TA STRONA UŻYWA COOKIE. Dowiedz się więcej o celu ich używania i zmianie ustawień cookie w przeglądarce. Korzystając ze strony wyrażasz zgodę na używanie cookie, zgodnie z aktualnymi ustawieniami przeglądarki.
Od dnia 25.05.2018 r. na terenie Unii Europejskiej wchodzi w życie Rozporządzenie Parlamentu Europejskiego w sprawie ochrony danych osobowych. Prosimy o zapoznanie się z polityką prywatności oraz regulaminem serwisu  [X]

Ciagle wyskakuje mi oknienko o wirusie win32/Pacex.AD

Logi, zabezpieczenie komputera, danych. Programy antywirusowe antyspyware, firewall itp.
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Wyślij odpowiedź

Ciagle wyskakuje mi oknienko o wirusie win32/Pacex.AD

Postprzez oluniaaa1 » 09 Mar 2010, 16:03

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

http://www.wklej.eu/index.php?id=8113070b57

z gory dzieki za pomoc

mam noda i ciagle wyskakuje mi oknienko o wirusie win32/Pacex.AD
oluniaaa1
Forumowicz
Forumowicz
 
Posty: 8
Dołączenie: 09 Mar 2010, 15:55
Góra

Re: prosze o sprawdzeniei loga OTL i o pomoc

Postprzez mateo8898 » 09 Mar 2010, 19:29

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

Pobierz The Avenger w pole Input script here wklej poniższy tekst:

Kod: Zaznacz wszystko
Files to delete:
C:\WINNT\System32\drivers\ptznalw.sys
C:\Documents and Settings\Administrator\Dane aplikacji\rbuwzv.dat
C:\WINNT\System32\fjhdyfhsn.bat
C:\Documents and Settings\Administrator\Dane aplikacji\rbuwzv.dat
C:\Documents and Settings\Administrator\Dane aplikacji\avdrn.dat

Drivers to delete:
ptznalw

klikasz Execute -> Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu wklej raport na forum C:\avenger.txt

Uruchom OTL -> w oknie Custom Scans/Fixes wklej:
:OTL
MOD - [2010-03-09 13:22:04 | 000,080,384 | RHS- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\cvasds0.dll
[2008-07-10 22:49:30 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\banias8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2008-04-05 13:39:34 | 000,024,576 | ---- | M] (My Global Search) -- C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
O2 - BHO: (My Global Search Bar BHO) - {37B85A21-692B-4205-9CAD-2626E4993404} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (My Global Search Bar) - {37B85A29-692B-4205-9CAD-2626E4993404} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [cdoosoft] C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\herss.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\winesm32.exe ()
O32 - AutoRun File - [2010-03-09 14:50:14 | 000,000,051 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-03-09 14:50:14 | 000,000,051 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{06bb3698-3fa4-11de-b527-001d92518b78}\Shell\AutoRun\command - "" = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{06bb3698-3fa4-11de-b527-001d92518b78}\Shell\open\command - "" = F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe -- File not found
O33 - MountPoints2\{0bf757c2-ac51-11de-b69d-001d92518b78}\Shell - "" = AutoRun
O33 - MountPoints2\{559efd92-b108-11de-b6ad-001d92518b78}\Shell - "" = AutoRun
O33 - MountPoints2\{7eebddad-6287-11de-b5a9-001d92518b78}\Shell\AutoRun\command - "" = F:\IMAPI.EXE -- File not found
O33 - MountPoints2\{7f9e66a0-081f-11df-b7c0-001d92518b78}\Shell - "" = AutoRun
O33 - MountPoints2\{8172f415-cb54-11dd-b3a6-001d92518b78}\Shell - "" = AutoRun
O33 - MountPoints2\{a2f70e2b-25e0-11df-b833-001d92518b78}\Shell\AutoRun\command - "" = F:\k1d.exe -- File not found
O33 - MountPoints2\{a2f70e2b-25e0-11df-b833-001d92518b78}\Shell\open\Command - "" = F:\k1d.exe -- File not found
O33 - MountPoints2\{bb37e563-e95b-11dd-b40d-001d92518b78}\Shell\AutoRun\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
O33 - MountPoints2\{bb37e563-e95b-11dd-b40d-001d92518b78}\Shell\open\command - "" = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
O33 - MountPoints2\{c41e10ba-56a3-11de-b57a-001d92518b78}\Shell - "" = AutoRun
O33 - MountPoints2\{cb357ac5-6fd7-11de-b5d2-001d92518b78}\Shell\AutoRun\command - "" = G:\nm3osq.bat -- File not found
O33 - MountPoints2\{cb357ac5-6fd7-11de-b5d2-001d92518b78}\Shell\open\Command - "" = G:\nm3osq.bat -- File not found
O33 - MountPoints2\{d3fbf987-82c0-11de-b619-001d92518b78}\Shell\AutoRun\command - "" = F:\RUNDLL32.EXE -- File not found
O33 - MountPoints2\{dd851873-3149-11dd-ab9c-001d92518b78}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
O33 - MountPoints2\{dd851873-3149-11dd-ab9c-001d92518b78}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe

:Files
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\cvasds0.dll
C:\RECYCLER
D:\RECYCLER
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-8
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-7
C:\fk.exe
D:\fk.exe
C:\Documents and Settings\All Users\Dane aplikacji\.zreglib

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Alcmtr"=-
"KernelFaultCheck"=-
"NeroFilterCheck"=-
"WinampAgent"=-

:Commands
[emptytemp]

Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL + log z GMER (przed uruchomieniem użyj Defoggera)

Wylecz pamięci przenośne Flash Disinfector lub sformatuj
Awatar użytkownika
mateo8898
Moderator
Moderator
 
Posty: 15377
Dołączenie: 15 Maj 2009, 14:55
Pochwały: 966
Góra

Re: prosze o sprawdzeniei loga OTL i o pomoc

Postprzez oluniaaa1 » 09 Mar 2010, 22:37

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINNT\System32\drivers\ptznalw.sys" deleted successfully.
File "C:\Documents and Settings\Administrator\Dane aplikacji\rbuwzv.dat" deleted successfully.
File "C:\WINNT\System32\fjhdyfhsn.bat" deleted successfully.

Error: file "C:\Documents and Settings\Administrator\Dane aplikacji\rbuwzv.dat" not found!
Deletion of file "C:\Documents and Settings\Administrator\Dane aplikacji\rbuwzv.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Documents and Settings\Administrator\Dane aplikacji\avdrn.dat" deleted successfully.
Driver "ptznalw" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
oluniaaa1
Forumowicz
Forumowicz
 
Posty: 8
Dołączenie: 09 Mar 2010, 15:55
Góra

log z usuwania

Postprzez oluniaaa1 » 09 Mar 2010, 23:32

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

All processes killed
========== OTL ==========
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\banias8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\banias8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\banias8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\banias8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37B85A29-692B-4205-9CAD-2626E4993404} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft deleted successfully.
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\herss.exe moved successfully.
File move failed. C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\winesm32.exe scheduled to be moved on reboot.
C:\autorun.inf moved successfully.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06bb3698-3fa4-11de-b527-001d92518b78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06bb3698-3fa4-11de-b527-001d92518b78}\ not found.
File F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06bb3698-3fa4-11de-b527-001d92518b78}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06bb3698-3fa4-11de-b527-001d92518b78}\ not found.
File F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bf757c2-ac51-11de-b69d-001d92518b78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bf757c2-ac51-11de-b69d-001d92518b78}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{559efd92-b108-11de-b6ad-001d92518b78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{559efd92-b108-11de-b6ad-001d92518b78}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7eebddad-6287-11de-b5a9-001d92518b78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7eebddad-6287-11de-b5a9-001d92518b78}\ not found.
File F:\IMAPI.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f9e66a0-081f-11df-b7c0-001d92518b78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f9e66a0-081f-11df-b7c0-001d92518b78}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8172f415-cb54-11dd-b3a6-001d92518b78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8172f415-cb54-11dd-b3a6-001d92518b78}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2f70e2b-25e0-11df-b833-001d92518b78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2f70e2b-25e0-11df-b833-001d92518b78}\ not found.
File F:\k1d.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2f70e2b-25e0-11df-b833-001d92518b78}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2f70e2b-25e0-11df-b833-001d92518b78}\ not found.
File F:\k1d.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb37e563-e95b-11dd-b40d-001d92518b78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb37e563-e95b-11dd-b40d-001d92518b78}\ not found.
File SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb37e563-e95b-11dd-b40d-001d92518b78}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb37e563-e95b-11dd-b40d-001d92518b78}\ not found.
File SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c41e10ba-56a3-11de-b57a-001d92518b78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c41e10ba-56a3-11de-b57a-001d92518b78}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb357ac5-6fd7-11de-b5d2-001d92518b78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb357ac5-6fd7-11de-b5d2-001d92518b78}\ not found.
File G:\nm3osq.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb357ac5-6fd7-11de-b5d2-001d92518b78}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb357ac5-6fd7-11de-b5d2-001d92518b78}\ not found.
File G:\nm3osq.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3fbf987-82c0-11de-b619-001d92518b78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3fbf987-82c0-11de-b619-001d92518b78}\ not found.
File F:\RUNDLL32.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd851873-3149-11dd-ab9c-001d92518b78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd851873-3149-11dd-ab9c-001d92518b78}\ not found.
File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd851873-3149-11dd-ab9c-001d92518b78}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd851873-3149-11dd-ab9c-001d92518b78}\ not found.
File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe not found.
========== FILES ==========
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\cvasds0.dll moved successfully.
C:\RECYCLER\S-1-5-21-343818398-2052111302-725345543-500 folder moved successfully.
C:\RECYCLER folder moved successfully.
D:\RECYCLER\S-1-5-21-343818398-2052111302-725345543-500 folder moved successfully.
D:\RECYCLER folder moved successfully.
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-8 folder moved successfully.
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Loc.Mail.Bron.Tok folder moved successfully.
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Ok-SendMail-Bron-tok folder moved successfully.
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Bron.tok-12-7 folder moved successfully.
C:\fk.exe moved successfully.
D:\fk.exe moved successfully.
C:\Documents and Settings\All Users\Dane aplikacji\.zreglib moved successfully.
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 41132078 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93733817 bytes
->Flash cache emptied: 44069 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41085 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Flash cache emptied: 300 bytes

