svchost.exe

ďťż




	chomiki usuwanie rootkita bagle (flec006. exe) - prośba o spr. loga WINFILE.exe - jest w każdym folderze na dysku :/ brss01a.exe - śmierdzi wiruchem. Syf autorunowy - info.exe Plik *.exe w niechcianym mailu Mp4 2GB schemat domykania okien alarmem W jaki sposĂłb sprawiÄ aby w partycje NTFS byĹy widoczne Nawiew - rzÄzi Wtryskiwacze 1.9 sri 126km zanotowane.pl doc.pisz.pl pdf.pisz.pl marbec.opx.pl	chomiki Powiem krótko , jak to wyłączyć ? Próbowałem wyłączyć aktualizacje automatyczną ale nic to nie dało a to zużywa mi 100% CPU . Może to infekcja??? Logów podać nie zaszkodzi, z: OTL i GMER (przed uruchomieniem użyj Defoggera) nie wiedziałem co wkleić to wklejam all OTL Extras logfile created on: 2010-03-16 18:55:35 - Run 1 OTL by OldTimer - Version 3.1.37.2 Folder = E:\Documents and Settings\Krzysztof\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 \| Country: Polska \| Language: PLK \| Date Format: yyyy-MM-dd 1 014,00 Mb Total Physical Memory \| 662,00 Mb Available Physical Memory \| 65,00% Memory free 2,00 Gb Paging File \| 2,00 Gb Available in Paging File \| 85,00% Paging File free Paging file location(s): E:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = E: \| %SystemRoot% = E:\WINDOWS \| %ProgramFiles% = E:\Program Files Drive C: \| 18,75 Gb Total Space \| 18,55 Gb Free Space \| 98,93% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded Drive E: \| 54,99 Gb Total Space \| 35,63 Gb Free Space \| 64,80% Space Free \| Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KRZYS Current User Name: Krzysztof Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP::Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP::Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP::Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP::Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{2938F0AE-8E6A-40E7-965A-817FE867F300}" = Nawigator "{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E9CA789-3AAC-4F5E-B42D-EA4232DAC60F}" = Atheros Wireless LAN "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{D3E3F224-704C-4873-BA3E-0B8D3D4C59E8}" = Samsung PC Studio 3 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{F0719150-F183-4097-BA61-9FD6CC7FE908}" = Stitch Era 10 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "Free Easy Burner_is1" = Free Easy Burner V 1.0 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.0 "Mozilla Firefox (1.0.4)" = Mozilla Firefox (1.0.4) "Nero8Lite_is1" = Nero 8 Lite 8.3.6.0 "Nowe Gadu-Gadu" = Nowe Gadu-Gadu "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Windows XP Service Pack" = Windows XP Service Pack 2 "WinRAR archiver" = Archiwizator WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2009-11-10 04:47:40 \| Computer Name = KRZYS \| Source = MsiInstaller \| ID = 10005 Description = Produkt: Nawigator -- Błąd 2755. Server returned unexpected error 3 attempting to install package F:\Nawigator.msi. Error - 2009-11-24 16:37:32 \| Computer Name = KRZYS \| Source = Application Hang \| ID = 1002 Description = Aplikacja zawieszająca mplayerc.exe, wersja 1.2.1008.0, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000. Error - 2009-12-10 16:54:12 \| Computer Name = KRZYS \| Source = Application Error \| ID = 1000 Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł powodujący błąd mshtml.dll, wersja 6.0.2900.2180, adres błędu 0x0007f463. [ System Events ] Error - 2010-03-16 11:14:22 \| Computer Name = KRZYS \| Source = Service Control Manager \| ID = 7031 Description = Usługa Program uruchamiający proces serwera DCOM niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom ponownie komputer. Error - 2010-03-16 11:14:22 \| Computer Name = KRZYS \| Source = Service Control Manager \| ID = 7034 Description = Usługa Usługi terminalowe niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-03-16 11:21:01 \| Computer Name = KRZYS \| Source = Service Control Manager \| ID = 7031 Description = Usługa Program uruchamiający proces serwera DCOM niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom ponownie komputer. Error - 2010-03-16 11:21:01 \| Computer Name = KRZYS \| Source = Service Control Manager \| ID = 7034 Description = Usługa