Wirus W32/polip.A - jak się pozbyć?

andrzej928 · 7 Luty 2010 13:04

Witam mam problem z wirusem W32/polip.A.

szukałem na necie jednak nic nie znalazłem.

Wir czepi się różnych plików szczególnie .exe

skanowałem kompa programem antywirusowym Avira Antivir personal i nadal go wykrywa.

Spotkał eis koś z użytkowników z takim wirem.??

kliszka · 7 Luty 2010 13:13

A próbowałeś skanera -szczepionki Dr Web ( pełny skan systemu ) ? - zostaje jeszcze jedna alternatywa - musisz wykonać log.

– Dodane 07.02.2010 (N) 14:19 –

http://www.symantec.com/security_respon … 09-1842-99 - tutaj jest więcej o tym wirusie … możesz też pobrać narzędzie do usunięcia tej infekcji.

system · 7 Luty 2010 13:19

Daj log z combo fix’a oraz otl

andrzej928 · 7 Luty 2010 13:59

Mój log z OTL-a

OTL logfile created on: 2010-02-07 14:54:59 - Run 1

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Tomek\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


511,00 Mb Total Physical Memory | 177,00 Mb Available Physical Memory | 35,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 61,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 15,26 Gb Total Space | 4,91 Gb Free Space | 32,17% Space Free | Partition Type: NTFS

Drive D: | 66,89 Gb Total Space | 36,23 Gb Free Space | 54,17% Space Free | Partition Type: NTFS

Drive E: | 66,89 Gb Total Space | 17,26 Gb Free Space | 25,81% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: KOMP

Current User Name: Tomek

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2010-02-07 14:53:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomek\Pulpit\OTL.exe

PRC - [2010-02-07 12:53:11 | 000,077,824 | RHS- | M] () -- C:\WINDOWS\updated7.exe

PRC - [2010-02-07 12:24:18 | 000,041,085 | ---- | M] () -- C:\WINDOWS\system32\imPlayok.exe

PRC - [2010-02-07 12:24:18 | 000,041,085 | ---- | M] () -- C:\Documents and Settings\Tomek\implayok.exe

PRC - [2010-02-07 12:15:44 | 000,056,832 | ---- | M] () -- C:\WINDOWS\system32\regedit.exe

PRC - [2010-01-13 23:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe

PRC - [2010-01-08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe

PRC - [2010-01-06 21:17:45 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-09-13 19:55:02 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE

PRC - [2009-08-10 09:29:51 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009-08-10 09:29:51 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009-03-02 09:38:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008-01-24 10:59:10 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-12-06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

PRC - [2006-11-02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

PRC - [2004-08-04 00:44:30 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe



[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - [2010-02-07 14:53:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomek\Pulpit\OTL.exe

MOD - [2006-08-25 08:51:14 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2010-01-08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2009-09-13 19:55:02 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)

SRV - [2009-08-10 09:29:51 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009-08-10 09:29:51 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2007-12-06 21:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)

SRV - [2006-11-02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)

SRV - [2003-07-28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2009-12-17 15:02:34 | 000,123,280 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)

DRV - [2009-12-17 15:02:34 | 000,110,096 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)

DRV - [2009-12-17 15:02:34 | 000,099,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV - [2009-12-17 15:02:34 | 000,041,616 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)

DRV - [2009-12-07 19:19:16 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009-09-13 19:55:03 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)

DRV - [2009-08-10 09:29:51 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2009-03-30 07:03:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009-02-13 09:05:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008-02-12 02:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)

DRV - [2008-02-05 00:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)

DRV - [2008-01-24 10:52:06 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2004-08-04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2004-08-03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2004-08-03 21:59:44 | 000,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)

DRV - [2004-03-12 21:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d346prt.sys -- (d346prt)

DRV - [2004-03-12 21:41:28 | 000,156,800 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d346bus.sys -- (d346bus)

DRV - [2003-12-08 08:23:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)

DRV - [2003-12-08 08:23:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)

DRV - [2002-12-05 11:01:00 | 000,241,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)

