[log] avast wykrywa wirusy w plikach systemowych

**Posty:** 31 · przez **monas2007** 20 Maj 2009, 01:42

Witam,

2 dni temu po włączeniu komputera avast zaczął mi wyć, że znalazł pare trojanów w plikach typu: iexplore.exe, csrss.exe, system.exe i systray.exe. Avast mi mówi, że pamięć może być zarażona więc 1 rzecz to przywróciłem system na 2 tygodnie wcześniej ale nic to nie zmieniło, pojawił się ten sam alert, z tym, że połowa programów z autostartu nie załadowała się do tego 'prawego dolnego rogu' (niejestem ekspertem..).
Co ciekawe zarażone pliki są w katalogu Windows/Temp

Oto logi

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.06 (written by random/random) Run by Gre at 2009-05-20 01:34:42 Microsoft Windows XP Home Edition Dodatek Service Pack 3 System drive C: has 6 GB (14%) free of 40 GB Total RAM: 1526 MB (61% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:34:44, on 2009-05-20 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\admtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\DOCUME~1\Gre\USTAWI~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\runservice.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Gre\Pulpit\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Gre.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows System Update] C:\WINDOWS\TEMP\CSRSS.EXE O4 - HKLM\..\Run: [Windows Updater] C:\WINDOWS\TEMP\System.exe O4 - HKLM\..\Run: [Language_Shortcut] C:\WINDOWS\TEMP\IEXPLORE.EXE O4 - HKLM\..\Run: [SYSTRAY_UPDATE] C:\WINDOWS\TEMP\systray.exe O4 - HKLM\..\Run: [Microsoft Security Interface] C:\WINDOWS\TEMP\msi.exe O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209731769161 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32 \IDriverT.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 8909 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Low Battery Alarm Program.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Pomocnik rejestracji usługi Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-02-22 106496] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-12-20 53248] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-07-20 729177] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392] "PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2005-12-13 151552] "eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-12-27 69632] "ADMTray.exe"=C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208] "ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-27 16248320] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-15 2879488] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-02 69632] "ePower_DMC"=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2006-01-17 344064] "Acer ePower Management"=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2006-01-16 3080192] "LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-07-20 593920] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "Windows System Update"=C:\WINDOWS\TEMP\CSRSS.EXE [2006-09-13 315392] "Windows Updater"=C:\WINDOWS\TEMP\System.exe [2006-09-13 33280] "Language_Shortcut"=C:\WINDOWS\TEMP\IEXPLORE.EXE [2006-09-13 10240] "SYSTRAY_UPDATE"=C:\WINDOWS\TEMP\systray.exe [2006-09-13 69632] "Microsoft Security Interface"=C:\WINDOWS\TEMP\msi.exe [2006-09-13 97536] "MRT"=C:\WINDOWS\system32\MRT.exe [2009-05-07 24699336] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Odkurzacz-MCD"=C:\Program Files\Odkurzacz\odk_mcd.exe [2008-08-16 264704] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, snapapi32.dll, digest32.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Acer\Acer Arcade\PCMService.exe"="C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster" "C:\Program Files\Gadu-Gadu\gg.exe"="C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\NeverwinterNights\NWN\nwserver.exe"="C:\NeverwinterNights\NWN\nwserver.exe:*:Enabled:Neverwinter Nights Server" "C:\NeverwinterNights\NWN\NWMAIN.EXE"="C:\NeverwinterNights\NWN\NWMAIN.EXE:*:Enabled:Neverwinter Nights" "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008" "C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Quake2\quake2.exe"="C:\Quake2\quake2.exe:*:Enabled:quake2" "C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Disabled:Speed" "C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts" "C:\Program Files\Mozilla Firefox\FIREFOX.EXE"="C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox" "C:\Program Files\Ubisoft\XIII\system\XIII.exe"="C:\Program Files\Ubisoft\XIII\system\XIII.exe:*:Disabled:XIII" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice" "C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:@xpsp2res.dll,-22019" "\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:@xpsp2res.dll,-22019" "\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7425226e-b8bb-11dd-ac4a-0016d41b5b46}] shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdc017c6-ba6f-11dd-ac4b-0016d41b5b46}] shell\AutoRun\command - lky.exe shell\explore\command - lky.exe shell\open\command - lky.exe ======List of files/folders created in the last 1 months====== 2009-05-20 01:34:42 ----D---- C:\rsit 