Jak usunąć następujące trojany spowalniacze i szpiegi?

zglatty · 9 Maj 2010 19:53

Witam

Mam następujące trojany:

Generic Dropper.js.

Screen.Grab.J.exe

Sft.dez.Wien

Win64.BIT.Looker. exe

Komputer uległ infekcji wskutek mojego zezwolenia programowi sygate aby zadziałał czyli na moje własne życzenie lub przez mój brak wiedzy.

Ogólnie działanie komputera zostało spowolnione. Nie mogę niczego instalować straciłem Internet explorera (nie działa) na szczęście Firefox działa ale też dużo wolniej. W internecie piszą, że Screen Grab służy do śledzenia "działań’ użytkownika przez osobę postronną. Nie znam się za bardzo na komputerach i programach tym niemniej proszę o łopatologiczne wyjaśnienie jak usunąć wirusy. Nie mogę ściągnąć programu leczącego ani uruchomić ochrony proponowanej przez security Center Alert. Mam Windowsa XP i jeżeli ktoś miał do czynienia z podobnym przypadkiem i udało mu się z tego wyjść bez formatu dysku C proszę o pomoc.

Dzięki

deFco247 · 9 Maj 2010 20:00

Jeśli mowa tutaj o firewallu Sygate, to niestety ale to już jest program od dawien dawna nieaktualizowany, przez co dzisiaj jest dziurawy jak ser szwajcarski i nie jest odporny na żadne ataki. Odinstalować.

Pokaż logi z narzędzi OTL + GMER.

OTL ustawiasz jak na tym obrazku.

Klikasz Run Scan.

Pokazujesz dwa wynikowe logi OTL.txt + Extras.txt

(Na Windows Vista i 7 uruchamiamy programy z menu Uruchom jako Administrator… ).

Przed uruchomieniem powyższych narzędzi odinstaluj (jeśli posiadasz) wszelkie programy tworzące wirtualne napędy (Daemon Tools, Alcohol itp.) oraz usuń instalowany przez nie sterownik SPTD narzędziem SPTDInst z opcji Uninstall (jeśli będzie zszarzałe, to OK).

Zawartość logów wklejasz na wklej.org lub wklej.to, a w poście dajesz link.

zglatty · 11 Maj 2010 10:09

To jest wynik skanu za pomocą OTL. Nic nie ruszałem tylko w Custom Scans/Fixes wpisałem:

%systemdrive%*.*

/md5start

agp440.sys

atapi.sys

beep.sys

cdrom.sys

ndis.sys

winlogon.exe

userinit.exe

/md5stop

No i run scan

Wyniki, których nie rozumiem, zamieszczam poniżej

OTL logfile created on: 2010-05-11 11:57:49 - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\ZGlatty\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.11 Gb Total Space | 17.40 Gb Free Space | 46.89% Space Free | Partition Type: NTFS

Drive D: | 37.11 Gb Total Space | 24.57 Gb Free Space | 66.23% Space Free | Partition Type: NTFS

Drive E: | 37.11 Gb Total Space | 7.85 Gb Free Space | 21.15% Space Free | Partition Type: NTFS

Drive F: | 37.72 Gb Total Space | 21.87 Gb Free Space | 57.97% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 1.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ZBYSZEK

Current User Name: ZGlatty

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-05-11 11:46:11 | 000,570,880 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\ZGlatty\Desktop\OTL.exe

PRC - [2010-05-06 21:01:28 | 002,943,488 | ---- | M] () – C:\Documents and Settings\ZGlatty\Local Settings\Temp\m.2756.tmp.exe

PRC - [2010-05-05 09:07:29 | 000,151,040 | ---- | M] () – C:\Program Files\Common Files\Microsoft Shared\Speech\1033\WindowsTMOperating.exe

PRC - [2010-05-05 09:07:29 | 000,151,040 | ---- | M] () – C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\Resources\1045\ToolsTools.exe

PRC - [2010-05-05 09:07:29 | 000,151,040 | ---- | M] () – C:\Documents and Settings\ZGlatty\Local Settings\Temp\omccwq.exe

PRC - [2010-05-05 09:07:29 | 000,151,040 | ---- | M] () – C:\Program Files\Java\jre1.6.0_03\bin\javacplPlatform6.0.30.5.exe

PRC - [2010-05-05 09:07:29 | 000,151,040 | ---- | M] () – C:\Program Files\Adobe\Acrobat 4.0\Reader\CoolTypeAdobe.exe