DRV - [2002-12-05 11:01:00 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)

DRV - [2002-09-23 09:37:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)

DRV - [2002-09-06 10:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)

DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

DRV - [2001-08-17 22:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.startup.homepage: "www.go2.pl"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-02-07 13:11:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-02-07 13:11:18 | 000,000,000 | ---D | M]


[2009-08-10 09:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Extensions

[2010-07-02 18:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\cgy0jn4y.default\extensions

[2010-01-28 13:15:08 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\cgy0jn4y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010-01-28 13:15:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010-01-13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

[2009-11-22 17:49:41 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2009-11-22 17:49:41 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2009-11-22 17:49:41 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2009-11-22 17:49:41 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2009-11-22 17:49:41 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2009-11-22 17:49:41 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: ([2001-10-26 16:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Tomek\Dane aplikacji\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found

O4 - HKLM..\Run: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [imPlayok] C:\WINDOWS\system32\imPlayok.exe ()

O4 - HKLM..\Run: [Microsoft Driver Setup] C:\WINDOWS\updated7.exe ()

O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe ()

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKCU..\Run: [imPlayok] C:\Documents and Settings\Tomek\implayok.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Microsoft Driver Setup = C:\WINDOWS\updated7.exe ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Tomek\Dane aplikacji\FlashGetBHO\GetAllUrl.htm ()

O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Tomek\Dane aplikacji\FlashGetBHO\GetUrl.htm ()

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)

O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-9472485384-6137161365-962573573-4575\vesita.exe) - C:\RECYCLER\S-1-5-21-9472485384-6137161365-962573573-4575\vesita.exe ()

O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found

O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-3533935001-6324489985-129018764-6951\wnzip32.exe) - C:\RECYCLER\S-1-5-21-3533935001-6324489985-129018764-6951\wnzip32.exe ()

O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-9472485384-6137161365-962573573-4575\vesita.exe) - C:\RECYCLER\S-1-5-21-9472485384-6137161365-962573573-4575\vesita.exe ()

O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-5185051659-1306272819-148145740-5056\wnzip32.exe) - C:\RECYCLER\S-1-5-21-5185051659-1306272819-148145740-5056\wnzip32.exe ()

O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-1318316677-1203972249-561808963-8189\vesita.exe) - C:\RECYCLER\S-1-5-21-1318316677-1203972249-561808963-8189\vesita.exe ()

O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-9433694695-5625318697-345842136-4573\nissan.exe) - C:\RECYCLER\S-1-5-21-9433694695-5625318697-345842136-4573\nissan.exe ()

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6457571331-4653545538-479186140-6353\wnzip32.exe) - C:\RECYCLER\S-1-5-21-6457571331-4653545538-479186140-6353\wnzip32.exe File not found

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-08-10 09:03:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [NTFS]

O33 - MountPoints2\{c1f2345a-1262-11df-aa45-00112f387719}\Shell\AutoRun\command - "" = H:\BEJBI\\tatinamaza.exe -- File not found

O33 - MountPoints2\{c1f2345a-1262-11df-aa45-00112f387719}\Shell\explore\command - "" = H:\BEJBI\\tatinamaza.exe -- File not found

O33 - MountPoints2\{c1f2345a-1262-11df-aa45-00112f387719}\Shell\open\command - "" = H:\BEJBI\\tatinamaza.exe -- File not found

O33 - MountPoints2\{f1cf4b58-09c9-11df-aa06-00112f387719}\Shell\AutoRun\command - "" = I:\BEJBI\\tatinamaza.exe -- File not found

O33 - MountPoints2\{f1cf4b58-09c9-11df-aa06-00112f387719}\Shell\explore\command - "" = I:\BEJBI\\tatinamaza.exe -- File not found

O33 - MountPoints2\{f1cf4b58-09c9-11df-aa06-00112f387719}\Shell\open\command - "" = I:\BEJBI\\tatinamaza.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-02-07 14:52:55 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tomek\Pulpit\OTL.exe