2009-05-20 01:29:23 ----D---- C:\Program Files\Trend Micro 2009-05-20 00:21:56 ----D---- C:\Program Files\Jump Shot Basketball 2009-05-18 11:12:22 ----D---- C:\Program Files\World Basketball Manager 2008 2009-05-17 23:29:48 ----A---- C:\WINDOWS\Runservice.exe 2009-05-17 23:29:48 ----A---- C:\WINDOWS\mmfs.dll 2009-05-16 03:12:22 ----A---- C:\WINDOWS\system32\MRT.INI 2009-05-16 02:58:04 ----D---- C:\Documents and Settings\Gre\Dane aplikacji\DivX 2009-05-15 22:28:03 ----A---- C:\WINDOWS\system32\digest32.dll 2009-05-13 02:28:15 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google 2009-05-10 21:46:14 ----A---- C:\WINDOWS\system32\snapapi32.dll 2009-05-08 01:49:30 ----D---- C:\Documents and Settings\Gre\Dane aplikacji\vlc 2009-05-08 00:05:31 ----D---- C:\Program Files\Common Files\Logitech 2009-05-07 01:55:14 ----D---- C:\Documents and Settings\Gre\Dane aplikacji\OpenFM 2009-04-30 10:56:24 ----N---- C:\WINDOWS\system32\pxinsi64.exe 2009-04-30 10:56:24 ----N---- C:\WINDOWS\system32\pxcpyi64.exe 2009-04-30 10:55:55 ----D---- C:\Program Files\DivX 2009-04-30 10:55:55 ----D---- C:\Program Files\Common Files\DivX Shared 2009-04-21 10:21:07 ----D---- C:\Program Files\Rockstar Games ======List of files/folders modified in the last 1 months====== 2009-05-15 22:32:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-05-15 22:28:26 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt 2009-05-15 22:26:36 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-07 09:16:30 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys [] R1 SSHDRV76;SSHDRV76; \??\C:\WINDOWS\system32\drivers\SSHDRV76.sys [] R1 WmiAcpi;Interfejs zarządzania Microsoft Windows dla ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032] R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552] R2 irda;Protokół IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544] R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys [] R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys [] R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152] R3 BCM43XX;Sterownik karty sieciowej Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-01 424320] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312] R3 Cam5603D;Acer OrbiCam; C:\WINDOWS\System32\Drivers\BisonCam.sys [2006-03-30 576000] R3 CmBatt;Sterownik baterii Microsoft o metodzie kontroli ACPI; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896] R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-11-17 60928] R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-11-17 37888] R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-11-17 74624] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-27 4304384] R3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392] R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-07-03 6144] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-07-20 190592] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2009-01-13 19336] R3 WmXlCore;Logitech Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2009-01-13 49160] S1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] S3 ahymcb5b;ahymcb5b; C:\WINDOWS\system32\drivers\ahymcb5b.sys [] S3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 CCDECODE;Dekoder napisów; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-26 12160] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600] S3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2005-10-31 46080] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbaudio;Sterownik audio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-11-27 1427968] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2009-01-13 29192] S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2009-01-13 14728] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Filtr magistrali AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Filtr magistrali AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;Filtr magistrali AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;Sterownik filtru magistrali AGP AMD; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-04 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504] S4 sisagp;Filtr magistrali AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;Filtr magistrali AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816] R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2005-12-13 254050] R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2005-12-13 114784] R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2005-12-13 61440] R2 Irmon;Monitor podczerwieni; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 LicCtrlService;LicCtrl Service; C:\WINDOWS\runservice.exe [2009-05-17 2560] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288] S3 aspnet_state;„Usługa stanu ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

prosze o pomoc

G

**Posty:** 18165 · przez **wojtas** 20 Maj 2009, 10:59

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z OTListIt2

**Posty:** 31 · przez **monas2007** 23 Maj 2009, 15:29

Ok, ten Windows Worms Doors Cleaner znalazł mi jakiegoś robaka i go szczęśliwie usunął.

