Nye22, brak antywira i skanu od roku. Zamuła

system · 5 Grudzień 2009 21:37

To co w temacie, w autostarcie mam dziwny, nieusuwalny proces nye22, i w zwiazku z tym jestem pewny ze to syf. W dodatku od ok 1,5 roku nie uzywam antywirusa i nie skanowałem komputera. I komp też zamula. Prosze o pokazanie co do wywalania, co by komp szybciej chodzil, oraz o opis tego co wywalam. Jezeli cos jest ani zle ani dobre, a mozna wywalic, ale nie trzeba - napiszcie ze opcjonalnie i co to. xP

Hijackthis:

http://wklej.org/id/226307/

Silent Runners:

http://wklej.org/id/226350/

sobo44 · 5 Grudzień 2009 22:01

:o rozumiem ,że starałeś się przez 1,5 roku korzystać z głową , lecz kiedyś musiały problemy nadejść , więc:

zainstaluj AV , z mojej strony polecam Avire Free lub Avasta (oczywiście dobrze skonfigurowane) , jeżeli nie chcesz tego uczynić ,to przeskanuj tym : http://www.eset.pl/onlinescan , następnie poczytaj tutaj: http://www.searchengines.pl/Optymalizac … t5989.html

jessica · 5 Grudzień 2009 22:02

Daj log z OTL

jessi

system · 5 Grudzień 2009 23:18

Ok, antywirus kilka wykryl, a w tym kilka w pamieci operacyjnej. Zabieram sie za szukanie antywira xD

Optymalizowac bd za chwilke xP

Log tutaj, z tym ze zamiast file age 30 days, dalem 90 days. xD

http://wklej.org/id/226441/

jessica · 6 Grudzień 2009 07:42

To daję do usuwania na podstawie: http://www.prevx.com/filenames/1148613286410324780-X1/TIBIA800.EXE.html

Stan: Malicious Software

Data jest identyczna z datą pozozostałej infekcji.

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

:OTL PRC - [2009-11-27 17:15:24 | 00,421,376 | -HS- | M] ( ) – c:\ref.com PRC - [2009-11-24 22:12:45 | 00,018,432 | ---- | M] () – C:\Documents and Settings\Gawron\Menu Start\Programy\Autostart\nye22.exe O4 - Startup: C:\Documents and Settings\Gawron\Menu Start\Programy\Autostart\nye22.dll () O4 - Startup: C:\Documents and Settings\Gawron\Menu Start\Programy\Autostart\nye22.exe () O4 - HKLM…\Run: [sac] c:\ref.com ( ) O33 - MountPoints2{e56846af-b4c8-11de-b18a-001a4d9d6c70}\Shell\AutoRun\command - “” = K:\scvhost.exe – File not found [2009-11-26 23:01:08 | 00,000,090 | -HS- | M] () – C:\1.ini [2009-11-24 22:28:35 | 00,000,000 | ---- | C] () – C:\Documents and Settings\Gawron\tibia800.exe :Files C:\Documents and Settings\Gawron\Menu Start\Programy\Autostart\nye22.exe c:\ref.com C:\Documents and Settings\Gawron\Menu Start\Programy\Autostart\nye22.dll :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{37B85A21-692B-4205-9CAD-2626E4993404}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{37B85A21-692B-4205-9CAD-2626E4993404}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{37B85A29-692B-4205-9CAD-2626E4993404}”=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{37B85A29-692B-4205-9CAD-2626E4993404}”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EF99BD32-C1FB-11D2-892F-0090271D4F88}”=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EF99BD32-C1FB-11D2-892F-0090271D4F88}”=- :Commands [emptytemp] [Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.