Usługi terminalowe niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-03-16 11:21:30 \| Computer Name = KRZYS \| Source = Service Control Manager \| ID = 7023 Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący błąd: %%1460 Error - 2010-03-16 11:28:19 \| Computer Name = KRZYS \| Source = Service Control Manager \| ID = 7023 Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący błąd: %%1460 Error - 2010-03-16 11:45:10 \| Computer Name = KRZYS \| Source = Service Control Manager \| ID = 7031 Description = Usługa Program uruchamiający proces serwera DCOM niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom ponownie komputer. Error - 2010-03-16 11:45:10 \| Computer Name = KRZYS \| Source = Service Control Manager \| ID = 7034 Description = Usługa Usługi terminalowe niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error - 2010-03-16 11:52:28 \| Computer Name = KRZYS \| Source = Service Control Manager \| ID = 7023 Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący błąd: %%1460 Error - 2010-03-16 11:53:34 \| Computer Name = KRZYS \| Source = Service Control Manager \| ID = 7011 Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji z usługi AntiVirScheduler. < End of report > Podaj ten drugi log z OTL (OTL.txt). No i nie widzę loga z Gmera. GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-03-17 11:47:57 Windows 5.1.2600 Dodatek Service Pack 2 Running: gmer.exe; Driver: E:\DOCUME~1\KRZYSZ~1\USTAWI~1\Temp\kxtdqpob.sys ---- Kernel code sections - GMER 1.0.15 ---- .pak2 E:\WINDOWS\system32\drivers\udliiajr.sys entry point in ".pak2" section [0xF757913D] ? E:\WINDOWS\system32\drivers\udliiajr.sys Urządzenie podłączone do komputera nie działa. PAGE Ntfs.sys F73A4E88 4 Bytes CALL 863EA011 ---- User code sections - GMER 1.0.15 ---- .text E:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtQueryDirectoryFile + 6 7C90DF64 4 Bytes [90, 61, F1, 00] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 86352580 AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB) ---- Services - GMER 1.0.15 ---- Service (* hidden * ) [BOOT] udliiajr <-- ROOTKIT ! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\udliiajr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\udliiajr@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\udliiajr@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\udliiajr@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet003\Services\udliiajr@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\udliiajr@Start 0 Reg HKLM\SYSTEM\ControlSet003\Services\udliiajr@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\udliiajr@Group Boot Bus Extender ---- EOF - GMER 1.0.15 ---- Na końcu wyświetliło że znalazło Rokita a to z OTL-a OTL logfile created on: 2010-03-16 18:55:35 - Run 1 OTL by OldTimer - Version 3.1.37.2 Folder = E:\Documents and Settings\Krzysztof\Pulpit Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000415 \| Country: Polska \| Language: PLK \| Date Format: yyyy-MM-dd 1 014,00 Mb Total Physical Memory \| 662,00 Mb Available Physical Memory \| 65,00% Memory free 2,00 Gb Paging File \| 2,00 Gb Available in Paging File \| 85,00% Paging File free Paging file location(s): E:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = E: \| %SystemRoot% = E:\WINDOWS \| %ProgramFiles% = E:\Program Files Drive C: \| 18,75 Gb Total Space \| 18,55 Gb Free Space \| 98,93% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded Drive E: \| 54,99 Gb Total Space \| 35,63 Gb Free Space \| 64,80% Space Free \| Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KRZYS Current User Name: Krzysztof Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-03-16 18:50:30 \| 000,556,032 \| ---- \| M] (OldTimer Tools) -- E:\Documents and Settings\Krzysztof\Pulpit\OTL.exe PRC - [2010-03-16 18:04:31 \| 000,524,632 \| ---- \| M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010-03-16 18:04:30 \| 001,029,456 \| ---- \| M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009-06-21 11:46:59 \| 000,151,297 \| ---- \| M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe PRC - [2009-06-21 11:46:59 \| 000,068,865 \| ---- \| M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe