Witam.
Wczoraj miałem problem z XP Security 2010. Udało mi się go usunąć (taką przynajmniej mam nadzieję) ale proszę o sprawdzenie aktualnego log-a czy coś w nim jeszcze nie “siedzi” http://wklejto.pl/65373
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:
Kliknij w Run Fix. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij “Run Scan”.
Pokaż nowy log OTL.txt oraz raport z usuwania.
Użyj >http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html
Usuń, to co wykryje, a raport tu pokaż.
jessi
MALWARE:
Malwarebytes’ Anti-Malware 1.45
Wersja bazy: 4044
Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 8.0.6001.18702
2010-04-28 10:57:14
mbam-log-2010-04-28 (10-57-14).txt
Typ skanowania: Pełne skanowanie (C:|E:|F:|)
Przeskanowano obiektów: 348443
Upłynęło: 1 godzin(y), 6 minut(y), 51 sekund(y)
Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 2
Zainfekowane informacje rejestru systemowego: 6
Zainfekowanych folderów: 0
Zainfekowanych plików: 1
Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)
Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)
Zainfekowanych wartości rejestru:
HKEY_CLASSES_ROOT.exe\shell\open\command(default) (Hijack.ExeFile) -> No action taken.
HKEY_CLASSES_ROOT\secfile\shell\open\command(default) (Rogue.MultipleAV) -> No action taken.
Zainfekowane informacje rejestru systemowego:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command(default) (Hijack.StartMenuInternet) -> Bad: (“C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\ave.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe”) Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command(default) (Hijack.StartMenuInternet) -> Bad: (“C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\ave.exe” /START “C:\Program Files\Internet Explorer\iexplore.exe”) Good: (iexplore.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command(default) (Hijack.StartMenuInternet) -> Bad: (“C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\ave.exe” /START “C:\Program Files\Mozilla Firefox\firefox.exe” -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Zainfekowanych folderów:
(Nie znaleziono zagrożeń)
Zainfekowanych plików:
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
OTL:
OTL logfile created on: 2010-04-28 11:03:55 - Run 3
OTL by OldTimer - Version 3.2.3.0 Folder = E:\PRACE_______TEMP\KS
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107,42 Gb Total Space | 91,42 Gb Free Space | 85,11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 358,31 Gb Total Space | 23,53 Gb Free Space | 6,57% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 87,05 Gb Free Space | 18,69% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PUZZLE1
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010-04-27 11:16:08 | 000,563,712 | ---- | M] (OldTimer Tools) – E:\PRACE_______TEMP\KS\OTL.exe
PRC - [2010-04-14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-09-06 14:38:06 | 000,071,096 | ---- | M] () – C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009-05-15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) – C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008-10-15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) – C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
PRC - [2007-11-09 12:37:38 | 001,780,480 | ---- | M] (Electronics for Imaging) – C:\Program Files\EFI\EFI Colorproof XF\Server\EFI_XF_Server.exe
PRC - [2007-10-17 15:27:40 | 001,502,208 | ---- | M] (EFI) – C:\Program Files\EFI\EFI Colorproof XF\Server\EFI_XF_Control.exe
PRC - [2007-08-29 10:55:24 | 001,966,080 | R— | M] (Gigabyte Technology Corp.) – C:\WINDOWS\system32\xRaidSetup.exe
PRC - [2007-02-06 12:08:14 | 001,727,232 | ---- | M] () – C:\Program Files\FlexLM\EFI.exe
PRC - [2006-06-30 10:38:34 | 001,339,392 | ---- | M] (Macrovision Corporation) – C:\Program Files\FlexLM\lmgrd.exe
PRC - [2005-05-19 17:45:42 | 000,405,504 | ---- | M] (A plus C Sp. z o.o.) – C:\Program Files\AplusC\uplook\Agent\AnuTest.exe
PRC - [2005-03-31 16:26:54 | 000,172,032 | ---- | M] () – C:\Program Files\EFI\EFI Colorproof XF\Server\Debuglog.exe
PRC - [2005-02-17 18:06:26 | 000,061,440 | ---- | M] (A plus C Sp. z o.o.) – C:\Program Files\AplusC\uplook\Agent\svuhost.exe
