Trojan ji83j.exe

Problem występuje na obu partycjach. Proszę o pomoc w usunięciu tego trojana.

Oto log z OTL:

OTL logfile created on: 2010-03-23 00:52:07 - Run 1

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\K&J\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 656,00 Mb Available Physical Memory | 64,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 92,00% Paging File free

Paging file location(s): C:\pagefile.sys 1534 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,25 Gb Total Space | 14,66 Gb Free Space | 39,36% Space Free | Partition Type: NTFS

Drive D: | 37,27 Gb Total Space | 8,07 Gb Free Space | 21,65% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name:

Current User Name:

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-03-22 22:55:43 | 000,555,520 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\K&J\Pulpit\OTL.exe

PRC - [2009-10-30 12:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) – C:\Program Files\DAEMON Tools Lite\DTLite.exe

PRC - [2008-09-24 13:32:48 | 000,935,208 | ---- | M] (Nero AG) – C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2007-12-21 08:21:16 | 000,468,224 | ---- | M] (ESET) – C:\Program Files\ESET\ESET Smart Security\ekrn.exe

PRC - [2007-12-21 08:21:06 | 001,443,072 | ---- | M] (ESET) – C:\Program Files\ESET\ESET Smart Security\egui.exe

PRC - [2003-08-15 08:34:50 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\SOUNDMAN.EXE

========== Modules (SafeList) ==========

MOD - [2010-03-22 22:55:43 | 000,555,520 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\K&J\Pulpit\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008-09-24 13:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] – C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe – (Nero BackItUp Scheduler 4.0)

SRV - [2007-12-21 08:22:44 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] – C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe – (EhttpSrv)

SRV - [2007-12-21 08:21:16 | 000,468,224 | ---- | M] (ESET) [Auto | Running] – C:\Program Files\ESET\ESET Smart Security\ekrn.exe – (ekrn)

SRV - [2004-09-29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] – C:\WINDOWS\system32\HPZipm12.exe – (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010-02-08 22:54:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\sptd.sys – (sptd)

DRV - [2009-09-04 18:34:14 | 000,023,217 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] – C:\Program Files\Lineage II\system\npkcrypt.sys – (npkcrypt)

DRV - [2008-10-02 21:05:32 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\nvcchflt.sys – (nvcchflt)

DRV - [2008-04-14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\gameenum.sys – (gameenum)

DRV - [2007-12-21 08:21:54 | 000,053,768 | ---- | M] (ESET) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\epfwtdi.sys – (epfwtdi)

DRV - [2007-12-21 08:21:52 | 000,030,728 | ---- | M] (ESET) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\epfwndis.sys – (Epfwndis)

DRV - [2007-12-21 08:21:46 | 000,071,176 | ---- | M] (ESET) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\epfw.sys – (epfw)

DRV - [2007-12-21 08:20:14 | 000,030,216 | ---- | M] (ESET) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\easdrv.sys – (easdrv)

DRV - [2007-12-21 08:19:54 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\eamon.sys – (eamon)

DRV - [2004-02-04 12:37:00 | 001,878,432 | R— | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\nv4_mini.sys – (nv)

DRV - [2003-08-15 08:53:12 | 000,462,684 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ALCXWDM.SYS – (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2003-08-14 16:16:38 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ALCXSENS.SYS – (ALCXSENS)

DRV - [2003-04-21 07:18:00 | 000,052,608 | R— | M] (NVIDIA Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\nvatabus.sys – (nvatabus)

DRV - [2003-03-19 08:51:00 | 000,018,688 | R— | M] (NVIDIA Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\nv_agp.sys – (nv_agp)

DRV - [2001-08-23 20:03:54 | 000,025,434 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RTL8139.sys – (rtl8139)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis

IE - HKCU…\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…browser.search.defaultenginename: “Ask”

FF - prefs.js…browser.search.defaultthis.engineName: “BS Player Customized Web Search”

FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}

FF - prefs.js…browser.search.order.1: “Ask”

FF - prefs.js…browser.search.selectedEngine: “Google”

