Komputer muli , cały czas pobierane są pakiety ,glaide32.sys

**Posty:** 1 · przez **golbi** 03 Kwi 2009, 14:53

Cały czas jest ten glaide32.sys i inne badziewia co chwile dochodza pomożecie mi zrobić porządek ?

Kod: Zaznacz wszystko: ComboFix 09-04-04.01 - Golbi 2009-04-07 22:14:17.11 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.511.179 [GMT 2:00] Uruchomiony z: c:\documents and settings\Golbi\Pulpit\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) FW: Bitdefender Firewall *enabled* * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Golbi\Dane aplikacji\wiaserva.log . ((((((((((((((((((((((((( Pliki utworzone od 2009-03-07 do 2009-04-07 ))))))))))))))))))))))))))))))) . 2009-04-03 23:27 . 2009-04-03 23:27 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\2DBoy 2009-04-03 18:30 . 2009-04-03 18:30 2,021,790 --a------ c:\windows\system32\1a23.mht 2009-04-03 18:30 . 2009-04-03 18:30 185,824 --a------ c:\windows\system32\9954.sys 2009-04-03 17:52 . 2009-04-07 22:16 83,294 --a------ c:\windows\system32\drivers\glaide32.sys 2009-04-03 12:14 . 2009-04-03 14:22 91 --a-s---- c:\windows\system32\2420447694.dat 2009-04-02 14:30 . 2009-04-02 15:05 <DIR> d-------- c:\documents and settings\Golbi\Dane aplikacji\Dev-Cpp 2009-03-27 23:49 . 2009-03-27 23:49 <DIR> d-------- c:\documents and settings\Golbi\.thumbnails 2009-03-27 23:47 . 2009-03-27 23:48 <DIR> d-------- c:\documents and settings\Golbi\.gegl-0.0 2009-03-23 19:16 . 2009-04-07 20:04 54,156 --ah----- c:\windows\QTFont.qfn 2009-03-23 19:16 . 2009-03-23 19:16 1,409 --a------ c:\windows\QTFont.for 2009-03-16 18:52 . 2009-03-16 18:52 <DIR> d-------- c:\documents and settings\Golbi\Dane aplikacji\Lexmark Imaging Studio 2009-03-16 18:51 . 2009-04-06 09:00 <DIR> d-------- c:\documents and settings\All Users\Lx_cats 2009-03-16 18:50 . 2006-08-01 07:53 40,960 --a------ c:\windows\system32\lxdivs.dll 2009-03-16 18:49 . 2007-01-31 22:15 692,224 --a------ c:\windows\system32\lxdidrs.dll 2009-03-16 18:49 . 2007-02-23 00:31 344,064 --a------ c:\windows\system32\lxdicoin.dll 2009-03-16 18:49 . 2001-10-26 18:29 87,040 --a------ c:\windows\system32\wiafbdrv.dll 2009-03-16 18:49 . 2001-10-26 18:29 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll 2009-03-16 18:49 . 2007-02-09 20:07 69,632 --a------ c:\windows\system32\lxdicnv4.dll 2009-03-16 18:49 . 2007-01-24 01:40 65,536 --a------ c:\windows\system32\lxdicaps.dll 2009-03-16 18:49 . 2008-04-14 01:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-03-16 18:49 . 2008-04-14 01:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-03-16 18:47 . 2007-03-02 20:07 1,187,840 --a------ c:\windows\system32\lxdiserv.dll 2009-03-16 18:47 . 2007-03-02 19:59 942,080 --a------ c:\windows\system32\lxdiusb1.dll 2009-03-16 18:47 . 2007-03-05 06:23 503,808 --a------ c:\windows\system32\lxdiutil.dll 2009-03-16 18:47 . 2007-03-02 19:56 356,352 --a------ c:\windows\system32\lxdiinpa.dll 2009-03-16 18:47 . 2007-03-02 19:56 339,968 --a------ c:\windows\system32\lxdiiesc.dll 2009-03-16 18:47 . 2007-03-02 20:02 311,296 --a------ c:\windows\system32\lxdihcp.dll 2009-03-16 18:47 . 2007-03-02 20:00 294,912 --a------ c:\windows\system32\lxdiinst.dll 2009-03-16 18:47 . 2007-03-02 19:55 53,248 --a------ c:\windows\system32\lxdiprox.dll 2009-03-16 18:47 . 2007-01-22 11:53 60 --ah----- c:\windows\system32\lxdirwrd.ini 2009-03-16 18:46 . 2009-03-16 18:49 <DIR> d-------- c:\program files\Lexmark 3500-4500 Series 2009-03-16 18:45 . 2008-04-14 01:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-03-16 18:45 . 2008-04-14 01:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2009-03-14 22:30 . 2009-03-14 22:30 <DIR> d-------- c:\documents and settings\Golbi\Dane aplikacji\teamspeak2 2009-03-14 22:29 . 