========== Modules (SafeList) ==========
MOD - [2010-04-27 11:16:08 | 000,563,712 | ---- | M] (OldTimer Tools) – E:\PRACE_______TEMP\KS\OTL.exe
MOD - [2010-04-14 18:36:14 | 000,140,800 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast5\snxBorder.dll
MOD - [2010-04-14 18:33:44 | 000,140,288 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast5\snxPlugins.dll
MOD - [2005-02-17 18:05:40 | 000,081,988 | ---- | M] (A plus C Sp. z o.o.) – C:\Program Files\AplusC\uplook\Agent\AnuHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] – -- (AVKWCtl)
SRV - File not found [Auto | Stopped] – -- (AntiVirusKit Client)
SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Web Scanner)
SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Mail Scanner)
SRV - [2010-04-14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Antivirus)
SRV - [2009-09-06 14:38:06 | 000,071,096 | ---- | M] () [Auto | Running] – C:\Program Files\CDBurnerXP\NMSAccessU.exe – (NMSAccessU)
SRV - [2009-05-15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] – C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe – (Nero BackItUp Scheduler 4.0)
SRV - [2008-10-15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] – C:\Program Files\RealVNC\VNC4\WinVNC4.exe – (WinVNC4)
SRV - [2007-12-14 11:46:28 | 000,047,624 | ---- | M] () [On_Demand | Stopped] – C:\Program Files\GIGABYTE\GEST\GSvr.exe – (GEST Service)
SRV - [2007-11-09 12:37:38 | 001,780,480 | ---- | M] (Electronics for Imaging) [Auto | Running] – C:\Program Files\EFI\EFI Colorproof XF\Server\EFI_XF_Server.exe – (EFI XF Server)
SRV - [2006-06-30 10:38:34 | 001,339,392 | ---- | M] (Macrovision Corporation) [Auto | Running] – C:\Program Files\FlexLM\lmgrd.exe – (EFI License Manager)
SRV - [2005-03-31 16:26:54 | 000,172,032 | ---- | M] () [Auto | Running] – C:\Program Files\EFI\EFI Colorproof XF\Server\Debuglog.exe – (DebugLog)
SRV - [2005-02-17 18:06:26 | 000,061,440 | ---- | M] (A plus C Sp. z o.o.) [Auto | Running] – C:\Program Files\AplusC\uplook\Agent\svuhost.exe – (uplook agent tracer)
========== Driver Services (SafeList) ==========
DRV - [2010-04-14 18:37:13 | 000,297,552 | ---- | M] (ALWIL Software) [File_System | System | Running] – C:\WINDOWS\system32\drivers\aswSnx.sys – (aswSnx)
DRV - [2010-04-14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\aswTdi.sys – (aswTdi)
DRV - [2010-04-14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\aswSP.sys – (aswSP)
DRV - [2010-04-14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\aswRdr.sys – (aswRdr)
DRV - [2010-04-14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\WINDOWS\system32\drivers\aswmon2.sys – (aswMon2)
DRV - [2010-04-14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\WINDOWS\system32\drivers\aswFsBlk.sys – (aswFsBlk)
DRV - [2010-04-14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\aavmker4.sys – (Aavmker4)
DRV - [2009-11-12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\StarOpen.sys – (StarOpen)
DRV - [2009-09-08 09:38:52 | 000,016,608 | ---- | M] () [Kernel | On_Demand | Stopped] – C:\WINDOWS\gdrv.sys – (gdrv)
DRV - [2009-08-05 14:55:42 | 000,051,016 | ---- | M] (G DATA Software AG) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\GDTdiIcpt.sys – (GDTdiInterceptor)
DRV - [2009-08-05 14:55:28 | 000,050,632 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\MiniIcpt.sys – (GDMnIcpt)
DRV - [2009-07-28 15:24:43 | 000,052,858 | ---- | M] () [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\interceptor.sys – (GDInterceptor)
DRV - [2009-07-28 13:27:24 | 000,065,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\jraid.sys – (Jraid)
DRV - [2009-04-30 22:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\nv4_mini.sys – (nv)
DRV - [2008-04-13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\hdaudbus.sys – (HDAudBus)
DRV - [2008-02-14 11:04:06 | 004,676,096 | R— | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\RtkHDAud.sys – (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-01-03 16:10:16 | 000,105,856 | R— | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Rtenicxp.sys – (RTLE8023xp)
DRV - [2007-10-11 11:10:52 | 000,030,008 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ET5Drv.sys – (ET5Drv)