PRC - [2008-12-20 15:52:41 | 007,678,568 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2008-08-18 13:25:10 | 000,468,224 | ---- | M] (ESET) – C:\Program Files\Eset\ESET NOD32 Antivirus\ekrn.exe

PRC - [2008-08-18 13:23:50 | 001,447,168 | ---- | M] (ESET) – C:\Program Files\Eset\ESET NOD32 Antivirus\egui.exe

PRC - [2008-04-14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2008-02-22 05:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

PRC - [2006-11-17 17:54:00 | 001,552,384 | ---- | M] (D-Link) – C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

PRC - [2006-06-29 18:34:20 | 000,049,152 | ---- | M] (Alpha Networks Inc.) – C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

PRC - [2005-08-11 16:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) – C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

PRC - [2005-02-02 06:51:00 | 000,826,916 | ---- | M] (C. Ghisler & Co.) – C:\totalcmd\TOTALCMD.EXE

PRC - [2004-11-15 12:20:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\SOUNDMAN.EXE

========== Modules (SafeList) ==========

MOD - [2010-05-11 11:46:11 | 000,570,880 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\ZGlatty\Desktop\OTL.exe

MOD - [2008-04-14 02:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] – -- (CLTNetCnService)

SRV - [2008-08-18 13:30:58 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] – C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe – (EhttpSrv)

SRV - [2008-08-18 13:25:10 | 000,468,224 | ---- | M] (ESET) [Auto | Running] – C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe – (ekrn)

SRV - [2006-07-03 16:22:58 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Stopped] – C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe – (ANIWZCSdService)

SRV - [2004-10-15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) [Auto | Stopped] – C:\Program Files\Sygate\SPF\Smc.exe – (SmcService)

========== Driver Services (SafeList) ==========

DRV - [2008-11-26 15:46:41 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\hamachi.sys – (hamachi)

DRV - [2008-08-18 13:27:42 | 000,034,312 | ---- | M] () [Kernel | System | Running] – C:\WINDOWS\system32\drivers\epfwtdir.sys – (epfwtdir)

DRV - [2008-08-18 13:19:26 | 000,053,256 | ---- | M] (ESET) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\easdrv.sys – (easdrv)

DRV - [2008-08-18 13:18:26 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\eamon.sys – (eamon)

DRV - [2005-12-11 12:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] – C:\WINDOWS\system32\ANIO.sys – (ANIO)

DRV - [2005-11-03 21:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Dr71WU.sys – (RT73)

DRV - [2005-05-14 13:41:28 | 000,017,408 | ---- | M] (Jacal Consulting) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\maplom.sys – (Maplom)

DRV - [2004-11-17 13:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ALCXWDM.SYS – (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004-10-15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] – C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys – (wg6n)

DRV - [2004-10-15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] – C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys – (wg5n)

DRV - [2004-10-15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] – C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys – (wg4n)

DRV - [2004-10-15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] – C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys – (wg3n)

DRV - [2004-10-15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\wpsdrvnt.sys – (wpsdrvnt)

DRV - [2004-10-15 18:17:02 | 000,060,496 | ---- | M] () [Kernel | Boot | Stopped] – C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys – (Teefer)

DRV - [2004-04-30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\a347bus.sys – (a347bus)

DRV - [2004-04-30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\a347scsi.sys – (a347scsi)

DRV - [2002-06-13 05:37:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\R8139n51.sys – (rtl8139)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU…\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…browser.startup.homepage: “http://pl.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pl:official”

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\Components: C:\Program Files\Mozilla Firefox\components [2008-12-20 15:52:42 | 000,000,000 | —D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-08 19:47:33 | 000,000,000 | —D | M]

[2008-09-12 09:47:10 | 000,000,000 | —D | M] – C:\Documents and Settings\ZGlatty\Application Data\Mozilla\Extensions

[2010-05-11 09:18:20 | 000,000,000 | —D | M] – C:\Documents and Settings\ZGlatty\Application Data\Mozilla\Firefox\Profiles\ikukhqp3.default\extensions

[2010-04-28 08:05:20 | 000,000,000 | —D | M] (Microsoft .NET Framework Assistant) – C:\Documents and Settings\ZGlatty\Application Data\Mozilla\Firefox\Profiles\ikukhqp3.default\extensions{20a82645-c095-46ed-80e3-08825760534b}

[2010-05-11 09:18:20 | 000,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions

[2008-10-03 10:40:47 | 000,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org

