Hej pomóżcie Avast wywala mi Win32:Kamso [Trj] i nie mogę się go pozbyć chociaż usunąłem już wszystko.
A oto log: http://www.wklej.org/id/129919/
OTL logfile created on: 2009-08-03 17:36:47 - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Administrator\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1023,48 Mb Total Physical Memory | 633,57 Mb Available Physical Memory | 61,90% Memory free
2,40 Gb Paging File | 2,05 Gb Available in Paging File | 85,18% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,50 Gb Total Space | 12,35 Gb Free Space | 60,25% Space Free | Partition Type: FAT32
Drive D: | 54,01 Gb Total Space | 40,40 Gb Free Space | 74,80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BO-CB8BF92D48C3
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009-02-05 22:01:26 | 00,018,752 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-07-15 20:40:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006-08-11 15:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\System32\nvsvc32.exe
PRC - [2005-01-28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004-08-03 22:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\Explorer.EXE
PRC - [2003-08-15 09:34:50 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003-10-31 19:42:40 | 00,032,768 | ---- | M] (Cyberlink Corp.) – C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2009-02-05 22:08:46 | 00,081,000 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-07-15 20:40:18 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-07-24 17:56:34 | 00,908,280 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-08-03 17:35:42 | 00,514,048 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Administrator\Pulpit\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2009-02-05 22:01:26 | 00,018,752 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe – (aswUpdSv [Auto | Running])
SRV - [2009-02-05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashServ.exe – (avast! Antivirus [Auto | Running])
SRV - [2009-02-05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe – (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009-02-05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe – (avast! Web Scanner [On_Demand | Stopped])
SRV - [2007-01-04 03:40:22 | 00,136,120 | ---- | M] (Google) – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe – (gusvc [On_Demand | Stopped])
SRV - [2004-08-04 00:44:08 | 00,038,912 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll – (helpsvc [Auto | Running])
SRV - [2009-07-15 20:40:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe – (JavaQuickStarterService [Auto | Running])
SRV - [2006-08-11 15:42:50 | 00,155,715 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\System32\nvsvc32.exe – (NVSvc [Auto | Running])
SRV - [2005-01-28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\wdfmgr.exe – (UMWdf [Auto | Running])
========== Driver Services (SafeList) ==========
DRV - [2009-02-05 22:05:12 | 00,026,944 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aavmker4.sys – (Aavmker4 [system | Running])
DRV - [2003-08-14 17:16:38 | 00,404,736 | ---- | M] (Sensaura Ltd) – C:\WINDOWS\System32\drivers\ALCXSENS.SYS – (ALCXSENS [On_Demand | Running])
DRV - [2003-08-15 09:53:12 | 00,462,684 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\System32\drivers\ALCXWDM.SYS – (ALCXWDM [On_Demand | Running])
DRV - [2009-02-05 22:07:12 | 00,020,560 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys – (aswFsBlk [Auto | Running])
DRV - [2009-02-05 22:08:10 | 00,094,032 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon2.sys – (aswMon2 [Auto | Running])
DRV - [2009-02-05 22:06:10 | 00,023,152 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswRdr.sys – (aswRdr [On_Demand | Running])
DRV - [2009-02-05 22:07:24 | 00,114,768 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSP.sys – (aswSP [system | Running])
