Zainfekowany pendrivie. H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż

chajny · 10 Styczeń 2010 09:40

Witam.

Nie wiem skąd mi się to wzięło, na dysku przenośnym załapałem ten bardzo podejrzany plik i nie mogę go usunąć (po usunięciu sam się odtwarza,skanowanie nic nie daje-nie wykrywa nawet tego pliku.

H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż

Co to jest i jak się tego pozbyć???

JA JUZ WYCZERPAŁEM LISTE MOICH POMYSŁÓW.pomocy!

Oto raporty:

OTL logfile created on: 2010-01-10 10:12:05 - Run 1

OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Edyta\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,00 Mb Total Physical Memory | 96,00 Mb Available Physical Memory | 19,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 60,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 29,30 Gb Total Space | 8,77 Gb Free Space | 29,94% Space Free | Partition Type: NTFS

Drive D: | 82,48 Gb Total Space | 4,57 Gb Free Space | 5,54% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 592,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive G: | 24,51 Gb Total Space | 2,54 Gb Free Space | 10,36% Space Free | Partition Type: NTFS

Drive H: | 14,90 Gb Total Space | 10,72 Gb Free Space | 71,99% Space Free | Partition Type: FAT32

Drive I: | 50,01 Gb Total Space | 23,99 Gb Free Space | 47,97% Space Free | Partition Type: NTFS

Computer Name: KOMP

Current User Name: Edyta

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-01-10 10:11:44 | 00,543,744 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Edyta\Pulpit\OTL.exe

PRC - [2010-01-07 14:09:03 | 00,307,672 | ---- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-11-25 00:51:40 | 00,081,000 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

PRC - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

PRC - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2009-11-11 22:54:26 | 00,102,441 | RHS- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\framework.exe

PRC - [2009-09-24 14:41:58 | 00,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) – C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

PRC - [2009-08-18 17:41:15 | 00,079,872 | ---- | M] (SanDisk Corporation) – C:\Documents and Settings\Edyta\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe

PRC - [2009-05-03 22:50:14 | 00,039,408 | ---- | M] (Google Inc.) – C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009-04-30 12:23:26 | 00,090,112 | ---- | M] () – C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

PRC - [2009-01-28 14:01:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009-01-28 14:01:23 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jusched.exe

PRC - [2008-01-15 23:55:46 | 01,327,616 | ---- | M] (Nullsoft) – C:\Program Files\Winamp\winamp.exe

PRC - [2008-01-15 23:54:54 | 00,037,376 | ---- | M] () – C:\Program Files\Winamp\winampa.exe

PRC - [2007-11-14 11:54:24 | 02,131,392 | ---- | M] (Gadu-Gadu S.A.) – C:\Program Files\Gadu-Gadu\gg.exe

PRC - [2007-08-31 16:46:28 | 01,460,560 | ---- | M] (Safer Networking Limited) – C:\Program Files\Spybot - Search Destroy\TeaTimer.exe

PRC - [2007-04-16 15:28:22 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\soundman.exe

PRC - [2007-03-11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) – C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

PRC - [2007-03-11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) – C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

PRC - [2007-03-11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) – C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

PRC - [2005-06-06 22:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) – C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

PRC - [2004-10-05 15:00:12 | 00,061,440 | ---- | M] (France Télécom RD) – C:\Program Files\Neostrada TP\TaskBarIcon.exe

PRC - [2004-08-23 12:49:56 | 00,040,960 | ---- | M] (France Telecom) – C:\WINDOWS\system32\FTRTSVC.exe

PRC - [2004-08-04 01:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010-01-10 10:11:44 | 00,543,744 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Edyta\Pulpit\OTL.exe

MOD - [2006-12-21 13:30:44 | 00,102,400 | ---- | M] (Gadu-Gadu S.A.) – C:\Program Files\Gadu-Gadu\ggwhook.dll

MOD - [2004-08-04 01:42:34 | 01,050,624 | R— | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast4\ashServ.exe – (avast! Antivirus)

SRV - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe – (avast! Mail Scanner)

SRV - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe – (avast! Web Scanner)

SRV - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe – (aswUpdSv)

SRV - [2009-05-03 22:50:11 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe – (gusvc)

SRV - [2009-04-30 12:23:26 | 00,090,112 | ---- | M] () [Auto | Running] – C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe – (OMSI download service)

SRV - [2009-03-25 13:27:39 | 01,838,592 | ---- | M] (Google) [On_Demand | Stopped] – C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe – (GoogleDesktopManager)

SRV - [2009-02-28 12:30:08 | 00,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] – C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe – (Autodesk Licensing Service)