[2008-12-20 15:52:38 | 000,067,688 | ---- | M] (Mozilla Foundation) – C:\Program Files\Mozilla Firefox\components\jar50.dll

[2008-12-20 15:52:38 | 000,054,368 | ---- | M] (Mozilla Foundation) – C:\Program Files\Mozilla Firefox\components\jsd3250.dll

[2008-12-20 15:52:38 | 000,034,944 | ---- | M] (Mozilla Foundation) – C:\Program Files\Mozilla Firefox\components\myspell.dll

[2008-12-20 15:52:39 | 000,046,712 | ---- | M] (Mozilla Foundation) – C:\Program Files\Mozilla Firefox\components\spellchk.dll

[2008-12-20 15:52:39 | 000,172,136 | ---- | M] (Mozilla Foundation) – C:\Program Files\Mozilla Firefox\components\xpinstal.dll

[2007-12-16 23:54:35 | 000,468,480 | ---- | M] (Clickteam) – C:\Program Files\Mozilla Firefox\plugins\npcnc32.dll

[2008-02-19 18:23:28 | 000,120,296 | ---- | M] ( ) – C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll

[2006-06-03 18:39:49 | 000,000,904 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2008-06-07 02:50:04 | 000,001,419 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2007-03-31 19:10:44 | 000,000,926 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2006-06-03 18:39:49 | 000,000,866 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2008-03-29 23:06:54 | 000,001,198 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2007-01-05 13:40:09 | 000,001,693 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2004-08-04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O3 - HKLM…\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU…\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM…\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)

O4 - HKLM…\Run: [AutoRunGUIAutoRun71.0.107] C:\Documents and Settings\ZGlatty\Local Settings\Temp\omccwq.exe ()

O4 - HKLM…\Run: [CoolTypeAdobe] C:\Program Files\Adobe\Acrobat 4.0\Reader\CoolTypeAdobe.exe ()

O4 - HKLM…\Run: [CoolTypeCoolType] c:\Program Files\Adobe\Acrobat 4.0\Reader\CoolTypeAdobe.exe ()

O4 - HKLM…\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)

O4 - HKLM…\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM…\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)

O4 - HKLM…\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM…\Run: [McAfeeAutoRun] C:\Documents and Settings\ZGlatty\Local Settings\Temp\omccwq.exe ()

O4 - HKLM…\Run: [MicrosoftTools] c:\Program Files\Common Files\Microsoft Shared\MSDesigners98\Resources\1045\ToolsTools.exe ()

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM…\Run: [NWEReboot] File not found

O4 - HKLM…\Run: [Platformrmid6.0.30.5] c:\Program Files\Java\jre1.6.0_03\bin\javacplPlatform6.0.30.5.exe ()

O4 - HKLM…\Run: [schedulerverify6.0.30.5] C:\Program Files\Java\jre1.6.0_03\bin\javacplPlatform6.0.30.5.exe ()

O4 - HKLM…\Run: [smcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

O4 - HKLM…\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM…\Run: [systemOperating] c:\Program Files\Common Files\Microsoft Shared\Speech\1033\WindowsTMOperating.exe ()

O4 - HKLM…\Run: [ToolsMDT2FWUI] C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\Resources\1045\ToolsTools.exe ()

O4 - HKLM…\Run: [WindowsTMOperating] C:\Program Files\Common Files\Microsoft Shared\Speech\1033\WindowsTMOperating.exe ()

O4 - HKCU…\Run: [b8ehk7uwens8] C:\Documents and Settings\ZGlatty\Local Settings\Temp\m.2756.tmp.exe ()

O4 - HKCU…\Run: [Desktop Security 2010] C:\Documents and Settings\ZGlatty\Application Data\Desktop Security 2010\Desktop Security 2010.exe File not found

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKLM…\RunServices: [AcrobatCoolType4.05] C:\Program Files\Adobe\Acrobat 4.0\Reader\CoolTypeAdobe.exe ()

O4 - HKLM…\RunServices: [AutoRunAutoRunGUI] C:\Documents and Settings\ZGlatty\Local Settings\Temp\omccwq.exe ()

O4 - HKLM…\RunServices: [ContentDATsMcAfee] C:\Documents and Settings\ZGlatty\Local Settings\Temp\omccwq.exe ()

O4 - HKLM…\RunServices: [CtorSetup] c:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernelUser11.00.28844.exe ()