DRV - [2009-02-05 22:06:20 | 00,051,376 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswTdi.sys – (aswTdi [system | Running])
DRV - [2004-08-03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\System32\DRIVERS\gameenum.sys – (gameenum [On_Demand | Running])
DRV - [2003-04-03 01:54:16 | 00,020,648 | R— | M] (Thomson Inc.) – C:\WINDOWS\System32\DRIVERS\netrcacm.sys – (netrcacm [On_Demand | Running])
DRV - [2006-08-11 15:42:42 | 03,958,496 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\System32\DRIVERS\nv4_mini.sys – (nv [On_Demand | Running])
DRV - [2003-03-19 09:51:00 | 00,018,688 | R— | M] (NVIDIA Corporation) – C:\WINDOWS\system32\DRIVERS\nv_agp.sys – (nv_agp [boot | Running])
DRV - [2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) – C:\WINDOWS\System32\DRIVERS\ptilink.sys – (Ptilink [On_Demand | Running])
DRV - [2008-11-20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) – C:\WINDOWS\system32\DRIVERS\PxHelp20.sys – (PxHelp20 [boot | Running])
DRV - [2004-07-17 09:36:38 | 00,027,440 | ---- | M] () – C:\WINDOWS\System32\DRIVERS\secdrv.sys – (Secdrv [On_Demand | Stopped])
DRV - [2001-08-17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) – C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS – (SONYPVU1 [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl … ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl … r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl … r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl … r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://interia.pl/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
========== FireFox ==========
FF - prefs.js…browser.startup.homepage: “interia.pl”
FF - prefs.js…extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js…extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - HKLM\software\mozilla\Firefox\extensions\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-07-15 20:40:18 | 00,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\Components: C:\Program Files\Mozilla Firefox\components [2009-07-15 00:55:42 | 00,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-07-15 00:55:42 | 00,000,000 | —D | M]
[2009-07-15 00:56:08 | 00,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions
[2009-07-15 00:56:08 | 00,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Extensions{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-07-15 00:56:08 | 00,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\mozilla\Firefox\Profiles\bjy264ls.default\extensions
[2009-07-15 00:55:42 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions
[2009-07-15 00:55:42 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-07-15 20:40:28 | 00,000,000 | —D | M] – C:\Program Files\mozilla firefox\extensions{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009-07-24 17:56:34 | 00,023,544 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-07-24 17:56:34 | 00,137,208 | ---- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-07-15 20:40:18 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009-02-27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) – C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009-07-24 17:56:36 | 00,065,016 | ---- | M] (mozilla.org) – C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009-06-24 14:27:28 | 00,002,767 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2009-06-24 14:27:28 | 00,001,406 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2009-06-24 14:27:28 | 00,002,371 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-06-24 14:27:28 | 00,000,917 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2009-06-24 14:27:28 | 00,000,858 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2009-06-24 14:27:28 | 00,001,183 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2009-06-24 