A ja nadal czekam na pomoc. Użyłem na szybko, po przejrzeniu kilkunastu wątków, w miarę (według mnie) bezpiecznego skryptu, aby przywrócić system do działania. Teraz należałoby to jeszcze porządnie wysprzątać, więc nadal proszę o pomoc. :OTL O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) :Files C:\Documents and Settings\All Users\Dane aplikacji\netdislw.js C:\Documents and Settings\DGaz\Menu Start\Programy\Autostart\runctf.lnk C:\Documents and Settings\All Users\Dane aplikacji\netdislw.pad :Commands [emptytemp]
Systemu nie można uruchomić prawidłowo ani w normalnym trybie, ani awaryjnym, więc nie wykonano skanowania programem antywirusowym. Brak tez skanu z GMERa. Komputer uruchomiono zgodnie z informacjami zawartymi w temacie "Diagnostyka infekcji na niestartujących Windows", z płyty Reatogo i wykonano skan OTL (pliki w załączeniu). OTL.txt Extras.txt
Wykonane. Wielkie dzięki. Teraz testowanie. -
OTL logfile created on: 2012-08-12 22:12:00 - Run 4 OTL by OldTimer - Version Folder = G:\na_wirusy Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 767,48 Mb Total Physical Memory | 524,01 Mb Available Physical Memory | 68,28% Memory free 1,69 Gb Paging File | 1,51 Gb Available in Paging File | 89,58% Paging File free Paging file location(s): E:\pagefile.sys 1000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9,77 Gb Total Space | 1,14 Gb Free Space | 11,69% Space Free | Partition Type: NTFS Drive E: | 78,13 Gb Total Space | 58,03 Gb Free Space | 74,27% Space Free | Partition Type: NTFS Drive F: | 61,15 Gb Total Space | 35,60 Gb Free Space | 58,22% Space Free | Partition Type: NTFS Drive G: | 1,94 Gb Total Space | 0,32 Gb Free Space | 16,61% Space Free | Partition Type: FAT Computer Name: AUTO-5CE37970A1 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-08-11 16:18:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- G:\na_wirusy\OTL.exe PRC - [2012-03-07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- E:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- e:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2008-03-20 12:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe PRC - [2007-06-13 15:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007-04-16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe ========== Modules (No Company Name) ========== MOD - [2012-08-11 08:09:13 | 001,792,512 | ---- | M] () -- e:\Program Files\Alwil Software\Avast5\defs\12081100\algo.dll MOD - [2008-03-20 11:17:48 | 000,106,496 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libiax2.dll MOD - [2008-03-20 11:17:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libjb.dll MOD - [2007-10-25 13:51:16 | 000,198,656 | ---- | M] () -- C:\Program Files\Gadu-Gadu\libcurl.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012-07-19 08:13:08 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- e:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011-06-17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012-03-27 10:48:30 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2012-03-07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012-03-07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012-03-07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012-03-07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012-03-07 01:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012-03-07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012-03-07 00:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2010-08-11 12:15:06 | 000,585,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec) DRV - [2010-02-26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010-02-26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-02-26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-02-26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008-09-24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007-03-13 05:35:56 | 000,476,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2006-12-22 10:09:38 | 000,024,064 | ---- | M] (wave-p) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tw6802.sys -- (XVVideo) DRV - [2005-03-14 07:01:38 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2004-08-04 02:34:10 | 000,188,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI) DRV - [2004-08-04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004-08-03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: e:\Program Files\Alwil Software\Avast5\WebRep\FF [2012-03-27 17:03:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-07-19 08:13:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-01-11 17:31:20 | 000,000,000 | ---D | M] [2012-08-12 17:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions [2012-01-11 17:31:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-07-19 08:13:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010-09-09 16:42:12 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-05-18 08:38:36 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-05-18 08:38:36 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-05-18 08:38:36 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-05-18 08:38:36 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-05-18 08:38:36 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-05-18 08:38:36 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-08-07 14:56:42 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast5] e:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 177 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A64CE01-9215-4A30-83C5-26FDF1AFA246}: DhcpNameServer = O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp O27 - HKLM IFEO\mcmpeng.