Pokaż nowy log OTL.txt oraz log z czyszczenia.

jessi

system · 6 Grudzień 2009 16:57

OTL logfile created on: 2009-12-06 17:55:53 - Run 2 OTL by OldTimer - Version 3.1.11.7 Folder = D:\Program\OTL Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 71,86% Memory free 3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,53% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 6,61 Gb Free Space | 33,84% Space Free | Partition Type: NTFS Drive D: | 126,96 Gb Total Space | 45,24 Gb Free Space | 35,63% Space Free | Partition Type: NTFS Drive E: | 86,39 Gb Total Space | 47,87 Gb Free Space | 55,42% Space Free | Partition Type: NTFS Drive F: | 4,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: GAWRON Current User Name: Gawron Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009-12-06 00:13:40 | 00,536,576 | ---- | M] (OldTimer Tools) – D:\Program\OTL\OTL.exe PRC - [2009-11-30 20:33:40 | 03,181,456 | ---- | M] (Xfire Inc.) – D:\Program\Xfire\xfire.exe PRC - [2009-11-04 16:27:40 | 00,602,112 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\system32\ati2evxx.exe PRC - [2009-10-30 16:35:11 | 0a0,189,104 | ---- | M] () – C:\WINDOWS\system32\PnkBstrB.exe PRC - [2009-10-28 19:26:13 | 00,307,704 | ---- | M] (Mozilla Corporation) – D:\Program\Mozilla Firefox\firefox.exe PRC - [2009-09-02 14:27:36 | 25,623,336 | R— | M] (Skype Technologies S.A.) – D:\Program\Skype\Phone\Skype.exe PRC - [2009-08-31 17:07:34 | 11,391,592 | ---- | M] (GG Network S.A.) – D:\Program\Nowe Gadu-Gadu\gg.exe PRC - [2008-11-23 15:13:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2008-11-10 16:00:07 | 00,599,592 | ---- | M] (LogMeIn Inc.) – D:\Program\Hamachi\hamachi.exe PRC - [2008-04-14 21:51:52 | 00,013,824 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\wscntfy.exe PRC - [2008-04-14 21:51:18 | 01,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe PRC - [2008-02-27 19:12:58 | 17,508,864 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\RTHDCPL.EXE PRC - [2008-02-18 22:03:35 | 00,075,064 | ---- | M] () – C:\WINDOWS\system32\PnkBstrA.exe PRC - [2007-09-18 15:16:16 | 00,171,464 | ---- | M] (DT Soft Ltd.) – D:\Program\DAEMON Tools\daemon.exe ========== Modules (SafeList) ========== MOD - [2009-12-06 00:13:40 | 00,536,576 | ---- | M] (OldTimer Tools) – D:\Program\OTL\OTL.exe MOD - [2009-11-30 20:33:48 | 00,914,320 | ---- | M] (Xfire Inc.) – D:\Program\Xfire\xfire_toucan_40405.dll MOD - [2008-04-14 21:51:00 | 00,024,064 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\wsock32.dll MOD - [2006-12-10 22:32:12 | 00,348,160 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\system32\msvcr71.dll ========== Win32 Services (SafeList) ========== SRV - [2009-11-08 18:03:39 | 00,655,624 | ---- | M] (Acresso Software Inc.) – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service) SRV - [2009-11-04 16:27:40 | 00,602,112 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\system32\ati2evxx.exe – (Ati HotKey Poller) SRV - [2009-10-30 16:35:11 | 00,189,104 | ---- | M] () – C:\WINDOWS\system32\PnkBstrB.exe – (PnkBstrB) SRV - [2008-11-23 15:13:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe – (JavaQuickStarterService) SRV - [2008-09-23 21:05:00 | 00,593,920 | ---- | M] () – C:\WINDOWS\system32\ati2sgag.exe – (ATI Smart) SRV - [2008-02-18 