[2010-02-07 13:12:31 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll

[2010-02-07 13:12:30 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll

[2010-02-07 13:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs

[2010-02-07 13:12:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2010-02-07 13:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect

[2010-02-07 13:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp

[2010-02-07 13:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\Winamp

[2010-02-07 13:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Adobe

[2010-02-07 12:25:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[2010-02-07 11:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com

[2010-02-07 11:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010-02-07 10:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\SkanerOnline

[2010-02-05 20:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP

[2010-02-05 20:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\Ace Utilities

[2010-02-05 20:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\.VirtualBox

[2010-02-05 20:11:50 | 000,123,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\drivers\VBoxDrv.sys

[2010-02-05 20:11:34 | 000,041,616 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\drivers\VBoxUSBMon.sys

[2010-02-05 20:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sun

[2010-02-05 15:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\BITS

[2010-02-05 15:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\FlashGetBHO

[2010-02-05 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network

[2010-02-04 20:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Pulpit\Siedlce archi i bud

[2010-02-01 10:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

[2010-01-29 17:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Wru

[2010-01-29 17:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Moje dokumenty\Wru Downloads

[2010-01-29 17:26:00 | 001,040,384 | ---- | C] (John Marshall Group) -- C:\WINDOWS\System32\GnucCOM.dll

[2010-01-18 20:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Pulpit\meble18.01

[2010-01-17 20:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Adobe

[2010-01-17 20:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\Adobe

[2010-01-17 19:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\Search Settings

[2010-01-17 19:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\pdfforge

[2010-01-17 16:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Dane aplikacji\PDFCreator

[2010-01-17 16:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2010-01-17 16:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar

[2010-01-17 16:40:34 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX

[2010-01-17 16:40:33 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX

[2010-01-17 16:40:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL

[2010-01-17 16:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator

[2010-01-08 21:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomek\Pulpit\wizytowka

[2009-08-10 12:48:49 | 000,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys

[2009-08-10 12:48:49 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys

[2009-08-10 09:03:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-08-10 09:03:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2009-08-10 09:03:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2010-07-01 18:06:27 | 000,000,675 | ---- | M] () -- C:\WINDOWS\win.ini

[2010-07-01 17:31:07 | 000,298,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-02-07 14:57:28 | 000,791,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\fgukxh.sys

[2010-02-07 14:55:55 | 007,094,112 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\launch.exe.part

[2010-02-07 14:55:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\launch.exe

[2010-02-07 14:53:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomek\Pulpit\OTL.exe

[2010-02-07 14:51:50 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At24.job

[2010-02-07 14:51:50 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At23.job

[2010-02-07 14:51:50 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At22.job

[2010-02-07 14:51:50 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At21.job

[2010-02-07 14:51:50 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At20.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At9.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At8.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At7.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At6.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At5.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At19.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At18.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At17.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At16.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At15.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At14.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At13.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At12.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At11.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At10.job

[2010-02-07 14:51:46 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010-02-07 14:50:16 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

[2010-02-07 14:50:16 | 000,000,240 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010-02-07 14:50:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-02-07 14:50:05 | 536,403,968 | -HS- | M] () -- C:\hiberfil.sys

[2010-02-07 14:50:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-02-07 14:43:47 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Tomek\NTUSER.DAT

[2010-02-07 14:43:47 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Tomek\ntuser.ini

[2010-02-07 13:12:36 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Winamp.lnk

[2010-02-07 12:53:11 | 000,077,824 | RHS- | M] () -- C:\WINDOWS\updated7.exe

[2010-02-07 12:53:11 | 000,077,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\609.exe

[2010-02-07 12:45:00 | 000,077,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\656.exe

[2010-02-07 12:24:18 | 000,041,085 | ---- | M] () -- C:\WINDOWS\System32\imPlayok.exe

[2010-02-07 12:24:18 | 000,041,085 | ---- | M] () -- C:\Documents and Settings\Tomek\implayok.exe

[2010-02-07 12:15:44 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\regedit.exe

