Wirus ise32

ifrook · 6 Czerwiec 2009 18:58

mialem ostatnio problem z ustawieniami spersonalizowanymi i mi tu na forum pomogliscie;] komputer dziala super ale cos jeszcze na nim zostalo

i jest to ten wirus. przy logowaniu jak pojawia mi sie okienko ustawienia spersonalizowane to wylapuje anty vir jakies niebezpieczne dzialanie wlasnie ise32

to log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:54:24, on 2009-06-06

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

E:\FlashGet universal\FlashGet.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

D:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\User\Pulpit\OTListIt2.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - E:\FlashGet universal\ComDlls\bhoCATCH.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [FlashGet] "E:\FlashGet universal\FlashGet.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"

O4 - HKCU\..\Run: [FlashGet] "E:\FlashGet universal\FlashGet.exe" /min

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')

O4 - HKUS\S-1-5-21-725345543-1770027372-1801674531-1001\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray (User '?')

O4 - HKUS\S-1-5-21-725345543-1770027372-1801674531-1001\..\Run: [FlashGet] "E:\FlashGet universal\FlashGet.exe" /min (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Download All by FlashGet - E:\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - E:\FlashGet universal\ComDlls\Bholink.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232753346448

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{BCFAB08F-6A08-4814-8C80-FBF0EACB619E}: NameServer = 172.16.1.1,172.16.2.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F11D32-17D2-4E6E-A3CA-254394DE9D68}: NameServer = 172.16.1.1,172.16.2.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindServiceAE.exe


--

End of file - 8627 bytes

ciemnowidz · 7 Czerwiec 2009 05:14

Nie ma tutaj tego ise32. Wklej log z OtListIt2

http://oldtimer.geekstogo.com/OTListIt2.exe

Pendrive do wyleczenia tym programem

http://www.searchengines.pl/index.php?s … ntry369724

ifrook · 13 Czerwiec 2009 07:01

oto otolist log

OTListIt logfile created on: 2009-06-13 08:57:23 - Run 5

OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\User\Pulpit

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1,99 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 75,32% Memory free

3,33 Gb Paging File | 2,98 Gb Available in Paging File | 89,38% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 39,06 Gb Total Space | 27,18 Gb Free Space | 69,59% Space Free | Partition Type: NTFS

Drive D: | 39,07 Gb Total Space | 10,33 Gb Free Space | 26,45% Space Free | Partition Type: NTFS

Drive E: | 70,92 Gb Total Space | 43,95 Gb Free Space | 61,97% Space Free | Partition Type: NTFS

Drive F: | 0,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: BARTEKLAP

Current User Name: User

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Output = Standard

File Age = 30 Days

Company Name Whitelist: On


[color=orange]========== Processes (SafeList) ==========[/color]


PRC - [2008-06-27 17:36:58 | 01,432,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2008-04-18 14:53:58 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

PRC - [2008-03-27 19:28:50 | 01,048,576 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PRC - [2008-05-22 22:40:28 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe

PRC - [2008-05-22 22:40:38 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe

PRC - [2007-01-05 18:36:48 | 00,880,640 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2008-11-02 10:38:58 | 00,176,128 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE

PRC - [2006-11-03 12:01:16 | 00,327,680 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC7302\Monitor.exe

PRC - [2008-05-22 22:40:40 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe

PRC - [2008-08-19 09:47:38 | 01,795,656 | ---- | M] (FLASHGET) -- E:\FlashGet universal\FlashGet.exe

PRC - [2009-03-09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2009-05-26 13:20:02 | 00,414,480 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2008-03-20 12:04:46 | 02,127,296 | ---- | M] (Gadu-Gadu S.A.) -- D:\Program Files\Gadu-Gadu\gg.exe

PRC - [2009-05-06 18:27:07 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2008-03-18 17:27:12 | 00,020,480 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe

PRC - [2008-04-18 14:54:02 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

PRC - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009-05-26 13:20:04 | 00,194,832 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2004-07-07 12:17:02 | 00,208,961 | ---- | M] (SIEMENS AG) -- C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe

PRC - [2009-06-13 00:53:00 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2006-10-23 00:29:00 | 00,014,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

PRC - [2009-05-17 21:35:17 | 00,509,440 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTListIt2.exe


[color=orange]========== Win32 Services (SafeList) ==========[/color]


SRV - [2008-03-18 17:27:12 | 00,020,480 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])

SRV - File not found -- -- (ALG [On_Demand | Stopped])

SRV - [2007-10-24 02:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2007-10-24 02:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2009-05-06 18:27:07 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

SRV - [2008-04-18 14:54:02 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Auto | Running])

SRV - [2009-03-09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2009-05-26 13:20:04 | 00,194,832 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])

SRV - [2004-07-07 12:17:02 | 00,208,961 | ---- | M] (SIEMENS AG) -- C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe -- (s7oiehsx [Auto | Running])

SRV - [2007-05-28 18:57:54 | 00,283,136 | ---- | M] (Rocket Division Software) -- D:\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Stopped])

SRV - [2006-12-01 13:46:28 | 00,925,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])


[color=orange]========== Driver Services (SafeList) ==========[/color]


DRV - [2008-04-24 15:28:08 | 00,281,600 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])

DRV - [2007-07-13 11:26:12 | 00,094,976 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\AEAudio.sys -- (AEAudio [On_Demand | Running])

DRV - [2008-03-21 17:13:00 | 01,203,776 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])

DRV - [2009-01-24 01:00:05 | 01,287,552 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])

DRV - [2008-06-16 15:28:36 | 00,242,320 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Running])

DRV - [2008-08-05 13:56:27 | 00,007,808 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\DRIVERS\eabfiltr.sys -- (eabfiltr [On_Demand | Stopped])

DRV - [2008-08-05 13:56:27 | 00,005,760 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\DRIVERS\eabusb.sys -- (eabusb [On_Demand | Stopped])

DRV - [2008-08-05 13:56:27 | 00,009,344 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running])

DRV - [2008-07-18 02:34:58 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])

DRV - [2008-03-17 22:45:50 | 05,955,872 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])

DRV - [2008-04-15 18:53:44 | 00,312,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])

DRV - [2009-05-26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])

DRV - [2007-09-10 09:50:56 | 00,457,984 | ---- | M] (PixArt Imaging Inc.) -- C:\WINDOWS\system32\DRIVERS\PAC7302.SYS -- (PAC7302 [On_Demand | Stopped])

DRV - [2008-06-16 15:28:36 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2003-12-03 11:03:48 | 00,125,440 | ---- | M] (SIEMENS AG) -- C:\WINDOWS\System32\Drivers\S7oppilx.sys -- (S7oppilx [Auto | Running])

DRV - [2003-12-03 11:02:00 | 00,076,343 | ---- | M] (SIEMENS AG) -- C:\WINDOWS\System32\Drivers\S7oppitx.sys -- (s7oppitx [On_Demand | Stopped])

DRV - [2003-12-03 11:03:38 | 00,492,599 | ---- | M] (SIEMENS AG) -- C:\WINDOWS\System32\Drivers\S7otranx.sys -- (s7otranx [Auto | Running])

DRV - [2008-11-02 10:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])

DRV - [2008-06-16 15:28:36 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2008-06-16 15:28:36 | 00,062,208 | ---- | M] (Silicon Image, Inc.) -- C:\WINDOWS\System32\drivers\si3112.sys -- (Si3112 [Boot | Running])

DRV - [2004-05-28 18:21:58 | 00,172,032 | ---- | M] (Siemens AG) -- C:\WINDOWS\system32\DRIVERS\sntie.sys -- (SNTIE [Auto | Running])

DRV - [2009-05-08 09:59:13 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

DRV - [2008-03-27 19:14:06 | 00,224,672 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])


[color=orange]========== Standard Registry (SafeList) ==========[/color]



[color=orange]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=orange]========== FireFox ==========[/color]


FF - prefs.js..browser.startup.homepage: "http://www.google.pl"

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.9

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009-02-11 11:12:46 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009-06-13 00:53:04 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009-06-13 00:53:03 | 00,000,000 | ---D | M]


