XP Security 2010


(Kris85) #1

Witam.

Wczoraj miałem problem z XP Security 2010. Udało mi się go usunąć (taką przynajmniej mam nadzieję) ale proszę o sprawdzenie aktualnego log-a czy coś w nim jeszcze nie "siedzi" http://wklejto.pl/65373


(jessica) #2

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

Kliknij w Run Fix. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

Następnie uruchom OTL ponownie, tym razem kliknij "Run Scan".

Pokaż nowy log OTL.txt oraz raport z usuwania.

Użyj >http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html

Usuń, to co wykryje, a raport tu pokaż.

jessi


(Kris85) #3

MALWARE:

Malwarebytes' Anti-Malware 1.45

Wersja bazy: 4044

Windows 5.1.2600 Dodatek Service Pack 3

Internet Explorer 8.0.6001.18702

2010-04-28 10:57:14

mbam-log-2010-04-28 (10-57-14).txt

Typ skanowania: Pełne skanowanie (C:\|E:\|F:\|)

Przeskanowano obiektów: 348443

Upłynęło: 1 godzin(y), 6 minut(y), 51 sekund(y)

Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 0

Zainfekowanych wartości rejestru: 2

Zainfekowane informacje rejestru systemowego: 6

Zainfekowanych folderów: 0

Zainfekowanych plików: 1

Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:

(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:

HKEY_CLASSES_ROOT.exe\shell\open\command(default) (Hijack.ExeFile) -> No action taken.

HKEY_CLASSES_ROOT\secfile\shell\open\command(default) (Rogue.MultipleAV) -> No action taken.

Zainfekowane informacje rejestru systemowego:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Zainfekowanych folderów:

(Nie znaleziono zagrożeń)

Zainfekowanych plików:

C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

OTL:

OTL logfile created on: 2010-04-28 11:03:55 - Run 3

OTL by OldTimer - Version 3.2.3.0 Folder = E:\PRACE_______TEMP\KS

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,00% Memory free

5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 107,42 Gb Total Space | 91,42 Gb Free Space | 85,11% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 358,31 Gb Total Space | 23,53 Gb Free Space | 6,57% Space Free | Partition Type: NTFS

Drive F: | 465,76 Gb Total Space | 87,05 Gb Free Space | 18,69% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PUZZLE1

Current User Name: user

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-04-27 11:16:08 | 000,563,712 | ---- | M] (OldTimer Tools) -- E:\PRACE_______TEMP\KS\OTL.exe

PRC - [2010-04-14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - 2009-09-06 14:38:06 | 000,071,096 | ---- | M -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2009-05-15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2008-10-15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe

PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007-11-09 12:37:38 | 001,780,480 | ---- | M] (Electronics for Imaging) -- C:\Program Files\EFI\EFI Colorproof XF\Server\EFI_XF_Server.exe

PRC - 2007-10-17 15:27:40 | 001,502,208 | ---- | M -- C:\Program Files\EFI\EFI Colorproof XF\Server\EFI_XF_Control.exe

PRC - [2007-08-29 10:55:24 | 001,966,080 | R--- | M] (Gigabyte Technology Corp.) -- C:\WINDOWS\system32\xRaidSetup.exe

PRC - 2007-02-06 12:08:14 | 001,727,232 | ---- | M -- C:\Program Files\FlexLM\EFI.exe

PRC - [2006-06-30 10:38:34 | 001,339,392 | ---- | M] (Macrovision Corporation) -- C:\Program Files\FlexLM\lmgrd.exe

PRC - [2005-05-19 17:45:42 | 000,405,504 | ---- | M] (A plus C Sp. z o.o.) -- C:\Program Files\AplusC\uplook\Agent\AnuTest.exe

PRC - 2005-03-31 16:26:54 | 000,172,032 | ---- | M -- C:\Program Files\EFI\EFI Colorproof XF\Server\Debuglog.exe

PRC - [2005-02-17 18:06:26 | 000,061,440 | ---- | M] (A plus C Sp. z o.o.) -- C:\Program Files\AplusC\uplook\Agent\svuhost.exe