PRC - [2009-06-18 21:29:28 \| 000,208,896 \| ---- \| M] (Realtek Semiconductor Corp.) -- E:\Documents and Settings\Krzysztof\Ustawienia lokalne\Temp\RtkBtMnt.exe PRC - [2008-06-12 13:28:45 \| 000,266,497 \| ---- \| M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe PRC - [2006-10-05 05:10:12 \| 000,009,216 \| ---- \| M] (Agere Systems) -- E:\WINDOWS\system32\agrsmsvc.exe PRC - [2005-05-11 19:11:00 \| 006,631,017 \| ---- \| M] (Mozilla) -- E:\Program Files\Mozilla Firefox\firefox.exe PRC - [2004-08-03 23:44:20 \| 001,033,728 \| ---- \| M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010-03-16 18:50:30 \| 000,556,032 \| ---- \| M] (OldTimer Tools) -- E:\Documents and Settings\Krzysztof\Pulpit\OTL.exe MOD - [2006-05-03 21:53:54 \| 000,174,592 \| ---- \| M] (Microsoft Corporation) -- E:\WINDOWS\system32\framedyn.dll MOD - [2004-08-03 23:42:34 \| 001,050,624 \| ---- \| M] (Microsoft Corporation) -- E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010-03-16 18:04:30 \| 001,029,456 \| ---- \| M] (Lavasoft) [Auto \| Running] -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009-06-21 11:46:59 \| 000,151,297 \| ---- \| M] (Avira GmbH) [Auto \| Running] -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2009-06-21 11:46:59 \| 000,068,865 \| ---- \| M] (Avira GmbH) [Auto \| Running] -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2006-10-05 05:10:12 \| 000,009,216 \| ---- \| M] (Agere Systems) [Auto \| Running] -- E:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - [2009-07-12 22:12:54 \| 000,005,632 \| ---- \| M] () [File_System \| System \| Running] -- E:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009-07-03 15:49:08 \| 000,064,160 \| ---- \| M] (Lavasoft AB) [File_System \| Boot \| Running] -- E:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009-06-21 11:47:01 \| 000,075,096 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009-06-21 11:46:59 \| 000,052,056 \| ---- \| M] (Avira GmbH) [File_System \| On_Demand \| Running] -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009-06-21 11:46:59 \| 000,011,608 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2007-12-10 14:15:02 \| 005,851,488 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- E:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007-07-10 02:56:00 \| 004,449,280 \| R--- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Running] -- E:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-06-18 11:03:32 \| 000,737,280 \| R--- \| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Stopped] -- E:\WINDOWS\system32\drivers\athr.sys -- (athr) DRV - [2007-06-06 05:51:04 \| 000,161,792 \| R--- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Running] -- E:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007-05-02 10:11:18 \| 000,109,704 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- E:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007-05-02 10:11:18 \| 000,015,112 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- E:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007-05-02 10:11:16 \| 000,083,592 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- E:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2007-03-09 07:56:04 \| 001,163,616 \| ---- \| M] (Agere Systems) [Kernel \| On_Demand \| Running] -- E:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007-03-01 09:34:22 \| 000,028,352 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2006-11-15 07:00:58 \| 000,528,096 \| ---- \| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Running] -- E:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2005-01-07 16:07:18 \| 000,138,752 \| ---- \| M] (Windows (R) Server 2003 DDK provider) [Kernel \| On_Demand \| Running] -- E:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2002-09-16 16:14:32 \| 000,004,228 \| ---- \| M] (PowerQuest Corporation) [Kernel \| System \| Running] -- E:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1292428093-436374069-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - HKLM\software\mozilla\Mozilla Firefox 1.0.4\Extensions\\Components: E:\Program Files\Mozilla Firefox\Components [2009-08-05 12:08:36 \| 000,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 1.0.4\Extensions\\Plugins: E:\Program Files\Mozilla Firefox\Plugins [2009-10-09 15:39:55 \| 000,000,000 \| ---D \| M] [2009-06-19 15:42:52 \| 000,000,000 \| ---D \| M] -- E:\Documents and Settings\Krzysztof\Dane aplikacji\Mozilla\Firefox\Profiles\smq8pu14.default\extensions [2009-06-19 15:42:52 \| 000,000,000 \| ---D \| M] (Firefox (default)) -- E:\Documents and Settings\Krzysztof\Dane aplikacji\Mozilla\Firefox\Profiles\smq8pu14.