SRV - [2009-01-28 14:01:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] – C:\Program Files\Java\jre6\bin\jqs.exe – (JavaQuickStarterService)

SRV - [2007-03-11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] – C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll – (hpqddsvc)

SRV - [2007-03-11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] – C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll – (hpqcxs08)

SRV - [2004-08-23 12:49:56 | 00,040,960 | ---- | M] (France Telecom) [Auto | Running] – C:\WINDOWS\system32\FTRTSVC.exe – (FTRTSVC)

========== Driver Services (SafeList) ==========

DRV - [2009-11-25 00:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\WINDOWS\system32\drivers\aswmon2.sys – (aswMon2)

DRV - [2009-11-25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\aswSP.sys – (aswSP)

DRV - [2009-11-25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\WINDOWS\system32\drivers\aswFsBlk.sys – (aswFsBlk)

DRV - [2009-11-25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\aswTdi.sys – (aswTdi)

DRV - [2009-11-25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\aswRdr.sys – (aswRdr)

DRV - [2009-11-25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\aavmker4.sys – (Aavmker4)

DRV - [2009-02-28 12:15:09 | 00,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] – C:\WINDOWS\System32\Drivers\sptd.sys – (sptd)

DRV - [2008-09-24 10:40:22 | 04,122,368 | R— | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\alcxwdm.sys – (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2008-05-16 11:33:14 | 00,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s0016unic.sys – (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)

DRV - [2008-05-16 11:33:14 | 00,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s0016nd5.sys – (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)

DRV - [2008-05-16 11:33:14 | 00,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s0016mdfl.sys – (s0016mdfl)

DRV - [2008-05-16 11:33:12 | 00,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s0016mdm.sys – (s0016mdm)

DRV - [2008-05-16 11:33:12 | 00,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s0016mgmt.sys – (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)

DRV - [2008-05-16 11:33:12 | 00,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s0016obex.sys – (s0016obex)

DRV - [2008-05-16 11:33:12 | 00,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\s0016bus.sys – (s0016bus) Sony Ericsson Device 0016 driver (WDM)

DRV - [2008-05-02 09:58:28 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys – (UsbserFilt)

DRV - [2008-05-02 09:58:14 | 00,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\usbser_lowerflt.sys – (upperdev)

DRV - [2008-05-02 09:58:12 | 00,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ccdcmb.sys – (nmwcd)

DRV - [2008-01-09 10:28:34 | 00,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\seehcri.sys – (seehcri)

DRV - [2007-06-28 10:44:16 | 00,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nmwcdc.sys – (nmwcdc)

DRV - [2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\PxHelp20.sys – (PxHelp20)

DRV - [2006-09-18 14:58:54 | 00,097,184 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\SE27mdm.sys – (SE27mdm)

DRV - [2006-09-18 14:58:52 | 00,009,360 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\SE27mdfl.sys – (SE27mdfl)

DRV - [2006-09-18 14:58:48 | 00,061,600 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\SE27bus.sys – (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)

DRV - [2006-05-25 18:28:44 | 00,684,265 | R— | M] () [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\torususb.sys – (TaurusUsb)

DRV - [2005-10-22 06:22:48 | 00,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\HPZius12.sys – (HPZius12)

DRV - [2005-10-21 18:58:58 | 00,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\HPZipr12.sys – (HPZipr12)

DRV - [2005-10-21 18:58:52 | 00,049,920 | ---- | M] (HP) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\HPZid412.sys – (HPZid412)

DRV - [2005-07-07 15:26:04 | 00,055,216 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\k750bus.sys – (k750bus) Sony Ericsson 750 driver (WDM)

DRV - [2005-07-07 15:26:00 | 00,006,576 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\k750mdfl.sys – (k750mdfl)

DRV - [2005-07-07 15:25:58 | 00,089,872 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\k750mdm.sys – (k750mdm)

DRV - [2005-07-07 15:25:52 | 00,081,728 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\k750mgmt.sys – (k750mgmt)

DRV - [2005-07-07 15:25:50 | 00,079,488 | R— | M] (MCCI) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\k750obex.sys – (k750obex)

DRV - [2004-08-04 00:35:04 | 00,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ati2mtag.sys – (ati2mtag)

DRV - [2004-08-04 00:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\gameenum.sys – (gameenum)

DRV - [2004-08-03 22:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\HSFDPSP2.sys – (HSF_DP)

DRV - [2004-08-03 22:41:56 | 00,011,868 | ---- | M] (Conexant) [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\mdmxsdk.sys – (mdmxsdk)

DRV - [2004-08-03 22:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\HSFCXTS2.sys – (winachsf)

DRV - [2004-08-03 22:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\HSFBS2S2.sys – (HSFHWBS2)