========== Modules (SafeList) ==========

MOD - [2010-04-27 11:16:08 | 000,563,712 | ---- | M] (OldTimer Tools) -- E:\PRACE_______TEMP\KS\OTL.exe

MOD - [2010-04-14 18:36:14 | 000,140,800 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxBorder.dll

MOD - [2010-04-14 18:33:44 | 000,140,288 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxPlugins.dll

MOD - [2005-02-17 18:05:40 | 000,081,988 | ---- | M] (A plus C Sp. z o.o.) -- C:\Program Files\AplusC\uplook\Agent\AnuHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AVKWCtl)

SRV - File not found [Auto | Stopped] -- -- (AntiVirusKit Client)

SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - 2009-09-06 14:38:06 | 000,071,096 | ---- | M [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)

SRV - [2009-05-15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2008-10-15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

SRV - 2007-12-14 11:46:28 | 000,047,624 | ---- | M [On_Demand | Stopped] -- C:\Program Files\GIGABYTE\GEST\GSvr.exe -- (GEST Service)

SRV - [2007-11-09 12:37:38 | 001,780,480 | ---- | M] (Electronics for Imaging) [Auto | Running] -- C:\Program Files\EFI\EFI Colorproof XF\Server\EFI_XF_Server.exe -- (EFI XF Server)

SRV - [2006-06-30 10:38:34 | 001,339,392 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\FlexLM\lmgrd.exe -- (EFI License Manager)

SRV - 2005-03-31 16:26:54 | 000,172,032 | ---- | M [Auto | Running] -- C:\Program Files\EFI\EFI Colorproof XF\Server\Debuglog.exe -- (DebugLog)

SRV - [2005-02-17 18:06:26 | 000,061,440 | ---- | M] (A plus C Sp. z o.o.) [Auto | Running] -- C:\Program Files\AplusC\uplook\Agent\svuhost.exe -- (uplook agent tracer)

========== Driver Services (SafeList) ==========

DRV - [2010-04-14 18:37:13 | 000,297,552 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2010-04-14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010-04-14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)

DRV - [2010-04-14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010-04-14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010-04-14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010-04-14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)

DRV - 2009-11-12 14:48:56 | 000,007,168 | ---- | M [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)

DRV - 2009-09-08 09:38:52 | 000,016,608 | ---- | M [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2009-08-05 14:55:42 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)

DRV - [2009-08-05 14:55:28 | 000,050,632 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)

DRV - 2009-07-28 15:24:43 | 000,052,858 | ---- | M [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\interceptor.sys -- (GDInterceptor)

DRV - [2009-07-28 13:27:24 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (Jraid)

DRV - [2009-04-30 22:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008-02-14 11:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008-01-03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007-10-11 11:10:52 | 000,030,008 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv)

DRV - 2006-05-10 18:24:00 | 000,026,045 | ---- | M [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i1.sys -- (i1)

DRV - [2005-07-28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

DRV - [2005-07-20 18:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)

DRV - [2005-07-20 18:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\Components: C:\Program Files\Mozilla Firefox\components [2010-04-07 13:48:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-19 10:38:24 | 000,000,000 | ---D | M]

[2009-09-03 12:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions

[2010-04-27 11:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\ojmaqehd.default\extensions

[2009-11-03 11:01:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\ojmaqehd.default\extensions{20a82645-c095-46ed-80e3-08825760534b}

[2010-04-27 11:34:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

2009-07-15 21:00:25 | 000,002,767 | ---- | M -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

2009-07-15 21:00:25 | 000,001,406 | ---- | M -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

2009-07-15 21:00:25 | 000,000,917 | ---- | M -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

2009-07-15 21:00:25 | 000,000,858 | ---- | M -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

2009-07-15 21:00:25 | 000,001,183 | ---- | M -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

2009-07-15 21:00:25 | 000,001,683 | ---- | M -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2010-04-28 09:43:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AnuTest] C:\Program Files\AplusC\uplook\Agent\AnuTest.exe (A plus C Sp. z o.o.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)

O4 - HKLM..\Run: [EFI_XF_Control] C:\Program Files\EFI\EFI Colorproof XF\Server\EFI_XF_Control.exe (EFI)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.10

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - Unable to open key or key not present!