O4 - HKLM…\RunServices: [DWIntl20Microsoft] c:\Program Files\Common Files\Microsoft Shared\DW\1025\ReportingReporting11.0.6451.exe ()

O4 - HKLM…\RunServices: [MicrosoftDesign] C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\Resources\1045\ToolsTools.exe ()

O4 - HKLM…\RunServices: [MSVCR71Platform] C:\Program Files\Java\jre1.6.0_03\bin\javacplPlatform6.0.30.5.exe ()

O4 - HKLM…\RunServices: [WindowsTMSAPI5] C:\Program Files\Common Files\Microsoft Shared\Speech\1033\WindowsTMOperating.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki… - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O9 - Extra ‘Tools’ menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta … s-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta … s-i586.cab (Java Plug-in 1.5.0_09)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta … s-i586.cab (Java Plug-in 1.5.0_10)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta … s-i586.cab (Java Plug-in 1.5.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc … wflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} http://www.clickteam.com/vitalize3/vitalize.cab (Vitalize Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.21.99.95 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-15 10:17:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O32 - AutoRun File - [2005-10-18 23:01:12 | 000,000,000 | R–D | M] - I:\Autorun – [CDFS]

O32 - AutoRun File - [2005-10-15 08:42:09 | 000,253,952 | R— | M] (Firaxis Games) - I:\autorun.exe – [CDFS]

O32 - AutoRun File - [2005-10-15 08:42:09 | 000,004,118 | R— | M] () - I:\autorun.inf – [CDFS]

O33 - MountPoints2{279d8d6c-1e15-11df-b7e7-0022b0672ab8}\Shell\AutoRun\command - “” = t8s2x.exe

O33 - MountPoints2{279d8d6c-1e15-11df-b7e7-0022b0672ab8}\Shell\open\Command - “” = t8s2x.exe

O33 - MountPoints2{6ef34b37-4c91-11db-b38e-00138f5ce46f}\Shell\AutoRun\command - “” = t8s2x.exe

O33 - MountPoints2{6ef34b37-4c91-11db-b38e-00138f5ce46f}\Shell\open\Command - “” = t8s2x.exe

O33 - MountPoints2{ae1f98b2-2a8b-11df-b81f-0022b0672ab8}\Shell\AutoRun\command - “” = t8s2x.exe

O33 - MountPoints2{ae1f98b2-2a8b-11df-b81f-0022b0672ab8}\Shell\open\Command - “” = t8s2x.exe

O33 - MountPoints2\I\Shell - “” = AutoRun

O33 - MountPoints2\I\Shell\AutoRun - “” = Auto&Play

O33 - MountPoints2\I\Shell\AutoRun\command - “” = I:\autorun.exe – [2005-10-15 08:42:09 | 000,253,952 | R— | M] (Firaxis Games)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = comfile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2006-09-15 10:17:13 | 000,000,000 | —D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

========== Files/Folders - Created Within 30 Days ==========

[2010-05-11 11:45:41 | 000,570,880 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\ZGlatty\Desktop\OTL.exe

[2010-05-07 22:28:56 | 067,608,392 | ---- | C] (McAfee, Inc.) – C:\Documents and Settings\ZGlatty\Desktop\5975xdat.exe

[2010-05-07 13:06:05 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) – C:\Documents and Settings\ZGlatty\Desktop\mbam-setup(2).exe

[2010-05-07 13:04:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-05-07 13:04:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys

[2010-05-07 13:04:06 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010-05-07 13:04:05 | 000,000,000 | —D | C] – C:\Program Files\Malwarebytes’ Anti-Malware

[2010-05-07 13:01:46 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) – C:\Documents and Settings\ZGlatty\Desktop\mbam-setup.exe

[2010-05-07 11:55:29 | 000,000,000 | —D | C] – C:\KAV

[2010-05-06 19:30:18 | 026,194,520 | ---- | C] ( ) – C:\Documents and Settings\ZGlatty\Desktop\AdbeRdr930_pl_PL.exe

[2010-05-06 09:32:08 | 000,494,920 | ---- | C] (Microsoft Corporation) – C:\Documents and Settings\ZGlatty\Desktop\ie6setup.exe

[2010-05-06 09:27:17 | 014,794,272 | ---- | C] (Microsoft Corporation) – C:\Documents and Settings\ZGlatty\Desktop\IE7-WindowsXP-x86-plk.exe

[2010-05-06 09:24:34 | 017,037,680 | ---- | C] (Microsoft Corporation) – C:\Documents and Settings\ZGlatty\Desktop\IE8-WindowsXP-x86-PLK.exe