DRV - [2004-08-03 22:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\usbser.sys – (usbser)

DRV - [2004-08-03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\nv4_mini.sys – (nv)

DRV - [2004-07-17 12:36:38 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\secdrv.sys – (Secdrv)

DRV - [2003-08-12 17:51:00 | 00,060,255 | R— | M] (STMicroelectronics ) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\stmatm.sys – (Stmatm)

DRV - [2003-08-04 14:22:44 | 00,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\PCANDIS5.SYS – (PCANDIS5)

DRV - [2002-10-15 21:33:54 | 00,018,272 | ---- | M] (Gigabyte Technology) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wmibios.sys – (WMIBIOS)

DRV - [2002-07-24 04:30:00 | 00,032,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\viaagp1.sys – (viaagp1)

DRV - [2002-05-13 20:16:08 | 00,021,184 | ---- | M] (Gigabyte Technology) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\wmiinfo.sys – (WMIINFO)

DRV - [2001-10-26 16:52:04 | 00,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\el90xnd5.sys – (EL90X)

DRV - [2001-08-23 21:03:54 | 00,025,434 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\RTL8139.sys – (rtl8139)

DRV - [2001-08-17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\msmpu401.sys – (ms_mpu401)

DRV - [2001-08-17 22:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ptilink.sys – (Ptilink)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU…\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Neostrada TP\SearchPageURL.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…browser.search.defaultenginename: “Yahoo”

FF - prefs.js…browser.search.param.yahoo-fr: “chr-greentree_fftype=966134”

FF - prefs.js…browser.search.selectedEngine: “Google”

FF - prefs.js…browser.startup.homepage: “http://www.google.pl/firefox”

FF - prefs.js…extensions.enabledItems: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}:4.0.1

FF - prefs.js…extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js…extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463

FF - prefs.js…extensions.enabledItems: search@searchsettings.com:1.2.2

FF - prefs.js…keyword.URL: “http://search.yahoo.com/search?fr=greentree_ff1ei=utf-8type=966134p=”

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\Components: C:\Program Files\Mozilla Firefox\components [2010-01-07 20:56:48 | 00,000,000 | —D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-07 20:56:47 | 00,000,000 | —D | M]

[2009-08-16 09:18:29 | 00,000,000 | —D | M] – C:\Documents and Settings\Edyta\Dane aplikacji\Mozilla\Extensions

[2009-08-16 09:18:29 | 00,000,000 | —D | M] – C:\Documents and Settings\Edyta\Dane aplikacji\Mozilla\Extensions\MediaCoder

[2009-11-09 16:03:28 | 00,000,000 | —D | M] – C:\Documents and Settings\Edyta\Dane aplikacji\Mozilla\Firefox\Profiles\vlsl4nbh.default\extensions

[2010-01-07 19:43:49 | 00,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions

[2009-08-16 06:56:45 | 00,000,000 | —D | M] (Dealio Toolbar Plugin) – C:\Program Files\Mozilla Firefox\extensions{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

[2009-11-11 22:26:52 | 00,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2009-08-16 06:56:46 | 00,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com

[2007-02-04 23:02:56 | 01,642,496 | ---- | M] (LizardTech) – C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

[2009-07-26 14:04:08 | 00,002,767 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2009-07-26 14:04:08 | 00,001,406 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2009-07-26 14:04:08 | 00,000,917 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2009-07-26 14:04:08 | 00,000,858 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2009-07-26 14:04:08 | 00,001,183 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2009-07-26 14:04:08 | 00,001,683 | ---- | M] () – C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: (917 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-SD IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM…\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU…\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU…\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM…\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM…\Run: [AdslTaskBar] C:\WINDOWS\System32\stmctrl.dll (STMicroelectronics )

O4 - HKLM…\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM…\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe File not found

O4 - HKLM…\Run: [framework] C:\WINDOWS\framework.exe (Realtek Semiconductor Corp.)

O4 - HKLM…\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM…\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe File not found

O4 - HKLM…\Run: [WOOWATCH] C:\Program Files\Neostrada TP\Watch.exe (France Télécom RD)

O4 - HKCU…\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU…\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)

O4 - HKCU…\Run: [sansaDispatch] C:\Documents and Settings\Edyta\Dane aplikacji\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)

O4 - HKCU…\Run: [sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU…\Run: [wsctf.exe] File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Eksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra ‘Tools’ menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra ‘Tools’ menuitem : Spybot - Search Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut … 03-win.cab (Java Plug-in 1.4.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh … wflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 156.17.229.226 156.17.229.212 156.17.5.2 156.17.254.3

