Problem przy starcie jiwewn.exe-nie można znaleźć składnika

[ostry99]

Witam,

przy uruchomieniu komputera pojawia się błąd:

Jiwewn.exe - Nie można znaleźć skłądnika
Uruchomienie tej aplikacji nie powiodło się, ponieważ nie znaleziono .dll. Ponowne zainstalowanie aplikacji może naprawić ten problem.

Nastepnie komputer restartuje się...

Logi:

OTL:

Kod: Zaznacz wszystko

OTL logfile created on: 2014-04-19 11:27:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\LG\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1023,36 Mb Total Physical Memory | 501,79 Mb Available Physical Memory | 49,03% Memory free
2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 70,98 Gb Free Space | 90,85% Space Free | Partition Type: NTFS
Drive D: | 53,71 Gb Total Space | 53,65 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive E: | 54,46 Gb Total Space | 52,80 Gb Free Space | 96,95% Space Free | Partition Type: NTFS

Computer Name: PC-F00CA7AC580B | User Name: LG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014-04-19 11:27:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LG\Moje dokumenty\Downloads\OTL_[www.programosy.pl].exe
PRC - [2014-04-02 03:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014-02-12 17:08:48 | 000,122,880 | ---- | M] ( ) -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\winlogon.exe
PRC - [2014-02-12 17:08:48 | 000,122,880 | ---- | M] ( ) -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\services.exe
PRC - [2014-02-12 17:08:48 | 000,122,880 | ---- | M] ( ) -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\lsass.exe
PRC - [2013-09-23 12:10:16 | 001,920,824 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2013-09-23 12:10:14 | 001,740,088 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
PRC - [2004-08-04 01:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014-04-19 11:25:20 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\olemdb32.dll
MOD - [2014-04-02 03:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll
MOD - [2014-04-02 03:58:02 | 013,691,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
MOD - [2014-04-02 03:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
MOD - [2014-04-02 03:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
MOD - [2014-04-02 03:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
MOD - [2013-09-23 12:10:48 | 000,501,560 | ---- | M] () -- C:\Program Files\AVG\AVG PC TuneUp\avgreplibx.dll
MOD - [2004-08-04 01:44:04 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013-09-23 12:10:14 | 001,740,088 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013-09-18 12:14:34 | 000,012,320 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2007-01-25 17:37:16 | 004,027,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2006-12-17 04:50:29 | 001,918,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004-08-04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Dokumenty Google = C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014-03-17 21:36:32 | 000,012,393 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html lang='en'>
O1 - Hosts: <head>
O1 - Hosts:             <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
O1 - Hosts:             <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
O1 - Hosts:             <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/lib/smbiz/css/geocities_84954.css">
O1 - Hosts: <style>
O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 - Hosts:  .services {  font-size:116%; padding-bottom:20px }
O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 - Hosts: .image_web  {float:right; margin:15px 0 0 15px}
O1 - Hosts: p {margin:20px;font-size:1em;}
O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts:  <div class="ez-mw" style ="height:900px;width:905px">
O1 - Hosts:     <div class="ez-wri ez-oh" style="width:900px">
O1 - Hosts: 90 more lines...
O4 - HKLM..\Run: [Bron-Spizaetus] C:\WINDOWS\ShellNew\ElnorB.exe ( )
O4 - HKU\S-1-5-21-790525478-412668190-725345543-1003..\Run: [Jiwewn] C:\Documents and Settings\LG\Dane aplikacji\Jiwewn.exe (The Audacity Team)
O4 - HKU\S-1-5-21-790525478-412668190-725345543-1003..\Run: [Tok-Cirrhatus] C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\smss.exe ( )
O4 - Startup: C:\Documents and Settings\LG\Menu Start\Programy\Autostart\Empty.pif ( )
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-790525478-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0688C429-329C-49A0-A8ED-559FD5A9D2E7}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014-04-19 11:25:20 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014-04-18 19:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-18
[2014-04-16 21:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-16
[2014-04-15 16:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-15
[2014-04-14 16:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-14
[2014-04-13 13:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-13
[2014-04-12 19:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-12
[2014-04-11 09:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-11
[2014-04-10 18:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-10
[2014-04-09 17:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-9