User: NetworkService
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3929081 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2314042 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 135,00 mb


OTL by OldTimer - Version 3.1.35.0 log created on 03092010_213926

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\winesm32.exe moved successfully.
D:\autorun.inf moved successfully.
C:\WINNT\temp\NOD9EA4.tmp(1).VIR moved successfully.
C:\WINNT\temp\NOD9EA5.tmp(1).VIR moved successfully.

Registry entries deleted on Reboot...
oluniaaa1
Forumowicz
Forumowicz
 
Posty: 8
Dołączenie: 09 Mar 2010, 15:55
Góra

nowy log OTL

Postprzez oluniaaa1 » 09 Mar 2010, 23:37

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

OTL logfile created on: 2010-03-09 22:34:09 - Run 2
OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Administrator\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 15,57 Gb Free Space | 53,16% Space Free | Partition Type: NTFS
Drive D: | 119,75 Gb Total Space | 56,07 Gb Free Space | 46,82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-03-09 14:49:52 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
PRC - [2010-01-16 04:18:19 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-07-31 06:28:33 | 002,852,864 | ---- | M] () -- C:\Program Files\8-in-Right\OscarEditor.exe
PRC - [2008-07-09 22:33:34 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008-07-01 09:02:28 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008-07-01 09:01:04 | 001,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008-03-04 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008-01-22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007-02-12 15:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
PRC - [2007-02-07 23:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
PRC - [2006-12-23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006-12-23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006-06-13 04:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINNT\system32\DLA\DLACTRLW.EXE
PRC - [2005-12-06 14:53:30 | 000,819,200 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\neostradatp.exe
PRC - [2005-11-22 12:54:18 | 000,249,856 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\ComComp.exe
PRC - [2004-11-02 15:31:20 | 000,069,632 | ---- | M] (France Telecom R&D) -- C:\Program Files\neostrada tp\Toaster.exe
PRC - [2004-10-27 11:30:44 | 000,032,768 | ---- | M] () -- C:\Program Files\neostrada tp\Inactivity.exe
PRC - [2004-10-27 11:07:06 | 000,069,632 | ---- | M] () -- C:\Program Files\neostrada tp\PollingModule.exe
PRC - [2004-10-21 08:50:52 | 000,045,056 | ---- | M] () -- C:\WINNT\system32\AlertModule\AlertModule.exe
PRC - [2004-10-05 17:00:12 | 000,061,440 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\TaskBarIcon.exe
PRC - [2004-08-23 14:49:56 | 000,040,960 | ---- | M] (France Telecom) -- C:\WINNT\system32\FTRTSVC.exe
PRC - [2004-08-23 14:49:56 | 000,020,480 | ---- | M] (France Télécom R&D) -- C:\Program Files\neostrada tp\Watch.exe
PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010-03-09 14:49:52 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
MOD - [2004-10-26 09:49:34 | 000,028,672 | ---- | M] () -- C:\Program Files\neostrada tp\Inactivity.dll
MOD - [2004-08-04 01:42:34 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009-11-06 09:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008-07-01 09:08:00 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008-07-01 09:02:28 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008-01-22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007-02-12 15:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
SRV - [2007-02-07 23:06:10 | 000,049,152 | ---- | M] (UltiDev LLC) [Auto | Running] -- C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe -- (UltiDev Cassini Web Server for ASP.NET 2.0)
SRV - [2004-08-23 14:49:56 | 000,040,960 | ---- | M] (France Telecom) [Auto | Running] -- C:\WINNT\system32\FTRTSVC.exe -- (FTRTSVC)