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009-06-19 15:43:01 \| 000,000,000 \| ---D \| M] -- E:\Program Files\Mozilla Firefox\extensions [2009-06-18 14:15:19 \| 000,000,000 \| ---D \| M] -- E:\Program Files\Mozilla Firefox\defaults\profile\extensions [2009-06-18 14:15:19 \| 000,000,000 \| ---D \| M] (Firefox (default)) -- E:\Program Files\Mozilla Firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2005-05-11 19:11:00 \| 000,041,578 \| ---- \| M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\jar50.dll [2005-05-11 19:11:00 \| 000,048,228 \| ---- \| M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\jsd3250.dll [2005-05-11 19:11:00 \| 000,159,340 \| ---- \| M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\xpinstal.dll [2005-05-11 19:11:00 \| 000,003,710 \| ---- \| M] () -- E:\Program Files\Mozilla Firefox\searchplugins\allegro.png [2005-05-11 19:11:00 \| 000,000,864 \| ---- \| M] () -- E:\Program Files\Mozilla Firefox\searchplugins\allegro.src [2005-05-11 19:11:00 \| 000,001,076 \| ---- \| M] () -- E:\Program Files\Mozilla Firefox\searchplugins\google.gif [2010-03-05 18:46:50 \| 000,000,750 \| ---- \| M] () -- E:\Program Files\Mozilla Firefox\searchplugins\google.src [2005-05-11 19:11:00 \| 000,000,260 \| ---- \| M] () -- E:\Program Files\Mozilla Firefox\searchplugins\onet.gif [2005-05-11 19:11:00 \| 000,000,944 \| ---- \| M] () -- E:\Program Files\Mozilla Firefox\searchplugins\onet.src [2005-05-11 19:11:00 \| 000,000,318 \| ---- \| M] () -- E:\Program Files\Mozilla Firefox\searchplugins\pwn.gif [2005-05-11 19:11:00 \| 000,000,582 \| ---- \| M] () -- E:\Program Files\Mozilla Firefox\searchplugins\pwn.src [2005-05-11 19:11:00 \| 000,000,718 \| ---- \| M] () -- E:\Program Files\Mozilla Firefox\searchplugins\szukacz.png [2005-05-11 19:11:00 \| 000,000,922 \| ---- \| M] () -- E:\Program Files\Mozilla Firefox\searchplugins\szukacz.src [2005-05-11 19:11:00 \| 000,000,459 \| ---- \| M] () -- E:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.png [2005-05-11 19:11:00 \| 000,001,056 \| ---- \| M] () -- E:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.src O1 HOSTS File: ([2001-10-26 16:45:16 \| 000,000,742 \| ---- \| M]) - E:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] E:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [INPROCOMMWireless] E:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe File not found O4 - HKLM..\Run: [sysgif32] E:\WINDOWS\Temp\~TMD.tmp (tzuk) O4 - Startup: E:\Documents and Settings\Krzysztof\Menu Start\Programy\Autostart\winesm32.exe () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1292428093-436374069-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macrome...ash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 217.172.224.160 89.228.7.226 O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - E:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 () - file:///E:/Documents%20and%20Settings/Krzysztof/Pulpit/: O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: E:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: E:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe O33 - MountPoints2\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe O33 - MountPoints2\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\Shell\AutoRun\command - "" = G:\mbvd.exe -- File not found O33 - MountPoints2\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\Shell\open\Command - "" = G:\mbvd.exe -- File not found O33 - MountPoints2\{e4a37460-8385-11de-b3b2-001b38d88684}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe O33 - MountPoints2\{e4a37460-8385-11de-b3b2-001b38d88684}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe O34 - HKLM BootExecute: (autocheck autochk ) - File not found O34 - HKLM BootExecute: (lsdelete) - E:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== File not found -- E:\Documents and Settings\Krzysztof\Pulpit\CA3WHBVK. [2010-03-16 18:50:29 \| 000,556,032 \| ---- \| C] (OldTimer Tools) -- E:\Documents and Settings\Krzysztof\Pulpit\OTL.exe [2010-03-16 18:05:10 \| 000,064,160 \| ---- \| C] (Lavasoft AB) -- E:\WINDOWS\System32\drivers\Lbd.sys [2010-03-16 18:03:57 \| 000,000,000 \| -H-D \| C] -- E:\Documents and Settings\All Users\Dane aplikacji\{EF63305C-BAD7-4144-9208-D65528260864} [2010-03-16 18:02:23 \| 000,000,000 \| ---D \| C] -- E:\Program Files\Lavasoft [2010-03-16 18:02:23 \| 000,000,000 \| ---D \| C] -- E:\Documents and Settings\All Users\Dane aplikacji\Lavasoft [2010-03-16 17:57:55 \| 060,857,536 \| ---- \| C] (Lavasoft ) -- E:\Documents and Settings\Krzysztof\Pulpit\Ad-AwareAE.exe [2010-03-16 16:55:31 \| 001,273,736 \| ---- \| C] (Microsoft Corporation) -- E:\Documents and Settings\Krzysztof\Pulpit\WindowsXP-KB927891-v3-x86-PLK.exe [2010-03-03 16:29:52 \| 000,000,000 \| ---D \| C] -- E:\Documents and Settings\Krzysztof\Pulpit\Nowy folder (2) [2010-02-24 18:28:45 \| 004,938,120 \| ---- \| C] (Microsoft Corporation) -- E:\Documents and Settings\Krzysztof\Pulpit\Silverlight.exe [2009-06-18 13:01:24 \| 000,000,000 \| ---D \| M] -- E:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-06-18 12:40:28 \| 000,000,000 \| --SD \| M] -- E:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-06-18 12:40:28 \| 000,000,000 \| --SD \| M] -- E:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2009-06-18 12:40:28 \| 000,000,000 \| ---D \| M] -- E:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [3 E:\WINDOWS\.tmp files E:\WINDOWS\.tmp ] ========== Files - Modified Within 30 Days ========== File not found -- E:\Documents and Settings\Krzysztof\Pulpit\CA3WHBVK. [2010-03-16 19:13:23 \| 000,802,304 \| ---- \| M] () -- E:\WINDOWS\System32\drivers\udliiajr.sys [2010-03-16 18:50:30 \| 000,556,032 \| ---- \| M] (OldTimer Tools) -- E:\Documents and Settings\Krzysztof\Pulpit\OTL.exe [2010-03-16 18:34:07 \| 000,000,060 \| ---- \| M] () -- E:\WINDOWS\wininit.ini [2010-03-16 18:07:10 \| 000,000,006 \| -H-- \| M] () -- E:\WINDOWS\tasks\SA.DAT [2010-03-16 18:07:06 \| 000,002,048 \| --S- \| M] () -- E:\WINDOWS\bootstat.dat [2010-03-16 18:06:10 \| 003,145,728 \| -H-- \| M] () -- E:\Documents and Settings\Krzysztof\NTUSER.DAT [2010-03-16 18:06:10 \| 000,000,188 \| -HS- \| M] () -- E:\Documents and Settings\Krzysztof\ntuser.ini [2010-03-16 18:05:31 \| 000,000,472 \| ---- \| M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010-03-16 18:04:53 \| 000,015,688 \| ---- \| M] () -- E:\WINDOWS\System32\lsdelete.exe [2010-03-16 18:03:44 \| 000,000,867 \| ---- \| M] () -- E:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk [2010-03-16 17:12:04 \| 060,857,536 \| ---- \| M] (Lavasoft ) -- E:\Documents and Settings\Krzysztof\Pulpit\Ad-AwareAE.exe [2010-03-16 16:58:58 \| 000,356,068 \| ---- \| M] () -- E:\WINDOWS\System32\perfh015.dat [2010-03-16 16:58:58 \| 000,311,938 \| ---- \| M] () -- E:\WINDOWS\System32\perfh009.dat [2010-03-16 16:58:58 \| 000,049,910 \| ---- \| M] () -- E:\WINDOWS\System32\perfc015.dat [2010-03-16 16:58:58 \| 000,040,326 \| ---- \| M] () -- E:\WINDOWS\System32\perfc009.dat [2010-03-16 16:58:56 \| 000,763,990 \| ---- \| M] () -- E:\WINDOWS\System32\PerfStringBackup.INI [2010-03-16 16:51:00 \| 001,273,736 \| ---- \| M] (Microsoft Corporation) -- E:\Documents and Settings\Krzysztof\Pulpit\WindowsXP-KB927891-v3-x86-PLK.exe [2010-03-16 16:17:37 \| 000,019,616 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT [2010-03-15 21:26:16 \| 000,005,192 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\1.JPG [2010-03-15 21:22:03 \| 000,008,697 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\EMBLEMAT_DO_MUNDURU_CWICZEBNEGO.gif [2010-03-14 09:08:10 \| 000,002,206 \| ---- \| M] () -- E:\WINDOWS\System32\wpa.dbl [2010-03-09 19:07:50 \| 000,000,004 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Dane aplikacji\avdrn.dat [2010-03-09 09:51:58 \| 000,033,792 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\2.doc [2010-03-08 