[2014-04-08 17:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-8
[2014-04-07 20:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-7
[2014-04-06 09:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-6
[2014-04-05 00:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-5
[2014-04-04 19:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-4
[2014-04-03 17:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-3
[2014-04-02 17:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-2
[2014-04-01 09:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-1
[2014-03-31 20:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-31
[2014-03-30 15:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-30
[2014-03-29 13:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-29
[2014-03-28 18:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-28
[2014-03-27 18:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-27
[2014-03-26 18:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-26
[2014-03-25 20:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-25
[2014-03-24 10:41:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-24
[2014-03-23 14:51:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-23
[2014-03-22 19:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-22
[2014-03-20 18:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok-4-20
[2014-03-17 21:27:24 | 000,188,416 | -H-- | C] (The Audacity Team) -- C:\Documents and Settings\LG\Dane aplikacji\Jiwewn.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014-04-19 11:25:20 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\olemdb32.dll
[2014-04-19 11:25:20 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2014-04-19 11:25:19 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-04-19 11:25:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-04-18 21:34:47 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok.A4.em.bin
[2014-04-18 21:00:00 | 000,001,028 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-04-17 18:15:00 | 000,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2014-04-16 21:16:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014-04-10 19:09:50 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk
[2014-03-30 15:59:30 | 000,355,486 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2014-03-30 15:59:29 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014-03-30 15:59:29 | 000,049,492 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2014-03-30 15:59:29 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014-04-19 11:25:20 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\olemdb32.dll
[2014-04-18 21:12:43 | 000,012,393 | ---- | C] () -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok.A4.em.bin
[2014-04-17 18:15:00 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2014-03-17 22:04:55 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2014-03-17 22:03:30 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014-03-17 21:55:32 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2014-03-17 21:55:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2014-03-17 21:37:47 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2014-03-17 21:37:30 | 000,001,014 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2014-03-17 21:35:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2014-03-17 21:34:00 | 000,122,880 | ---- | C] ( ) -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\winlogon.exe
[2014-03-17 21:34:00 | 000,122,880 | ---- | C] ( ) -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\smss.exe
[2014-03-17 21:34:00 | 000,122,880 | ---- | C] ( ) -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\services.exe
[2014-03-17 21:34:00 | 000,122,880 | ---- | C] ( ) -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\lsass.exe
[2014-03-17 21:34:00 | 000,122,880 | ---- | C] ( ) -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\inetinfo.exe
[2014-03-17 21:34:00 | 000,122,880 | ---- | C] ( ) -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\csrss.exe
[2014-03-17 21:17:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2014-03-17 21:11:45 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2004-08-04 01:44:10 | 001,483,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004-08-04 01:43:58 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004-08-04 01:44:14 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2014-03-17 22:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVG
[2014-03-17 22:01:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
[2014-03-17 22:11:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014-03-17 22:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LG\Dane aplikacji\AVG
[2014-03-17 21:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LG\Dane aplikacji\Opera
[2014-03-17 21:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LG\Dane aplikacji\Opera Software
[2014-03-17 22:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LG\Dane aplikacji\TuneUp Software
[2014-03-17 22:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\AVG

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

Extras:
http://www.speedyshare.com/TjRyR/Extras.Txt


Gmer:

