Rootkity

[Huslar]

Od pewnego czasu mój komputer (i ja sam) jest nękany rootkitami. Do niedawna szkodziły one tylko zgłoszeniami avasta ale teraz do otwierania partycji sprzęt żąda użycia programu jak przy nowym pliku ("Wybierz program jakiego chcesz użyć do otwarcia pliku"). Tak jak i w innym temacie mam problemy z plikami ukrytymi, których wyświetlania nie mogę włączyć. Zrobiłem odpowiedni skan OTL'em

Kod: Zaznacz wszystko

OTL logfile created on: 2010-03-05 22:55:11 - Run 1
OTL by OldTimer - Version 3.1.34.0     Folder = C:\Documents and Settings\michał\Moje dokumenty\Pobieranie
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

767,00 Mb Total Physical Memory | 281,00 Mb Available Physical Memory | 37,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18,71 Gb Total Space | 3,53 Gb Free Space | 18,88% Space Free | Partition Type: NTFS
Drive D: | 18,55 Gb Total Space | 3,65 Gb Free Space | 19,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 7,45 Gb Total Space | 7,45 Gb Free Space | 100,00% Space Free | Partition Type: FAT32

Computer Name: HOME-H2GJY02LPF
Current User Name: michał
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010-03-05 21:58:52 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\michał\Moje dokumenty\Pobieranie\OTL.exe
PRC - [2010-02-20 19:14:01 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-09-29 22:19:44 | 000,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009-09-29 22:19:16 | 001,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009-08-17 17:07:23 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-08-17 17:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-08-17 17:07:01 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-08-17 17:04:21 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-08-17 16:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008-03-20 11:04:46 | 002,127,296 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\gg.exe
PRC - [2005-07-08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005-07-08 15:25:10 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004-08-25 13:25:56 | 000,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-12-08 16:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2003-11-27 02:34:50 | 000,385,024 | ---- | M] (WirelessLan Technology, Corp.) -- C:\Program Files\WLAN\WConfig\WConfig.exe
PRC - [2003-03-20 07:21:00 | 001,855,488 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010-03-05 21:58:52 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\michał\Moje dokumenty\Pobieranie\OTL.exe
MOD - [2009-08-17 17:06:13 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [2006-12-21 13:30:44 | 000,102,400 | ---- | M] (Gadu-Gadu S.A.) -- C:\Program Files\Gadu-Gadu\ggwhook.dll
MOD - [2006-05-03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004-08-03 23:44:04 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll
MOD - [2004-08-03 23:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-09-29 22:19:16 | 001,028,432 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009-08-17 17:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-08-17 17:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-08-17 17:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-08-17 16:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-08-12 20:34:53 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008-07-18 14:05:40 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2005-07-08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2009-08-17 17:06:43 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-08-17 17:05:52 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-08-17 17:05:37 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-08-17 17:04:40 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-08-17 17:04:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-08-17 17:03:21 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-05-15 08:16:34 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008-08-19 10:49:56 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-08-19 10:00:53 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-08-01 07:38:20 | 003,266,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007-06-25 10:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117obex.sys -- (s117obex)
DRV - [2007-06-25 10:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007-06-25 10:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007-06-25 10:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007-06-25 10:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007-06-25 10:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007-06-25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2006-07-24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005-08-30 16:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005-08-30 16:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005-08-30 16:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005-07-08 16:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005-07-08 16:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005-07-08 15:17:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005-06-13 09:08:36 | 000,085,664 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2005-06-13 09:06:58 | 000,087,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005-06-13 09:05:16 | 000,096,224 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005-06-13 09:05:08 | 000,009,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005-06-13 09:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2004-08-03 22:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004-05-02 09:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GVCplDrv.sys -- (GVCplDrv)
DRV - [2003-12-05 10:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003-10-31 02:47:30 | 000,061,056 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RT2400.sys -- (RT2400PCI)
DRV - [2003-07-18 02:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002-11-18 08:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2002-07-10 16:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.5.1.1