[2006-10-04 15:33:39 | 000,160,640 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\a347bus.sys

[2006-10-04 15:33:39 | 000,005,248 | ---- | C] ( ) – C:\WINDOWS\System32\drivers\a347scsi.sys

[7 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files - Modified Within 30 Days ==========

[2010-05-11 11:54:59 | 000,002,515 | ---- | M] () – C:\Documents and Settings\ZGlatty\Desktop\Microsoft Word.lnk

[2010-05-11 11:46:11 | 000,570,880 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\ZGlatty\Desktop\OTL.exe

[2010-05-11 09:02:27 | 000,003,284 | ---- | M] () – C:\WINDOWS\System32\ANIWZCS{A770542A-468A-4889-B064-A3025589C637}

[2010-05-11 09:02:04 | 000,000,008 | ---- | M] () – C:\WINDOWS\System32\ANIWZCSUSERNAME{A770542A-468A-4889-B064-A3025589C637}

[2010-05-11 09:01:56 | 000,000,007 | ---- | M] () – C:\WINDOWS\System32\ANIWZCSUSERNAME

[2010-05-11 09:00:55 | 000,012,598 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2010-05-11 09:00:48 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2010-05-11 08:40:02 | 004,194,304 | -H-- | M] () – C:\Documents and Settings\ZGlatty\NTUSER.DAT

[2010-05-11 08:40:02 | 000,000,178 | -HS- | M] () – C:\Documents and Settings\ZGlatty\ntuser.ini

[2010-05-07 22:33:52 | 067,608,392 | ---- | M] (McAfee, Inc.) – C:\Documents and Settings\ZGlatty\Desktop\5975xdat.exe

[2010-05-07 13:05:56 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) – C:\Documents and Settings\ZGlatty\Desktop\mbam-setup(2).exe

[2010-05-07 13:04:37 | 000,000,696 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Malwarebytes’ Anti-Malware.lnk

[2010-05-07 13:02:46 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) – C:\Documents and Settings\ZGlatty\Desktop\mbam-setup.exe

[2010-05-07 12:00:01 | 009,228,440 | ---- | M] () – C:\Documents and Settings\ZGlatty\Desktop\spf.exe

[2010-05-07 09:01:28 | 000,098,532 | ---- | M] () – C:\Documents and Settings\ZGlatty\Desktop\Komunikat.pdf

[2010-05-06 22:01:21 | 000,000,709 | ---- | M] () – C:\WINDOWS\unins000.dat

[2010-05-06 19:32:08 | 026,194,520 | ---- | M] ( ) – C:\Documents and Settings\ZGlatty\Desktop\AdbeRdr930_pl_PL.exe

[2010-05-06 09:32:34 | 000,000,859 | ---- | M] () – C:\WINDOWS\Active Setup Log.BAK

[2010-05-06 09:32:15 | 000,494,920 | ---- | M] (Microsoft Corporation) – C:\Documents and Settings\ZGlatty\Desktop\ie6setup.exe

[2010-05-06 09:28:16 | 014,794,272 | ---- | M] (Microsoft Corporation) – C:\Documents and Settings\ZGlatty\Desktop\IE7-WindowsXP-x86-plk.exe

[2010-05-06 09:25:42 | 017,037,680 | ---- | M] (Microsoft Corporation) – C:\Documents and Settings\ZGlatty\Desktop\IE8-WindowsXP-x86-PLK.exe

[2010-05-05 22:08:47 | 002,672,312 | ---- | M] () – C:\Documents and Settings\ZGlatty\Desktop\esetsmartinstaller_plk.exe

[2010-05-05 09:53:39 | 000,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT

[2010-05-05 09:13:00 | 000,001,036 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-05-05 08:19:34 | 000,001,032 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-05-04 10:51:37 | 000,000,116 | ---- | M] () – C:\WINDOWS\NeroDigital.ini

[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys

[2010-04-14 15:45:45 | 000,001,374 | ---- | M] () – C:\WINDOWS\imsins.BAK

[7 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files Created - No Company Name ==========

[2010-05-07 13:04:37 | 000,000,696 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\Malwarebytes’ Anti-Malware.lnk

[2010-05-07 11:59:21 | 009,228,440 | ---- | C] () – C:\Documents and Settings\ZGlatty\Desktop\spf.exe

[2010-05-07 09:01:27 | 000,098,532 | ---- | C] () – C:\Documents and Settings\ZGlatty\Desktop\Komunikat.pdf