[2010-02-07 12:15:43 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\implayok.exe.delme123

[2010-02-07 12:11:54 | 000,041,085 | ---- | M] () -- C:\WINDOWS\System32\implayok .exe

[2010-02-07 12:11:16 | 000,056,832 | RHS- | M] () -- C:\WINDOWS\updated7.exe.delme121

[2010-02-07 12:10:52 | 000,077,824 | RHS- | M] () -- C:\WINDOWS\updated7 .exe

[2010-02-06 19:15:22 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-02-06 16:47:02 | 000,002,620 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2010-02-06 16:46:51 | 000,000,168 | RHS- | M] () -- C:\WINDOWS\System32\B5E753CD8A.sys

[2010-02-06 13:56:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-02-06 10:33:25 | 000,000,336 | ---- | M] () -- C:\WINDOWS\System32\secustat.dat

[2010-02-05 19:48:28 | 000,000,891 | ---- | M] () -- C:\WINDOWS\System32\secushr.dat

[2010-02-05 15:28:48 | 000,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI

[2010-02-05 15:28:36 | 000,000,000 | ---- | M] () -- C:\bholog

[2010-02-05 13:16:32 | 000,080,816 | ---- | M] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

[2010-02-03 14:52:50 | 000,357,162 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2010-02-03 14:52:50 | 000,312,278 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-02-03 14:52:50 | 000,050,208 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2010-02-03 14:52:50 | 000,040,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-02-03 14:52:49 | 000,763,990 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-01-26 15:55:17 | 001,461,249 | ---- | M] () -- C:\Documents and Settings\Tomek\Pulpit\Ksiazka praktyki zawodowej A Pruszkowski.pdf

[2010-01-17 16:40:41 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\PDFCreator.lnk

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2010-02-07 14:55:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\launch.exe

[2010-02-07 14:55:54 | 003,489,632 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\launch.exe.part

[2010-02-07 14:50:05 | 536,403,968 | -HS- | C] () -- C:\hiberfil.sys

[2010-02-07 13:12:36 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Winamp.lnk

[2010-02-07 12:53:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\609.exe

[2010-02-07 12:45:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\656.exe

[2010-02-07 12:23:03 | 000,041,085 | ---- | C] () -- C:\Documents and Settings\Tomek\implayok.exe

[2010-02-07 12:15:44 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\regedit.exe

[2010-02-07 12:11:54 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\implayok.exe.delme123

[2010-02-07 12:11:54 | 000,041,085 | ---- | C] () -- C:\WINDOWS\System32\imPlayok.exe

[2010-02-07 12:11:54 | 000,041,085 | ---- | C] () -- C:\WINDOWS\System32\implayok .exe

[2010-02-07 12:10:57 | 000,077,824 | RHS- | C] () -- C:\WINDOWS\updated7.exe

[2010-02-07 12:10:57 | 000,077,824 | RHS- | C] () -- C:\WINDOWS\updated7 .exe

[2010-02-07 12:10:57 | 000,056,832 | RHS- | C] () -- C:\WINDOWS\updated7.exe.delme121

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At9.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At8.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At7.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At6.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At5.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At4.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At3.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At24.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At23.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At22.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At21.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At20.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At2.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At19.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At18.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At17.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At16.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At15.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At14.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At13.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At12.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At11.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At10.job

[2010-02-07 10:50:51 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\At1.job

[2010-02-06 19:54:56 | 000,791,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\fgukxh.sys

[2010-02-06 19:54:56 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

[2010-02-06 19:54:42 | 000,000,240 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

[2010-02-05 19:49:33 | 000,000,336 | ---- | C] () -- C:\WINDOWS\System32\secustat.dat

[2010-02-05 15:29:28 | 000,000,891 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat

[2010-02-05 15:28:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI

[2010-02-05 15:28:36 | 000,000,000 | ---- | C] () -- C:\bholog

[2010-01-26 15:54:53 | 001,461,249 | ---- | C] () -- C:\Documents and Settings\Tomek\Pulpit\Ksiazka praktyki zawodowej A Pruszkowski.pdf