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-03-03 17:05:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-03-01 16:22:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008-08-19 09:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michał\Dane aplikacji\Mozilla\Extensions
[2010-03-05 18:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michał\Dane aplikacji\Mozilla\Firefox\Profiles\gbtcozts.default\extensions
[2008-08-19 10:47:00 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\michał\Dane aplikacji\Mozilla\Firefox\Profiles\gbtcozts.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2008-08-18 22:09:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-14 21:24:21 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-01-14 21:24:21 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-01-14 21:24:21 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-01-14 21:24:21 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-01-14 21:24:21 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-01-14 21:24:21 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2001-10-26 15:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Kwyshell MidpX) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp)
O3 - HKLM\..\Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Kwyshell MidpX) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp)
O3 - HKLM\..\Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Kwyshell MidpX) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp)
O3 - HKCU\..\Toolbar\WebBrowser: (Kwyshell MidpX) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll (Kwyshell G.Corp)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKCU..\Run: [cdoosoft] C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\herss.exe File not found
O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\WConfig.lnk = C:\Program Files\WLAN\WConfig\WConfig.exe (WirelessLan Technology, Corp.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-08-18 19:15:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010-03-05 22:55:43 | 000,000,053 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-03-05 22:55:43 | 000,000,053 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-03-05 22:55:44 | 000,000,053 | RHS- | M] () - I:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{5ff3b852-e991-11de-9e35-000df3035b80}\Shell\AutoRun\command - "" = mbdm.exe
O33 - MountPoints2\{5ff3b852-e991-11de-9e35-000df3035b80}\Shell\open\Command - "" = mbdm.exe
O33 - MountPoints2\{7f47415a-a75d-11dd-993a-000df3035b80}\Shell\AutoRun\command - "" = F:\xmor.exe -- File not found
O33 - MountPoints2\{7f47415a-a75d-11dd-993a-000df3035b80}\Shell\open\Command - "" = F:\xmor.exe -- File not found
O33 - MountPoints2\{b59442f9-8339-11dd-98cf-000df3035b80}\Shell\AutoRun\command - "" = k1d.exe
O33 - MountPoints2\{b59442f9-8339-11dd-98cf-000df3035b80}\Shell\open\Command - "" = k1d.exe
O33 - MountPoints2\{c76f1712-6d5f-11dd-9b03-806d6172696f}\Shell\AutoRun\command - "" = C:\k1d.exe -- File not found
O33 - MountPoints2\{c76f1712-6d5f-11dd-9b03-806d6172696f}\Shell\open\Command - "" = C:\k1d.exe -- File not found
O33 - MountPoints2\{c76f1713-6d5f-11dd-9b03-806d6172696f}\Shell\AutoRun\command - "" = k1d.exe
O33 - MountPoints2\{c76f1713-6d5f-11dd-9b03-806d6172696f}\Shell\open\Command - "" = k1d.exe
O33 - MountPoints2\{f9cd2fd9-5b4a-11de-9bc2-000df3035b80}\Shell\Auto\command - "" = sal.xls.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010-03-05 22:05:39 | 000,000,000 | ---D | C] -- C:\output
[2010-03-05 21:56:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\michał\Recent
[2010-03-01 16:21:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-02-28 17:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard Entertainment
[2010-02-28 16:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michał\Dane aplikacji\uTorrent
[2010-02-28 01:46:12 | 002,322,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe
[2010-02-28 01:28:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Icons
[2010-02-27 19:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2010-02-27 19:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michał\Dane aplikacji\InstallShield Installation Information
[2010-02-27 17:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Blizzard
[2010-02-26 21:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michał\Dane aplikacji\Sun
[2010-02-26 20:25:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\michał\Moje dokumenty\Moje wideo
[2010-02-26 20:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michał\Ustawienia lokalne\Dane aplikacji\Sony
[2010-02-26 20:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michał\Dane aplikacji\Sony
[2010-02-26 20:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony
[2010-02-26 20:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michał\Pulpit\Dokumenty
[2009-07-02 21:57:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-01-03 17:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple
[2008-09-16 19:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET
[2008-08-18 19:46:29 | 000,151,552 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2008-08-18 19:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2008-08-18 19:19:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2008-08-18 19:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010-03-05 22:57:00 | 000,000,053 | RHS- | M] () -- C:\autorun.inf
[2010-03-05 22:00:00 | 000,000,542 | ---- | M] () -- C:\WINDOWS\tasks\Konserwacja jednym kliknięciem.job
[2010-03-05 21:49:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-03-05 21:49:32 | 000,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010-03-05 21:49:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-03-05 18:38:27 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\michał\ntuser.dat
[2010-03-05 18:38:27 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\michał\ntuser.ini
[2010-03-05 16:00:02 | 000,018,312 | ---- | M] () -- C:\Documents and Settings\michał\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-03-01 19:37:49 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-03-01 17:16:15 | 001,578,368 | -H-- | M] () -- C:\Documents and Settings\michał\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-03-01 16:22:38 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2010-03-01 15:32:21 | 000,000,357 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2010-03-01 13:59:14 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\michał\Pulpit\CCleaner.lnk
[2010-03-01 09:25:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-02-28 19:53:37 | 000,000,484 | ---- | M] () -- C:\Documents and Settings\michał\Pulpit\Skrót do Wow.exe.lnk
[2010-02-28 15:01:21 | 002,322,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe
[2010-02-28 15:01:21 | 000,000,389 | RHS- | M] () -- C:\boot.ini
[2010-02-27 20:04:24 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\michał\Pulpit\The Punisher.lnk
[2010-02-25 17:57:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-02-22 14:41:49 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Sezon na misia.lnk
[2010-02-05 14:11:54 | 000,000,980 | ---- | M] () -- C:\WINDOWS\eReg.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-03-01 16:22:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk
[2010-03-01 13:59:14 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\michał\Pulpit\CCleaner.lnk
[2010-02-28 19:53:37 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\michał\Pulpit\Skrót do Wow.exe.lnk
[2010-02-27 20:04:24 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\michał\Pulpit\The Punisher.lnk
[2010-02-22 14:41:49 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Sezon na misia.lnk
[2010-01-08 16:52:04 | 000,000,300 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-12-27 20:38:49 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2008-10-26 16:42:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FXStudioDLL.dll
[2008-10-26 16:42:15 | 000,235,532 | ---- | C] () -- C:\WINDOWS\System32\loadimage.dll
[2008-10-26 16:42:15 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\NewWaveAnzeige.dll
[2008-10-26 16:42:15 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\eJ_Tool.dll
[2008-10-26 16:42:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fader.dll
[2008-10-26 16:42:14 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2008-10-26 16:42:13 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\pxd32d5.dll
[2008-10-26 16:42:13 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\Animation2.dll
[2008-10-26 16:42:13 | 000,075,976 | ---- | C] () -- C:\WINDOWS\System32\Bassdec.dll
[2008-10-26 16:42:13 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll
[2008-09-16 14:54:49 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\Days5.ini
[2008-09-16 12:47:12 | 000,000,066 | ---- | C] () -- C:\WINDOWS\#1 Video Converter.INI
[2008-09-15 18:22:24 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008-09-15 18:22:24 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008-09-15 18:22:24 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008-09-05 23:32:26 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLGFILE14N.INI
[2008-08-21 17:45:37 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\michał\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-08-21 13:39:54 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2008-08-21 00:34:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2008-08-21 00:31:57 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008-08-20 20:55:24 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-08-20 20:55:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008-08-20 20:55:13 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-08-20 20:55:13 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-08-20 20:55:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-08-20 20:55:03 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-08-20 20:55:03 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-08-20 20:38:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-08-19 10:00:53 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-08-18 22:07:58 | 000,001,155 | ---- | C] () -- C:\WINDOWS\wbocx.ini
[2008-08-18 20:24:14 | 000,000,357 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008-08-18 20:23:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2008-08-18 20:23:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2008-08-18 20:23:27 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2008-08-18 20:19:06 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-08-18 20:10:33 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008-08-18 20:09:38 | 000,002,189 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008-08-18 20:09:35 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008-08-18 20:04:03 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2008-08-18 19:56:21 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\michał\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2008-08-18 19:53:07 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008-08-18 19:53:03 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2008-08-18 19:52:01 | 000,028,165 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2008-08-18 19:52:01 | 000,018,240 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2008-08-18 19:51:47 | 000,000,410 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2008-08-18 19:51:47 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2008-08-18 19:44:00 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2008-08-18 19:34:13 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2001-07-22 02:41:32 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[color=#E56717]========== LOP Check ==========[/color]