2009-03-14 22:30 <DIR> d-------- c:\program files\Teamspeak2_RC2 2009-03-14 22:29 . 2009-03-14 22:29 34,064 --a------ c:\windows\system32\lhacm.acm 2009-03-12 09:48 . 2009-03-12 12:07 <DIR> d-------- c:\program files\Ultime Pack Maps DMW . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-05 17:14 --------- d-----w c:\program files\Common Files\Adobe 2009-04-03 14:53 --------- d-----w c:\program files\Common Files\Softwin 2009-03-29 17:06 --------- d-----w c:\program files\Real Alternative 2009-03-26 15:31 --------- d-----w c:\documents and settings\Golbi\Dane aplikacji\uTorrent 2009-03-22 09:01 --------- d-----w c:\documents and settings\Golbi\Dane aplikacji\Hamachi 2009-03-06 13:09 172,032 ----a-w c:\windows\system32\cncs32.dll 2009-03-05 20:47 --------- d-----w c:\documents and settings\Golbi\Dane aplikacji\HamachiBackup 2009-03-05 20:44 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2009-03-04 11:33 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\avg8 2009-03-03 17:06 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype 2009-02-25 13:53 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-24 21:12 --------- d-----w c:\program files\K-Lite Codec Pack 2009-02-17 11:58 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2009-02-13 15:40 --------- d-----w c:\documents and settings\Golbi\Dane aplikacji\SpeedSim 2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll 2009-02-09 14:07 1,847,040 ----a-w c:\windows\system32\win32k.sys 2009-02-05 07:56 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-12-30 15:20 476,752 -c--a-w c:\documents and settings\All Users\Dane aplikacji\pswi_preloaded.exe 2008-10-12 06:28 48,640 ----a-w c:\documents and settings\Golbi\vorbis.dll 2008-10-12 06:28 20,992 ----a-w c:\documents and settings\Golbi\ogg.dll 2008-10-12 06:28 125,440 ----a-w c:\documents and settings\Golbi\corona.dll 2008-03-09 06:25 236 -c-ha-w c:\program files\Common Files\dx.reg 2008-12-30 15:17 8 --sh--r c:\windows\system32\66858640B1.sys 2007-08-12 13:53 56 --sh--r c:\windows\system32\962B8593AF.sys 2008-12-30 15:24 4,184 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-05-13 08:46 32,768 -csha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008051320080514\index.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-25 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2005-09-25 155648] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-05 1601304] "LXDICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDItime.dll" [2007-02-26 102400] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run] "NoDriveTypeAutoRun"="Hexadecimal 91" [X] c:\documents and settings\Golbi\Menu Start\Programy\Autostart\ ATITool.lnk - c:\program files\ATITool\ATITool.exe [2006-12-08 3035136] LaunchU3.exe.lnk - c:\documents and settings\Golbi\Dane aplikacji\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-09-10 22486] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegedit"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun] "1"= i_view32.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-05 09:56 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsserv.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll] "Debugger"=ntsd -d [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]OODBS [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^VIA RAID TOOL.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\VIA RAID TOOL.lnk backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Golbi^Menu Start^Programy^Autostart^hamachi.lnk] path=c:\documents and settings\Golbi\Menu Start\Programy\Autostart\hamachi.lnk backup=c:\windows\pss\hamachi.