Kod: Zaznacz wszystko

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-04-19 12:58:23
Windows 5.1.2600 Dodatek Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 SAMSUNG_SP2004C rev.VM100-41 186,31GB
Running: ngceg0vf.exe; Driver: C:\DOCUME~1\LG\USTAWI~1\Temp\pfqdqkod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtCreateFile + 6                                                                         7C90D688 4 Bytes  [28, 58, 74, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtCreateFile + B                                                                         7C90D68D 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtMapViewOfSection + 6                                                                   7C90DC5B 4 Bytes  [28, 5B, 74, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtMapViewOfSection + B                                                                   7C90DC60 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenFile + 6                                                                           7C90DD03 4 Bytes  [68, 58, 74, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenFile + B                                                                           7C90DD08 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenProcess + 6                                                                        7C90DD81 4 Bytes  [A8, 59, 74, 00] {TEST AL, 0x59; JZ 0x4}
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenProcess + B                                                                        7C90DD86 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenProcessToken + 6                                                                   7C90DD96 4 Bytes  CALL 7B9151F4
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenProcessToken + B                                                                   7C90DD9B 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenProcessTokenEx + 6                                                                 7C90DDAB 4 Bytes  [A8, 5A, 74, 00] {TEST AL, 0x5a; JZ 0x4}
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenProcessTokenEx + B                                                                 7C90DDB0 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenThread + 6                                                                         7C90DDFF 4 Bytes  [68, 59, 74, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenThread + B                                                                         7C90DE04 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenThreadToken + 6                                                                    7C90DE14 4 Bytes  [68, 5A, 74, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenThreadToken + B                                                                    7C90DE19 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenThreadTokenEx + 6                                                                  7C90DE29 4 Bytes  CALL 7B915288
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtOpenThreadTokenEx + B                                                                  7C90DE2E 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtQueryAttributesFile + 6                                                                7C90DEE6 4 Bytes  [A8, 58, 74, 00] {TEST AL, 0x58; JZ 0x4}
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtQueryAttributesFile + B                                                                7C90DEEB 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtQueryFullAttributesFile + 6                                                            7C90DFB8 4 Bytes  CALL 7B915415
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtQueryFullAttributesFile + B                                                            7C90DFBD 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtSetInformationFile + 6                                                                 7C90E5DF 4 Bytes  [28, 59, 74, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtSetInformationFile + B                                                                 7C90E5E4 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtSetInformationThread + 6                                                               7C90E648 4 Bytes  [28, 5A, 74, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtSetInformationThread + B                                                               7C90E64D 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtUnmapViewOfSection + 6                                                                 7C90E966 4 Bytes  [68, 5B, 74, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[1100] ntdll.dll!NtUnmapViewOfSection + B                                                                 7C90E96B 1 Byte  [E2]
.text   C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\winlogon.exe[1800] C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\winlogon.exe  section is writeable [0x00401000, 0xE910, 0xE0000020]
.sdata  C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\winlogon.exe[1800] C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\winlogon.exe  unknown last code section [0x00415000, 0x5000, 0xE0000020]
.text   C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\services.exe[1928] C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\services.exe  section is writeable [0x00401000, 0xE910, 0xE0000020]
.sdata  C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\services.exe[1928] C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\services.exe  unknown last code section [0x00415000, 0x5000, 0xE0000020]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtCreateFile + 6                                                                         7C90D688 4 Bytes  [28, F4, E7, 00] {SUB AH, DH; OUT 0x0, EAX}
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtCreateFile + B                                                                         7C90D68D 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtMapViewOfSection + 6                                                                   7C90DC5B 4 Bytes  [28, F7, E7, 00] {SUB BH, DH; OUT 0x0, EAX}
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtMapViewOfSection + B                                                                   7C90DC60 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenFile + 6                                                                           7C90DD03 4 Bytes  [68, F4, E7, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenFile + B                                                                           7C90DD08 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenProcess + 6                                                                        7C90DD81 4 Bytes  [A8, F5, E7, 00] {TEST AL, 0xf5; OUT 0x0, EAX}
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenProcess + B                                                                        7C90DD86 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenProcessToken + 6                                                                   7C90DD96 4 Bytes  CALL 7B91C590
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenProcessToken + B                                                                   7C90DD9B 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenProcessTokenEx + 6                                                                 7C90DDAB 4 Bytes  [A8, F6, E7, 00] {TEST AL, 0xf6; OUT 0x0, EAX}