[2008-09-10 22:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
[2008-08-18 23:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET
[2008-08-19 20:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
[2009-10-09 18:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PopCap Games
[2010-02-26 20:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Sony
[2008-09-05 22:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
[2009-08-12 20:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
[2009-01-03 17:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Zylom
[2009-05-15 07:52:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2008-11-07 19:37:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\michał\Dane aplikacji\.#
[2008-08-19 10:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michał\Dane aplikacji\DAEMON Tools
[2008-08-25 14:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michał\Dane aplikacji\Gadu-Gadu
[2008-08-18 20:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michał\Dane aplikacji\InterTrust
[2009-07-29 13:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michał\Dane aplikacji\MobMapUpdater
[2009-11-06 16:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michał\Dane aplikacji\Moje pliki Bitwy o Śródziemie™ II
[2009-12-21 21:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michał\Dane aplikacji\runic games
[2010-02-26 20:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michał\Dane aplikacji\Sony
[2010-01-15 17:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michał\Dane aplikacji\TS3Client
[2009-08-12 20:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michał\Dane aplikacji\TuneUp Software
[2010-02-28 18:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\michał\Dane aplikacji\uTorrent
[2010-03-01 09:25:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010-03-05 22:00:00 | 000,000,542 | ---- | M] () -- C:\WINDOWS\Tasks\Konserwacja jednym kliknięciem.job

[color=#E56717]========== Purity Check ==========[/color]


< End of report >



ale już Gmer nie chce działać. Zaraz po zaczęciu skanu program się zawiesza i wyłącza.
Tyle na razie mi przychodzi do głowy. Jeżeli potrzebne będą jeszcze jakieś informacje postaram się je na bieżąco uzupełniać.

[Mikou@j]

zasady-wstawiania-logow-vt93842.html
przeczytaj dokładnie.
Brakuje loga otl extras oraz z gmera

Przed użyciem Gmera usuń programy emulujące napędy ( inaczej Gmer się nie włączy, lub wygeneruje fałszywy wynik )