========== Driver Services (SafeList) ==========

DRV - [2010-03-09 22:22:40 | 000,000,000 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINNT\system32\drivers\xdokzamn.sys -- (xdokzamn)
DRV - [2008-07-01 09:04:40 | 000,034,312 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008-07-01 08:57:14 | 000,053,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINNT\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008-07-01 08:56:22 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\eamon.sys -- (eamon)
DRV - [2007-10-02 12:53:06 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007-06-23 02:14:40 | 004,432,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-06-01 04:04:45 | 000,096,968 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007-04-05 15:19:20 | 000,546,112 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007-04-03 09:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2007-04-02 15:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2007-02-28 21:56:07 | 000,015,440 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINNT\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007-02-26 04:59:10 | 005,700,096 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007-02-07 08:43:26 | 000,090,880 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006-06-29 06:13:08 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-06-13 04:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINNT\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006-06-13 04:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINNT\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006-06-13 04:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINNT\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006-06-13 04:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINNT\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006-06-13 04:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINNT\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006-06-13 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINNT\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006-06-13 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINNT\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006-06-12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINNT\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006-05-25 14:28:44 | 000,684,265 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\torususb.sys -- (TaurusUsb)
DRV - [2006-03-17 07:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINNT\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006-03-17 07:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINNT\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006-03-17 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005-01-07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2003-08-12 13:51:00 | 000,060,255 | R--- | M] (STMicroelectronics ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\stmatm.sys -- (Stmatm)
DRV - [2003-08-04 13:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\PCANDIS5.SYS -- (PCANDIS5)
DRV - [2003-02-26 07:55:58 | 000,017,376 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Gt680x.sys -- (GT680xNT)
DRV - [2003-02-26 07:55:58 | 000,017,376 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\Gt680x.sys -- (GT680x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wyborcza.pl/0,0.html?p=016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.wp.pl/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-02 22:19:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-02 22:19:12 | 000,000,000 | ---D | M]

[2009-05-27 13:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2008-10-17 15:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\banias8h.default\extensions
[2008-10-27 14:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\wkxyqspu.default\extensions
[2009-05-27 13:57:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-02-15 10:56:54 | 000,636,408 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPBILLARD8.dll
[2009-04-01 16:12:28 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
[2010-02-15 10:58:52 | 000,603,648 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPPOKER.dll
[2009-08-31 13:10:16 | 000,591,352 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPROULETTE.dll
[2009-08-31 13:10:32 | 000,546,304 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSLOTS90.dll
[2009-08-31 13:40:12 | 000,636,408 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPSNOOKER.dll
[2007-07-25 15:44:00 | 000,663,552 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPWORDS.dll
[2010-01-16 02:08:36 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-16 02:08:36 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-16 02:08:36 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-16 02:08:36 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-16 02:08:36 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-16 02:08:36 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-03-07 21:18:31 | 000,012,407 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html lang='en'>
O1 - Hosts: <head>
O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://us.i1.yimg.com/us.yimg.com/lib/smbiz/css/geocities_84954.css">
O1 - Hosts: <style>
O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 - Hosts: .services { font-size:116%; padding-bottom:20px }
O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 - Hosts: p {margin:20px;font-size:1em;}
O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px">
O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px">
O1 - Hosts: 90 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdslTaskBar] C:\WINNT\System32\stmctrl.dll (STMicroelectronics )
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DLA] C:\WINNT\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe File not found
O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\neostrada tp\Watch.exe (France Télécom R&D)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files\8-in-Right\OscarEditor.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} http://mosir.lublin.pl/kamera/nvUnifiedControl.ocx (nvUnifiedControl Control)
O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files\DIALux 2.6\System\DLXToolBox20.dll (DIAL GmbH, Germany)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-03-08 17:30:42 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-03-09 21:39:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-03-09 21:39:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-03-09 21:31:11 | 000,000,000 | ---D | C] -- C:\Avenger
[2010-03-09 14:49:18 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
[2010-03-09 14:11:56 | 000,000,000 | ---D | C] -- C:\WINNT\pss
[2010-03-09 13:47:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010-03-09 13:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010-03-09 12:39:19 | 000,000,000 | -H-D | C] -- C:\WINNT\System32\GroupPolicy
[2010-03-03 20:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
[2010-03-02 20:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\lista kucharka
[2010-02-22 11:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010-02-19 13:11:20 | 000,000,000 | ---D | C] -- C:\WINNT\System32\AlertModule
[2010-02-19 13:11:14 | 000,040,960 | ---- | C] (France Telecom) -- C:\WINNT\System32\FTRTSVC.exe
[2010-02-19 13:11:14 | 000,036,864 | ---- | C] (France Télécom R&D) -- C:\WINNT\System32\IfHelper.dll
[2009-12-30 19:33:53 | 001,082,641 | ---- | C] (Asymetrix Corp.) -- C:\Program Files\VDTWORK.EXE
[2009-12-30 19:33:53 | 000,884,352 | ---- | C] (Asymetrix Corp.) -- C:\Program Files\LIFTING.EXE
[2009-12-30 19:33:52 | 000,922,093 | ---- | C] (Asymetrix Corp.) -- C:\Program Files\AWARNESS.EXE
[2009-12-30 19:33:52 | 000,910,856 | ---- | C] (Asymetrix Corp.) -- C:\Program Files\GETSTART.EXE
[2009-04-09 21:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\ESET
[2009-02-12 11:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Google
[2009-02-07 16:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Google
[2008-10-21 13:49:52 | 000,017,376 | R--- | C] ( ) -- C:\WINNT\System32\drivers\Gt680x.sys
[2008-09-13 07:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET
[2008-04-05 12:19:17 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe
[2008-04-03 12:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Macromedia
[2008-04-02 11:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-04-02 11:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-04-02 11:07:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2008-04-02 11:07:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