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenProcessTokenEx + B                                                                 7C90DDB0 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenThread + 6                                                                         7C90DDFF 4 Bytes  [68, F5, E7, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenThread + B                                                                         7C90DE04 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenThreadToken + 6                                                                    7C90DE14 4 Bytes  [68, F6, E7, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenThreadToken + B                                                                    7C90DE19 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenThreadTokenEx + 6                                                                  7C90DE29 4 Bytes  CALL 7B91C624
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtOpenThreadTokenEx + B                                                                  7C90DE2E 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtQueryAttributesFile + 6                                                                7C90DEE6 4 Bytes  [A8, F4, E7, 00] {TEST AL, 0xf4; OUT 0x0, EAX}
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtQueryAttributesFile + B                                                                7C90DEEB 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtQueryFullAttributesFile + 6                                                            7C90DFB8 4 Bytes  CALL 7B91C7B1
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtQueryFullAttributesFile + B                                                            7C90DFBD 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtSetInformationFile + 6                                                                 7C90E5DF 4 Bytes  [28, F5, E7, 00] {SUB CH, DH; OUT 0x0, EAX}
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtSetInformationFile + B                                                                 7C90E5E4 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtSetInformationThread + 6                                                               7C90E648 4 Bytes  [28, F6, E7, 00] {SUB DH, DH; OUT 0x0, EAX}
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtSetInformationThread + B                                                               7C90E64D 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtUnmapViewOfSection + 6                                                                 7C90E966 4 Bytes  [68, F7, E7, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[2860] ntdll.dll!NtUnmapViewOfSection + B                                                                 7C90E96B 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtCreateFile + 6                                                                         7C90D688 4 Bytes  [28, 2C, C3, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtCreateFile + B                                                                         7C90D68D 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtMapViewOfSection + 6                                                                   7C90DC5B 4 Bytes  [28, 2F, C3, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtMapViewOfSection + B                                                                   7C90DC60 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenFile + 6                                                                           7C90DD03 4 Bytes  [68, 2C, C3, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenFile + B                                                                           7C90DD08 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcess + 6                                                                        7C90DD81 4 Bytes  [A8, 2D, C3, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcess + B                                                                        7C90DD86 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessToken + 6                                                                   7C90DD96 4 Bytes  CALL 7B91A0C8
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessToken + B                                                                   7C90DD9B 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessTokenEx + 6                                                                 7C90DDAB 4 Bytes  [A8, 2E, C3, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenProcessTokenEx + B                                                                 7C90DDB0 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThread + 6                                                                         7C90DDFF 4 Bytes  [68, 2D, C3, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThread + B                                                                         7C90DE04 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadToken + 6                                                                    7C90DE14 4 Bytes  [68, 2E, C3, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadToken + B                                                                    7C90DE19 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadTokenEx + 6                                                                  7C90DE29 4 Bytes  CALL 7B91A15C
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtOpenThreadTokenEx + B                                                                  7C90DE2E 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryAttributesFile + 6                                                                7C90DEE6 4 Bytes  [A8, 2C, C3, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryAttributesFile + B                                                                7C90DEEB 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryFullAttributesFile + 6                                                            7C90DFB8 4 Bytes  CALL 7B91A2E9
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtQueryFullAttributesFile + B                                                            7C90DFBD 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationFile + 6                                                                 7C90E5DF 4 Bytes  [28, 2D, C3, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationFile + B                                                                 7C90E5E4 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationThread + 6                                                               7C90E648 4 Bytes  [28, 2E, C3, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtSetInformationThread + B                                                               7C90E64D 1 Byte  [E2]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtUnmapViewOfSection + 6                                                                 7C90E966 4 Bytes  [68, 2F, C3, 00]
.text   C:\Program Files\Google\Chrome\Application\chrome.exe[3176] ntdll.dll!NtUnmapViewOfSection + B                                                                 7C90E96B 1 Byte  [E2]