[2010-05-06 22:01:19 | 000,000,709 | ---- | C] () – C:\WINDOWS\unins000.dat

[2010-05-05 22:08:35 | 002,672,312 | ---- | C] () – C:\Documents and Settings\ZGlatty\Desktop\esetsmartinstaller_plk.exe

[2010-05-05 09:56:14 | 000,003,284 | ---- | C] () – C:\WINDOWS\System32\ANIWZCS{A770542A-468A-4889-B064-A3025589C637}

[2010-01-23 15:34:13 | 000,049,152 | ---- | C] () – C:\WINDOWS\System32\JJAKEn.dll

[2009-07-30 15:10:43 | 000,001,931 | ---- | C] () – C:\WINDOWS\ISISAIHP.INI

[2009-07-30 15:10:43 | 000,001,018 | ---- | C] () – C:\WINDOWS\ISISAIM.INI

[2008-08-18 13:27:42 | 000,034,312 | ---- | C] () – C:\WINDOWS\System32\drivers\epfwtdir.sys

[2008-05-27 10:51:49 | 000,000,008 | ---- | C] () – C:\WINDOWS\mapy.ini

[2008-04-21 18:17:35 | 000,000,126 | ---- | C] () – C:\WINDOWS\rajd.ini

[2008-04-08 10:12:27 | 000,002,516 | -HS- | C] () – C:\WINDOWS\System32\KGyGaAvL.sys

[2008-03-26 15:15:50 | 000,000,200 | ---- | C] () – C:\WINDOWS\wcp.ini

[2008-03-20 15:06:27 | 000,000,492 | ---- | C] () – C:\WINDOWS\MAXLINK.INI

[2008-03-12 15:16:25 | 000,000,059 | ---- | C] () – C:\WINDOWS\wininit.ini

[2007-12-11 17:32:54 | 000,000,024 | ---- | C] () – C:\WINDOWS\words2.ini

[2007-09-21 16:04:19 | 000,000,014 | ---- | C] () – C:\WINDOWS\words.ini

[2007-05-23 18:54:36 | 000,000,132 | ---- | C] () – C:\WINDOWS\winamp.ini

[2007-05-02 11:29:49 | 000,000,131 | ---- | C] () – C:\WINDOWS\chess.ini

[2007-03-22 21:23:33 | 000,000,013 | ---- | C] () – C:\WINDOWS\vfill.ini

[2006-10-24 10:31:58 | 000,000,235 | ---- | C] () – C:\WINDOWS\civ.ini

[2006-10-04 15:31:57 | 000,347,136 | ---- | C] () – C:\WINDOWS\System32\binkw32.dll

[2006-10-04 15:31:33 | 000,176,128 | ---- | C] () – C:\WINDOWS\System32\boost_python-vc71-mt-1_32.dll

[2006-09-28 14:37:44 | 000,001,217 | ---- | C] () – C:\WINDOWS\CHEMDRAW.INI

[2006-09-22 13:57:09 | 000,000,116 | ---- | C] () – C:\WINDOWS\NeroDigital.ini

[2006-09-21 14:37:57 | 000,152,064 | ---- | C] () – C:\WINDOWS\System32\unrar.dll

[2006-09-21 14:37:57 | 000,019,968 | ---- | C] () – C:\WINDOWS\System32\cpuinf32.dll

[2006-09-21 14:37:54 | 000,761,856 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll

[2006-09-20 10:07:05 | 000,001,212 | ---- | C] () – C:\WINDOWS\Vitalize.ini

[2006-09-18 11:21:52 | 000,004,830 | ---- | C] () – C:\WINDOWS\cncscore.ini

[2006-09-18 11:09:39 | 000,060,496 | ---- | C] () – C:\WINDOWS\System32\drivers\Teefer.sys

[2006-09-18 10:46:08 | 000,004,598 | ---- | C] () – C:\WINDOWS\gfscore.ini

[2006-09-15 15:17:33 | 000,000,063 | ---- | C] () – C:\WINDOWS\mdm.ini

[2006-09-15 15:17:28 | 000,000,000 | ---- | C] () – C:\WINDOWS\NSREX.INI

[2006-09-15 12:52:24 | 000,000,164 | ---- | C] () – C:\WINDOWS\avrack.ini

[2006-09-15 12:52:19 | 000,156,672 | ---- | C] () – C:\WINDOWS\System32\RTLCPAPI.dll