[2009-06-05 12:24:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions

[2009-06-05 12:24:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009-06-12 15:23:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Firefox\Profiles\cs4ugvve.default\extensions

[2009-06-05 12:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dane aplikacji\mozilla\Firefox\Profiles\cs4ugvve.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2009-06-05 12:24:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009-06-13 00:53:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009-06-13 00:53:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009-06-13 00:53:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2006-06-03 18:43:22 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml

[2008-04-03 19:19:08 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml

[2008-04-16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2007-03-31 19:11:54 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml

[2006-06-03 18:43:22 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml

[2008-03-28 23:36:04 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml

[2007-01-05 13:40:56 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml


O1 HOSTS File: (742 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 NtKrnlpa.info

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - E:\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

O4 - HKLM..\Run: [FlashGet] "E:\FlashGet universal\FlashGet.exe" /min (FLASHGET)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Malwarebytes Corporation)

O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)

O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKCU..\Run: [AlcoholAutomount] "D:\Alcohol 120\axcmd.exe" /automount (Alcohol Soft Development Team)

O4 - HKCU..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" ()

O4 - HKCU..\Run: [FlashGet] "E:\FlashGet universal\FlashGet.exe" /min (FLASHGET)

O4 - HKCU..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray (Gadu-Gadu S.A.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 15

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O8 - Extra context menu item: &Download All by FlashGet - E:\FlashGet universal\ComDlls\Bhoall.htm ()

O8 - Extra context menu item: &Download by FlashGet - E:\FlashGet universal\ComDlls\Bholink.htm ()

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232753346448 (WUWebControl Class)

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{BCFAB08F-6A08-4814-8C80-FBF0EACB619E}\\NameServer = 172.16.1.1,172.16.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{E2F11D32-17D2-4E6E-A3CA-254394DE9D68}\\NameServer = 172.16.1.1,172.16.2.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Bieżąca strona główna) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-01-24 00:40:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O33 - MountPoints2\{44e39e44-105a-11de-afe0-002100861f7c}\Shell\AutoRun\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

O33 - MountPoints2\{44e39e44-105a-11de-afe0-002100861f7c}\Shell\open\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

O33 - MountPoints2\{66f4eaca-f5fb-11dd-af7a-002100861f7c}\Shell\AutoRun\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

O33 - MountPoints2\{66f4eaca-f5fb-11dd-af7a-002100861f7c}\Shell\open\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

O33 - MountPoints2\{6d5c4c40-4af2-11de-b075-0022646c118a}\Shell\AutoRun\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

O33 - MountPoints2\{6d5c4c40-4af2-11de-b075-0022646c118a}\Shell\open\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

O33 - MountPoints2\{90350e85-3a6c-11de-b040-0022646c118a}\Shell\AutoRun\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

O33 - MountPoints2\{90350e85-3a6c-11de-b040-0022646c118a}\Shell\open\command - "" = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - * [2009-06-06 21:24:15 | 00,000,000 | ---D | M]


[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]


[4 C:\WINDOWS\*.tmp files]

[2009-06-05 20:53:47 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\HijackThis.lnk

[2009-06-05 20:53:47 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009-06-05 20:52:09 | 00,000,000 | ---D | C] -- C:\_OTListIt

[2009-06-05 15:29:30 | 00,135,168 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\W3DemoUnin.exe

[2009-06-05 15:29:30 | 00,002,829 | ---- | C] () -- C:\WINDOWS\W3DemoUnin.pif

[2009-06-05 15:29:19 | 00,010,566 | ---- | C] () -- C:\WINDOWS\W3DemoUnin.dat

[2009-06-05 12:24:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Mozilla

[2009-06-05 12:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2009-06-03 09:59:36 | 00,066,554 | ---- | C] () -- C:\Documents and Settings\User\Moje dokumenty\CV Bartosz Gawroński.pdf

[2009-06-03 09:42:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Identities

[2009-06-02 23:45:57 | 03,072,054 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Nowy Obraz - mapa bitowa.BMP