FF - prefs.js…browser.search.useDBForOrder: true

FF - prefs.js…browser.startup.homepage: “www.onet.pl”

FF - prefs.js…extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js…extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js…extensions.enabledItems: 6

FF - prefs.js…extensions.enabledItems: 2

FF - prefs.js…extensions.enabledItems: 48

FF - prefs.js…extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.5.6.0

FF - prefs.js…extensions.enabledItems: {30488549-5379-4FBE-9492-1CFA0593F1CD}:1.0

FF - prefs.js…keyword.URL: “http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\Components: C:\Program Files\Mozilla Firefox\components [2010-03-01 16:29:47 | 000,000,000 | —D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-19 20:14:07 | 000,000,000 | —D | M]

[2009-07-26 10:08:21 | 000,000,000 | —D | M] – C:\Documents and Settings\K&J\Dane aplikacji\Mozilla\Extensions

[2010-03-22 22:09:19 | 000,000,000 | —D | M] – C:\Documents and Settings\K&J\Dane aplikacji\Mozilla\Firefox\Profiles\hprtcy6d.default\extensions

[2010-02-16 17:31:36 | 000,000,000 | —D | M] (Adblock Plus) – C:\Documents and Settings\K&J\Dane aplikacji\Mozilla\Firefox\Profiles\hprtcy6d.default\extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009-11-07 00:04:40 | 000,000,000 | —D | M] (Adobe DLM (powered by getPlus®)) – C:\Documents and Settings\K&J\Dane aplikacji\Mozilla\Firefox\Profiles\hprtcy6d.default\extensions{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2010-02-16 17:31:35 | 000,000,000 | —D | M] (BS Player Toolbar) – C:\Documents and Settings\K&J\Dane aplikacji\Mozilla\Firefox\Profiles\hprtcy6d.default\extensions{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

[2009-08-20 21:20:22 | 000,000,687 | ---- | M] () – C:\Documents and Settings\K&J\Dane aplikacji\Mozilla\Firefox\Profiles\hprtcy6d.default\searchplugins\ask.xml

[2009-07-01 13:22:12 | 000,000,880 | ---- | M] () – C:\Documents and Settings\K&J\Dane aplikacji\Mozilla\Firefox\Profiles\hprtcy6d.default\searchplugins\conduit.xml

[2010-02-08 22:54:24 | 000,002,059 | ---- | M] () – C:\Documents and Settings\K&J\Dane aplikacji\Mozilla\Firefox\Profiles\hprtcy6d.default\searchplugins\daemon-search.xml

[2010-03-22 22:09:19 | 000,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions

[2009-10-23 16:34:21 | 000,000,000 | —D | M] (Weemi) – C:\Program Files\Mozilla Firefox\extensions{30488549-5379-4FBE-9492-1CFA0593F1CD}

[2009-06-15 10:14:40 | 000,120,296 | ---- | M] ( ) – C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll

[2009-12-28 13:57:02 | 000,002,767 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2009-12-28 13:57:02 | 000,001,406 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2009-12-28 13:57:02 | 000,000,917 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2009-12-28 13:57:02 | 000,000,858 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2009-10-11 20:20:16 | 000,002,376 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\weemi121.xml

[2009-10-23 16:34:22 | 000,002,376 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\weemi127.xml

[2009-12-28 13:57:02 | 000,001,183 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2009-12-28 13:57:02 | 000,001,683 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2008-04-15 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\K&J\Dane aplikacji\Nowe Gadu-Gadu_userdata\ggbho.1.dll (GG Network S.A.)

O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O3 - HKLM…\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O3 - HKCU…\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_P.dll (Conduit Ltd.)

