O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL File not found
O3 - HKLM\..\Toolbar: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL File not found
O3 - HKU\S-1-5-21-507921405-583907252-1177238915-1003\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL File not found
O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\FullSpeed Updater.exe ()
O33 - MountPoints2\{35a3ab69-49fe-11df-ba00-00161718fcb9}\Shell\AutoRun\command - "" = I:\mi9al8rs.exe -- File not found
O33 - MountPoints2\{35a3ab69-49fe-11df-ba00-00161718fcb9}\Shell\open\Command - "" = I:\mi9al8rs.exe -- File not found
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:A9662AE0

:Files
C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\BearShare
C:\WINDOWS\System32\dhjeqomu.dll
C:\0fpdq2dw.exe
C:\12gn6id2.exe
C:\1hqup.exe
C:\1thes92p.exe
C:\33r.exe
C:\3dcs9.exe
C:\62.exe
C:\8xcrbho6.exe
C:\9d6tpg.exe
C:\9fo3ar0j.exe
C:\9qqigqwf.exe
C:\9rfpp.exe
C:\affi8l.exe
C:\bbjl2g.exe
C:\bveijo.exe
C:\c2e.exe
C:\ca.exe
C:\cobn8w3.exe
C:\eer6ril9.exe
C:\f662sjd.exe
C:\fk.exe
C:\ggpw.exe
C:\hc3hvi0.exe
C:\i8ikdjwt.exe
C:\ji83j.exe
C:\k1d.exe
C:\kmj.exe
C:\mi9al8rs.exe
C:\mvmdh.exe
C:\n6eyw.exe
C:\nhx.exe
C:\p3vwxx.exe
C:\p6xebrnt.exe
C:\p9rs.exe
C:\pbudsara.exe
C:\q0wfr.exe
C:\qhbfqx.exe
C:\rhwhin.exe
C:\rpw.exe
C:\s1.exe
C:\sywyrl0q.exe
C:\tgt.exe
C:\twhvna.exe
C:\vgyn6ewc.exe
C:\wkimt.exe
C:\ws.exe
C:\y.exe

:Services
htrzrvmf

:Commands
[emptytemp]
[start explorer]
[Reboot]
[/code]
Klikasz run fix, komputer uruchamia się ponownie.


Wrzucasz powstały log z usuwania oraz nowe logi OTL i RSIT.

marcin1990v
komentarz
komentarz

Dobra dzieki wielkie za wskazówki ale już sobie poradziłem...pzdr

Tomek01
komentarz
komentarz

Niepotrzebnie tracę czas. Nie zdajesz sobie chyba sprawy ile czasu zajmuje dokładne przeanalizowanie log'u oraz stworzenie skryptu.
Trzeba było mówić, że szukasz rozwiązań gdzie indziej.

marcin1990v
komentarz
komentarz

Ziomek po prostu ten post napisałem na 2 różnych forach komputerowych,ponieważ próbowałem już tym co chłopaki pisali i nic nie pomagało,więc postanowiłem wspomóc sie 2 forum. Nie moja wina ze był tam człowiek który znał temat i pomógł mi migusiem...Wiem że sprawdzenie logu wymaga czasu i że mogłes robic cos innego niż analizowanie mojego postu...i dzieki wielkie za to...pzdr

Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
Zarejestruj się lub zaloguj, aby dodać nowy temat albo zadaj pytanie bez logowania
×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.