DRV - [2006-05-10 18:24:00 | 000,026,045 | ---- | M] (GretagMacbeth) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\i1.sys – (i1)
DRV - [2005-07-28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\hardlock.sys – (Hardlock)
DRV - [2005-07-20 18:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\aksusb.sys – (aksusb)
DRV - [2005-07-20 18:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\akshasp.sys – (akshasp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
========== FireFox ==========
FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\Components: C:\Program Files\Mozilla Firefox\components [2010-04-07 13:48:00 | 000,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-19 10:38:24 | 000,000,000 | —D | M]
[2009-09-03 12:08:08 | 000,000,000 | —D | M] – C:\Documents and Settings\user\Dane aplikacji\Mozilla\Extensions
[2010-04-27 11:34:29 | 000,000,000 | —D | M] – C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\ojmaqehd.default\extensions
[2009-11-03 11:01:06 | 000,000,000 | —D | M] (Microsoft .NET Framework Assistant) – C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\ojmaqehd.default\extensions{20a82645-c095-46ed-80e3-08825760534b}
[2010-04-27 11:34:29 | 000,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions
[2009-07-15 21:00:25 | 000,002,767 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2009-07-15 21:00:25 | 000,001,406 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2009-07-15 21:00:25 | 000,000,917 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2009-07-15 21:00:25 | 000,000,858 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2009-07-15 21:00:25 | 000,001,183 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2009-07-15 21:00:25 | 000,001,683 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml
O1 HOSTS File: ([2010-04-28 09:43:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM…\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM…\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM…\Run: [AnuTest] C:\Program Files\AplusC\uplook\Agent\AnuTest.exe (A plus C Sp. z o.o.)
O4 - HKLM…\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM…\Run: [EFI_XF_Control] C:\Program Files\EFI\EFI Colorproof XF\Server\EFI_XF_Control.exe (EFI)
O4 - HKLM…\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM…\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM…\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM…\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ … vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2009-07-28 14:27:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM…comfile [open] – “%1” %*
O35 - HKLM…exefile [open] – “%1” %*
O37 - HKLM…com [@ = comfile] – “%1” %*
O37 - HKLM…exe [@ = exefile] – “%1” %*
========== Files/Folders - Created Within 30 Days ==========
[2010-04-28 09:47:42 | 000,000,000 | —D | C] – C:\Documents and Settings\user\Dane aplikacji\Malwarebytes
[2010-04-28 09:47:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-28 09:47:31 | 000,020,824 | ---- | C] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-28 09:47:31 | 000,000,000 | —D | C] – C:\Program Files\Malwarebytes’ Anti-Malware
[2010-04-28 09:47:31 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes
[2010-04-28 06:49:30 | 000,000,000 | —D | C] – C:\Program Files\FlexLM
[2010-04-28 06:49:04 | 000,000,000 | —D | C] – C:\WINDOWS\System32\icons
[2010-04-27 16:31:02 | 000,297,552 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSnx.sys
[2010-04-27 16:31:02 | 000,162,768 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSP.sys
[2010-04-27 16:31:02 | 000,023,376 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-04-27 16:31:02 | 000,019,024 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-04-27 16:31:01 | 000,100,432 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-04-27 16:31:01 | 000,094,800 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon.sys
[2010-04-27 16:31:01 | 000,046,672 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-04-27 16:31:01 | 000,028,880 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-04-27 16:30:51 | 000,153,184 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\aswBoot.exe