O4 - HKLM…\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4 - HKLM…\Run: [KernelFaultCheck] File not found

O4 - HKLM…\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM…\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM…\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM…\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKCU…\Run: [cdoosoft] C:\DOCUME~1\K&J\USTAWI~1\Temp\herss.exe File not found

O4 - HKCU…\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\K&J\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\K&J\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-07-25 19:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O32 - AutoRun File - [2010-03-22 23:39:52 | 000,000,057 | RHS- | M] () - C:\autorun.inf – [NTFS]

O32 - AutoRun File - [2010-03-22 23:39:52 | 000,000,057 | RHS- | M] () - D:\autorun.inf – [NTFS]

O33 - MountPoints2{3013fb4a-8998-11de-8431-000fea1d0ab4}\Shell - “” = AutoRun

O33 - MountPoints2{3013fb4a-8998-11de-8431-000fea1d0ab4}\Shell\AutoRun\command - “” = H:\LaunchU3.exe – File not found

O33 - MountPoints2{3013fb4b-8998-11de-8431-000fea1d0ab4}\Shell\AutoRun\command - “” = I:\ggpw.exe – File not found

O33 - MountPoints2{3013fb4b-8998-11de-8431-000fea1d0ab4}\Shell\open\Command - “” = I:\ggpw.exe – File not found

O33 - MountPoints2{5a3bc5e0-79d0-11de-8404-000fea1d0ab4}\Shell - “” = AutoRun

O33 - MountPoints2{5a3bc5e0-79d0-11de-8404-000fea1d0ab4}\Shell\AutoRun\command - “” = H:\LaunchU3.exe – File not found

O33 - MountPoints2{b52a2f93-7957-11de-9f9f-806d6172696f}\Shell\AutoRun\command - “” = ji83j.exe

O33 - MountPoints2{b52a2f93-7957-11de-9f9f-806d6172696f}\Shell\open\Command - “” = ji83j.exe

O33 - MountPoints2{b52a2f94-7957-11de-9f9f-806d6172696f}\Shell\AutoRun\command - “” = ji83j.exe

O33 - MountPoints2{b52a2f94-7957-11de-9f9f-806d6172696f}\Shell\open\Command - “” = ji83j.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = comfile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2010-03-22 22:54:59 | 000,555,520 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\K&J\Pulpit\OTL.exe

[2010-03-22 10:15:57 | 000,000,000 | —D | C] – C:\Documents and Settings\K&J\Ustawienia lokalne\Dane aplikacji\ESET

[2010-03-20 16:34:22 | 000,000,000 | —D | C] – C:\Program Files\PhotoFiltre Studio

[2010-03-20 16:30:42 | 000,000,000 | —D | C] – C:\Documents and Settings\K&J\Pulpit\fiesta

[2010-03-19 20:19:21 | 000,000,000 | —D | C] – C:\Documents and Settings\K&J\Moje dokumenty\NHL08

[2010-03-19 20:14:08 | 000,000,000 | —D | C] – C:\Program Files\EA Sports

[2010-03-19 20:13:05 | 000,018,688 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\wstcodec.sys

[2010-03-19 20:13:05 | 000,014,976 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\streamip.sys

[2010-03-19 20:13:05 | 000,010,880 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\slip.sys

[2010-03-19 20:13:04 | 000,285,696 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kstvtune.ax

[2010-03-19 20:13:04 | 000,285,696 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\kstvtune.ax

[2010-03-19 20:13:04 | 000,226,304 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kswdmcap.ax

[2010-03-19 20:13:04 | 000,226,304 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\kswdmcap.ax

[2010-03-19 20:13:04 | 000,083,968 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\nabtsfec.sys

[2010-03-19 20:13:04 | 000,052,096 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\drivers\msdv.sys

[2010-03-19 20:13:04 | 000,052,096 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\msdv.sys

[2010-03-19 20:13:04 | 000,039,424 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ksxbar.ax

[2010-03-19 20:13:04 | 000,039,424 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ksxbar.ax

[2010-03-19 20:13:04 | 000,016,896 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\bdaplgin.ax

[2010-03-19 20:13:04 | 000,016,896 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\bdaplgin.ax

[2010-03-19 20:13:04 | 000,016,384 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ccdecode.sys

[2010-03-19 20:13:04 | 000,015,104 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\drivers\mpe.sys

[2010-03-19 20:13:04 | 000,015,104 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mpe.sys

[2010-03-19 20:13:04 | 000,014,848 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ipsink.ax