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher] --a------ 2009-02-27 17:10 35696 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a--c--- 2004-08-22 18:05 81920 c:\program files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdiamon] --a------ 2007-03-05 20:40 20480 c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdimon.exe] --a------ 2007-03-06 16:43 435120 c:\program files\Lexmark 3500-4500 Series\lxdimon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2007-08-13 07:48 155648 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2008-02-22 04:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "XCOMM"=2 (0x2) "VSSERV"=2 (0x2) "rpcapd"=3 (0x3) "ose"=3 (0x3) "IDriverT"=3 (0x3) "Atirpcapd"=2 (0x2) "Ati HotKey Poller"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "d:\\Program Files\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "h:\\World Of Warcraft\\Launcher.exe"= "d:\\Program Files\\Honor_pol\\MOHAA.EXE"= "d:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\WINDOWS\\system32\\lxdicoms.exe"= "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"= "c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"= "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"= "h:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2007-10-01 149376] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-23 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-23 107272] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-05 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-05 298264] R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?] S0 02613;02613;c:\windows\system32\drivers\[u]0[/u]2613.SYS --> c:\windows\system32\drivers\[u]0[/u]2613.SYS [?] S0 0262F;0262F;c:\windows\system32\drivers\[u]0[/u]262F.SYS --> c:\windows\system32\drivers\[u]0[/u]262F.SYS [?] S0 02632;02632;c:\windows\system32\drivers\[u]0[/u]2632.SYS --> c:\windows\system32\drivers\[u]0[/u]2632.SYS [?] S1 12514;12514;\??\c:\windows\system32\drivers\12514.SYS --> c:\windows\system32\drivers\12514.SYS [?] S1 a5a33;a5a33;\??\c:\windows\system32\drivers\a5a33.SYS --> c:\windows\system32\drivers\a5a33.SYS [?] S1 e1530;e1530;\??\c:\windows\system32\drivers\e1530.SYS --> c:\windows\system32\drivers\e1530.SYS [?] S2 34815;34815;\??\c:\windows\system32\drivers\34815.SYS --> c:\windows\system32\drivers\34815.SYS [?] S2 66631;66631;\??\c:\windows\system32\drivers\66631.SYS --> c:\windows\system32\drivers\66631.SYS [?] S2 d5534;d5534;\??\c:\windows\system32\drivers\d5534.SYS --> c:\windows\system32\drivers\d5534.SYS [?] S3 9954;9954;c:\windows\system32\9954.sys [2009-04-03 185824] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-10-28 13352] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys --> c:\windows\system32\DRIVERS\k510bus.sys [?] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys --> c:\windows\system32\DRIVERS\k510mdfl.sys [?] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys --> c:\windows\system32\DRIVERS\k510mdm.sys [?] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2007-08-12 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2007-08-12 83344] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512] S3 ntportio;ntportio;\??\c:\documents and settings\Golbi\Pulpit\ntportio.sys --> c:\documents and settings\Golbi\Pulpit\ntportio.sys [?] S4 Atirpcapd;Ati HotKey Poller Atirpcapd;c:\windows\system32\adsmsextk.exe srv --> c:\windows\system32\adsmsextk.exe srv [?] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - 026E *NewlyCreated* - 21bf *NewlyCreated* - d3f10 *Deregistered* - 026e *Deregistered* - 21bf [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{535b62d5-1948-11de-b5d5-00115b7a8834}] \Shell\AutoRun\command - E:\AutoTransfer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f23e45ec-ee70-11dc-a8b7-00115b7a8834}] \Shell\AutoRun\command - H:\LaunchU3.exe -a . - - - - USUNIĘTO PUSTE WPISY - - - - HKU-Default-Run-InetChk - c:\windows\TEMP\ms1238776600.exe . ------- Skan uzupełniający ------- . mStart Page = about:blank FF - ProfilePath - c:\documents and settings\Golbi\Dane aplikacji\Mozilla\Firefox\Profiles\m7pz1zin.