Logi z SDFIX

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by Gre on 2009-05-23 at 15:15 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-23 15:20:13 Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"="C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application" "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver" "C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster" "C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "C:\\NeverwinterNights\\NWN\\nwserver.exe"="C:\\NeverwinterNights\\NWN\\nwserver.exe:*:Enabled:Neverwinter Nights Server" "C:\\NeverwinterNights\\NWN\\NWMAIN.EXE"="C:\\NeverwinterNights\\NWN\\NWMAIN.EXE:*:Enabled:Neverwinter Nights" "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008" "C:\\Program Files\\TmNationsForever\\TmForever.exe"="C:\\Program Files\\TmNationsForever\\TmForever.exe:*:Enabled:TmForever" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Quake2\\quake2.exe"="C:\\Quake2\\quake2.exe:*:Enabled:quake2" "C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"="C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe:*:Disabled:Speed" "C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts" "C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"="C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE:*:Enabled:Firefox" "C:\\Program Files\\Ubisoft\\XIII\\system\\XIII.exe"="C:\\Program Files\\Ubisoft\\XIII\\system\\XIII.exe:*:Disabled:XIII" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\SecondLife\\SLVoice.exe"="C:\\Program Files\\SecondLife\\SLVoice.exe:*:Enabled:SLVoice" "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++" "C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"="C:\\Program Files\\Nowe Gadu-Gadu\\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exe:*:Enabled:@xpsp2res.dll,-22019" "\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"="C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\services.exe"="C:\\WINDOWS\\system32\\services.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\\Program Files\\Alwil Software\\Avast4\\setup\\avast.setup"="C:\\Program Files\\Alwil Software\\Avast4\\setup\\avast.setup:*:Enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exe:*:Enabled:@xpsp2res.dll,-22019" "\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"="C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\services.exe"="C:\\WINDOWS\\system32\\services.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\\Program Files\\Alwil Software\\Avast4\\setup\\avast.setup"="C:\\Program Files\\Alwil Software\\Avast4\\setup\\avast.setup:*:Enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: Sat 23 May 2009 609 A.SH. --- "C:\WINDOWS\system32\mmf.sys" Mon 3 Jul 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll" Mon 3 Jul 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll" Mon 3 Jul 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll" Mon 3 Jul 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll" Mon 3 Jul 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll" Sun 17 May 2009 609 A.SH. --- "C:\System Volume Information\_restore{AFBA72C1-7C74-4205-97AE-D8202844CA54}\RP365\A0078763.sys" Sat 23 May 2009 609 A.SH. --- "C:\System Volume Information\_restore{AFBA72C1-7C74-4205-97AE-D8202844CA54}\RP366\A0078882.SYS" Sat 23 May 2009 609 A.SH. --- "C:\System Volume Information\_restore{AFBA72C1-7C74-4205-97AE-D8202844CA54}\RP366\A0078900.sys" Fri 17 Apr 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" [b]Finished![/b]