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2008-01-23 02:18:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011-06-16 07:51:50 | 000,000,037 | ---- | M] () - G:\autorun.txt -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012-08-12 19:27:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.org [2012-08-12 19:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu [2012-08-12 17:37:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\Narzędzia administracyjne [2012-08-12 17:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\Elraty 2007 [2012-08-12 17:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\DVR [2012-08-12 17:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\Cairo-Soft [2012-08-12 17:37:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart [2012-08-12 17:37:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Menu Start\Programy\Akcesoria [2012-08-12 17:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Adobe [2012-08-12 17:37:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo [2012-08-12 17:37:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2012-08-12 17:37:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood [2012-08-12 17:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Gadu-Gadu [2012-08-12 17:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Dokumenty [2012-08-12 17:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Auto Lakus [2012-08-12 17:19:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Pulpit\FERRO [2012-08-12 17:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty\Pobieranie [2012-08-12 16:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla [2012-08-12 16:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla [2012-08-12 16:58:18 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft [2012-08-12 16:58:18 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies [2012-08-12 16:58:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Dane aplikacji [2012-08-12 16:58:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Menu Start [2012-08-12 16:58:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne [2012-08-12 16:58:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Szablony [2012-08-12 16:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ulubione [2012-08-12 16:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit [2012-08-12 16:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Moje dokumenty [2012-08-12 16:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft [2012-08-10 15:25:11 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe [2012-08-10 15:23:13 | 000,552,960 | ---- | C] (Datecs Polska Sp.z o.o.) -- C:\Program Files\DSS_2.4.5.3.exe [2012-08-01 12:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Pulpit\Nowy folder ========== Files - Modified Within 30 Days ========== [2012-08-12 22:10:39 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2012-08-12 22:10:17 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2012-08-12 22:09:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2012-08-12 22:09:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-08-12 22:08:08 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2012-08-12 19:32:16 | 004,290,826 | -H-- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2012-08-12 17:45:11 | 000,000,241 | ---- | M] () -- C:\WINDOWS\system.ini [2012-08-10 15:43:56 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe [2012-08-10 15:43:48 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe [2012-08-10 15:43:44 | 000,345,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe [2012-08-10 15:43:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012-08-10 15:43:10 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe [2012-08-10 15:43:10 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cleanmgr.exe [2012-08-10 15:36:26 | 000,552,960 | ---- | M] (Datecs Polska Sp.z o.o.) -- C:\Program Files\DSS_2.4.5.3.exe [2012-08-07 14:56:42 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012-08-07 08:13:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl ========== Files Created - No Company Name ========== [2012-08-12 17:05:33 | 004,290,826 | -H-- | C] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\IconCache.db [2012-08-12 16:58:36 | 000,000,563 | ---- | C] () -- C:\Documents and Settings\Administrator\Menu Start\Programy\Outlook Express.lnk [2012-08-12 16:58:19 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini [2012-08-12 16:58:18 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Menu Start\Programy\Windows Media Player.lnk [2012-08-12 16:58:17 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2012-03-27 17:57:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat ========== LOP Check ========== [2010-07-05 08:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software [2012-03-23 15:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\IC_Katalog [2010-06-29 15:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2012-05-22 10:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\NokiaInstallerCache [2010-06-29 15:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2012-08-12 19:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu [2012-08-12 19:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dane aplikacji\OpenOffice.org [2012-08-12 22:10:17 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== < End of report > -
niestety też nic z tego próbowałem z kilku lokacji w sieci i nigdzie nie mogę go nameirzyć -
1 i 2 wykonane. SalityKiller naprawił jeden wpis w rejestrze. Brak zarażonych plików. 3 i 4 wykonane. Log: http://wklej.org/id/809469/ Nie wykonane zadanie z USBFIx, ponieważ nie można pobrać programu (linki prowadzące do programu nie działają). -
Tak, G:\ to dysk wymienny, teoretycznie przynajmniej sprawdzony przed umieszczeniem w USB. Czekam na specjalistów i rozpocząłem ściąganie Dr.Web CureIT -
Co mogłem to już poleczyłem lub posuwałem. Te logi są już teoretycznie po "leczeniu". Na razie staram się nic nie uruchamiać, oprócz programów antywirusowych itp. "Autoruny" starałem się wszystkie usunąć, ale jakie szkodliwe pliki masz na myśli?? -
Avast wykrył na komputerze następujące infekcje: Java:Downloader-DN, VBS:Malware-gen, Win32:Injector-ATA, Win32:Malware-gen, Win32:Neclsym-EP, Win32: Sality, Win32:VB-EAA, Win32:Wuklill-B. Użyłem Sality-Killer oraz Malwarebytes Anti-Malware. To co mogłem przerzuciłem do kwarantanny avasta. Część oryginalnych plików przerzuconych do kwarantanny posiadam, ale przed ich kopiowaniem wolę się upewnić czy gdzieś jeszcze nie czai się ukryta infekcja. Wymagane logi: http://wklej.org/id/809018/