21:16:34 \| 000,806,472 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00539.JPG [2010-03-08 14:02:58 \| 000,892,350 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00536.JPG [2010-03-08 14:02:42 \| 000,773,225 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00535.JPG [2010-03-08 14:02:28 \| 000,786,416 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00534.JPG [2010-03-08 14:02:12 \| 000,898,115 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00533.JPG [2010-03-08 14:01:52 \| 000,880,924 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00532.JPG [2010-03-08 07:27:09 \| 000,000,069 \| ---- \| M] () -- E:\WINDOWS\NeroDigital.ini [2010-03-06 18:16:06 \| 000,024,064 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Moje dokumenty\28900904,zalacznik.doc [2010-03-03 16:55:10 \| 000,025,980 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\kolo.jpg [2010-02-25 19:48:43 \| 000,173,079 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\IMGP0494.jpg [2010-02-25 19:47:36 \| 000,050,790 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\major.jpg [2010-02-25 19:46:43 \| 000,072,928 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\paragraf.jpg [2010-02-25 15:57:46 \| 000,051,825 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\orzel.JPG [2010-02-25 15:56:21 \| 000,163,574 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\509px-Herb_Polski.svg [2010-02-24 23:57:06 \| 004,938,120 \| ---- \| M] (Microsoft Corporation) -- E:\Documents and Settings\Krzysztof\Pulpit\Silverlight.exe [2010-02-24 18:46:24 \| 000,114,199 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\orzełek.jpg [2010-02-24 18:39:56 \| 000,000,417 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\Onet.pl-Poczta.url [2010-02-21 16:12:34 \| 000,530,280 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00682.JPG [2010-02-21 16:09:22 \| 000,499,472 \| ---- \| M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00681.JPG [3 E:\WINDOWS\.tmp files E:\WINDOWS\.tmp ] ========== Files Created - No Company Name ========== [2010-03-16 18:54:24 \| 000,015,688 \| ---- \| C] () -- E:\WINDOWS\System32\lsdelete.exe [2010-03-16 18:34:07 \| 000,000,060 \| ---- \| C] () -- E:\WINDOWS\wininit.ini [2010-03-16 18:05:30 \| 000,000,472 \| ---- \| C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010-03-16 18:03:44 \| 000,000,867 \| ---- \| C] () -- E:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk [2010-03-15 21:26:16 \| 000,005,192 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\1.JPG [2010-03-15 21:25:32 \| 000,008,697 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\EMBLEMAT_DO_MUNDURU_CWICZEBNEGO.gif [2010-03-09 19:08:17 \| 000,802,304 \| ---- \| C] () -- E:\WINDOWS\System32\drivers\udliiajr.sys [2010-03-09 19:07:56 \| 000,000,016 \| ---- \| C] () -- E:\Documents and Settings\NetworkService\Dane aplikacji\rbuwzv.dat [2010-03-09 19:07:50 \| 000,000,004 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Dane aplikacji\avdrn.dat [2010-03-08 22:44:47 \| 000,806,472 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00539.JPG [2010-03-08 15:05:37 \| 000,892,350 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00536.JPG [2010-03-08 15:05:36 \| 000,773,225 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00535.JPG [2010-03-08 15:05:35 \| 000,786,416 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00534.JPG [2010-03-08 15:05:33 \| 000,898,115 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00533.JPG [2010-03-08 15:05:32 \| 000,880,924 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00532.JPG [2010-03-03 16:55:54 \| 000,025,980 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\kolo.jpg [2010-02-25 19:48:43 \| 000,173,079 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\IMGP0494.jpg [2010-02-25 19:47:36 \| 000,050,790 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\major.jpg [2010-02-25 19:46:43 \| 000,072,928 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\paragraf.jpg [2010-02-25 15:57:46 \| 000,051,825 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\orzel.JPG [2010-02-25 15:56:48 \| 000,163,574 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\509px-Herb_Polski.svg [2010-02-24 18:46:24 \| 000,114,199 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\orzełek.jpg [2010-02-24 18:39:33 \| 000,000,417 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\Onet.pl-Poczta.url [2010-02-21 16:12:34 \| 000,530,280 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00682.JPG [2010-02-21 16:09:22 \| 000,499,472 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00681.JPG [2010-01-26 16:58:56 \| 000,000,042 \| ---- \| C] () -- E:\WINDOWS\BDNET32.INI [2009-10-09 15:40:13 \| 000,000,385 \| ---- \| C] () -- E:\WINDOWS\ODBC.INI [2009-09-25 17:50:55 \| 000,000,754 \| ---- \| C] () -- E:\WINDOWS\WORDPAD.INI [2009-08-05 15:16:18 \| 000,000,238 \| ---- \| C] () -- E:\WINDOWS\SIERRA.INI [2009-08-05 14:06:21 \| 000,000,069 \| ---- \| C] () -- E:\WINDOWS\NeroDigital.ini [2009-08-05 12:08:33 \| 000,168,448 \| ---- \| C] () -- E:\WINDOWS\System32\unrar.dll [2009-08-05 12:08:32 \| 000,000,038 \| ---- \| C] () -- E:\WINDOWS\avisplitter.ini [2009-08-05 12:08:30 \| 003,596,288 \| ---- \| C] () -- E:\WINDOWS\System32\qt-dx331.dll [2009-08-05 12:08:30 \| 000,881,664 \| ---- \| C] () -- E:\WINDOWS\System32\xvidcore.dll [2009-08-05 12:08:30 \| 000,205,824 \| ---- \| C] () -- E:\WINDOWS\System32\xvidvfw.dll [2009-08-05 12:08:29 \| 000,085,504 \| ---- \| C] () -- E:\WINDOWS\System32\ff_vfw.dll [2009-08-05 12:08:29 \| 000,000,547 \| ---- \| C] () -- E:\WINDOWS\System32\ff_vfw.dll.manifest [2009-08-03 15:21:35 \| 000,013,576 \| ---- \| C] () -- E:\WINDOWS\System32\wnaspi32.dll [2009-07-12 22:14:05 \| 000,000,000 \| ---- \| C] () -- E:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt [2009-07-12 21:55:57 \| 000,005,632 \| ---- \| C] () -- E:\WINDOWS\System32\drivers\StarOpen.sys [2009-06-27 16:13:25 \| 000,027,648 \| ---- \| C] () -- E:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-06-19 15:19:54 \| 001,399,880 \| ---- \| C] () -- E:\WINDOWS\System32\igklg450.dll [2009-06-19 15:19:53 \| 001,843,784 \| ---- \| C] () -- E:\WINDOWS\System32\igklg400.dll [2009-06-19 15:19:53 \| 000,147,456 \| ---- \| C] () -- E:\WINDOWS\System32\igfxCoIn_v4885.dll [2009-06-19 15:19:53 \| 000,104,636 \| ---- \| C] () -- E:\WINDOWS\System32\igmedcompkrn.dll [2009-06-18 12:55:03 \| 000,081,920 \| ---- \| C] () -- E:\WINDOWS\System32\ieencode.dll [2003-01-07 16:05:08 \| 000,002,695 \| ---- \| C] () -- E:\WINDOWS\System32\OUTLPERF.INI [2002-02-27 10:41:28 \| 000,024,576 \| ---- \| C] () -- E:\WINDOWS\System32\nsldappr32v50.dll [2002-02-27 10:41:26 \| 000,139,264 \| ---- \| C] () -- E:\WINDOWS\System32\nsldap32v50.dll [2002-02-27 10:41:26 \| 000,040,960 \| ---- \| C] () -- E:\WINDOWS\System32\nsldapssl32v50.dll [2001-07-22 03:41:32 \| 000,027,440 \| ---- \| C] () -- E:\WINDOWS\System32\drivers\secdrv.sys ========== LOP Check ========== [2010-01-26 17:21:57 \| 000,000,000 \| ---D \| M] -- E:\Documents and Settings\All Users\Dane aplikacji\Sierra [2010-03-16 18:03:57 \| 000,000,000 \| -H-D \| M] -- E:\Documents and Settings\All Users\Dane aplikacji\{EF63305C-BAD7-4144-9208-D65528260864} [2009-06-20 21:50:47 \| 000,000,000 \| ---D \| M] -- E:\Documents and Settings\Krzysztof\Dane aplikacji\GetRightToGo [2009-06-23 13:44:54 \| 000,000,000 \| ---D \| M] -- E:\Documents and Settings\Krzysztof\Dane aplikacji\Nowe Gadu-Gadu [2009-06-23 14:57:19 \| 000,000,000 \| ---D \| M] -- E:\Documents and Settings\Krzysztof\Dane aplikacji\OpenFM [2009-07-12 22:14:31 \| 000,000,000 \| ---D \| M] -- E:\Documents and Settings\Krzysztof\Dane aplikacji\Samsung [2009-06-21 12:34:29 \| 000,000,000 \| ---D \| M] -- E:\Documents and Settings\Krzysztof\Dane aplikacji\Thinstall [2010-03-16 18:05:31 \| 000,000,472 \| ---- \| M] () -- E:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== < End of report > No i tak jak podejrzewałem, jest syf. Pobierz The Avenger w pole Input script here wklej poniższy tekst: Files to delete: E:\Documents and Settings\Krzysztof\Menu Start\Programy\Autostart\winesm32.exe E:\WINDOWS\System32\drivers\udliiajr.sys E:\Documents and Settings\NetworkService\Dane aplikacji\rbuwzv.dat E:\Documents and Settings\Krzysztof\Dane aplikacji\avdrn.dat Folders to delete E:\WINDOWS\Temp Drivers to delete: udliiajr klikasz Execute Potwierdzasz i zgadzasz się na restart klikając OK. Po wykonaniu wklej raport na forum C:\avenger.txt Uruchom OTL w oknie Custom Scans/Fixes wklej: :OTL O4 - HKLM..