14:27:28 | 00,001,683 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU…\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM…\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM…\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM…\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM…\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM…\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM…\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU…\Run: [AdobeUpdater6] C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM…Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl … rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.238.0.5 158.75.33.142
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-07-02 20:26:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [FAT32]
O32 - AutoRun File - [2009-08-03 17:17:42 | 00,000,063 | RHS- | M] () - C:\autorun.inf – [FAT32]
O32 - AutoRun File - [2009-08-03 17:17:40 | 00,000,063 | RHS- | M] () - D:\autorun.inf – [NTFS]
O33 - MountPoints2{155e9b44-7afc-11de-8434-c5841c494cc7}\Shell\AutoRun\command - “” = F:\mb9x.exe – File not found
O33 - MountPoints2{155e9b44-7afc-11de-8434-c5841c494cc7}\Shell\open\Command - “” = F:\mb9x.exe – File not found
O33 - MountPoints2{7686ee00-79fb-11de-842e-abaacf688ec7}\Shell\AutoRun\command - “” = F:\ukfbi3aw.exe – File not found
O33 - MountPoints2{7686ee00-79fb-11de-842e-abaacf688ec7}\Shell\open\Command - “” = F:\ukfbi3aw.exe – File not found
O33 - MountPoints2{8bf030dd-6743-11de-b9c0-806d6172696f}\Shell\AutoRun\command - “” = C:\ukfbi3aw.exe – [2009-08-03 14:13:44 | 00,107,841 | RHS- | M] ()
O33 - MountPoints2{8bf030dd-6743-11de-b9c0-806d6172696f}\Shell\open\Command - “” = C:\ukfbi3aw.exe – [2009-08-03 14:13:44 | 00,107,841 | RHS- | M] ()
O33 - MountPoints2{8bf030de-6743-11de-b9c0-806d6172696f}\Shell\AutoRun\command - “” = D:\ukfbi3aw.exe – [2009-08-03 14:13:44 | 00,107,841 | RHS- | M] ()
O33 - MountPoints2{8bf030de-6743-11de-b9c0-806d6172696f}\Shell\open\Command - “” = D:\ukfbi3aw.exe – [2009-08-03 14:13:44 | 00,107,841 | RHS- | M] ()
O33 - MountPoints2{994706a4-6f1b-11de-83f0-8d2411182bc1}\Shell\AutoRun\command - “” = F:\p.exe – File not found
O33 - MountPoints2{994706a4-6f1b-11de-83f0-8d2411182bc1}\Shell\open\Command - “” = F:\p.exe – File not found
O33 - MountPoints2{bcb5e250-7db6-11de-844c-8dfbdb726ec6}\Shell\AutoRun\command - “” = F:\mb9x.exe – File not found
O33 - MountPoints2{bcb5e250-7db6-11de-844c-8dfbdb726ec6}\Shell\open\Command - “” = F:\mb9x.exe – File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[43 C:\WINDOWS\System32*.tmp files]
[3 C:\WINDOWS*.tmp files]
[2009-08-03 17:35:52 | 00,514,048 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\Administrator\Pulpit\OTL.exe
[2009-08-03 17:16:27 | 00,318,369 | ---- | C] () – C:\Documents and Settings\Administrator\Pulpit\HiJackThis.zip
[2009-08-03 13:11:00 | 00,000,063 | RHS- | C] () – C:\autorun.inf
[2009-08-03 12:45:16 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-08-02 22:17:53 | 00,107,841 | RHS- | C] () – C:\ukfbi3aw.exe
[2009-08-01 21:18:48 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Pulpit\ślub III
[2009-08-01 08:55:00 | 00,107,994 | RHS- | C] () – C:\6rxt26.exe
[2009-07-29 20:32:22 | 00,107,843 | RHS- | C] () – C:\rx.exe
[2009-07-28 21:46:49 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Pulpit\ślub II
[2009-07-28 00:14:08 | 00,000,049 | ---- | C] () – C:\WINDOWS\NeroDigital.ini
[2009-07-27 22:15:32 | 00,000,000 | —D | C] – C:\Program Files\Common Files\SWF Studio
[2009-07-27 22:15:29 | 00,000,000 | -HSD | C] – C:\Documents and Settings\Administrator\Dane aplikacji.#
[2009-07-27 11:06:26 | 00,000,000 | -HSD | C] – C:\FOUND.001
[2009-07-26 17:17:02 | 00,000,570 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Picasa 3.lnk