[2009-06-01 23:13:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Siemens

[2009-06-01 23:10:31 | 00,001,776 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\V1.0 TD Keypad Designer.lnk

[2009-06-01 23:10:09 | 00,001,417 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\V1.0 S7-200 Explorer.lnk

[2009-06-01 23:09:52 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\V4.0 STEP 7 MicroWIN.lnk

[2009-06-01 23:06:43 | 00,495,669 | ---- | C] (SIEMENS AG) -- C:\WINDOWS\System32\S7OINTFX.dll

[2009-06-01 23:06:43 | 00,217,088 | ---- | C] (SIEMENS AG) -- C:\WINDOWS\System32\s7esetdx.dll

[2009-06-01 23:06:43 | 00,110,645 | ---- | C] (SIEMENS AG) -- C:\WINDOWS\System32\s7wcaotx.dll

[2009-06-01 23:06:43 | 00,069,685 | ---- | C] (SIEMENS AG) -- C:\WINDOWS\System32\S7OTBLEX.dll

[2009-06-01 23:06:43 | 00,040,960 | ---- | C] (SIEMENS AG) -- C:\WINDOWS\System32\MelbReg.dll

[2009-06-01 23:06:43 | 00,033,280 | ---- | C] (SIEMENS AG) -- C:\WINDOWS\System32\s7erwlcx.dll

[2009-06-01 23:06:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Setup

[2009-06-01 23:06:15 | 00,000,000 | ---D | C] -- C:\Program Files\Siemens

[2009-06-01 23:06:08 | 00,073,584 | ---- | C] () -- C:\WINDOWS\System32\linedrw.ttf

[2009-06-01 23:06:08 | 00,000,312 | ---- | C] () -- C:\WINDOWS\Microwin.ini

[2009-06-01 23:06:03 | 00,001,888 | ---- | C] () -- C:\WINDOWS\Citamis.str

[2009-05-31 22:59:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\sun PLC

[2009-05-30 22:25:49 | 00,000,000 | ---D | C] -- C:\LOGOComfort_V5

[2009-05-30 22:24:58 | 00,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry

[2009-05-30 22:24:04 | 00,000,000 | ---D | C] -- C:\IA_Installers

[2009-05-25 12:58:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Pulpit\Terminator Salvation[2009]DvDrip-aXXo

[2009-05-25 12:57:15 | 00,056,349 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Terminator.Salvation[2009]DvDrip-aXXo.torrent

[2009-05-25 12:51:48 | 00,056,349 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Terminator Salvation[2009]DvDrip-aXXo.torrent

[2009-05-24 22:04:17 | 00,026,294 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\MBook-9223.jar

[2009-05-24 21:57:13 | 00,333,056 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\komorka.jar

[2009-05-24 21:36:21 | 00,121,572 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\MBook-9004.jar

[2009-05-24 21:21:32 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\MBook-9181.jad

[2009-05-24 17:52:23 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\MBook-9181.jar

[2009-05-24 17:33:28 | 01,532,928 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\King_Stephen_-_Komorka.doc

[2009-05-24 17:32:31 | 00,224,593 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\MBook-6279.jar

[2009-05-18 15:07:09 | 00,665,126 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Droga-houtch.bmp

[2009-05-18 00:18:52 | 00,000,474 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for User.job

[2009-05-18 00:17:37 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-05-18 00:17:35 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-05-18 00:17:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009-05-18 00:10:16 | 00,000,917 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\Revo Uninstaller.lnk

[2009-05-18 00:10:15 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2009-05-17 23:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dane aplikacji\Malwarebytes

[2009-05-17 23:48:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2009-05-17 23:47:21 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe

[2009-05-17 21:35:03 | 00,509,440 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTListIt2.exe

[2009-05-17 19:08:02 | 00,000,663 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\fix.reg

[2009-05-15 11:44:25 | 00,073,107 | ---- | C] () -- C:\Documents and Settings\User\Pulpit\oplaty_za_studia_niestacjonarne.pdf