[2010-03-19 20:13:04 | 000,014,848 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ipsink.ax

[2010-03-19 20:13:04 | 000,011,392 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\drivers\bdasup.sys

[2010-03-19 20:13:04 | 000,011,392 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\bdasup.sys

[2010-03-19 20:13:04 | 000,010,112 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\ndisip.sys

[2010-03-19 20:13:03 | 000,012,288 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\ksolay.ax

[2010-03-19 20:13:03 | 000,005,504 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\mstee.sys

[2010-03-19 20:13:01 | 000,046,592 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dxdllreg.exe

[2010-03-19 20:13:01 | 000,031,744 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\pid.dll

[2010-03-14 22:58:19 | 000,921,088 | ---- | C] (Ogotay Software) – C:\Documents and Settings\K&J\Pulpit\Tapetki_avila.exe

[2010-03-04 16:44:27 | 000,000,000 | —D | C] – C:\Program Files\IrfanView

[2009-11-01 21:49:33 | 000,000,000 | —D | M] – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET

[2009-07-26 11:08:55 | 000,000,000 | —D | M] – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-07-25 19:39:57 | 000,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-07-25 19:35:51 | 000,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2009-07-25 19:35:51 | 000,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[4 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files - Modified Within 30 Days ==========

[2010-03-22 23:41:08 | 000,000,416 | ---- | M] () – C:\WINDOWS\tasks\PCConfidential.job

[2010-03-22 23:41:04 | 000,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT

[2010-03-22 23:41:02 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2010-03-22 23:41:01 | 1073,270,784 | -HS- | M] () – C:\hiberfil.sys

[2010-03-22 23:40:12 | 003,932,160 | -H-- | M] () – C:\Documents and Settings\K&J\NTUSER.DAT

[2010-03-22 23:39:52 | 000,000,057 | RHS- | M] () – C:\autorun.inf

[2010-03-22 22:55:43 | 000,555,520 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\K&J\Pulpit\OTL.exe

[2010-03-20 16:40:49 | 000,000,877 | ---- | M] () – C:\WINDOWS\win.ini

[2010-03-20 16:34:29 | 000,000,045 | -H-- | M] () – C:\WINDOWS\dsez5592.dat

[2010-03-20 16:34:26 | 000,000,757 | ---- | M] () – C:\Documents and Settings\K&J\Pulpit\PhotoFiltre Studio.lnk

[2010-03-19 20:16:48 | 000,001,696 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\NHL® 08.lnk

[2010-03-19 20:03:33 | 000,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2010-03-18 16:51:19 | 000,034,816 | ---- | M] () – C:\Documents and Settings\K&J\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-03-15 15:59:55 | 000,000,269 | ---- | M] () – C:\WINDOWS\system.ini

[2010-03-14 22:58:32 | 000,921,088 | ---- | M] (Ogotay Software) – C:\Documents and Settings\K&J\Pulpit\Tapetki_avila.exe

[2010-03-04 16:44:52 | 000,000,685 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\IrfanView.lnk

[2010-02-24 11:31:24 | 000,001,374 | ---- | M] () – C:\WINDOWS\imsins.BAK

[4 C:\WINDOWS*.tmp files -> C:\WINDOWS*.tmp ->]

[1 C:\WINDOWS\System32*.tmp files -> C:\WINDOWS\System32*.tmp ->]

========== Files Created - No Company Name ==========

[2010-03-22 10:15:39 | 000,000,057 | RHS- | C] () – C:\autorun.inf

[2010-03-20 16:34:29 | 000,000,045 | -H-- | C] () – C:\WINDOWS\dsez5592.dat

[2010-03-20 16:34:26 | 000,000,757 | ---- | C] () – C:\Documents and Settings\K&J\Pulpit\PhotoFiltre Studio.lnk

[2010-03-19 20:16:48 | 000,001,696 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\NHL® 08.lnk

[2010-03-19 20:13:05 | 000,354,816 | ---- | C] () – C:\WINDOWS\System32\psisdecd.dll

[2010-03-19 20:13:05 | 000,354,816 | ---- | C] () – C:\WINDOWS\System32\dllcache\psisdecd.dll