[2009-07-26 17:01:04 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google
[2009-07-25 12:08:48 | 00,108,044 | RHS- | C] () – C:\xs6kpr0.exe
[2009-07-25 12:06:16 | 00,000,000 | -H-D | C] – C:\WINDOWS$MSI31Uninstall_KB893803v2$
[2009-07-25 12:06:03 | 00,000,000 | —D | C] – C:\WINDOWS\System32\PreInstall
[2009-07-25 12:00:54 | 00,000,000 | —D | C] – C:\WINDOWS\System32\SoftwareDistribution
[2009-07-24 20:48:50 | 05,886,064 | -H-- | C] () – C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-07-24 19:56:16 | 00,299,008 | ---- | C] () – C:\Documents and Settings\Administrator\Pulpit\bestplayer1.0.exe
[2009-07-24 18:49:04 | 00,000,000 | -HSD | C] – C:\FOUND.000
[2009-07-24 18:31:22 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Pulpit\APARAT
[2009-07-21 23:28:45 | 00,000,000 | —D | C] – C:\WINDOWS\Sun
[2009-07-17 00:42:13 | 00,000,014 | ---- | C] () – C:\Documents and Settings\All Users\Dane aplikacji\AdobeUpdater6.rbt
[2009-07-17 00:39:04 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Adobe
[2009-07-17 00:37:46 | 00,001,633 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-07-17 00:37:41 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Adobe
[2009-07-17 00:37:36 | 00,000,000 | —D | C] – C:\Program Files\Common Files\Adobe
[2009-07-17 00:37:36 | 00,000,000 | —D | C] – C:\Program Files\Adobe
[2009-07-15 20:40:14 | 00,000,000 | —D | C] – C:\Program Files\Java
[2009-07-15 20:38:01 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Dane aplikacji\Sun
[2009-07-15 01:08:19 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie
[2009-07-15 00:55:53 | 00,000,000 | ---- | C] () – C:\WINDOWS\nsreg.dat
[2009-07-15 00:55:49 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla
[2009-07-15 00:55:49 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla
[2009-07-15 00:55:44 | 00,001,506 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2009-07-15 00:55:40 | 00,000,000 | —D | C] – C:\Program Files\Mozilla Firefox
[2009-07-15 00:55:24 | 08,824,216 | ---- | C] (Mozilla) – C:\Documents and Settings\Administrator\Pulpit\Firefox Setup 3.5.exe
[2009-07-15 00:49:16 | 00,000,230 | ---- | C] () – C:\WINDOWS\System32\spupdsvc.inf
[2009-07-14 09:54:06 | 00,324,608 | ---- | C] () – C:\Documents and Settings\Administrator\Pulpit\VIII_2009_IC,ICJ.xls.xls
[2009-07-13 21:38:13 | 00,001,236 | ---- | C] () – C:\WINDOWS\bestplayer.ini
[2009-07-13 21:38:13 | 00,000,068 | ---- | C] () – C:\WINDOWS\bestplayer.bpp
[2009-07-13 21:38:13 | 00,000,000 | ---- | C] () – C:\WINDOWS\bestplayer.bbt
[2009-07-13 10:32:55 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Pulpit\ślub
[2009-07-13 10:30:40 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Dane aplikacji\Ahead
[2009-07-12 21:40:42 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Pulpit\ślub dzien 2
[2009-07-12 21:01:05 | 00,000,000 | —D | C] – C:\WINDOWS\System32\LogFiles
[2009-07-12 12:24:33 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Pulpit\ślub dzien 1
[2009-07-08 20:35:43 | 00,000,000 | —D | C] – C:\WINDOWS\WBEM
[2009-07-08 20:35:43 | 00,000,000 | —D | C] – C:\WINDOWS\System32\pl-pl
[2009-07-08 20:34:42 | 00,000,000 | —D | C] – C:\WINDOWS\ie7
[2009-07-08 20:34:31 | 00,000,000 | -H-D | C] – C:\WINDOWS$NtServicePackUninstallIDNMitigationAPIs$
[2009-07-08 20:34:18 | 00,000,000 | -H-D | C] – C:\WINDOWS$NtServicePackUninstallNLSDownlevelMapping$
[2009-07-08 20:33:53 | 00,000,000 | -H-D | C] – C:\WINDOWS$hf_mig$
[2009-07-08 13:27:08 | 00,000,000 | -HSD | C] – C:\WINDOWS\CSC
[2009-07-08 12:21:27 | 00,000,000 | ---- | C] () – C:\testwma.raw
[2009-07-08 11:27:37 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Moje dokumenty\My Music
[2009-07-08 11:09:38 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Moje dokumenty\My Received Files
[2009-07-08 11:09:38 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Moje dokumenty\BearShare