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2008-01-19 17:19:55 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O32 - AutoRun File - [2006-03-02 13:00:00 | 00,000,112 | R— | M] () - F:\AUTORUN.INF – [CDFS]

O32 - AutoRun File - [2010-01-10 10:12:30 | 00,000,246 | RHS- | M] () - H:\auTORUN.inf – [FAT32]

O33 - MountPoints2{4f25af74-fadc-11de-936b-006097ae3ae5}\Shell\AutoRun\command - “” = H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛ – [2009-11-11 22:54:26 | 00,102,441 | RHS- | M] ()

O33 - MountPoints2{4f25af74-fadc-11de-936b-006097ae3ae5}\Shell\Explore\Command - “” = H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛ – [2009-11-11 22:54:26 | 00,102,441 | RHS- | M] ()

O33 - MountPoints2{4f25af74-fadc-11de-936b-006097ae3ae5}\Shell\open\command - “” = H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛ – [2009-11-11 22:54:26 | 00,102,441 | RHS- | M] ()

O33 - MountPoints2{51f9d615-f148-11dd-b761-006097ae3ae5}\Shell\AutoRun\command - “” = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe

O33 - MountPoints2{51f9d615-f148-11dd-b761-006097ae3ae5}\Shell\open\command - “” = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe

O33 - MountPoints2{bddd857b-7cdf-11de-9202-006097ae3ae5}\Shell\AutoRun\command - “” = J:\t8g.exe – File not found

O33 - MountPoints2{bddd857b-7cdf-11de-9202-006097ae3ae5}\Shell\open\Command - “” = J:\t8g.exe – File not found

O33 - MountPoints2{cc890da8-0bc7-11de-b799-006097ae3ae5}\Shell\AutoRun\command - “” = G:\gclwpivc.cmd – File not found

O33 - MountPoints2{cc890da8-0bc7-11de-b799-006097ae3ae5}\Shell\open\Command - “” = G:\gclwpivc.cmd – File not found

O33 - MountPoints2{e72b8f56-653a-11de-b855-006097ae3ae5}\Shell\AutoRun\command - “” = nhbivui.exe

O33 - MountPoints2{e72b8f56-653a-11de-b855-006097ae3ae5}\Shell\explore\Command - “” = nhbivui.exe

O33 - MountPoints2{e72b8f56-653a-11de-b855-006097ae3ae5}\Shell\open\Command - “” = nhbivui.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] – “%1” %*

O35 - exefile [open] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2010-01-10 10:11:42 | 00,543,744 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\Edyta\Pulpit\OTL.exe

[2010-01-05 18:10:47 | 00,048,560 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswTdi.sys

[2010-01-05 18:10:47 | 00,023,120 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswRdr.sys

[2010-01-05 18:10:46 | 00,027,408 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aavmker4.sys

[2010-01-05 18:10:44 | 00,114,768 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswSP.sys

[2010-01-05 18:10:44 | 00,097,480 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\AvastSS.scr

[2010-01-05 18:10:44 | 00,020,560 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010-01-05 18:10:43 | 00,094,160 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon2.sys

[2010-01-05 18:10:43 | 00,093,424 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\drivers\aswmon.sys

[2010-01-05 18:10:19 | 01,280,480 | ---- | C] (ALWIL Software) – C:\WINDOWS\System32\aswBoot.exe

[2010-01-05 00:05:27 | 00,102,441 | RHS- | C] (Realtek Semiconductor Corp.) – C:\WINDOWS\framework.exe

[2010-01-05 00:01:54 | 00,000,000 | -HSD | C] – C:\Config.Msi

[2010-01-04 19:25:58 | 00,000,000 | —D | C] – C:\Documents and Settings\Edyta\Pulpit\zalaczniki(2)

[2010-01-02 20:18:19 | 00,000,000 | —D | C] – C:\Documents and Settings\Edyta\Pulpit\elektroanaliza

[2009-12-24 23:53:49 | 00,000,000 | —D | C] – C:\Documents and Settings\Edyta\Pulpit\Nowy folder

[2009-12-17 20:34:24 | 00,000,000 | —D | C] – C:\Documents and Settings\Edyta\Pulpit\Miody_sprawko__

[2009-12-14 22:03:13 | 00,000,000 | —D | C] – C:\Documents and Settings\Edyta\Pulpit\M

[2009-12-08 18:00:57 | 00,148,736 | ---- | C] (Avanquest Software) – C:\Documents and Settings\All Users\Dane aplikacji\hpe143.dll

[2009-09-16 21:30:53 | 00,000,000 | —D | M] – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-09-16 19:30:27 | 00,148,736 | ---- | C] (Avanquest Software) – C:\Documents and Settings\All Users\Dane aplikacji\hpeAF4.dll