O32 - AutoRun File - 2009-07-28 14:27:22 | 000,000,000 | ---- | M - C:\AUTOEXEC.BAT -- [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-04-28 09:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\Malwarebytes

[2010-04-28 09:47:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-04-28 09:47:31 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-04-28 09:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010-04-28 09:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes

[2010-04-28 06:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\FlexLM

[2010-04-28 06:49:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icons

[2010-04-27 16:31:02 | 000,297,552 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2010-04-27 16:31:02 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010-04-27 16:31:02 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010-04-27 16:31:02 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010-04-27 16:31:01 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010-04-27 16:31:01 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010-04-27 16:31:01 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010-04-27 16:31:01 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010-04-27 16:30:51 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010-04-27 16:30:51 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr

[2010-04-27 16:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010-04-27 16:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software

[2010-04-27 12:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Pulpit\efi

[2010-04-27 11:21:54 | 000,000,000 | ---D | C] -- C:\G DATA

[2010-04-27 06:41:05 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys

========== Files - Modified Within 30 Days ==========

2010-04-28 11:02:30 | 000,013,646 | ---- | M -- C:\WINDOWS\System32\wpa.dbl

2010-04-28 11:01:50 | 000,229,488 | ---- | M -- C:\WINDOWS\System32\NvApps.xml

2010-04-28 11:00:47 | 008,405,015 | ---- | M -- C:\WINDOWS\TempFile

2010-04-28 11:00:31 | 000,000,006 | -H-- | M -- C:\WINDOWS\tasks\SA.DAT

2010-04-28 11:00:28 | 000,002,048 | --S- | M -- C:\WINDOWS\bootstat.dat

2010-04-28 10:58:55 | 008,126,464 | ---- | M -- C:\Documents and Settings\user\ntuser.dat

2010-04-28 10:58:49 | 000,000,292 | -HS- | M -- C:\Documents and Settings\user\ntuser.ini

2010-04-28 10:58:38 | 004,820,718 | -H-- | M -- C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\IconCache.db

2010-04-28 09:43:46 | 000,000,098 | ---- | M -- C:\WINDOWS\System32\drivers\etc\Hosts

2010-04-28 08:38:45 | 000,003,810 | ---- | M -- C:\WINDOWS\WINCMD.INI

2010-04-28 08:34:19 | 000,011,449 | ---- | M -- C:\WINDOWS\wcx_ftp.ini

2010-04-28 07:38:09 | 000,560,102 | ---- | M -- C:\Documents and Settings\user\Moje dokumenty\28-04-ks.MDI

2010-04-28 06:49:07 | 000,001,685 | ---- | M -- C:\Documents and Settings\All Users\Pulpit\EFI Colorproof XF Client.lnk

2010-04-28 06:49:04 | 000,000,769 | ---- | M -- C:\Documents and Settings\All Users\Pulpit\EFI Colorproof XF Job Monitor.lnk

[2010-04-28 06:48:15 | 000,376,832 | ---- | M] (MARX CryptoTech LP ) -- C:\WINDOWS\System32\MPIWIN32.DLL

[2010-04-28 06:48:15 | 000,045,056 | ---- | M] (MARX CryptoTech LP) -- C:\WINDOWS\System32\drivers\CBUSB.SYS

2010-04-28 06:48:15 | 000,043,520 | ---- | M -- C:\WINDOWS\System32\CBNDLL.DLL

2010-04-27 16:31:02 | 000,001,700 | ---- | M -- C:\Documents and Settings\All Users\Pulpit\avast! Pro Antivirus.lnk

2010-04-27 16:31:01 | 000,002,645 | ---- | M -- C:\WINDOWS\System32\CONFIG.NT

2010-04-23 16:38:39 | 038,089,818 | ---- | M -- C:\Documents and Settings\user\Pulpit\2010 04 19 eMIS.pdf

2010-04-19 10:38:24 | 000,001,729 | ---- | M -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk

2010-04-15 03:01:37 | 000,001,374 | ---- | M -- C:\WINDOWS\imsins.BAK

[2010-04-14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr

[2010-04-14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010-04-14 18:37:13 | 000,297,552 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2010-04-14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010-04-14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010-04-14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010-04-14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010-04-14 18:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010-04-14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010-04-14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