[2006-09-15 12:41:37 | 000,002,652 | ---- | C] () – C:\WINDOWS\Ascd_tmp.ini

[2006-09-15 12:41:36 | 000,005,824 | ---- | C] () – C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2006-09-15 11:51:33 | 000,000,520 | ---- | C] () – C:\WINDOWS\ODBC.INI

[2004-10-15 18:31:56 | 000,218,264 | ---- | C] () – C:\WINDOWS\System32\SetAid.dll

[2002-07-09 17:49:25 | 000,286,208 | ---- | C] () – C:\WINDOWS\System32\cncs232.dll

[1999-01-22 21:46:58 | 000,065,536 | ---- | C] () – C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========

< %systemdrive%*.* >

[2006-09-15 10:17:52 | 000,000,000 | ---- | M] () – C:\AUTOEXEC.BAT

[2006-09-15 10:11:47 | 000,000,211 | -HS- | M] () – C:\boot.ini

[2006-09-15 10:17:52 | 000,000,000 | ---- | M] () – C:\CONFIG.SYS

[2006-09-15 10:17:52 | 000,000,000 | RHS- | M] () – C:\IO.SYS

[2010-04-06 16:15:58 | 000,317,407 | ---- | M] () – C:\log.txt

[2009-11-06 14:49:10 | 000,128,880 | ---- | M] () – C:\mksbasel.cpp.log

[2006-09-15 10:17:52 | 000,000,000 | RHS- | M] () – C:\MSDOS.SYS

[2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () – C:\NTDETECT.COM

[2008-09-12 12:17:17 | 000,250,048 | RHS- | M] () – C:\ntldr

[2010-05-11 09:00:46 | 390,070,272 | -HS- | M] () – C:\pagefile.sys

[2007-11-07 11:08:54 | 000,005,172 | ---- | M] () – C:\PERF.LOG

[2006-09-22 13:03:09 | 000,048,462 | ---- | M] () – C:\theLog.txt

[2010-01-23 15:13:14 | 000,046,106 | -H-- | M] () – C:\treeinfo.wc

[2008-09-24 16:50:20 | 000,000,336 | ---- | M] () – C:\wyniki.ini

< MD5 for: AGP440.SYS >

[2004-08-04 14:00:00 | 018,738,937 | ---- | M] () .cab file – C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys

[2008-09-12 12:10:02 | 023,852,652 | ---- | M] () .cab file – C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys

[2008-09-12 12:10:02 | 023,852,652 | ---- | M] () .cab file – C:\WINDOWS\ServicePackFiles\i386\sp3.cab:agp440.sys

[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 – C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 – C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >

[2004-08-04 14:00:00 | 018,738,937 | ---- | M] () .cab file – C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008-09-12 12:10:02 | 023,852,652 | ---- | M] () .cab file – C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008-09-12 12:10:02 | 023,852,652 | ---- | M] () .cab file – C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 – C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 – C:\WINDOWS$NtServicePackUninstall$\atapi.sys

[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 – C:\WINDOWS\system32\drivers\atapi.sys

[2004-08-04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 – C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 – C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: BEEP.SYS >

[2004-08-04 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 – C:\WINDOWS\system32\dllcache\beep.sys

[2004-08-04 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 – C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: CDROM.SYS >

[2004-08-04 14:00:00 | 018,738,937 | ---- | M] () .cab file – C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys

[2008-09-12 12:10:02 | 023,852,652 | ---- | M] () .cab file – C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys

[2008-09-12 12:10:02 | 023,852,652 | ---- | M] () .cab file – C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys

[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE – C:\WINDOWS\ServicePackFiles\i386\cdrom.sys

[2008-04-13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE – C:\WINDOWS\system32\drivers\cdrom.sys

[2004-08-04 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 – C:\WINDOWS$NtServicePackUninstall$\cdrom.sys

< MD5 for: NDIS.SYS >

[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D – C:\WINDOWS\ServicePackFiles\i386\ndis.sys

[2008-04-13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D – C:\WINDOWS\system32\drivers\ndis.sys

[2004-08-04 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E – C:\WINDOWS$NtServicePackUninstall$\ndis.sys

< MD5 for: USERINIT.EXE >

[2004-08-04 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF – C:\WINDOWS$NtServicePackUninstall$\userinit.exe

[2008-04-14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 – C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008-04-14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 – C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004-08-04 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE – C:\WINDOWS$NtServicePackUninstall$\winlogon.exe

[2008-04-14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E – C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008-04-14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E – C:\WINDOWS\system32\winlogon.exe

< End of report >

Jeśli ten raport jest w czymś pomocny w sensie znajduje rozwiązania na trojany bądź je eliminuje daj znać proszę

deFco247 · 11 Maj 2010 12:49

Nie wklejaj logów na forum, tylko na podane wcześniej przeze mnie strony.