[2008-01-19 17:23:51 | 00,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2008-01-19 17:19:47 | 00,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2008-01-19 17:19:47 | 00,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[7 C:\WINDOWS\System32*.tmp files - C:\WINDOWS\System32*.tmp -]

[6 C:\WINDOWS*.tmp files - C:\WINDOWS*.tmp -]

========== Files - Modified Within 30 Days ==========

[2010-01-10 10:13:41 | 03,819,182 | ---- | M] () – C:\Documents and Settings\Edyta\Pulpit\ComboFix.exe

[2010-01-10 10:11:44 | 00,543,744 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Edyta\Pulpit\OTL.exe

[2010-01-10 04:55:03 | 08,388,608 | ---- | M] () – C:\Documents and Settings\Edyta\ntuser.dat

[2010-01-10 04:51:01 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT

[2010-01-10 04:50:51 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2010-01-10 04:50:48 | 53,640,3968 | -HS- | M] () – C:\hiberfil.sys

[2010-01-10 02:49:27 | 00,000,292 | -HS- | M] () – C:\Documents and Settings\Edyta\ntuser.ini

[2010-01-10 02:49:06 | 06,920,884 | -H-- | M] () – C:\Documents and Settings\Edyta\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-01-10 02:18:16 | 00,217,600 | ---- | M] () – C:\Documents and Settings\Edyta\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-01-10 01:46:53 | 00,002,206 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2010-01-08 11:37:15 | 00,000,049 | ---- | M] () – C:\WINDOWS\NeroDigital.ini

[2010-01-07 21:38:46 | 00,000,321 | -HS- | M] () – C:\boot.ini

[2010-01-06 00:11:27 | 42,805,4273 | ---- | M] () – C:\Documents and Settings\Edyta\Pulpit\Mechaniczna pomarańcza 1971.rm

[2010-01-05 18:10:48 | 00,001,709 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk

[2010-01-05 18:10:44 | 00,002,645 | ---- | M] () – C:\WINDOWS\System32\CONFIG.NT

[2010-01-05 17:17:09 | 42,278,624 | ---- | M] () – C:\Documents and Settings\Edyta\Pulpit\setuppol.exe

[2010-01-04 22:37:26 | 00,885,248 | ---- | M] () – C:\Documents and Settings\Edyta\Pulpit\Miód.doc

[2010-01-02 20:17:37 | 00,011,561 | ---- | M] () – C:\Documents and Settings\Edyta\Pulpit\Elektroanaliza pytania z koła.docx

[2009-12-18 15:28:22 | 00,113,005 | ---- | M] () – C:\Documents and Settings\Edyta\Pulpit\Metale w biominerałach1.ace

[2009-12-17 21:35:51 | 00,033,349 | ---- | M] () – C:\Documents and Settings\Edyta\Pulpit\PD__magnetochemia.zip

[2009-12-17 20:25:20 | 00,068,541 | ---- | M] () – C:\Documents and Settings\Edyta\Pulpit\Miody_sprawko__.zip

[2009-12-13 11:30:38 | 01,296,099 | ---- | M] () – C:\Documents and Settings\Edyta\Pulpit\IMG_2609.jpg

[7 C:\WINDOWS\System32*.tmp files - C:\WINDOWS\System32*.tmp -]

[6 C:\WINDOWS*.tmp files - C:\WINDOWS*.tmp -]

========== Files Created - No Company Name ==========

[2010-01-10 10:13:22 | 03,819,182 | ---- | C] () – C:\Documents and Settings\Edyta\Pulpit\ComboFix.exe

[2010-01-06 00:04:42 | 42,805,4273 | ---- | C] () – C:\Documents and Settings\Edyta\Pulpit\Mechaniczna pomarańcza 1971.rm

[2010-01-05 18:10:48 | 00,001,709 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\avast! Antivirus.lnk

[2010-01-05 18:10:19 | 00,380,928 | ---- | C] () – C:\WINDOWS\System32\actskin4.ocx

[2010-01-05 17:11:08 | 42,278,624 | ---- | C] () – C:\Documents and Settings\Edyta\Pulpit\setuppol.exe

[2010-01-02 20:17:34 | 00,011,561 | ---- | C] () – C:\Documents and Settings\Edyta\Pulpit\Elektroanaliza pytania z koła.docx

[2010-01-01 15:43:45 | 01,296,099 | ---- | C] () – C:\Documents and Settings\Edyta\Pulpit\IMG_2609.jpg

[2009-12-18 15:28:20 | 00,113,005 | ---- | C] () – C:\Documents and Settings\Edyta\Pulpit\Metale w biominerałach1.ace