2010-04-09 08:53:38 | 000,559,260 | ---- | M -- C:\Documents and Settings\user\Moje dokumenty\4.mdi

2010-04-09 08:52:50 | 000,557,522 | ---- | M -- C:\Documents and Settings\user\Moje dokumenty\3.mdi

2010-04-09 08:52:00 | 000,557,438 | ---- | M -- C:\Documents and Settings\user\Moje dokumenty\2.mdi

2010-04-09 08:50:56 | 000,557,712 | ---- | M -- C:\Documents and Settings\user\Moje dokumenty\1.mdi

2010-03-30 21:53:09 | 001,100,808 | ---- | M -- C:\WINDOWS\System32\PerfStringBackup.INI

2010-03-30 21:53:09 | 000,494,996 | ---- | M -- C:\WINDOWS\System32\perfh015.dat

2010-03-30 21:53:09 | 000,436,602 | ---- | M -- C:\WINDOWS\System32\perfh009.dat

2010-03-30 21:53:09 | 000,085,662 | ---- | M -- C:\WINDOWS\System32\perfc015.dat

2010-03-30 21:53:09 | 000,068,828 | ---- | M -- C:\WINDOWS\System32\perfc009.dat

[2010-03-29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-03-29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

2010-04-28 07:38:07 | 000,560,102 | ---- | C -- C:\Documents and Settings\user\Moje dokumenty\28-04-ks.MDI

2010-04-28 06:49:07 | 000,001,685 | ---- | C -- C:\Documents and Settings\All Users\Pulpit\EFI Colorproof XF Client.lnk

2010-04-28 06:49:04 | 000,000,769 | ---- | C -- C:\Documents and Settings\All Users\Pulpit\EFI Colorproof XF Job Monitor.lnk

2010-04-27 16:31:02 | 000,001,700 | ---- | C -- C:\Documents and Settings\All Users\Pulpit\avast! Pro Antivirus.lnk

2010-04-27 15:13:29 | 000,205,824 | -HS- | C -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ave.exe

2010-04-27 15:13:29 | 000,010,386 | -HS- | C -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\85mWmkJi

2010-04-23 16:38:36 | 038,089,818 | ---- | C -- C:\Documents and Settings\user\Pulpit\2010 04 19 eMIS.pdf

2010-04-09 08:53:36 | 000,559,260 | ---- | C -- C:\Documents and Settings\user\Moje dokumenty\4.mdi

2010-04-09 08:52:48 | 000,557,522 | ---- | C -- C:\Documents and Settings\user\Moje dokumenty\3.mdi

2010-04-09 08:51:59 | 000,557,438 | ---- | C -- C:\Documents and Settings\user\Moje dokumenty\2.mdi

2010-04-09 08:50:54 | 000,557,712 | ---- | C -- C:\Documents and Settings\user\Moje dokumenty\1.mdi

2009-11-03 21:16:40 | 000,178,176 | ---- | C -- C:\WINDOWS\System32\unrar.dll

2009-11-03 21:16:40 | 000,000,038 | ---- | C -- C:\WINDOWS\avisplitter.ini

2009-11-03 21:16:37 | 000,881,664 | ---- | C -- C:\WINDOWS\System32\xvidcore.dll

2009-11-03 21:16:37 | 000,205,824 | ---- | C -- C:\WINDOWS\System32\xvidvfw.dll

2009-11-03 21:16:35 | 000,085,504 | ---- | C -- C:\WINDOWS\System32\ff_vfw.dll

2009-11-03 21:16:35 | 000,000,547 | ---- | C -- C:\WINDOWS\System32\ff_vfw.dll.manifest

2009-11-02 08:52:51 | 000,007,168 | ---- | C -- C:\WINDOWS\System32\drivers\StarOpen.sys

2009-09-18 13:11:31 | 000,004,767 | ---- | C -- C:\WINDOWS\Irremote.ini

2009-09-15 20:03:51 | 000,000,122 | ---- | C -- C:\WINDOWS\PrintCon.INI

2009-09-11 12:57:34 | 001,388,032 | ---- | C -- C:\WINDOWS\System32\WorkflowMenu.dll