========== Files - Modified Within 30 Days ==========

[2010-03-09 22:35:00 | 000,001,036 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2010-03-09 22:33:31 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Defogger.exe
[2010-03-09 22:27:34 | 000,001,032 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2010-03-09 22:27:30 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010-03-09 22:27:27 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010-03-09 22:26:42 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010-03-09 22:26:18 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-03-09 22:22:40 | 000,000,000 | ---- | M] () -- C:\WINNT\System32\drivers\xdokzamn.sys
[2010-03-09 21:38:17 | 000,000,142 | ---- | M] () -- C:\WINNT\System32\fjhdyfhsn.bat
[2010-03-09 21:38:15 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Dane aplikacji\rbuwzv.dat
[2010-03-09 20:49:25 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\avenger.zip
[2010-03-09 15:05:18 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\gmer.zip
[2010-03-09 14:49:52 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Pulpit\OTL.exe
[2010-03-09 14:44:19 | 000,000,448 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010-03-09 14:15:03 | 033,227,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\launch(2).exe
[2010-03-09 13:52:03 | 033,227,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe
[2010-03-09 13:50:27 | 000,066,996 | ---- | M] () -- C:\Documents and Settings\Administrator\Moje dokumenty\cc_20100309_135002.reg
[2010-03-09 13:44:48 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\CCleaner.lnk
[2010-03-09 12:43:27 | 000,000,454 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2010-03-08 17:30:42 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2010-03-07 21:18:31 | 000,012,407 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010-03-06 22:38:35 | 000,000,069 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2010-03-06 14:29:53 | 003,494,588 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\melanie fiona - monday morning.mp3
[2010-03-05 10:42:38 | 005,125,465 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\rem - everybody hurts.mp3
[2010-03-02 22:19:14 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2010-02-28 11:39:16 | 000,059,658 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\Zdjęcie0014.JPG
[2010-02-26 10:13:03 | 004,035,009 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\ira - nie daj mi odejsc.mp3
[2010-02-20 23:11:00 | 003,865,318 | ---- | M] () -- C:\Documents and Settings\Administrator\Pulpit\enterjoyce-biala suknia(cover).mp3
[2010-02-19 13:11:28 | 000,001,547 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.lnk
[2010-02-11 14:09:14 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010-02-08 18:35:50 | 000,001,911 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk

========== Files Created - No Company Name ==========

[2010-03-09 22:33:31 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Defogger.exe
[2010-03-09 21:38:39 | 000,000,000 | ---- | C] () -- C:\WINNT\System32\drivers\xdokzamn.sys
[2010-03-09 21:38:17 | 000,000,142 | ---- | C] () -- C:\WINNT\System32\fjhdyfhsn.bat
[2010-03-09 21:38:15 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Dane aplikacji\rbuwzv.dat
[2010-03-09 20:48:58 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\avenger.zip
[2010-03-09 15:05:17 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\gmer.zip
[2010-03-09 14:44:18 | 000,000,448 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010-03-09 14:06:20 | 033,227,400 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\launch(2).exe
[2010-03-09 13:50:06 | 000,066,996 | ---- | C] () -- C:\Documents and Settings\Administrator\Moje dokumenty\cc_20100309_135002.reg
[2010-03-09 13:44:48 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\CCleaner.lnk
[2010-03-09 13:38:59 | 033,227,400 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\launch.exe
[2010-03-09 12:41:15 | 000,000,454 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2010-03-07 21:24:05 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Kosong.Bron.Tok.txt
[2010-03-07 21:18:31 | 000,012,407 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ListHost12.txt
[2010-03-06 14:29:52 | 003,494,588 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\melanie fiona - monday morning.mp3
[2010-03-05 10:42:37 | 005,125,465 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\rem - everybody hurts.mp3
[2010-02-28 11:35:34 | 000,059,658 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\Zdjęcie0014.JPG
[2010-02-26 10:13:02 | 004,035,009 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\ira - nie daj mi odejsc.mp3
[2010-02-20 23:11:00 | 003,865,318 | ---- | C] () -- C:\Documents and Settings\Administrator\Pulpit\enterjoyce-biala suknia(cover).mp3
[2010-02-19 13:11:28 | 000,001,547 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\neostrada tp.lnk
[2010-02-08 18:35:50 | 000,001,911 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Google Earth.lnk
[2010-01-30 19:27:28 | 000,005,881 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log
[2009-12-30 19:33:54 | 000,058,274 | ---- | C] () -- C:\Program Files\X-2.BMP
[2009-12-30 19:33:54 | 000,058,274 | ---- | C] () -- C:\Program Files\R-1.BMP
[2009-12-30 19:33:54 | 000,058,274 | ---- | C] () -- C:\Program Files\PP-1.BMP
[2009-12-30 19:33:54 | 000,058,274 | ---- | C] () -- C:\Program Files\J-2.BMP
[2009-12-30 19:33:54 | 000,057,958 | ---- | C] () -- C:\Program Files\MM-1.BMP
[2009-12-30 19:33:54 | 000,057,958 | ---- | C] () -- C:\Program Files\II-1.BMP
[2009-12-30 19:33:54 | 000,057,862 | ---- | C] () -- C:\Program Files\P-1.BMP
[2009-12-30 19:33:54 | 000,057,642 | ---- | C] () -- C:\Program Files\KK-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\Z-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\X-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\WW-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\W-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\VV-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\V-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\UU-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\U-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\TT-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\T-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\S-2.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\S-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\QQ-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\OO-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\O-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\N-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\M-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\L-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\K-2.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\K-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\J-1.BMP
[2009-12-30 19:33:54 | 000,057,550 | ---- | C] () -- C:\Program Files\I-2.BMP
[2009-12-30 19:33:54 | 000,057,326 | ---- | C] () -- C:\Program Files\JJ-1.BMP
[2009-12-30 19:33:54 | 000,057,238 | ---- | C] () -- C:\Program Files\LL-1.BMP