[2009-07-08 11:09:36 | 00,076,407 | ---- | C] () – C:\Documents and Settings\Administrator\Dane aplikacji\Smiley.ico
[2009-07-08 11:09:34 | 00,000,705 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\BearShare.lnk
[2009-07-08 11:07:53 | 00,000,000 | —D | C] – C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\BearShare
[2009-07-08 11:07:52 | 00,483,328 | ---- | C] (SoftShape Development) – C:\WINDOWS\System32\actskn45.ocx
[2009-07-08 11:07:49 | 00,000,000 | —D | C] – C:\Program Files\BearShare Applications
[2009-07-08 11:00:39 | 00,000,000 | —D | C] – C:\WINDOWS\Cache
[2009-07-08 10:59:41 | 00,000,000 | —D | C] – C:\Program Files\Google
[2009-07-08 10:59:37 | 00,000,000 | —D | C] – C:\Program Files\Picasa2
[2009-07-05 19:50:37 | 00,034,816 | ---- | C] () – C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-03 08:58:30 | 00,000,192 | ---- | C] () – C:\WINDOWS\winamp.ini
[2009-07-02 21:11:08 | 00,000,133 | ---- | C] () – C:\WINDOWS\ODBC.INI
[2009-07-02 20:36:49 | 00,000,164 | ---- | C] () – C:\WINDOWS\avrack.ini
[2006-08-11 15:45:20 | 00,581,632 | ---- | C] () – C:\WINDOWS\System32\nvhwvid.dll
[2006-08-11 15:43:10 | 00,196,608 | ---- | C] () – C:\WINDOWS\System32\nvapi.dll
[2006-08-11 15:43:00 | 01,662,976 | ---- | C] () – C:\WINDOWS\System32\nvwdmcpl.dll
[2006-08-11 15:43:00 | 01,470,464 | ---- | C] () – C:\WINDOWS\System32\nview.dll
[2006-08-11 15:43:00 | 01,019,904 | ---- | C] () – C:\WINDOWS\System32\nvwimg.dll
[2006-08-11 15:43:00 | 00,466,944 | ---- | C] () – C:\WINDOWS\System32\nvshell.dll
[2006-08-11 15:43:00 | 00,286,720 | ---- | C] () – C:\WINDOWS\System32\nvnt4cpl.dll
[2004-07-17 09:36:38 | 00,027,440 | ---- | C] () – C:\WINDOWS\System32\drivers\secdrv.sys
[2002-10-06 19:42:58 | 00,237,568 | ---- | C] () – C:\WINDOWS\System32\OggDS.dll
[2002-10-05 00:04:26 | 00,921,600 | ---- | C] () – C:\WINDOWS\System32\VorbisEnc.dll
[2002-10-05 00:04:26 | 00,188,416 | ---- | C] () – C:\WINDOWS\System32\vorbis.dll
[2002-10-05 00:04:18 | 00,045,056 | ---- | C] () – C:\WINDOWS\System32\ogg.dll
[2001-07-22 00:16:20 | 00,000,477 | ---- | C] () – C:\WINDOWS\win.ini
[2001-07-22 00:15:52 | 00,000,227 | ---- | C] () – C:\WINDOWS\system.ini
========== Files - Modified Within 30 Days ==========
[43 C:\WINDOWS\System32*.tmp files]
[3 C:\WINDOWS*.tmp files]
[2009-08-03 17:35:42 | 00,514,048 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Administrator\Pulpit\OTL.exe
[2009-08-03 17:17:42 | 00,000,063 | RHS- | M] () – C:\autorun.inf
[2009-08-03 16:17:58 | 00,081,191 | ---- | M] () – C:\WINDOWS\System32\nvapps.xml
[2009-08-03 16:09:46 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT
[2009-08-03 16:09:42 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2009-08-03 16:08:56 | 05,886,064 | -H-- | M] () – C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2009-08-03 14:13:44 | 00,107,841 | RHS- | M] () – C:\ukfbi3aw.exe
[2009-08-03 14:02:48 | 00,318,369 | ---- | M] () – C:\Documents and Settings\Administrator\Pulpit\HiJackThis.zip
[2009-08-01 21:54:38 | 00,000,000 | ---- | M] () – C:\testwma.raw
[2009-08-01 08:54:34 | 00,107,994 | RHS- | M] () – C:\6rxt26.exe
[2009-07-31 17:46:46 | 00,000,192 | ---- | M] () – C:\WINDOWS\winamp.ini
[2009-07-30 20:03:44 | 00,107,843 | RHS- | M] () – C:\rx.exe
[2009-07-28 14:01:40 | 00,034,816 | ---- | M] () – C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-28 13:42:26 | 00,001,633 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2009-07-28 00:14:14 | 00,000,049 | ---- | M] () – C:\WINDOWS\NeroDigital.ini
[2009-07-26 17:17:04 | 00,000,570 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Picasa 3.lnk
[2009-07-25 13:52:30 | 00,108,044 | RHS- | M] () – C:\xs6kpr0.exe
[2009-07-25 12:06:06 | 00,001,374 | ---- | M] () – C:\WINDOWS\imsins.BAK
[2009-07-25 11:59:56 | 00,000,477 | ---- | M] () – C:\WINDOWS\win.ini