[2010-01-17 16:40:41 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\PDFCreator.lnk

[2010-01-17 16:40:33 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2009-09-23 19:20:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI

[2009-09-17 18:36:02 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\B5E753CD8A.sys

[2009-09-17 18:30:37 | 000,002,620 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009-08-31 21:22:31 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009-08-27 07:15:57 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-08-17 19:29:01 | 000,019,253 | ---- | C] () -- C:\WINDOWS\MSUMLT_S.ini

[2009-08-17 19:28:21 | 000,020,646 | ---- | C] () -- C:\WINDOWS\MSTMON_S.INI

[2009-08-10 12:59:13 | 000,000,255 | ---- | C] () -- C:\WINDOWS\game.ini

[2009-08-10 09:27:09 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009-08-10 09:27:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009-08-10 09:26:16 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll

[2004-08-03 22:59:44 | 000,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys

[2004-03-15 18:28:50 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll

[2003-04-08 10:40:22 | 000,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI


[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:E965A533

< End of report >

deFco247 · 7 Luty 2010 14:54

Zawartość logów wklejasz na wklej.org, wklej.to lub nopaste.pl, a w poście dajesz link.

Win32./Polip to inaczej infekcja Vundo, chociaż masz ich tutaj dużo więcej…

Pobierz Combofix, ale nie uruchamiaj.

Przed uruchomieniem odinstaluj wszelkie programy tworzące wirtualne napędy (Daemon Tools, Alcohol itp.) oraz usuń sterownik SPTD narzędziem SPTDInst z opcji Uninstall (jeśli będzie zszarzałe, to OK).

Podczas pobierania i skanowania Combofixem należy wyłączyć wszelkie antywirusy i firewalle.

Otwórz Notatnik i wklej do niego:

File:: C:\WINDOWS\System32\drivers\609.exe C:\WINDOWS\System32\drivers\656.exe C:\Documents and Settings\Tomek\implayok.exe C:\WINDOWS\System32\regedit.exe C:\WINDOWS\System32\implayok.exe.delme123 C:\WINDOWS\System32\imPlayok.exe C:\WINDOWS\System32\implayok .exe C:\WINDOWS\updated7.exe C:\WINDOWS\updated7 .exe C:\WINDOWS\updated7.exe.delme121 C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\System32\drivers\fgukxh.sys C:\WINDOWS\tasks{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job C:\WINDOWS\tasks{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job Driver:: fgukxh Folder:: C:\Program Files\pdfforge Toolbar C:\RECYCLER

Plik zapisz pod nazwą CFScript , najlepiej w tym samym folderze co Combofix.exe

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę Combofix.exe

Powinno się rozpocząć usuwanie.

_ Potem dajesz log z usuwania Combofix. _

andrzej928 · 7 Luty 2010 15:38

oto co mi wyszło:

http://wklej.org/id/275471/

i dla pewności jeszcze raz login z OTL.

http://wklej.org/id/275475/

deFco247 · 7 Luty 2010 15:56

Chyba jednak bez instalacji nakładkowej się nie obędzie, gdyż tutaj jest wszystko: rootkit, zainfekowane pliki systemowe i masa reklamiarzy.

Wykonaj pełny skan Dr.Web CureIt.

Gdy będą wirusy, pokaż raport.

Lecz co się da - reszta do usunięcia.

Następnie wykonaj pełny skan Kaspersky Virus Removal Tool - usuwasz co znajdzie.

Ważne - najpierw Dr.Web, potem Kaspersky.

Jeśli po usuwaniu system nie będzie się chciał uruchomić, to wykonaj instalację nakładkową Windows.

Wyłącz i włącz Przywracanie Systemu na wszystkich dyskach. Instrukcja XP

Po tym pobierasz Combofix na nowo i pokazujesz z niego log.

andrzej928 · 8 Luty 2010 15:46

Nie podołałem temu zadaniu ;/

Zrobiłem format całego dysku usunąłem wszystkie partycje i na nowo instalka.