22:03:35 | 00,075,064 | ---- | M] () – C:\WINDOWS\system32\PnkBstrA.exe – (PnkBstrA) SRV - [2006-10-27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) – C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe – (Microsoft Office Groove Audit Service) SRV - [2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) – C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE – (odserv) SRV - [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) – C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE – (ose) SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe – (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2009-11-04 17:15:30 | 04,423,168 | ---- | M] (ATI Technologies Inc.) – C:\WINDOWS\system32\drivers\ati2mtag.sys – (ati2mtag) DRV - [2009-04-28 21:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) – C:\WINDOWS\System32\Drivers\PxHelp20.sys – (PxHelp20) DRV - [2008-12-14 16:01:38 | 00,717,296 | ---- | M] () – C:\WINDOWS\System32\Drivers\sptd.sys – (sptd) DRV - [2008-11-10 16:04:29 | 00,015,600 | ---- | M] (Windows ® 2000 DDK provider) – C:\WINDOWS\gdrv.sys – (gdrv) DRV - [2008-11-10 16:00:07 | 00,017,480 | ---- | M] (LogMeIn, Inc.) – C:\WINDOWS\system32\drivers\hamachi.sys – (hamachi) DRV - [2008-05-02 07:48:55 | 00,062,208 | ---- | M] (Silicon Image, Inc.) – C:\WINDOWS\system32\drivers\si3112.sys – (Si3112) DRV - [2008-05-02 07:48:37 | 00,105,344 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\system32\drivers\nvatabus.sys – (nvatabus) DRV - [2008-04-13 21:09:18 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) – C:\WINDOWS\system32\drivers\secdrv.sys – (Secdrv) DRV - [2008-04-13 21:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) – C:\WINDOWS\system32\drivers\hdaudbus.sys – (HDAudBus) DRV - [2008-02-27 19:12:59 | 05,028,352 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008-02-27 19:12:58 | 01,389,056 | ---- | M] (Creative Technology Ltd.) – C:\WINDOWS\system32\drivers\Monfilt.sys – (Monfilt) DRV - [2008-02-27 19:12:57 | 01,684,736 | ---- | M] (Creative) – C:\WINDOWS\system32\drivers\Ambfilt.sys – (Ambfilt) DRV - [2007-06-29 14:47:34 | 00,034,304 | ---- | M] (AMD, Inc.) – C:\WINDOWS\system32\drivers\AmdLLD.sys – (AmdLLD) DRV - [2006-11-27 16:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\system32\drivers\nvnetbus.sys – (nvnetbus) DRV - [2006-11-27 16:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\system32\drivers\NVENETFD.sys – (NVENETFD) DRV - [2006-10-18 16:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\system32\DRIVERS\nvata.sys – (nvata) DRV - [2006-07-01 23:32:26 | 00,043,520 | ---- | M] (Advanced Micro Devices) – C:\WINDOWS\system32\drivers\AmdK8.sys – (AmdK8) DRV - [2005-02-23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) – C:\WINDOWS\system32\drivers\afc.sys – (Afc) DRV - [2001-08-17 22:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) – C:\WINDOWS\system32\drivers\ptilink.sys – (Ptilink) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 ========== FireFox ========== FF - prefs.js…browser.startup.homepage: “http://www.google.pl/ig?hl=pl” FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js…extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24 FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\Components: D:\Program\Mozilla Firefox\components [2009-11-24 23:35:53 | 00,000,000 | —D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\Plugins: D:\Program\Mozilla Firefox\plugins [2009-11-24 23:35:54 | 00,000,000 | —D | M] [2008-10-30 20:45:51 | 00,000,000 | —D | M] – C:\Documents and Settings\Gawron\Dane aplikacji\Mozilla\Extensions [2009-12-05 19:15:47 | 00,000,000 | —D | M] – C:\Documents and Settings\Gawron\Dane aplikacji\Mozilla\Firefox\Profiles\u0x0lhd6.default\extensions [2009-06-15 19:33:38 | 00,000,000 | —D | M] – C:\Documents and Settings\Gawron\Dane aplikacji\Mozilla\Firefox\Profiles\u0x0lhd6.default\extensions\NPDyyno@dyyno.com O1 HOSTS File: (55 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (YouTube To ALLPlayer) - {61DB16C5-B733-43F4-872E-B20DC9E72740} - D:\Program\AllPlayer\YouTubeToALLPlayer.dll (ALLPlayer.org) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Gawron\Dane aplikacji\Nowe Gadu-Gadu_userdata\ggbho.1.dll (GG Network S.A.) O4 - HKLM…\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM…\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM…\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKCU…\Run: [DAEMON Tools] D:\Program\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKCU…\Run: [Nowe Gadu-Gadu] D:\Program\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) O4 - HKCU…\Run: [skype] D:\Program\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Hamachi.lnk = D:\Program\Hamachi\hamachi.exe (LogMeIn Inc.) O4 - Startup: C:\Documents and Settings\Gawron\Menu Start\Programy\Autostart\Xfire.lnk = D:\Program\Xfire\xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra ‘Tools’ menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ … mv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_10) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.159.1 194.204.152.34 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-10-30 20:03:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] – “%1” %* O35 - exefile [open] – “%1” %* ========== Files/Folders - Created Within 30 Days ========== [2009-12-05 02:55:26 | 00,000,000 | RH-D | C] – C:\Documents and Settings\Gawron\Recent [2009-11-28 03:39:53 | 00,000,000 | —D | C] – C:\Documents and Settings\Gawron\Dane aplikacji\Tibia [2009-11-27 17:40:02 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2009-11-27 16:42:46 | 03,526,656 | ---- | C] (Advanced Micro Devices Inc.) – C:\WINDOWS\System32\aticaldd.dll [2009-11-27 16:42:46 | 00,118,784 | ---- | C] (Advanced Micro Devices, Inc.) – C:\WINDOWS\System32\atibtmon.exe [2009-11-27 16:42:46 | 00,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) – C:\WINDOWS\System32\atimpc32.dll [2009-11-27 16:42:46 | 00,045,056 | ---- | C] (Advanced Micro Devices Inc.) – C:\WINDOWS\System32\aticalrt.dll [2009-11-27 16:42:46 | 00,045,056 | ---- | C] (Advanced Micro Devices Inc.) – C:\WINDOWS\System32\aticalcl.dll [2009-11-27 16:41:47 | 00,000,000 | —D | C] – C:\Program Files\ATI [2009-11-27 16:41:24 | 00,000,000 | —D | C] – C:\Program Files\ATI Technologies [2009-11-25 13:01:44 | 00,000,000 | —D | C] – C:\WINDOWS\Prefetch [2009-11-25 00:06:41 | 00,000,000 | —D | C] – C:\WINDOWS\System32\bits [2009-11-25 00:04:03 | 00,000,000 | -H-D | C] – C:\WINDOWS$NtServicePackUninstall$ [2009-11-24 23:28:47 | 00,000,000 | —D | C] – C:\Program Files\Common Files\Real [2009-11-24 23:28:47 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Real [2009-11-24 23:28:36 | 00,000,000 | —D | C] – C:\Documents and Settings\Gawron\Dane aplikacji\Real [2009-11-14 22:04:00 | 00,034,304 | ---- | C] (AMD, Inc.) – C:\WINDOWS\System32\drivers\AmdLLD.sys [2009-11-14 14:20:15 | 00,000,000 | R–D | C] – C:\Documents and Settings\Gawron\Moje dokumenty\Moje obrazy [2009-11-14 11:57:02 | 00,000,000 | R–D | C] – C:\Documents and Settings\All Users\Dokumenty\Moja muzyka [2009-11-14 00:00:10 | 00,000,000 | —D | C] – C:\WINDOWS\ServicePackFiles [2009-11-13 14:02:59 | 00,000,000 | -H-D | C] – C:\WINDOWS$hf_mig$ [2009-11-08 18:13:48 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet [2009-11-08 18:03:39 | 00,000,000 | —D | C] – C:\Program Files\Common Files\Macrovision Shared ========== Files - Modified Within 30 Days ========== [2009-12-06 17:55:22 | 13,369,344 | ---- | M] () – C:\Documents and Settings\Gawron\ntuser.dat [2009-12-06 17:07:09 | 00,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl [2009-12-06 17:07:09 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT [2009-12-06 17:07:08 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat [2009-12-05 19:22:22 | 00,012,152 | ---- | M] () – C:\Documents and Settings\Gawron\Moje dokumenty\config.dat [2009-12-05 02:55:30 | 00,000,188 | -HS- | M] () – C:\Documents and Settings\Gawron\ntuser.ini [2009-12-05 02:55:24 | 04,307,874 | -H-- | M] () – C:\Documents and Settings\Gawron\Ustawienia lokalne\Dane aplikacji\IconCache.db [2009-12-05 01:53:01 | 00,103,936 | ---- | M] () – C:\Documents and Settings\Gawron\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-12-04 18:02:16 | 00,000,069 | ---- | M] () – C:\WINDOWS\NeroDigital.ini [2009-12-02 19:06:11 | 00,000,768 | ---- | M] () – C:\Documents and Settings\Gawron\Pulpit\baldies.lnk [2009-12-02 19:06:00 | 00,000,443 | ---- | M] () – C:\WINDOWS\baldies.ini [2009-11-30 20:33:46 | 00,041,872 | ---- | M] () – C:\WINDOWS\System32\xfcodec.dll [2009-11-30 19:34:24 | 00,000,561 | ---- | M] () – C:\Documents and Settings\Gawron\Pulpit\DOSBox.lnk [2009-11-28 18:52:59 | 00,006,502 | ---- | M] () – C:\Documents and Settings\Gawron\Moje dokumenty\tibiaAuto.cfg.Gawron.xml [2009-11-28 18:35:18 | 00,000,565 | ---- | M] () – C:\Documents and Settings\Gawron\Pulpit\tibiaauto.lnk [2009-11-28 16:16:55 | 00,000,000 | ---- | M] () – C:\Documents and Settings\Gawron\DNBk1.mp3 [2009-11-28 03:46:49 | 00,000,508 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Tibia.lnk [2009-11-28 03:43:30 | 00,000,518 | ---- | M] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Hamachi.lnk [2009-11-28 01:39:11 | 00,000,848 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk [2009-11-27 16:18:58 | 00,070,024 | ---- | M] () – C:\Documents and Settings\Gawron\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2009-11-27 15:19:06 | 02,140,816 | ---- | M] () – C:\WINDOWS\System32\FNTCACHE.DAT [2009-11-27 01:08:57 | 00,001,393 | ---- | M] () – C:\WINDOWS\imsins.BAK [2009-11-24 23:36:48 | 00,001,280 | ---- | M] () – C:\WINDOWS\bestplayer.ini [2009-11-24 23:36:48 | 00,000,437 | ---- | M] () – C:\WINDOWS\bestplayer.bbt [2009-11-24 23:36:48 | 00,000,053 | ---- | M] () – C:\WINDOWS\bestplayer.bpp [2009-11-24 23:30:08 | 00,000,025 | ---- | M] () – C:\WINDOWS\cdplayer.ini [2009-11-24 22:51:59 | 00,000,000 | ---- | M] () – C:\Documents and Settings\Gawron\ipchanger 8.1.rar [2009-11-23 22:46:28 | 00,000,000 | ---- | M] () – C:\Documents and Settings\Gawron\błędy aplikacja.JPG [2009-11-22 01:04:48 | 00,054,156 | -H-- | M] () – C:\WINDOWS\QTFont.qfn [2009-11-14 22:04:10 | 00,000,553 | RHS- | M] () – C:\boot.ini [2009-11-13 15:18:00 | 00,000,702 | ---- | M] () – C:\Documents and Settings\Gawron\Pulpit\Call of Duty Modern Warfare 2.lnk [2009-11-13 15:18:00 | 00,000,702 | ---- | M] () – C:\Documents and Settings\Gawron\Pulpit\Call of Duty Modern Warfare 2 - Multiplayer.lnk [2009-11-08 18:09:26 | 00,000,684 | ---- | M] () – C:\Documents and Settings\Gawron\Pulpit\Adobe Photoshop CS4.lnk ========== Files Created - No Company Name ========== [2009-12-05 19:22:22 | 00,012,152 | ---- | C] () – C:\Documents and Settings\Gawron\Moje dokumenty\config.dat [2009-12-02 19:06:11 | 00,000,768 | ---- | C] () – C:\Documents and Settings\Gawron\Pulpit\baldies.lnk [2009-12-02 18:54:53 | 00,000,443 | ---- | C] () – C:\WINDOWS\baldies.ini [2009-11-30 20:33:46 | 00,041,872 | ---- | C] () – C:\WINDOWS\System32\xfcodec.dll [2009-11-30 19:34:24 | 00,000,561 | ---- | C] () – C:\Documents and Settings\Gawron\Pulpit\DOSBox.lnk [2009-11-28 18:42:14 | 00,006,502 | ---- | C] () – C:\Documents and Settings\Gawron\Moje dokumenty\tibiaAuto.cfg.Gawron.xml [2009-11-28 18:35:18 | 00,000,565 | ---- | C] () – C:\Documents and Settings\Gawron\Pulpit\tibiaauto.lnk [2009-11-28 16:16:55 | 00,000,000 | ---- | C] () – C:\Documents and Settings\Gawron\DNBk1.mp3 [2009-11-28 03:46:49 | 00,000,508 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Tibia.lnk [2009-11-28 03:43:30 | 00,000,518 | ---- | C] () – C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Hamachi.lnk [2009-11-28 01:39:11 | 00,000,848 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Tibia MULTI-IP Changer.lnk [2009-11-24 23:30:08 | 00,000,025 | ---- | C] () – C:\WINDOWS\cdplayer.ini [2009-11-24 22:51:59 | 00,000,000 | ---- | C] () – C:\Documents and Settings\Gawron\ipchanger 8.1.rar [2009-11-23 22:46:28 | 00,000,000 | ---- | C] () – C:\Documents and Settings\Gawron\błędy aplikacja.JPG [2009-11-13 23:59:50 | 00,001,393 | ---- | C] () – C:\WINDOWS\imsins.BAK [2009-11-13 15:18:00 | 00,000,702 | ---- | C] () – C:\Documents and Settings\Gawron\Pulpit\Call of Duty Modern Warfare 2 - Multiplayer.lnk [2009-11-13 15:17:59 | 00,000,702 | ---- | C] () – C:\Documents and Settings\Gawron\Pulpit\Call of Duty Modern Warfare 2.lnk [2009-11-10 22:57:04 | 00,000,679 | ---- | C] () – C:\Documents and Settings\Gawron\Pulpit\CoD4 Single.lnk [2009-11-08 18:16:43 | 00,000,684 | ---- | C] () – C:\Documents and Settings\Gawron\Pulpit\Adobe Photoshop CS4.lnk [2009-10-11 13:50:49 | 00,363,520 | ---- | C] () – C:\WINDOWS\System32\psisdecd.dll [2009-10-10 23:02:48 | 00,162,304 | ---- | C] () – C:\WINDOWS\System32\ztvunrar36.dll [2009-10-10 23:02:48 | 00,153,088 | ---- | C] () – C:\WINDOWS\System32\UNRAR3.dll [2009-10-10 23:02:48 | 00,077,312 | ---- | C] () – C:\WINDOWS\System32\ztvunace26.dll [2009-10-10 23:02:48 | 00,075,264 | ---- | C] () – C:\WINDOWS\System32\unacev2.dll [2009-06-03 14:21:00 | 00,000,082 | ---- | C] () – C:\WINDOWS\mafosav.INI [2009-05-15 15:44:18 | 00,000,491 | ---- | C] () – C:\WINDOWS\Instit.ini [2009-01-25 16:36:38 | 00,258,048 | ---- | C] () – C:\WINDOWS\System32\libFLAC.dll [2009-01-25 16:35:25 | 00,560,802 | ---- | C] () – C:\WINDOWS\System32\libmplayer.dll [2009-01-25 16:35:20 | 00,145,609 | ---- | C] () – C:\WINDOWS\System32\libmpeg2_ff.dll [2009-01-25 16:35:19 | 04,302,881 | ---- | C] () – C:\WINDOWS\System32\libavcodec.dll [2009-01-25 16:34:42 | 00,093,184 | ---- | C] () – C:\WINDOWS\System32\ff_wmv9.dll [2009-01-25 16:34:41 | 00,113,152 | ---- | C] () – C:\WINDOWS\System32\ff_unrar.dll [2009-01-25 16:34:39 | 00,183,296 | ---- | C] () – C:\WINDOWS\System32\ff_samplerate.dll [2009-01-25 16:34:37 | 00,178,688 | ---- | C] () – C:\WINDOWS\System32\ff_libmad.dll [2009-01-25 16:34:35 | 00,485,888 | ---- | C] () – C:\WINDOWS\System32\ff_libfaad2.dll [2009-01-25 16:34:31 | 00,257,024 | ---- | C] () – C:\WINDOWS\System32\ff_libdts.dll [2009-01-25 16:34:28 | 00,142,848 | ---- | C] () – C:\WINDOWS\System32\ff_liba52.dll [2009-01-25 16:34:27 | 00,237,568 | ---- | C] () – C:\WINDOWS\System32\OggDS.dll [2009-01-25 16:34:24 | 00,921,600 | ---- | C] () – C:\WINDOWS\System32\vorbisenc.dll [2009-01-25 16:34:15 | 00,188,416 | ---- | C] () – C:\WINDOWS\System32\vorbis.dll [2009-01-25 16:34:13 | 00,045,056 | ---- | C] () – C:\WINDOWS\System32\ogg.dll [2009-01-25 16:33:54 | 00,009,216 | ---- | C] () – C:\WINDOWS\System32\cpuinf32.dll [2009-01-13 18:43:41 | 00,164,352 | ---- | C] () – C:\WINDOWS\System32\unrar.dll [2009-01-13 18:43:41 | 00,000,038 | ---- | C] () – C:\WINDOWS\avisplitter.ini [2009-01-13 18:43:39 | 03,596,288 | ---- | C] () – C:\WINDOWS\System32\qt-dx331.dll [2009-01-13 18:43:39 | 02,041,363 | ---- | C] () – C:\WINDOWS\System32\x264vfw.dll [2009-01-13 18:43:39 | 00,795,648 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll [2009-01-13 18:43:39 | 00,130,048 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll [2009-01-13 18:43:38 | 00,007,680 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll [2009-01-13 18:43:38 | 00,000,547 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll.manifest [2008-12-15 18:49:59 | 01,867,776 | ---- | C] () – C:\WINDOWS\python24.dll [2008-12-06 12:25:42 | 00,000,097 | ---- | C] () – C:\WINDOWS\System32\PICSDK.ini [2008-11-08 23:09:16 | 00,000,069 | ---- | C] () – C:\WINDOWS\NeroDigital.ini [2008-11-03 14:33:25 | 00,139,584 | ---- | C] () – C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008-11-03 14:33:25 | 00,022,328 | ---- | C] () – C:\Documents and Settings\Gawron\Dane aplikacji\PnkBstrK.sys [2008-11-01 15:56:48 | 00,000,754 | ---- | C] () – C:\WINDOWS\WORDPAD.INI [2008-10-31 21:27:51 | 00,001,280 | ---- | C] () – C:\WINDOWS\bestplayer.ini [2008-10-31 07:56:10 | 00,103,936 | ---- | C] () – C:\Documents and Settings\Gawron\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-10-30 21:05:47 | 00,717,296 | ---- | C] () – C:\WINDOWS\System32\drivers\sptd.sys [2008-05-03 08:24:01 | 00,000,082 | ---- | C] () – C:\WINDOWS\System32\oeminfo.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:CB0AACC9 < End of report >

jessica · 6 Grudzień 2009 17:31

Log jest czysty.

Ale daj go na http://wklejto.pl/ - by było zgodnie z zasadami Forum.

Usuń kopie szkodników z folderu “System Volume Information” poprzez chwilowe wyłączenie “Przywracania Systemu”:

jessi