[2009-12-17 23:30:39 | 00,885,248 | ---- | C] () – C:\Documents and Settings\Edyta\Pulpit\Miód.doc

[2009-12-17 21:35:49 | 00,033,349 | ---- | C] () – C:\Documents and Settings\Edyta\Pulpit\PD__magnetochemia.zip

[2009-12-17 20:25:19 | 00,068,541 | ---- | C] () – C:\Documents and Settings\Edyta\Pulpit\Miody_sprawko__.zip

[2009-11-10 19:00:53 | 00,147,456 | ---- | C] () – C:\WINDOWS\System32\RtlCPAPI.dll

[2009-11-09 15:46:38 | 00,000,010 | ---- | C] () – C:\WINDOWS\WININIT.INI

[2009-08-27 10:13:55 | 00,000,049 | ---- | C] () – C:\WINDOWS\NeroDigital.ini

[2009-08-08 16:48:14 | 00,000,066 | ---- | C] () – C:\WINDOWS#1 Video Converter.INI

[2009-06-08 22:30:09 | 00,001,361 | ---- | C] () – C:\WINDOWS\bestplayer.ini

[2009-03-18 17:59:39 | 00,000,299 | ---- | C] () – C:\WINDOWS\wcx_ftp.ini

[2009-01-30 18:02:16 | 00,074,408 | ---- | C] () – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

[2008-12-29 20:28:43 | 00,000,902 | R— | C] () – C:\WINDOWS\System32\setup.ini

[2008-12-29 20:28:43 | 00,000,161 | R— | C] () – C:\WINDOWS\DSLSetup.ini

[2008-12-29 20:28:41 | 00,684,265 | R— | C] () – C:\WINDOWS\System32\drivers\torususb.sys

[2008-01-22 14:48:45 | 00,001,578 | ---- | C] () – C:\Documents and Settings\All Users\Dane aplikacji\hpzinstall.log

[2008-01-21 18:39:46 | 00,041,068 | ---- | C] () – C:\WINDOWS\System32\ActPanel.dll

[2008-01-21 11:26:03 | 00,000,427 | ---- | C] () – C:\WINDOWS\ODBC.INI

[2008-01-21 01:17:31 | 00,217,600 | ---- | C] () – C:\Documents and Settings\Edyta\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-01-20 22:55:24 | 00,000,495 | ---- | C] () – C:\WINDOWS\demo.INI

[2008-01-20 22:39:47 | 00,000,130 | ---- | C] () – C:\Documents and Settings\Edyta\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2008-01-20 22:19:18 | 03,097,088 | ---- | C] () – C:\WINDOWS\System32\libavcodec.dll

[2008-01-20 22:16:05 | 01,559,040 | ---- | C] () – C:\WINDOWS\System32\xvidcore.dll

[2008-01-20 21:43:32 | 00,404,992 | ---- | C] () – C:\WINDOWS\System32\libmplayer.dll

[2008-01-20 21:43:24 | 00,122,880 | ---- | C] () – C:\WINDOWS\System32\libmpeg2_ff.dll

[2008-01-20 21:42:29 | 00,026,624 | ---- | C] () – C:\WINDOWS\System32\ff_wmv9.dll

[2008-01-20 21:42:28 | 00,056,320 | ---- | C] () – C:\WINDOWS\System32\ff_unrar.dll

[2008-01-20 21:42:26 | 00,102,912 | ---- | C] () – C:\WINDOWS\System32\ff_tremor.dll

[2008-01-20 21:42:23 | 00,188,416 | ---- | C] () – C:\WINDOWS\System32\ff_theora.dll

[2008-01-20 21:42:19 | 00,118,784 | ---- | C] () – C:\WINDOWS\System32\ff_realaac.dll

[2008-01-20 21:42:09 | 00,143,360 | ---- | C] () – C:\WINDOWS\System32\ff_libmad.dll

[2008-01-20 21:42:06 | 00,397,312 | ---- | C] () – C:\WINDOWS\System32\ff_libfaad2.dll

[2008-01-20 21:41:59 | 00,167,936 | ---- | C] () – C:\WINDOWS\System32\ff_libdts.dll

[2008-01-20 21:41:55 | 00,054,784 | ---- | C] () – C:\WINDOWS\System32\ff_liba52.dll

[2008-01-20 21:41:53 | 00,237,568 | ---- | C] () – C:\WINDOWS\System32\OggDS.dll

[2008-01-20 21:41:48 | 00,921,600 | ---- | C] () – C:\WINDOWS\System32\vorbisenc.dll