[2009-05-14 23:35:58 | 00,099,862 | ---- | C] () -- C:\Documents and Settings\User\Moje dokumenty\196878801 _ Gaia.rep

[2009-05-13 08:55:08 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini

[2009-05-08 09:59:13 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2009-05-06 17:19:04 | 00,002,234 | ---- | C] () -- C:\WINDOWS\Opera.INI

[2009-05-03 15:50:38 | 00,038,560 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[2009-04-21 10:38:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Progs_.ini

[2009-04-21 10:38:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\1Way.ini

[2009-03-07 22:56:51 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini

[2009-02-21 21:53:45 | 00,000,715 | ---- | C] () -- C:\WINDOWS\Stars.ini

[2009-02-15 19:16:29 | 00,000,129 | ---- | C] () -- C:\WINDOWS\festo.ini

[2009-02-11 13:55:05 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2009-02-11 13:55:05 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2009-02-11 13:55:05 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2009-02-08 17:25:05 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009-01-24 08:37:53 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009-01-24 08:37:51 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009-01-24 08:37:51 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009-01-24 08:37:51 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009-01-24 08:37:50 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009-01-24 08:37:50 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009-01-24 08:27:05 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009-01-24 01:04:21 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll

[2008-07-20 02:16:28 | 00,000,107 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2008-06-16 15:28:36 | 00,000,683 | ---- | C] () -- C:\WINDOWS\win.ini

[2008-06-16 15:28:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

[2007-03-20 17:44:02 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini


[color=orange]========== Files - Modified Within 30 Days ==========[/color]


[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009-06-13 08:56:01 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-06-13 08:55:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-06-13 08:55:17 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\User\Ustawienia lokalne\desktop.ini

[2009-06-13 08:55:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-06-13 08:55:09 | 21,383,61856 | -HS- | M] () -- C:\hiberfil.sys

[2009-06-08 01:00:21 | 00,000,474 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for User.job

[2009-06-07 23:06:11 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-06-06 23:53:57 | 00,000,312 | ---- | M] () -- C:\WINDOWS\Microwin.ini

[2009-06-05 20:53:47 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\HijackThis.lnk

[2009-06-05 15:29:33 | 00,010,566 | ---- | M] () -- C:\WINDOWS\W3DemoUnin.dat

[2009-06-05 15:29:30 | 00,135,168 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\W3DemoUnin.exe

[2009-06-05 15:29:30 | 00,002,829 | ---- | M] () -- C:\WINDOWS\W3DemoUnin.pif

[2009-06-03 10:01:05 | 00,066,554 | ---- | M] () -- C:\Documents and Settings\User\Moje dokumenty\CV Bartosz Gawroński.pdf

[2009-06-03 10:00:50 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\User\Moje dokumenty\CV Bartosz Gawroński.doc

[2009-06-02 23:46:20 | 03,072,054 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Nowy Obraz - mapa bitowa.BMP

[2009-06-01 23:33:42 | 00,111,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-06-01 23:14:40 | 00,001,888 | ---- | M] () -- C:\WINDOWS\Citamis.str

[2009-06-01 23:10:31 | 00,001,776 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\V1.0 TD Keypad Designer.lnk

[2009-06-01 23:10:09 | 00,001,417 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\V1.0 S7-200 Explorer.lnk

[2009-06-01 23:09:52 | 00,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\V4.0 STEP 7 MicroWIN.lnk

[2009-05-31 03:05:41 | 00,000,129 | ---- | M] () -- C:\WINDOWS\festo.ini

[2009-05-26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-05-26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-05-25 19:56:42 | 01,018,536 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-05-25 19:56:42 | 00,461,718 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2009-05-25 19:56:42 | 00,404,152 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-05-25 19:56:42 | 00,079,990 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2009-05-25 19:56:42 | 00,062,592 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-05-25 12:58:05 | 00,056,349 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Terminator Salvation[2009]DvDrip-aXXo.torrent

[2009-05-25 12:57:16 | 00,056,349 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Terminator.Salvation[2009]DvDrip-aXXo.torrent

[2009-05-24 22:04:17 | 00,026,294 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\MBook-9223.jar