[2010-04-27 16:30:51 | 000,038,848 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\avastSS.scr
[2010-04-27 16:30:48 | 000,000,000 | —D | C] – C:\Program Files\Alwil Software
[2010-04-27 16:30:48 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software
[2010-04-27 12:39:40 | 000,000,000 | —D | C] – C:\Documents and Settings\user\Pulpit\efi
[2010-04-27 11:21:54 | 000,000,000 | —D | C] – C:\G DATA
[2010-04-27 06:41:05 | 000,062,976 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\cdrom.sys
========== Files - Modified Within 30 Days ==========
[2010-04-28 11:02:30 | 000,013,646 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2010-04-28 11:01:50 | 000,229,488 | ---- | M] () – C:\WINDOWS\System32\NvApps.xml
[2010-04-28 11:00:47 | 008,405,015 | ---- | M] () – C:\WINDOWS\TempFile
[2010-04-28 11:00:31 | 000,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT
[2010-04-28 11:00:28 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2010-04-28 10:58:55 | 008,126,464 | ---- | M] () – C:\Documents and Settings\user\ntuser.dat
[2010-04-28 10:58:49 | 000,000,292 | -HS- | M] () – C:\Documents and Settings\user\ntuser.ini
[2010-04-28 10:58:38 | 004,820,718 | -H-- | M] () – C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-04-28 09:43:46 | 000,000,098 | ---- | M] () – C:\WINDOWS\System32\drivers\etc\Hosts
[2010-04-28 08:38:45 | 000,003,810 | ---- | M] () – C:\WINDOWS\WINCMD.INI
[2010-04-28 08:34:19 | 000,011,449 | ---- | M] () – C:\WINDOWS\wcx_ftp.ini
[2010-04-28 07:38:09 | 000,560,102 | ---- | M] () – C:\Documents and Settings\user\Moje dokumenty\28-04-ks.MDI
[2010-04-28 06:49:07 | 000,001,685 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\EFI Colorproof XF Client.lnk
[2010-04-28 06:49:04 | 000,000,769 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\EFI Colorproof XF Job Monitor.lnk
[2010-04-28 06:48:15 | 000,376,832 | ---- | M] (MARX CryptoTech LP ) – C:\WINDOWS\System32\MPIWIN32.DLL
[2010-04-28 06:48:15 | 000,045,056 | ---- | M] (MARX CryptoTech LP) – C:\WINDOWS\System32\drivers\CBUSB.SYS
[2010-04-28 06:48:15 | 000,043,520 | ---- | M] () – C:\WINDOWS\System32\CBNDLL.DLL
[2010-04-27 16:31:02 | 000,001,700 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\avast! Pro Antivirus.lnk
[2010-04-27 16:31:01 | 000,002,645 | ---- | M] () – C:\WINDOWS\System32\CONFIG.NT
[2010-04-23 16:38:39 | 038,089,818 | ---- | M] () – C:\Documents and Settings\user\Pulpit\2010 04 19 eMIS.pdf
[2010-04-19 10:38:24 | 000,001,729 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2010-04-15 03:01:37 | 000,001,374 | ---- | M] () – C:\WINDOWS\imsins.BAK
[2010-04-14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\avastSS.scr
[2010-04-14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\aswBoot.exe
[2010-04-14 18:37:13 | 000,297,552 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSnx.sys
[2010-04-14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswTdi.sys
[2010-04-14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSP.sys
[2010-04-14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswRdr.sys
[2010-04-14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon2.sys
[2010-04-14 18:31:09 | 000,094,800 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon.sys
[2010-04-14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010-04-14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) – C:\WINDOWS\System32\drivers\aavmker4.sys
[2010-04-09 08:53:38 | 000,559,260 | ---- | M] () – C:\Documents and Settings\user\Moje dokumenty\4.mdi
[2010-04-09 08:52:50 | 000,557,522 | ---- | M] () – C:\Documents and Settings\user\Moje dokumenty\3.mdi
[2010-04-09 08:52:00 | 000,557,438 | ---- | M] () – C:\Documents and Settings\user\Moje dokumenty\2.mdi
[2010-04-09 08:50:56 | 000,557,712 | ---- | M] () – C:\Documents and Settings\user\Moje dokumenty\1.mdi
[2010-03-30 21:53:09 | 001,100,808 | ---- | M] () – C:\WINDOWS\System32\PerfStringBackup.INI
[2010-03-30 21:53:09 | 000,494,996 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat
[2010-03-30 21:53:09 | 000,436,602 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat
[2010-03-30 21:53:09 | 000,085,662 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat
[2010-03-30 21:53:09 | 000,068,828 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat
[2010-03-29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2010-04-28 07:38:07 | 000,560,102 | ---- | C] () – C:\Documents and Settings\user\Moje dokumenty\28-04-ks.MDI
[2010-04-28 06:49:07 | 000,001,685 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\EFI Colorproof XF Client.lnk
[2010-04-28 06:49:04 | 000,000,769 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\EFI Colorproof XF Job Monitor.lnk
[2010-04-27 16:31:02 | 000,001,700 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\avast! Pro Antivirus.lnk
[2010-04-27 15:13:29 | 000,205,824 | -HS- | C] () – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ave.exe
[2010-04-27 15:13:29 | 000,010,386 | -HS- | C] () – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\85mWmkJi
[2010-04-23 16:38:36 | 038,089,818 | ---- | C] () – C:\Documents and Settings\user\Pulpit\2010 04 19 eMIS.pdf
[2010-04-09 08:53:36 | 000,559,260 | ---- | C] () – C:\Documents and Settings\user\Moje dokumenty\4.mdi
[2010-04-09 08:52:48 | 000,557,522 | ---- | C] () – C:\Documents and Settings\user\Moje dokumenty\3.mdi
[2010-04-09 08:51:59 | 000,557,438 | ---- | C] () – C:\Documents and Settings\user\Moje dokumenty\2.mdi
[2010-04-09 08:50:54 | 000,557,712 | ---- | C] () – C:\Documents and Settings\user\Moje dokumenty\1.mdi
[2009-11-03 21:16:40 | 000,178,176 | ---- | C] () – C:\WINDOWS\System32\unrar.dll
[2009-11-03 21:16:40 | 000,000,038 | ---- | C] () – C:\WINDOWS\avisplitter.ini
[2009-11-03 21:16:37 | 000,881,664 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll
[2009-11-03 21:16:37 | 000,205,824 | ---- | C] () – C:\WINDOWS\System32\xvidvfw.dll
[2009-11-03 21:16:35 | 000,085,504 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll
[2009-11-03 21:16:35 | 000,000,547 | ---- | C] () – C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-11-02 08:52:51 | 000,007,168 | ---- | C] () – C:\WINDOWS\System32\drivers\StarOpen.sys
[2009-09-18 13:11:31 | 000,004,767 | ---- | C] () – C:\WINDOWS\Irremote.ini
[2009-09-15 20:03:51 | 000,000,122 | ---- | C] () – C:\WINDOWS\PrintCon.INI
[2009-09-11 12:57:34 | 001,388,032 | ---- | C] () – C:\WINDOWS\System32\WorkflowMenu.dll
[2009-09-02 16:26:02 | 000,011,449 | ---- | C] () – C:\WINDOWS\wcx_ftp.ini
[2009-09-02 16:26:02 | 000,003,810 | ---- | C] () – C:\WINDOWS\WINCMD.INI
[2009-08-05 18:25:39 | 000,000,378 | ---- | C] () – C:\WINDOWS\hpbafd.ini
[2009-07-28 19:27:08 | 000,090,112 | ---- | C] () – C:\WINDOWS\System32\redmonnt.dll
[2009-07-28 16:48:51 | 000,043,520 | ---- | C] () – C:\WINDOWS\System32\CBNDLL.DLL
[2009-07-28 15:24:43 | 000,052,858 | ---- | C] () – C:\WINDOWS\System32\interceptor.sys
[2009-07-28 15:13:03 | 000,000,421 | ---- | C] () – C:\WINDOWS\ODBC.INI
[2009-07-28 14:31:52 | 000,016,608 | ---- | C] () – C:\WINDOWS\gdrv.sys
[2009-05-01 00:31:06 | 001,724,416 | ---- | C] () – C:\WINDOWS\System32\nvwdmcpl.dll
[2009-05-01 00:31:06 | 001,507,328 | ---- | C] () – C:\WINDOWS\System32\nview.dll
[2009-05-01 00:31:06 | 001,101,824 | ---- | C] () – C:\WINDOWS\System32\nvwimg.dll
[2009-05-01 00:31:06 | 000,466,944 | ---- | C] () – C:\WINDOWS\System32\nvshell.dll
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () – C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelFrench.dll
[2007-01-15 11:38:44 | 000,069,632 | ---- | C] () – C:\WINDOWS\System32\PuzzleMon2.dll
[2007-01-15 11:38:44 | 000,030,720 | ---- | C] () – C:\WINDOWS\System32\ShellExtPF.dll
[2003-04-08 11:40:22 | 000,005,679 | ---- | C] () – C:\WINDOWS\System32\OUTLPERF.INI
[2001-10-27 00:41:36 | 000,003,619 | ---- | C] () – C:\WINDOWS\System32\fxsperf.ini
< End of report >
Powinno być już OK.
A tak na marginesie: w logu widać Avasta i G-Data - po co dwa Antivirusy?
W OTL kliknij na przycisk “CleanUp” - to go usunie razem z jego Kwarantanną.
Usuń kopie szkodników z folderu “System Volume Information” poprzez chwilowe wyłączenie “Przywracania Systemu”:
jessi
G Data był do wczoraj. Jako, że nie poradził sobie z XP Security 2010 usunąłem go i zainstalowałem Avasta, żeby przeskanować podczas rozruchu. Po G Data najwyraźniej pozostały jakieś śmieci. Zrobiłem wszystko tak jak napisałeś (-aś) więc powinno być ok. Wielkie dzięki za pomoc.