[2008-01-20 21:41:33 | 00,188,416 | ---- | C] () – C:\WINDOWS\System32\vorbis.dll

[2008-01-20 21:41:29 | 00,045,056 | ---- | C] () – C:\WINDOWS\System32\ogg.dll

[2008-01-20 21:40:53 | 00,009,216 | ---- | C] () – C:\WINDOWS\System32\cpuinf32.dll

[2008-01-20 21:39:08 | 00,123,392 | ---- | C] () – C:\WINDOWS\System32\ogm.dll

[2008-01-20 21:39:05 | 00,110,592 | ---- | C] () – C:\WINDOWS\System32\avi.dll

[2008-01-20 21:39:02 | 00,167,936 | ---- | C] () – C:\WINDOWS\System32\ts.dll

[2008-01-20 21:38:59 | 00,142,848 | ---- | C] () – C:\WINDOWS\System32\mp4.dll

[2008-01-20 21:38:55 | 00,079,360 | ---- | C] () – C:\WINDOWS\System32\mkzlib.dll

[2008-01-20 21:38:53 | 00,151,040 | ---- | C] () – C:\WINDOWS\System32\mkx.dll

[2008-01-20 21:38:50 | 00,023,552 | ---- | C] () – C:\WINDOWS\System32\mkunicode.dll

[2008-01-20 21:22:01 | 00,002,149 | ---- | C] () – C:\WINDOWS\wincmd.ini

[2008-01-20 20:22:18 | 00,028,672 | R— | C] () – C:\WINDOWS\System32\adinst32.dll

[2004-08-04 01:44:00 | 00,081,920 | ---- | C] () – C:\WINDOWS\System32\ieencode.dll

[2004-07-17 12:36:38 | 00,027,440 | ---- | C] () – C:\WINDOWS\System32\drivers\secdrv.sys

[1999-01-22 19:46:58 | 00,065,536 | ---- | C] () – C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes - C:\Documents and Settings\All Users\Dane aplikacji\TEMP:8CE646EE

@Alternate Data Stream - 104 bytes - C:\Documents and Settings\All Users\Dane aplikacji\TEMP:46943DF7

End of report

kliszka · 10 Styczeń 2010 10:20

http://www.programosy.pl/program,flash-desinfector.html - pobierz ,zainstaluj ,podłącz pena , uruchom programik…

GarrD · 10 Styczeń 2010 10:23

Zapraszam do lektury:

KLIK

anon53970806 · 10 Styczeń 2010 11:00

to może być VIRUT 'VITRO"

Leon1 · 10 Styczeń 2010 11:41

Start >> uruchom >> Combofix /uninstall

OTL w oknie Custom Scans-Fixes wklej następujący skrypt:

:Processes explorer.exe :OTL PRC - [2009-11-11 22:54:26 | 00,102,441 | RHS- | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\framework.exe O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found. O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found. O4 - HKLM…\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe File not found O4 - HKLM…\Run: [framework] C:\WINDOWS\framework.exe (Realtek Semiconductor Corp.) O4 - HKCU…\Run: [wsctf.exe] File not found O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O32 - AutoRun File - [2006-03-02 13:00:00 | 00,000,112 | R— | M] () - F:\AUTORUN.INF – [CDFS] O32 - AutoRun File - [2010-01-10 10:12:30 | 00,000,246 | RHS- | M] () - H:\auTORUN.inf – [FAT32] O33 - MountPoints2{4f25af74-fadc-11de-936b-006097ae3ae5}\Shell\AutoRun\command - “” = H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛ – [2009-11-11 22:54:26 | 00,102,441 | RHS- | M] () O33 - MountPoints2{4f25af74-fadc-11de-936b-006097ae3ae5}\Shell\Explore\Command - “” = H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛ – [2009-11-11 22:54:26 | 00,102,441 | RHS- | M] () O33 - MountPoints2{4f25af74-fadc-11de-936b-006097ae3ae5}\Shell\open\command - “” = H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛ – [2009-11-11 22:54:26 | 00,102,441 | RHS- | M] () O33 - MountPoints2{51f9d615-f148-11dd-b761-006097ae3ae5}\Shell\AutoRun\command - “” = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe O33 - MountPoints2{51f9d615-f148-11dd-b761-006097ae3ae5}\Shell\open\command - “” = SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe O33 - MountPoints2{e72b8f56-653a-11de-b855-006097ae3ae5}\Shell\AutoRun\command - “” = nhbivui.exe O33 - MountPoints2{e72b8f56-653a-11de-b855-006097ae3ae5}\Shell\explore\Command - “” = nhbivui.exe O33 - MountPoints2{e72b8f56-653a-11de-b855-006097ae3ae5}\Shell\open\Command - “” = nhbivui.exe [2010-01-05 00:05:27 | 00,102,441 | RHS- | C] (Realtek Semiconductor Corp.) – C:\WINDOWS\framework.exe [2010-01-10 10:13:41 | 03,819,182 | ---- | M] () – C:\Documents and Settings\Edyta\Pulpit\ComboFix.exe :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp] [start explorer] [Reboot]