i z OTListIt2

Kod: Zaznacz wszystko: OTListIt logfile created on: 2009-05-23 15:26:25 - Run 2 OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Gre\Pulpit Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1,49 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 60,70% Memory free 3,34 Gb Paging File | 2,76 Gb Available in Paging File | 82,64% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39,05 Gb Total Space | 24,50 Gb Free Space | 62,75% Space Free | Partition Type: FAT32 Drive D: | 72,72 Gb Total Space | 18,24 Gb Free Space | 25,08% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACER-0BA1728BD9 Current User Name: Gre Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Output = Standard File Age = 30 Days Company Name Whitelist: On [color=orange]========== Processes (SafeList) ==========[/color] PRC - [2008-04-14 19:21:16 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2009-02-05 16:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009-02-05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2005-10-24 16:40:52 | 01,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe PRC - [2005-12-13 21:31:36 | 00,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe PRC - [2005-12-13 21:31:08 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe PRC - [2005-12-13 21:31:08 | 01,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe PRC - [2009-05-17 23:29:50 | 00,002,560 | ---- | M] () -- C:\WINDOWS\runservice.exe PRC - [2006-02-17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe PRC - [2005-01-21 19:37:16 | 00,143,360 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe PRC - [2009-01-14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2005-12-13 21:31:38 | 00,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe PRC - [2009-02-05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009-02-05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2005-07-20 15:05:52 | 00,729,177 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2005-12-13 21:31:20 | 00,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe PRC - [2005-12-27 15:50:28 | 00,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe PRC - [2005-10-24 16:45:32 | 02,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe PRC - [2006-06-27 14:54:52 | 16,248,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2006-01-17 18:28:54 | 00,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2006-07-20 22:15:32 | 00,593,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2009-02-05 16:08:46 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2008-02-15 12:46:46 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2008-02-15 12:46:06 | 00,249,856 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe PRC - [2008-02-15 12:46:18 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2009-02-27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe PRC - [2008-02-15 12:46:16 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe PRC - [2009-02-06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2009-05-23 15:21:02 | 00,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Gre\Ustawienia lokalne\Temp\RtkBtMnt.exe PRC - [2004-08-04 20:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe PRC - [2009-02-06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2009-04-28 13:33:56 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009-05-23 14:46:12 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gre\Pulpit\OTListIt2.exe PRC - [2008-04-14 19:21:32 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe [color=orange]========== Win32 Services (SafeList) ==========[/color] SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009-02-05 16:01:26 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running]) SRV - [2009-02-05 16:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running]) SRV - [2009-02-05 16:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running]) SRV - [2009-02-05 16:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running]) SRV - [2005-10-24 16:40:52 | 01,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe -- (AWService [Auto | Running]) SRV - [2005-12-13 21:31:36 | 00,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running]) SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2005-12-13 21:31:38 | 00,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running]) SRV - [2005-12-13 21:31:08 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running]) SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008-04-14 19:20:44 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2004-10-22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) SRV - [2008-04-14 19:20:34 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running]) SRV - [2009-05-17 23:29:50 | 00,002,560 | ---- | M] () -- C:\WINDOWS\runservice.exe -- (LicCtrlService [Auto | Running]) SRV - [2006-02-17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running]) SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2003-07-28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2005-01-21 19:37:16 | 00,143,360 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running]) SRV - [2009-01-14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running]) SRV - [2006-12-01 11:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) [color=orange]========== Driver Services (SafeList) ==========[/color] DRV - [2009-02-05 16:05:12 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running]) DRV - [2004-08-04 20:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped]) DRV - [2008-04-13 20:36:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped]) DRV - [2004-08-04 20:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped]) DRV - [2004-08-04 20:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped]) DRV - [2009-02-05 16:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running]) DRV - [2009-02-05 16:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running]) DRV - [2009-02-05 16:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running]) DRV - [2009-02-05 16:07:24 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running]) DRV - [2009-02-05 16:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running]) DRV - [2005-11-01 13:24:24 | 00,424,320 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running]) DRV - [2005-10-31 14:16:00 | 00,045,312 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running]) DRV - [2006-03-30 17:45:22 | 00,576,000 | ---- | M] (Bison Electronics. Inc. ) -- C:\WINDOWS\System32\Drivers\BisonCam.sys -- (Cam5603D [On_Demand | Running]) DRV - File not found -- -- (catchme [On_Demand | Running]) DRV - [2004-08-04 20:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped]) DRV - [2004-08-04 20:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped]) DRV - [2004-12-08 14:10:00 | 00,016,896 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\system32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running]) DRV - [2005-11-17 17:20:02 | 00,060,928 | ---- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\EMS7SK.sys -- (EMSCR [On_Demand | Running]) DRV - [2003-03-02 17:44:26 | 00,007,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\enodpl.sys -- (enodpl [Auto | Running]) DRV - [2005-11-17 17:20:12 | 00,037,888 | ---- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\ESD7SK.sys -- (ESDCR [On_Demand | Running]) DRV - [2005-11-17 17:20:08 | 00,074,624 | ---- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\ESM7SK.sys -- (ESMCR [On_Demand | Running]) DRV - [2008-04-13 18:36:06 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2005-10-24 10:20:52 | 00,218,496 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running]) DRV - [2005-10-18 16:53:24 | 00,998,656 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running]) DRV - [2008-02-15 13:12:06 | 05,854,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running]) DRV - [2006-06-27 16:25:24 | 04,304,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2005-10-05 15:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running]) DRV - [2004-08-04 20:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped]) DRV - [2005-09-13 15:34:40 | 00,004,392 | ---- | M] (OSA Technologies) -- C:\WINDOWS\System32\Drivers\NdisFilt.sys -- (NdisFilt [On_Demand | Running]) DRV - [2005-05-02 12:13:42 | 00,009,600 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\NETMNT.sys -- (NETMNT [On_Demand | Stopped]) DRV - [2006-07-03 01:02:54 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running]) DRV - [2005-10-15 18:20:44 | 00,012,106 | ---- | M] (OSA Technologies) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc [System | Running]) DRV - [2005-06-30 16:58:24 | 00,007,296 | ---- | M] (OSA Technologies, An Avocent Company) -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio [Auto | Running]) DRV - [2005-01-14 15:57:16 | 00,004,010 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm [Auto | Running]) DRV - [2004-08-04 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2007-03-08 01:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2004-08-04 20:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped]) DRV - [2004-08-04 20:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped]) DRV - [2004-08-04 20:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped]) DRV - [2007-11-13 12:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2008-04-13 20:36:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped]) DRV - [2005-10-31 14:16:00 | 00,046,080 | ---- | M] (SMSC) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Stopped]) DRV - [2004-08-04 20:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped]) DRV - [2008-05-02 21:52:48 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running]) DRV - [2009-01-28 11:52:10 | 00,053,760 | ---- | M] () -- C:\WINDOWS\system32\drivers\SSHDRV76.sys -- (SSHDRV76 [System | Running]) DRV - [2004-08-04 20:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped]) DRV - [2004-08-04 20:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped]) DRV - [2004-08-04 20:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped]) DRV - [2004-08-04 20:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped]) DRV - [2005-07-20 14:53:54 | 00,190,592 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running]) DRV - [2003-04-19 00:32:04 | 00,004,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\tandpl.sys -- (tandpl [Auto | Running]) DRV - [2004-12-17 16:14:44 | 00,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running]) DRV - [2004-08-04 20:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped]) DRV - [2008-04-13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped]) DRV - [2005-11-27 07:36:08 | 01,427,968 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Stopped]) DRV - [2006-11-06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped]) DRV - [2005-10-18 16:52:30 | 00,721,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running]) DRV - [2009-01-13 19:13:20 | 00,019,336 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running]) DRV - [2009-01-13 19:13:28 | 00,029,192 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped]) DRV - [2009-01-13 19:13:44 | 00,014,728 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped]) DRV - [2009-01-13 19:13:52 | 00,049,160 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running]) [color=orange]========== Standard Registry (SafeList) ==========[/color] [color=orange]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1061128783-3162594515-2219371128-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1061128783-3162594515-2219371128-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1061128783-3162594515-2219371128-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ IE - HKU\S-1-5-21-1061128783-3162594515-2219371128-1006\S-1-5-21-1061128783-3162594515-2219371128-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=orange]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://onet.pl/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006 FF - prefs.js..extensions.enabledItems: tcastv1@tom.com:1.0 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090325 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009-03-26 12:53:42 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008-05-02 17:24:22 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2008-05-02 17:24:22 | 00,000,000 | ---D | M] [2008-08-20 18:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gre\Dane aplikacji\mozilla\Extensions [2008-08-20 18:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gre\Dane aplikacji\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008-05-02 17:25:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gre\Dane aplikacji\mozilla\Firefox\Profiles\4ym9flda.default\extensions [2009-05-13 13:21:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gre\Dane aplikacji\mozilla\Firefox\Profiles\4ym9flda.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2) [2009-05-15 22:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gre\Dane aplikacji\mozilla\Firefox\Profiles\4ym9flda.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash [2009-03-27 12:58:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gre\Dane aplikacji\mozilla\Firefox\Profiles\4ym9flda.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2009-04-16 10:18:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gre\Dane aplikacji\mozilla\Firefox\Profiles\4ym9flda.