[2009-12-30 19:33:53 | 000,057,958 | ---- | C] () -- C:\Program Files\B-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\NOPIC.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\I-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\HH-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\H-2.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\H-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\GG-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\G-3.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\G-2.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\G-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\FF-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\F-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\EX-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\E-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\DD-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\D-2.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\D-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\CC-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\C-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\BB-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\B-3.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\B-2.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\AA-1.BMP
[2009-12-30 19:33:53 | 000,057,550 | ---- | C] () -- C:\Program Files\A-1.BMP
[2009-12-30 19:33:53 | 000,002,258 | ---- | C] () -- C:\Program Files\VDTWORK.INI
[2009-12-30 19:33:53 | 000,001,295 | ---- | C] () -- C:\Program Files\LIFTING.INI
[2009-12-30 19:33:53 | 000,000,766 | ---- | C] () -- C:\Program Files\ERGO.ICO
[2009-12-30 19:33:52 | 000,005,952 | ---- | C] () -- C:\Program Files\EXAMPLE.USR
[2009-12-30 19:33:52 | 000,004,665 | ---- | C] () -- C:\Program Files\EXAMPLE.VDT
[2009-12-30 19:33:52 | 000,002,711 | ---- | C] () -- C:\Program Files\EXAMPLE.LFT
[2009-12-30 19:32:45 | 000,000,000 | ---- | C] () -- C:\WINNT\asym.ini
[2009-12-30 19:04:41 | 000,000,148 | ---- | C] () -- C:\WINNT\DIALux.ini
[2009-06-03 13:10:28 | 000,049,152 | R--- | C] () -- C:\WINNT\AutoSet.dll
[2009-06-03 13:10:28 | 000,000,089 | ---- | C] () -- C:\WINNT\SCNDRVU.INI
[2009-05-02 11:54:09 | 008,681,428 | ---- | C] () -- C:\Program Files\Wrzuta.pl_Download_2.0.zip
[2008-07-01 09:04:40 | 000,034,312 | ---- | C] () -- C:\WINNT\System32\drivers\epfwtdir.sys
[2008-06-19 16:16:09 | 000,000,175 | ---- | C] () -- C:\WINNT\wininit.ini
[2008-06-19 16:13:58 | 000,003,654 | ---- | C] () -- C:\WINNT\System32\drivers\Sonyhcp.dll
[2008-05-13 11:06:18 | 000,000,000 | ---- | C] () -- C:\WINNT\WATCH.INI
[2008-04-04 13:32:29 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-04-03 11:08:14 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2008-04-02 20:16:13 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
[2008-04-02 19:38:24 | 000,684,265 | R--- | C] () -- C:\WINNT\System32\drivers\torususb.sys
[2008-04-02 19:38:24 | 000,000,902 | R--- | C] () -- C:\WINNT\System32\setup.ini
[2008-04-02 19:38:24 | 000,000,161 | R--- | C] () -- C:\WINNT\DSLSetup.ini
[2008-04-02 18:58:07 | 000,002,636 | ---- | C] () -- C:\WINNT\VPlayer.INI
[2008-04-02 12:04:13 | 000,000,415 | ---- | C] () -- C:\WINNT\ODBC.INI
[2008-04-02 11:58:57 | 001,200,128 | ---- | C] () -- C:\WINNT\System32\vorbis.dll
[2008-04-02 11:58:57 | 001,015,808 | ---- | C] () -- C:\WINNT\System32\vorbisenc.dll
[2008-04-02 11:58:57 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\vorbisfile.dll
[2008-04-02 11:58:57 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\ogg.dll
[2008-04-02 11:58:56 | 000,765,952 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2008-04-02 11:58:56 | 000,180,224 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2008-04-02 11:58:55 | 003,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
[2008-04-02 11:45:15 | 000,204,800 | R--- | C] () -- C:\WINNT\System32\igfxCoIn_v4785.dll
[2008-04-02 11:45:14 | 000,701,840 | R--- | C] () -- C:\WINNT\System32\igmedkrn.dll
[2005-08-03 11:40:16 | 000,005,632 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2005-02-24 17:56:45 | 000,000,547 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll.manifest
[2004-08-04 01:44:00 | 000,081,920 | ---- | C] () -- C:\WINNT\System32\ieencode.dll
[2004-07-17 12:36:38 | 000,027,440 | ---- | C] () -- C:\WINNT\System32\drivers\secdrv.sys
[2003-04-08 10:40:22 | 000,005,679 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
< End of report >
oluniaaa1
Forumowicz
Forumowicz
 