2009-09-02 16:26:02 | 000,011,449 | ---- | C -- C:\WINDOWS\wcx_ftp.ini

2009-09-02 16:26:02 | 000,003,810 | ---- | C -- C:\WINDOWS\WINCMD.INI

2009-08-05 18:25:39 | 000,000,378 | ---- | C -- C:\WINDOWS\hpbafd.ini

2009-07-28 19:27:08 | 000,090,112 | ---- | C -- C:\WINDOWS\System32\redmonnt.dll

2009-07-28 16:48:51 | 000,043,520 | ---- | C -- C:\WINDOWS\System32\CBNDLL.DLL

2009-07-28 15:24:43 | 000,052,858 | ---- | C -- C:\WINDOWS\System32\interceptor.sys

2009-07-28 15:13:03 | 000,000,421 | ---- | C -- C:\WINDOWS\ODBC.INI

2009-07-28 14:31:52 | 000,016,608 | ---- | C -- C:\WINDOWS\gdrv.sys

2009-05-01 00:31:06 | 001,724,416 | ---- | C -- C:\WINDOWS\System32\nvwdmcpl.dll

2009-05-01 00:31:06 | 001,507,328 | ---- | C -- C:\WINDOWS\System32\nview.dll

2009-05-01 00:31:06 | 001,101,824 | ---- | C -- C:\WINDOWS\System32\nvwimg.dll

2009-05-01 00:31:06 | 000,466,944 | ---- | C -- C:\WINDOWS\System32\nvshell.dll

2008-10-07 09:13:30 | 000,197,912 | ---- | C -- C:\WINDOWS\System32\physxcudart_20.dll

2008-10-07 09:13:22 | 000,058,648 | ---- | C -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

2008-10-07 09:13:20 | 000,058,648 | ---- | C -- C:\WINDOWS\System32\AgCPanelSwedish.dll

2008-10-07 09:13:20 | 000,058,648 | ---- | C -- C:\WINDOWS\System32\AgCPanelSpanish.dll

2008-10-07 09:13:20 | 000,058,648 | ---- | C -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

2008-10-07 09:13:20 | 000,058,648 | ---- | C -- C:\WINDOWS\System32\AgCPanelPortugese.dll

2008-10-07 09:13:20 | 000,058,648 | ---- | C -- C:\WINDOWS\System32\AgCPanelKorean.dll

2008-10-07 09:13:20 | 000,058,648 | ---- | C -- C:\WINDOWS\System32\AgCPanelJapanese.dll

2008-10-07 09:13:20 | 000,058,648 | ---- | C -- C:\WINDOWS\System32\AgCPanelGerman.dll

2008-10-07 09:13:20 | 000,058,648 | ---- | C -- C:\WINDOWS\System32\AgCPanelFrench.dll

2007-01-15 11:38:44 | 000,069,632 | ---- | C -- C:\WINDOWS\System32\PuzzleMon2.dll

2007-01-15 11:38:44 | 000,030,720 | ---- | C -- C:\WINDOWS\System32\ShellExtPF.dll

2003-04-08 11:40:22 | 000,005,679 | ---- | C -- C:\WINDOWS\System32\OUTLPERF.INI

2001-10-27 00:41:36 | 000,003,619 | ---- | C -- C:\WINDOWS\System32\fxsperf.ini

< End of report >


(jessica) #4

Powinno być już OK.

A tak na marginesie: w logu widać Avasta i G-Data - po co dwa Antivirusy?

W OTL kliknij na przycisk "CleanUp" - to go usunie razem z jego Kwarantanną.

Usuń kopie szkodników z folderu "System Volume Information" poprzez chwilowe wyłączenie "Przywracania Systemu":

jessi


(Kris85) #5

G Data był do wczoraj. Jako, że nie poradził sobie z XP Security 2010 usunąłem go i zainstalowałem Avasta, żeby przeskanować podczas rozruchu. Po G Data najwyraźniej pozostały jakieś śmieci. Zrobiłem wszystko tak jak napisałeś (-aś) więc powinno być ok. Wielkie dzięki za pomoc.