[2010-03-19 20:13:05 | 000,030,208 | ---- | C] () – C:\WINDOWS\System32\psisrndr.ax

[2010-03-19 20:13:05 | 000,030,208 | ---- | C] () – C:\WINDOWS\System32\dllcache\psisrndr.ax

[2010-03-19 20:13:04 | 000,052,224 | ---- | C] () – C:\WINDOWS\System32\msdvbnp.ax

[2010-03-19 20:13:04 | 000,052,224 | ---- | C] () – C:\WINDOWS\System32\dllcache\msdvbnp.ax

[2010-03-04 16:44:52 | 000,000,685 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\IrfanView.lnk

[2010-02-14 12:59:45 | 000,000,726 | ---- | C] () – C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log

[2010-02-09 23:27:27 | 000,000,427 | ---- | C] () – C:\WINDOWS\ODBC.INI

[2010-02-08 22:58:27 | 000,000,526 | ---- | C] () – C:\WINDOWS\QIII.INI

[2010-02-08 22:54:21 | 000,691,696 | ---- | C] () – C:\WINDOWS\System32\drivers\sptd.sys

[2009-10-23 17:16:22 | 000,004,767 | ---- | C] () – C:\WINDOWS\Irremote.ini

[2009-08-14 11:42:44 | 000,034,816 | ---- | C] () – C:\Documents and Settings\K&J\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-08-06 15:11:13 | 000,000,029 | ---- | C] () – C:\WINDOWS\wordpad.ini

[2009-07-25 19:49:36 | 000,000,164 | ---- | C] () – C:\WINDOWS\avrack.ini

[2009-06-19 19:06:22 | 000,197,912 | ---- | C] () – C:\WINDOWS\System32\physxcudart_20.dll

[2009-06-19 19:06:22 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2009-06-19 19:06:22 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSwedish.dll

[2009-06-19 19:06:22 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSpanish.dll

[2009-06-19 19:06:22 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2009-06-19 19:06:22 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelPortugese.dll

[2009-06-19 19:06:22 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelKorean.dll

[2009-06-19 19:06:22 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelJapanese.dll

[2009-06-19 19:06:22 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelGerman.dll

[2009-06-19 19:06:22 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelFrench.dll

[2008-10-02 21:05:31 | 000,032,768 | R— | C] () – C:\WINDOWS\System32\idecoi.dll

[2002-10-03 14:42:27 | 000,000,034 | ---- | C] () – C:\WINDOWS\Q3version.ini

[2001-07-06 15:30:00 | 000,003,399 | ---- | C] () – C:\WINDOWS\System32\hptcpmon.ini

[1999-01-22 19:46:58 | 000,065,536 | ---- | C] () – C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >

Zawartość logów wklejasz na wklej.org, wklej.to lub nopaste.pl, a w poście dajesz link.

Wyłącz i włącz Przywracanie Systemu na wszystkich dyskach. Instrukcja XP.

W białe dolne okno Custom Scans/Fixes w OTL wklej:

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania (raport, który wyskoczy po usuwaniu OTL-em) oraz nowy log robiony opcją Run Scan.

Usuń infekcje z pendrive lub kart pamięci za pomocą Flash Disinfector lub Panda USB Vaccine.

Lub format.

Przepraszam za bałagan w poście.

Oto log z usuwania http://wklej.org/id/302801/

a to log po wykonaniu Run Scan http://wklej.org/id/302806/

W logu już nic nie ma.

Zastosuj jedno z narzędzi, które podałem na końcu poprzedniego posta.

W OTL kliknij CleanUp.

Wykonaj pełny skan Malwarebytes’ Anti-Malware - znalezione obiekty usuń.

Gdy będą wirusy pokaż raport po usuwaniu.

Zaktualizuj IE do wersji ósmej.

Malware znalazł kilka infekcji. Oto log po ich usunięciu http://wklej.org/id/302909/

Powinno być już OK. :slight_smile:

Bardzo dziękuję za fachową pomoc :slight_smile:

Temat do zamknięcia.