Kliknij w Run Fix. Zatwierdź restart komputera.

potem nowy log OTL

chajny · 10 Styczeń 2010 11:52

po uruchomieniu desinfector-a dalej mam taki plik na pendrive.

co to oznacza ? strasznie mnie to razi kiedy widze takie znaki.

mam tez jakis folder “cold”-kiedy usuwam sam sie przywraca.

jak to usunąc???

autorun]

[autorun[

[autorun]

open=cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛

icon=%SystemRoot%\system32\SHELL32.dll,4

action=Open folder to view files

UseAuTOPLAY=1

shell\open\command=cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛

shell\Explore\Command=cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛

Leon1 · 10 Styczeń 2010 12:01

masz powyżej napisane

chajny · 10 Styczeń 2010 17:34

Zrobione.

Rezultaty tego ponizej.Ale ja sie na tym nie znam,widze tylko ze to wkoncu znikło

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== OTL ==========

No active process named framework.exe was found!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E33CF602-D945-461A-83F0-819F76A199F8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{E33CF602-D945-461A-83F0-819F76A199F8}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVP not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\framework not found.

File C:\WINDOWS\framework.exe not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\wsctf.exe not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon\ deleted successfully.

File F:\AUTORUN.INF not found.

H:\auTORUN.inf moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{4f25af74-fadc-11de-936b-006097ae3ae5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{4f25af74-fadc-11de-936b-006097ae3ae5}\ not found.

File H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{4f25af74-fadc-11de-936b-006097ae3ae5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{4f25af74-fadc-11de-936b-006097ae3ae5}\ not found.

File H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{4f25af74-fadc-11de-936b-006097ae3ae5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{4f25af74-fadc-11de-936b-006097ae3ae5}\ not found.

File H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{51f9d615-f148-11dd-b761-006097ae3ae5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{51f9d615-f148-11dd-b761-006097ae3ae5}\ not found.

File SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{51f9d615-f148-11dd-b761-006097ae3ae5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{51f9d615-f148-11dd-b761-006097ae3ae5}\ not found.

File SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{e72b8f56-653a-11de-b855-006097ae3ae5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{e72b8f56-653a-11de-b855-006097ae3ae5}\ not found.

File nhbivui.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{e72b8f56-653a-11de-b855-006097ae3ae5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{e72b8f56-653a-11de-b855-006097ae3ae5}\ not found.

File nhbivui.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{e72b8f56-653a-11de-b855-006097ae3ae5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{e72b8f56-653a-11de-b855-006097ae3ae5}\ not found.

File nhbivui.exe not found.

File C:\WINDOWS\framework.exe not found.

C:\Documents and Settings\Edyta\Pulpit\ComboFix.exe moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Edyta

->Temp folder emptied: 2294709 bytes

->Temporary Internet Files folder emptied: 1852681 bytes

->Java cache emptied: 10003541 bytes

->FireFox cache emptied: 81875698 bytes

User: LocalService

->Temp folder emptied: 65536 bytes

->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 147523 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2446360 bytes

%systemroot%\System32 .tmp files removed: 3188265 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 18299 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 97,00 mb

OTL by OldTimer - Version 3.1.23.0 log created on 01102010_182400

Files\Folders moved on Reboot…

File move failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be moved on reboot.

C:\WINDOWS\temp\Perflib_Perfdata_4bc.dat moved successfully.

Registry entries deleted on Reboot…

Leon1 · 10 Styczeń 2010 20:17

uruchom OTL i przeskanuj nim system potem pokaż nowy log

chajny · 11 Styczeń 2010 00:01

Zrobione.log OTL po wszystkim

OTL logfile created on: 2010-01-11 00:52:48 - Run 2

OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Edyta\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,00 Mb Total Physical Memory | 103,00 Mb Available Physical Memory | 20,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 29,30 Gb Total Space | 3,63 Gb Free Space | 12,38% Space Free | Partition Type: NTFS

Drive D: | 82,48 Gb Total Space | 4,57 Gb Free Space | 5,54% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 24,51 Gb Total Space | 2,54 Gb Free Space | 10,36% Space Free | Partition Type: NTFS

Drive H: | 14,90 Gb Total Space | 12,09 Gb Free Space | 81,17% Space Free | Partition Type: FAT32