---- Files - GMER 2.1 ----

File    C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Update.4.Bron.Tok.bin                                                                           0 bytes

---- EOF - GMER 2.1 ----


[ordynat]

1) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
[2014-03-17 21:27:24 | 000,188,416 | -H-- | C] (The Audacity Team) -- C:\Documents and Settings\LG\Dane aplikacji\Jiwewn.exe
O7 - HKU\S-1-5-21-790525478-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-790525478-412668190-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
MOD - [2014-04-19 11:25:20 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\olemdb32.dll

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie

2) Użyj > MBAM
Zaznacz wszystko co wykryje, kliknij na Usuń zaznaczone.
Podaj z tego raport.

3) Zrób nowy log z OTL.
.

Autor postu otrzymał pochwałę

[ostry99]

Raport OTL (najpierw musiałem skorzystać z MBAM-a bo po kliknięciu "Wykonaj skrypt" od razu restartował się komputer, dopiero po usunięciu wszystkiego w MBAM wszystko poszło tak jak trzeba)

http://www.speedyshare.com/8a2sJ/04192014-173331.log

Raport MBAM

http://www.speedyshare.com/vzryy/scanlog.txt

Nowy log OTL

http://speedy.sh/4Phff/OTL.Txt

[ordynat]

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
O4 - HKU\S-1-5-21-790525478-412668190-725345543-1003..\Run: [Jiwewn] C:\Documents and Settings\LG\Dane aplikacji\Jiwewn.exe File not found
O4 - HKU\S-1-5-21-790525478-412668190-725345543-1003..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\smss.exe" File not found
[2014-04-19 12:43:48 | 000,012,393 | ---- | M] () -- C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok.A4.em.bin

:Commands
[resethosts]
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera.
Pokaż raport, który pokaże się po restarcie.

Do >SystemLook wklej:

:file
C:\WINDOWS\system32\olemdb32.dll

:regfind
C:\WINDOWS\system32\olemdb32.dll

Naciśnij Look i pokaż raport.

Windows XP Professional Edition Dodatek Service Pack 2

Zainstaluj ServicePack 3. Nie masz już możliwości ściągnięcia go poprzez Windows Update, więc ściągnij go i zainstaluj stąd http://www.programosy.pl/program,windows-xp-service-pack-3.html
Potem, już poprzez Windows Update, ściągnij i zainstaluj wszystkie łatki, jakie wydał Microsoft od 2010 roku.
Od 8 kwietnia 2014 WIN XP już nie jest wspierany przez Microsoft, nie będzie już żadnych nowych łatek.
.

[ostry99]

Kod: Zaznacz wszystko

SystemLook 30.07.11 by jpshortstuff
Log created at 21:54 on 19/04/2014 by LG
Administrator - Elevation successful

========== file ==========

C:\WINDOWS\system32\olemdb32.dll - File found and opened.
MD5: 65387B1305F01EDE9BCE1B664207D5D7
Created at 19:51 on 19/04/2014
Modified at 19:51 on 19/04/2014
Size: 23552 bytes
Attributes: --a----
No version information available.

========== regfind ==========

Searching for "C:\WINDOWS\system32\olemdb32.dll"
No data found.

-= EOF =-

Kod: Zaznacz wszystko

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-790525478-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Jiwewn deleted successfully.
Registry value HKEY_USERS\S-1-5-21-790525478-412668190-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Tok-Cirrhatus deleted successfully.
C:\Documents and Settings\LG\Ustawienia lokalne\Dane aplikacji\Bron.tok.A4.em.bin moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LG
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 96893991 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 3994 bytes

Total Files Cleaned = 92,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04192014_214912

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


[ordynat]

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:Files
C:\WINDOWS\system32\olemdb32.dll

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt.

https://www.virustotal.com/pl/file/148f1d2ce99fb0305e53fd24add20cd19cc420e9c1d1b64abf42b456da94cd23/analysis/
Na wszelki wypadek:
Użyj Sality Killer -->http://support.kaspersky.com/downloads/utils/salitykiller.exe
Link zapasowy, gdyby wirus zablokował stronę narzędzia: > http://www.mediafire.com/?5e3b0870wm7xefk
Napisz, czy wykrył SALITY?
.

[ostry99]

Nic nie wykryło

[ordynat]

To dobrze.

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

System Look - usuń ręcznie.

To wszystko.

Autor postu otrzymał pochwałę