[2009-05-24 21:57:13 | 00,333,056 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\komorka.jar

[2009-05-24 21:56:42 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2009-05-24 21:36:21 | 00,121,572 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\MBook-9004.jar

[2009-05-24 21:21:32 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\MBook-9181.jad

[2009-05-24 17:52:23 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\MBook-9181.jar

[2009-05-24 17:33:28 | 01,532,928 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\King_Stephen_-_Komorka.doc

[2009-05-24 17:32:31 | 00,224,593 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\MBook-6279.jar

[2009-05-18 15:07:09 | 00,665,126 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Droga-houtch.bmp

[2009-05-18 00:10:16 | 00,000,917 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\Revo Uninstaller.lnk

[2009-05-17 23:48:02 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Pulpit\mbam-setup.exe

[2009-05-17 21:35:17 | 00,509,440 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Pulpit\OTListIt2.exe

[2009-05-17 19:08:02 | 00,000,663 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\fix.reg

[2009-05-15 11:44:25 | 00,073,107 | ---- | M] () -- C:\Documents and Settings\User\Pulpit\oplaty_za_studia_niestacjonarne.pdf

[2009-05-14 23:36:00 | 00,099,862 | ---- | M] () -- C:\Documents and Settings\User\Moje dokumenty\196878801 _ Gaia.rep

< End of report >

ciemnowidz · 13 Czerwiec 2009 07:17

Ech, zapomniałem napisać żeby nie wklejać przez code. Następnym razem logi dajesz na www.wklej.org a tutaj link.

Tak przy okazji program OtListIt2 już nie istnieje, ale i tak go wykorzystam.

Była drobna infekcja z pendrive’a. Wklej do OtListIt2

:OTLI PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) O33 - MountPoints2{44e39e44-105a-11de-afe0-002100861f7c}\Shell\AutoRun\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{44e39e44-105a-11de-afe0-002100861f7c}\Shell\open\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{66f4eaca-f5fb-11dd-af7a-002100861f7c}\Shell\AutoRun\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{66f4eaca-f5fb-11dd-af7a-002100861f7c}\Shell\open\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{6d5c4c40-4af2-11de-b075-0022646c118a}\Shell\AutoRun\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{6d5c4c40-4af2-11de-b075-0022646c118a}\Shell\open\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{90350e85-3a6c-11de-b040-0022646c118a}\Shell\AutoRun\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found O33 - MountPoints2{90350e85-3a6c-11de-b040-0022646c118a}\Shell\open\command - “” = K:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe – File not found :Commands [emptytemp] [start explorer] [Reboot]

Klikasz Run Fix. Pokaż log z usuwania.

Wyłącz na chwilę przywracanie systemu.

Wykonaj dokładny skan Malwarebytes Anti-Malware, jeśli coś znajdzie - usuń i wklej log.

http://dobreprogramy.pl/index.php?dz=2& … lware+1.37

Przeczyść rejestr CCleaner’em

http://dobreprogramy.pl/index.php?dz=2& … +v2.19.901

Przeczyść pendrive FlashDisinfectorem.

ifrook · 14 Czerwiec 2009 09:27

nie dziala jak to wkleje w otolista i wezme fixa to mysli i pozniej jest brak odpowiedzi, a nie moge wkleic tego do notatnika i dac nazwe fix.reg?

jak przeskanowac jak teraz wloze pena do usb to znowu mi wirusa wgra tak?

jak nazywa sie taki program ktory zanim dopusci pena to sprawdza czy nie ma na nim wirusow? ale tylko dla pena nie chce miec dwoch antywirusow

ciemnowidz · 14 Czerwiec 2009 09:34

Jak chcesz.

Wklej do notatnika

Zapisz jako, wszystkie pliki Fix.reg. Dwuklik, restart.

W OtListIt2 kliknij Clean up.

Do tego skan Malwarebytes Anti-Malware.

Przed podłączenie pendrive’a zabezpiecz się tymi programami

http://www.searchengines.pl/Zabezpiecze … 23572.html

Link do FlasDisinfector wyżej.