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009-03-25 19:54:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gre\Dane aplikacji\mozilla\Firefox\Profiles\4ym9flda.default\extensions\moveplayer@movenetworks.com [2008-12-22 02:09:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gre\Dane aplikacji\mozilla\Firefox\Profiles\4ym9flda.default\extensions\tcastv1@tom.com [2008-05-02 21:55:32 | 00,002,921 | ---- | M] () -- C:\Documents and Settings\Gre\Dane aplikacji\Mozilla\FireFox\Profiles\4ym9flda.default\searchplugins\daemon-search.xml [2008-05-13 16:09:36 | 00,001,674 | ---- | M] () -- C:\Documents and Settings\Gre\Dane aplikacji\Mozilla\FireFox\Profiles\4ym9flda.default\searchplugins\soku.xml [2008-05-02 17:24:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2008-05-02 17:24:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008-06-22 17:08:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [2008-08-10 10:43:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009-04-28 13:33:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009-04-28 13:33:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2008-09-27 09:52:42 | 00,000,896 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2008-09-27 09:52:42 | 00,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2008-09-27 09:52:42 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008-09-27 09:52:42 | 00,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2008-09-27 09:52:42 | 00,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2008-09-27 09:52:42 | 00,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2008-09-27 09:52:42 | 00,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Pomocnik rejestracji usługi Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O3 - HKU\S-1-5-21-1061128783-3162594515-2219371128-1006\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found O3 - HKU\S-1-5-21-1061128783-3162594515-2219371128-1006\..\Toolbar\WebBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" (Avocent Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC () O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe () O4 - HKLM..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" (CyberLink Corp.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKU\S-1-5-21-1061128783-3162594515-2219371128-1006..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation) O4 - HKU\S-1-5-21-1061128783-3162594515-2219371128-1006..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe (Franmo Software) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1061128783-3162594515-2219371128-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1061128783-3162594515-2219371128-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1061128783-3162594515-2219371128-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.) O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209731769161 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (snapapi32.dll) - C:\WINDOWS\system32\snapapi32.dll () O29 - HKLM SecurityProviders - (digest32.dll) - C:\WINDOWS\system32\digest32.dll () O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-07-03 01:03:54 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{7425226e-b8bb-11dd-ac4a-0016d41b5b46}\Shell - "" = AutoRun O33 - MountPoints2\{7425226e-b8bb-11dd-ac4a-0016d41b5b46}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O33 - MountPoints2\{fdc017c6-ba6f-11dd-ac4b-0016d41b5b46}\Shell\AutoRun\command - "" = lky.exe O33 - MountPoints2\{fdc017c6-ba6f-11dd-ac4b-0016d41b5b46}\Shell\explore\Command - "" = lky.exe O33 - MountPoints2\{fdc017c6-ba6f-11dd-ac4b-0016d41b5b46}\Shell\open\Command - "" = lky.exe O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - * [2008-05-02 14:56:58 | 00,000,000 | ---D | M] [color=orange]========== Files/Folders - Created Within 30 Days ==========[/color] [2009-05-23 15:20:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2009-05-23 15:18:05 | 16,002,45760 | -HS- | C] () -- C:\hiberfil.sys [2009-05-23 15:14:13 | 00,580,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2009-05-23 15:12:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2009-05-23 15:05:15 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2009-05-23 15:05:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2009-05-23 14:56:55 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2009-05-23 14:56:12 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2009-05-23 14:55:06 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2009-05-23 14:54:55 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live [2009-05-23 14:46:15 | 00,000,000 | ---D | C] -- C:\SDFix [2009-05-23 14:46:05 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gre\Pulpit\OTListIt2.exe [2009-05-23 14:45:12 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Gre\Pulpit\SDFix.exe [2009-05-23 14:43:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2009-05-23 14:40:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gre\Dane aplikacji\Windows Search [2009-05-23 12:54:14 | 00,051,232 | ---- | C] (gkweb) -- C:\Documents and Settings\Gre\Pulpit\wwdc_[www.programosy.pl].exe [2009-05-23 12:49:14 | 65,103,168 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Gre\Pulpit\avg_free_stf_en_85_339a1525.exe [2009-05-23 12:44:39 | 00,000,000 | ---D | C] -- C:\Program Files\SkanerOnline [2009-05-22 23:15:29 | 00,144,384 | ---- | C] () -- C:\Documents and Settings\Gre\Pulpit\kwestionariusz_osobowy_2009.doc [2009-05-21 21:35:13 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009-05-21 21:35:03 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2009-05-20 01:34:42 | 00,000,000 | ---D | C] -- C:\rsit [2009-05-20 01:29:23 | 00,001,642 | ---- | C] () -- C:\Documents and Settings\Gre\Pulpit\HijackThis.lnk [2009-05-20 01:29:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009-05-19 14:49:44 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-05-19 13:36:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gre\Pulpit\OPERACJA PRACA [2009-05-18 11:12:22 | 00,000,000 | ---D | C] -- C:\Program Files\World Basketball Manager 2008 [2009-05-18 10:58:16 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ctlLabel.ocx [2009-05-17 23:29:50 | 00,126,976 | ---- | C] () -- C:\WINDOWS\lcmmfu.cpl [2009-05-17 23:29:48 | 00,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll [2009-05-17 23:29:48 | 00,002,560 | ---- | C] () -- C:\WINDOWS\Runservice.exe [2009-05-17 23:29:48 | 00,000,609 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys [2009-05-16 03:12:22 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009-05-16 02:58:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gre\Dane aplikacji\DivX [2009-05-15 22:28:03 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\digest32.dll [2009-05-10 21:46:14 | 00,659,456 | ---- | C] () -- C:\WINDOWS\System32\snapapi32.dll [2009-05-10 00:50:40 | 00,306,176 | ---- | C] () -- C:\Documents and Settings\Gre\Pulpit\LISTA DO POBRANIA.doc [2009-05-08 00:06:39 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys [2009-05-08 00:06:39 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2009-05-08 00:05:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech [2009-05-07 01:55:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gre\Dane aplikacji\OpenFM [2009-05-05 17:00:44 | 00,000,596 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk [2009-05-01 09:53:14 | 00,003,532 | ---- | C] () -- C:\drmHeader.bin [2009-04-30 10:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\DivX [2009-04-30 10:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared [2009-01-28 11:52:08 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV76.sys [2008-12-29 00:41:10 | 00,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys [2008-12-29 00:41:10 | 00,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys [2008-11-05 23:38:59 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008-09-08 20:33:55 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2008-06-03 00:01:04 | 00,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll [2008-05-26 22:22:36 | 00,016,222 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008-05-26 22:22:34 | 00,021,728 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008-05-26 22:22:32 | 00,016,164 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008-05-04 22:35:25 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008-05-03 01:50:13 | 00,001,599 | ---- | C] () -- C:\WINDOWS\bestplayer.ini [2008-05-02 21:52:46 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008-05-02 14:58:39 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008-05-02 13:48:50 | 00,000,084 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.INI [2008-05-02 13:48:34 | 00,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini [2006-07-03 01:04:26 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2006-07-03 01:02:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2006-07-03 01:02:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2006-07-03 01:02:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll [2006-07-03 01:02:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2006-04-01 12:24:50 | 00,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2006-01-23 06:26:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005-12-27 15:50:26 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll [2005-12-27 15:50:26 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll [2005-12-27 15:50:26 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll [2005-12-27 15:50:26 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll [2005-12-27 15:50:26 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll [2005-12-14 20:59:52 | 00,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini [2005-11-29 13:12:38 | 00,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005-05-02 12:13:42 | 00,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys [2005-02-14 21:03:22 | 00,000,794 | ---- | C] () -- C:\WINDOWS\win.ini [2005-02-14 20:56:06 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2004-12-17 16:14:44 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2004-08-04 20:00:00 | 00,003,619 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004-02-13 13:49:44 | 00,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll [2003-12-29 20:45:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll [2003-04-08 11:40:22 | 00,005,679 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001-12-26 15:12:30 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001-09-03 22:46:38 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001-07-30 15:33:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001-07-23 21:04:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1996-04-03 21:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys [color=orange]========== Files - Modified Within 30 Days ==========[/color] [2009-05-23 15:22:48 | 01,160,748 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009-05-23 15:22:48 | 00,527,476 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2009-05-23 15:22:48 | 00,445,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009-05-23 15:22:48 | 00,099,980 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2009-05-23 15:22:48 | 00,072,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009-05-23 15:21:38 | 00,000,794 | ---- | M] () -- C:\WINDOWS\win.ini [2009-05-23 15:18:22 | 00,000,609 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys [2009-05-23 15:18:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-05-23 15:18:12 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Gre\Ustawienia lokalne\desktop.ini [2009-05-23 15:18:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-05-23 15:18:06 | 16,002,45760 | -HS- | M] () -- C:\hiberfil.sys [2009-05-23 15:14:16 | 00,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll [2009-05-23 15:07:28 | 00,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009-05-23 15:05:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009-05-23 14:46:12 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gre\Pulpit\OTListIt2.exe [2009-05-23 14:45:36 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Gre\Pulpit\SDFix.exe [2009-05-23 14:37:36 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-05-23 14:33:44 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2009-05-23 12:54:08 | 65,103,168 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Gre\Pulpit\avg_free_stf_en_85_339a1525.exe [2009-05-23 12:54:08 | 00,051,232 | ---- | M] (gkweb) -- C:\Documents and Settings\Gre\Pulpit\wwdc_[www.programosy.pl].exe [2009-05-22 23:15:28 | 00,144,384 | ---- | M] () -- C:\Documents and Settings\Gre\Pulpit\kwestionariusz_osobowy_2009.doc [2009-05-20 01:29:24 | 00,001,642 | ---- | M] () -- C:\Documents and Settings\Gre\Pulpit\HijackThis.lnk [2009-05-19 14:49:46 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Adobe Reader 9.lnk [2009-05-17 23:29:52 | 00,126,976 | ---- | M] () -- C:\WINDOWS\lcmmfu.cpl [2009-05-17 23:29:50 | 00,048,640 | ---- | M] () -- C:\WINDOWS\mmfs.dll [2009-05-17 23:29:50 | 00,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe [2009-05-16 21:16:14 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin [2009-05-16 03:12:24 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [2009-05-12 00:22:20 | 00,306,176 | ---- | M] () -- C:\Documents and Settings\Gre\Pulpit\LISTA DO POBRANIA.doc [2009-05-07 09:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2009-05-05 17:00:46 | 00,000,596 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Nowe Gadu-Gadu.lnk [2009-04-25 07:30:40 | 00,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll < End of report >