\Run: [INPROCOMMWireless] E:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe File not found O4 - HKLM..\Run: [sysgif32] E:\WINDOWS\Temp\~TMD.tmp (tzuk) O33 - MountPoints2\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe O33 - MountPoints2\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe O33 - MountPoints2\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\Shell\AutoRun\command - "" = G:\mbvd.exe -- File not found O33 - MountPoints2\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\Shell\open\Command - "" = G:\mbvd.exe -- File not found O33 - MountPoints2\{e4a37460-8385-11de-b3b2-001b38d88684}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe O33 - MountPoints2\{e4a37460-8385-11de-b3b2-001b38d88684}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe :Commands [emptytemp] Klikasz Run Fix. Dajesz log z usuwania + nowe logi z OTL + nowy log z Gmer Wkleje Logi ale na ten moment wzglada że usterka ustąpiła nie zapeszając Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ***************** Script file opened successfully. Script file read successfully. Backups directory opened successfully at E:\Avenger *************** Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "E:\Documents and Settings\Krzysztof\Menu Start\Programy\Autostart\winesm32.exe" not found! Deletion of file "E:\Documents and Settings\Krzysztof\Menu Start\Programy\Autostart\winesm32.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) the object does not exist File "E:\WINDOWS\System32\drivers\udliiajr.sys" deleted successfully. File "E:\Documents and Settings\NetworkService\Dane aplikacji\rbuwzv.dat" deleted successfully. File "E:\Documents and Settings\Krzysztof\Dane aplikacji\avdrn.dat" deleted successfully. Error: file "Folders to delete" not found! Deletion of file "Folders to delete" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) the object does not exist Error: "E:\WINDOWS\Temp" is a folder, not a file! Deletion of file "E:\WINDOWS\Temp" failed! Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY) use "Folders to delete:" instead of "Files to delete:" to delete a directory Driver "udliiajr" deleted successfully. Completed script processing. ***************** Finished! Terminate. ____________________________________________________ All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\INPROCOMMWireless deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysgif32 deleted successfully. File move failed. E:\WINDOWS\Temp\~TMD.tmp scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\ not found. File E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\ not found. File E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\ not found. File G:\mbvd.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\ not found. File G:\mbvd.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4a37460-8385-11de-b3b2-001b38d88684}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4a37460-8385-11de-b3b2-001b38d88684}\ not found. File E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4a37460-8385-11de-b3b2-001b38d88684}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4a37460-8385-11de-b3b2-001b38d88684}\ not found. File E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Krzysztof ->Temp folder emptied: 139956695 bytes ->Temporary Internet Files folder emptied: 22986108 bytes ->Flash cache emptied: 28249 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1119389 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 20084616 bytes RecycleBin emptied: 97337 bytes Total Files Cleaned = 176,00 mb OTL by OldTimer - Version 3.1.37.2 log created on 03182010_201426 Files\Folders moved on Reboot... File\Folder E:\WINDOWS\Temp\~TMD.tmp not found! Registry entries deleted on Reboot... Podaj jeszcze nowy log z OTL robiony opcją Run Scan zanotowane.pl doc.pisz.pl pdf.pisz.pl mandragora32.opx.pl ďťż

Wszelkie Prawa ZastrzeĹźone! chomiki Design by SZABLONY.maniak.pl.

Darmowy hosting zapewnia PRV.PL

chomiki