Posty: 8
Dołączenie: 09 Mar 2010, 15:55
Góra

GMER

Postprzez oluniaaa1 » 09 Mar 2010, 23:45

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-09 22:44:34
Windows 5.1.2600 Dodatek Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pxtdrpob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2040] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1772] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
oluniaaa1
Forumowicz
Forumowicz
 
Posty: 8
Dołączenie: 09 Mar 2010, 15:55
Góra

Re: prosze o sprawdzeniei loga OTL i o pomoc

Postprzez mateo8898 » 10 Mar 2010, 17:23

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

Do Avengera wklej:
Kod: Zaznacz wszystko
Files to delete:
C:\WINNT\system32\drivers\xdokzamn.sys
C:\WINNT\System32\fjhdyfhsn.bat
C:\Documents and Settings\Administrator\Dane aplikacji\rbuwzv.dat

Drivers to delete:
xdokzamn

klikasz Execute -> Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu wklej raport na forum C:\avenger.txt

Uruchom OTL -> w oknie Custom Scans/Fixes wklej:
:OTL
O4 - HKLM..\Run: [] File not found

:Files
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Kosong.Bron.Tok.txt
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\ListHost12.txt

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"WinampAgent"=-

:Commands
[resethosts]

Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL + nowy log z GMER
Awatar użytkownika
mateo8898
Moderator
Moderator
 
Posty: 15377
Dołączenie: 15 Maj 2009, 14:55
Pochwały: 966
Góra

Re: prosze o sprawdzeniei loga OTL i o pomoc

Postprzez oluniaaa1 » 10 Mar 2010, 23:17

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

http://www.wklej.eu/index.php?id=3352e06022

http://www.wklej.eu/index.php?id=aeabb12dd6

http://www.wklej.eu/index.php?id=75a563ba0b

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-10 22:01:20
Windows 5.1.2600 Dodatek Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pxtdrpob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[420] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1784] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CFE7774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
oluniaaa1
Forumowicz
Forumowicz
 
Posty: 8
Dołączenie: 09 Mar 2010, 15:55
Góra

Re: prosze o sprawdzeniei loga OTL i o pomoc

Postprzez mateo8898 » 10 Mar 2010, 23:21

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

Usunięte.

W OTL kliknij CleanUp

Przeczyść dysk oraz rejestr CCleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach -> Instrukcja

Wykonaj pełne skanowanie Malwarebytes' Anti-Malware - jeśli coś znajdzie usuń i daj raport

Zainstaluj SP3 -> http://www.instalki.pl/programy/downloa ... ack_3.html

Zaktualizuj IE do najnowszej wersji (nawet jeśli go nie używasz) -> http://www.instalki.pl/programy/downloa ... _8_XP.html

Zainstaluj tą poprawkę -> http://download.microsoft.com/download/ ... 86-PLK.exe
Awatar użytkownika
mateo8898
Moderator
Moderator
 
Posty: 15377
Dołączenie: 15 Maj 2009, 14:55
Pochwały: 966
Góra

Re: prosze o sprawdzeniei loga OTL i o pomoc

Postprzez oluniaaa1 » 11 Mar 2010, 15:39

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

dzieki wielkie za pomoc :)
pozdrawiam ola
oluniaaa1
Forumowicz
Forumowicz
 
Posty: 8
Dołączenie: 09 Mar 2010, 15:55
Góra

Re: prosze o sprawdzeniei loga OTL i o pomoc

Postprzez oluniaaa1 » 11 Mar 2010, 16:10

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

raport ze skanowania
(jeszcze znalazlo sie troche zainfekowanych plikow ale chyba wszystko usuniete)
jeszcze raz serdeczne dzieki teraz i komp lepiej wspolpracuje


Malwarebytes' Anti-Malware 1.44
Wersja bazy definicji: 3852
Windows 5.1.2600 Dodatek Service Pack 2
Internet Explorer 6.0.2900.2180

2010-03-11 15:08:19
mbam-log-2010-03-11 (15-08-19).txt

Typ skanowania: Pełne skanowanie (C:\|D:\|)
Przeskanowane obiekty: 174853
Upłynęło: 26 minute(s), 19 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 13
Zainfekowane wartości rejestru: 0
Zainfekowane pliki rejestru: 2
Zainfekowane foldery: 7
Zainfekowane pliki: 13

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-21cx1c643131} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-21cx1c643131} (Worm.AutoRun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.

Zainfekowane wartości rejestru:
(Nie wykryto groźnych plików)

Zainfekowane pliki rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Zainfekowane foldery:
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Zainfekowane pliki:
C:\Program Files\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\0080B4E9 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\0080BAC5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\0080BDB3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\0080BF59.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyGlobalSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
oluniaaa1
Forumowicz
Forumowicz
 
Posty: 8
Dołączenie: 09 Mar 2010, 15:55
Góra

Re: prosze o sprawdzeniei loga OTL i o pomoc

Postprzez mateo8898 » 11 Mar 2010, 16:12

PostUA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6

W porządku, możesz jeszcze opróżnić kwarantannę Malwarebytes. No i wykonaj pozostałe kroki.
Awatar użytkownika
mateo8898
Moderator
Moderator
 
Posty: 15377
Dołączenie: 15 Maj 2009, 14:55
Pochwały: 966
Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Zarejestrowani użytkownicy: Bing [Bot]

Switch to mobile style
Technologię dostarcza phpBB® Forum Software © phpBB Group
Profesjonalne polskie tłumaczenie phpBB3
Korzystanie z forum oznacza akceptację polityki prywatności
cron