[2009-07-25 11:59:56 | 00,000,227 | ---- | M] () – C:\WINDOWS\system.ini
[2009-07-25 11:59:56 | 00,000,211 | -HS- | M] () – C:\boot.ini
[2009-07-24 19:57:44 | 00,001,236 | ---- | M] () – C:\WINDOWS\bestplayer.ini
[2009-07-24 19:57:44 | 00,000,068 | ---- | M] () – C:\WINDOWS\bestplayer.bpp
[2009-07-24 19:57:44 | 00,000,000 | ---- | M] () – C:\WINDOWS\bestplayer.bbt
[2009-07-18 16:03:56 | 00,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2009-07-17 00:42:14 | 00,000,014 | ---- | M] () – C:\Documents and Settings\All Users\Dane aplikacji\AdobeUpdater6.rbt
[2009-07-15 00:55:54 | 00,000,000 | ---- | M] () – C:\WINDOWS\nsreg.dat
[2009-07-15 00:55:46 | 00,001,506 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk
[2009-07-15 00:54:14 | 08,824,216 | ---- | M] (Mozilla) – C:\Documents and Settings\Administrator\Pulpit\Firefox Setup 3.5.exe
[2009-07-15 00:49:18 | 00,000,230 | ---- | M] () – C:\WINDOWS\System32\spupdsvc.inf
[2009-07-14 09:54:10 | 00,324,608 | ---- | M] () – C:\Documents and Settings\Administrator\Pulpit\VIII_2009_IC,ICJ.xls.xls
[2009-07-08 11:09:36 | 00,000,705 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\BearShare.lnk
========== LOP Check ==========
[2009-07-02 20:17:58 | 00,000,000 | RH-D | M] – C:\Documents and Settings\All Users\Dane aplikacji
[2009-07-02 20:56:52 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\Ahead
[2009-07-02 20:52:34 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
[2009-08-03 12:45:16 | 00,000,000 | —D | M] – C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-07-02 20:17:58 | 00,000,000 | RH-D | M] – C:\Documents and Settings\Administrator\Dane aplikacji
[2009-07-27 22:15:30 | 00,000,000 | -HSD | M] – C:\Documents and Settings\Administrator\Dane aplikacji.#
[2009-07-13 10:30:42 | 00,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\Ahead
[2009-07-03 09:06:36 | 00,000,000 | —D | M] – C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu
[2001-07-22 02:17:50 | 00,000,065 | RH-- | M] () – C:\WINDOWS\Tasks\desktop.ini
[2009-08-03 16:09:46 | 00,000,006 | -H-- | M] () – C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
< End of report >
– Dodane 03.08.2009 (Pn) 17:40 –
Sfiksowałem
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
Wklej w oknie Custom Scans/Fixes wklej :
Kliknij Run Fix.
Daj log z usuwania i nowy log z OTL
Przecierz ty nic nie fiksowałeś 
Pomyłka to nie ten log zaraz wkleje dobre 
– Dodane 03.08.2009 (Pn) 17:54 –
Log z usuwania: http://www.wklej.org/id/129927/
i nowy log z OTL:http://www.wklej.org/id/129929/
Wylecz pendrive lub karte pamięci Flash Disinfector
Wyłącz i włącz przywracanie systemu
Daj log z pełnego skanowania Malwarebytes Anti-Malware
Usuń śmieci i wyczyść rejestr CCleaner’em
Daj raport z pełnego skanowania Dr.Web CureIt! (Plik Zapisz Listę Raportu)
Przede wszystkim w OTL kliknij CleanUp.
jasio więcej staranności tu nie ilość się liczy tylko jakość
Otwórz notatnik i wklej
zapisz jako plik.reg >> wszystkie pliki
powstanie plik o takiej ikonie
w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart
usuń pliki
mogą być ukryte
Leon$ zrobiłem wszystko według twoich zaleceń jednak nie mogę nigdzie znaleźć
mogą być ukryte
Dalej masz te pliki:
Panel Sterowania -> Opcje folderów -> Widok -> odznacz Ukryj chronione pliki systemu operacyjnego i zaznacz Pokaż ukryte pliki i foldery.
Powinieneś teraz je zobaczyć.
Nie działa, nie chce w ogóle pokazywać ukrytych plików.
Pobierz The Avenger
Skopiuj do niego :
Wciskasz Execute potwierdzasz restart . Na koniec kasujesz ręcznie plik C:\Avenger\backup.zip
Dalej masz infekcję w rootach dysków.
Wklej w OTL:
Run Fix. Restart, jeśli będzie potrzebny.
Po tym log z usuwania oraz nowy OTL.txt.
Teraz w końcu tego nie ma.
W OTL kliknij CleanUp.
Wyczyść rejestr i dysk CCleaner.
Usuń zbędniki z autostartu.
Wykonaj pełny skan DR WEB CureIt.
Gdy będą wirusy pokaż raport.