Poza tym nie wstawiłeś loga GMER , a on jest tutaj konieczny, gdyż syfu jest tutaj jak na karanie boskie. Przed tym koniecznie pozbądź się emulatorów napędów wirtualnych, bo widzę tutaj ich sterowniki:

W białe dolne okno Custom Scans/Fixes w OTL wklej:

:Processes kilallprocesses :OTL O4 - HKLM…\Run: [AutoRunGUIAutoRun71.0.107] C:\Documents and Settings\ZGlatty\Local Settings\Temp\omccwq.exe () O4 - HKLM…\Run: [CoolTypeAdobe] C:\Program Files\Adobe\Acrobat 4.0\Reader\CoolTypeAdobe.exe () O4 - HKLM…\Run: [CoolTypeCoolType] c:\Program Files\Adobe\Acrobat 4.0\Reader\CoolTypeAdobe.exe ()O4 - HKLM…\Run: [McAfeeAutoRun] C:\Documents and Settings\ZGlatty\Local Settings\Temp\omccwq.exe () O4 - HKLM…\Run: [MicrosoftTools] c:\Program Files\Common Files\Microsoft Shared\MSDesigners98\Resources\1045\ToolsTools.exe ()O4 - HKLM…\Run: [Platformrmid6.0.30.5] c:\Program Files\Java\jre1.6.0_03\bin\javacplPlatform6.0.30.5.exe () O4 - HKLM…\Run: [schedulerverify6.0.30.5] C:\Program Files\Java\jre1.6.0_03\bin\javacplPlatform6.0.30.5.exe ()O4 - HKLM…\Run: [systemOperating] c:\Program Files\Common Files\Microsoft Shared\Speech\1033\WindowsTMOperating.exe () O4 - HKLM…\Run: [ToolsMDT2FWUI] C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\Resources\1045\ToolsTools.exe () O4 - HKLM…\Run: [WindowsTMOperating] C:\Program Files\Common Files\Microsoft Shared\Speech\1033\WindowsTMOperating.exe () O4 - HKCU…\Run: [b8ehk7uwens8] C:\Documents and Settings\ZGlatty\Local Settings\Temp\m.2756.tmp.exe () O4 - HKCU…\Run: [Desktop Security 2010] C:\Documents and Settings\ZGlatty\Application Data\Desktop Security 2010\Desktop Security 2010.exe File not foundO4 - HKLM…\RunServices: [AcrobatCoolType4.05] C:\Program Files\Adobe\Acrobat 4.0\Reader\CoolTypeAdobe.exe () O4 - HKLM…\RunServices: [AutoRunAutoRunGUI] C:\Documents and Settings\ZGlatty\Local Settings\Temp\omccwq.exe () O4 - HKLM…\RunServices: [ContentDATsMcAfee] C:\Documents and Settings\ZGlatty\Local Settings\Temp\omccwq.exe () O4 - HKLM…\RunServices: [CtorSetup] c:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernelUser11.00.28844.exe () O4 - HKLM…\RunServices: [DWIntl20Microsoft] c:\Program Files\Common Files\Microsoft Shared\DW\1025\ReportingReporting11.0.6451.exe () O4 - HKLM…\RunServices: [MicrosoftDesign] C:\Program Files\Common Files\Microsoft Shared\MSDesigners98\Resources\1045\ToolsTools.exe () O4 - HKLM…\RunServices: [MSVCR71Platform] C:\Program Files\Java\jre1.6.0_03\bin\javacplPlatform6.0.30.5.exe () O4 - HKLM…\RunServices: [WindowsTMSAPI5] C:\Program Files\Common Files\Microsoft Shared\Speech\1033\WindowsTMOperating.exe () :Reg [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{279d8d6c-1e15-11df-b7e7-0022b0672ab8}] :Commands [emptytemp] [start explorer] [Reboot]

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania (raport, który wyskoczy po usuwaniu OTL-em) oraz nowy log robiony opcją Run Scan.

Usuń z systemu nieaktualizowane i nieodporne na wszelkie ataki Sygate Firewall. Niczego innego nie instaluj.