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Golbi\Dane aplikacji\Mozilla\Firefox\Profiles\m7pz1zin.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}\plugins\npOggX.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-07 22:15:54 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXDICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDItime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\glaide32] "ImagePath"="\??\c:\windows\system32\drivers\glaide32.sys" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\s-1-5-21-1644491937-1482476501-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\s-1-5-21-1644491937-1482476501-682003330-1003\Software\Zepter Software\RegLib*3084883c\CloneDVD/2] "1"=dword:47f7559f "2"=dword:47f88f83 [HKEY_USERS\s-1-5-21-1644491937-1482476501-682003330-1003\Software\Zepter Software\RegLib*3084883c\CloneDVD2/2] "1"=dword:47f7559f "2"=dword:47f88f83 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG11.00.00.01WORKSTATION"="E82AFB7373EB51486E2AC5B3DD2101D8CA2577C0A38EFA3DE25423B7FADFBC75CCB21D35AFE0FCA54796BF203A93D125FB567203B8E7A2A422000777A972EE5F5F1D65248041615D818D8CBE023735C40AEBD9AEF97AEAC08501293534F24A6C30CFBD24575B3B5C7428812F7BD9E4B0304F12BDA0362930CB339A5F6B926184A73702BFB9BCF7F54D82E731010B4C40FEEDEFC97D4C66778D75DE0C33C379F3FEC20523C13C3C5C8ABDFEAC81A10D345CBABF11723260FCB32BEC71043D8EEB47E5891F9B6FE0AB807E78A9FC35792D00AA41F678A2888C7BB8B1EA69F9CD00E198CB2909B4EE5FD5EC79580CA39CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6675D575E7D6A3B98085D575E7D6A3B98081069767CC4FB011A1D169FF76D35B0A829BD86F56740A7F4BE3FFE37400580B833BAE3F6E65375569C0CAC26F8FDFD07EF1317781ECF8149984BDABEF149932434B77217F9AF4243D015EEE736F573D2BE67E0A93ADF57B7F3D1CB89548FE117003D334DCB4C5E240ED02719ABA988CA733F74F597F23FA0D9D9542EBEF042A9E77738FECE7480708EB4990E823C72E3D27568BA3CA0921334C1FB3A2D1ACFAB1F6A1A04160A24536F0690890AE232C601B4574BCC1470D5D3BBCBAE414A699FBEEDF42A5B038B2C326256C9326A07D0097E5DEF168CB9E1EA4ED3FC3C57B13B432C67B3FA67B98F3CB83DF8912E759159A71D6284DC95E592D1278E072891E90CA215D27656F544D74D19BBE3A2C74D44593CD1ADED6D43C4F45ABEAE39B14ADE252633F2FE4DC5B038C2A6044D0BFD018E63E147B8F08D61390ADE629B832D63DAC6703828904459E396C3764810CEA81BC0292C4E1190AB7453327473B81C263EA69C33AA53234790F5925FC26C21B92106B25BD004484B51D8EFDE77C94E971D77BB76F3ECF8D253C5820AFC7808189A69FC77F744E74B4BC3C43D7571B40C1B73C635047A923B926DFC63CE52CD88D2247C47100FD31B36BC51CDCDADF0BB30542B49F25B6E9F0AD959FD22D9ED376D7317B676E7258E37712A7674C25A43A5D9CA30E6B44087CA7DE60FF5B51AB0DC19A8D39F14A95C4896D43EF1B77924194A79091FEEF05BB7C9E6F0DBCEB5686B5B7F51131E63A0B6E2CF51E1578E4000E801996CB41A6808BA90217951D8B3B4845E866B53085BA40F897F74318CE19F061D4A33F60C60C84B8CC10BAED14EA8DFFC6F574700ED885A673C6E1897B593EC802A6DE9C9D859FA79195C9D20568E4086299BCFEAA12A89BF2028238C4AC9F4CFE6A9068C4A6CD0E890D11477CD7EFC19F78E8618A0A9DFDFE70EADF91605F3A2588707BD130CD4E1365FD2419B63EC48C01CC98D7BF52B88F0A0D720EF" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(796) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2009-04-07 22:17:32 ComboFix-quarantined-files.txt 2009-04-07 20:17:23 Przed: 2 920 304 640 bajtów wolnych Po: 2,906,312,704 bajtów wolnych 341 --- E O F --- 2009-03-15 00:22:36

**Posty:** 18165 · przez **wojtas** 03 Kwi 2009, 18:59

zmień nazwe tematu oraz prosze objąć log w tagi

Komputer muli , cały czas pobierane są pakiety ,glaide32.sys

Komputer muli , cały czas pobierane są pakiety ,glaide32.sys

Proszę o sprawdzenie loga :)

Kto jest na forum