Po tych wszystkich operacjach pojawił się u mnie w menedżerze zadań plik wuauclt.exe (nazwa użytkownika SYSTEM) i zużywa mi średnio koło 72mb pamięci.
Czy tak ma być czy coś muszę zmienić?

G

**Posty:** 18165 · przez **wojtas** 23 Maj 2009, 20:00

te plik/i :

C:\WINDOWS\lcmmfu.cpl
C:\WINDOWS\mmfs.dll
C:\WINDOWS\Runservice.exe

przesaknuj tu

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty ze skanow

Uruchom OTListIt2 i w oknie Custom Scans/Fixes wklej :

:OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (snapapi32.dll) - C:\WINDOWS\system32\snapapi32.dll ()
O29 - HKLM SecurityProviders - (digest32.dll) - C:\WINDOWS\system32\digest32.dll ()
O33 - MountPoints2\{fdc017c6-ba6f-11dd-ac4b-0016d41b5b46}\Shell\AutoRun\command - "" = lky.exe
O33 - MountPoints2\{fdc017c6-ba6f-11dd-ac4b-0016d41b5b46}\Shell\explore\Command - "" = lky.exe
O33 - MountPoints2\{fdc017c6-ba6f-11dd-ac4b-0016d41b5b46}\Shell\open\Command - "" = lky.exe

:Files
C:\WINDOWS\system32\digest32.dll
C:\WINDOWS\system32\snapapi32.dll

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

:Commands
[emptytemp]
[start explorer]
[Reboot]

Kliknij w Run Fix. I potwierdz reset kompa .

Następnie uruchamiasz OTListIt2 z opcją Run Scan. Pokazujesz nowy log OTListIt.txt (czyszczenie i skan ) i raporty ze skanow

**Posty:** 31 · przez **monas2007** 24 Maj 2009, 22:38

skany każdego z plików ze strony: http://virusscan.jotti.org/ nie pokazały żadnych nieprawidłowości.

Raporty z http://www.virustotal.com/ :

Kod: Zaznacz wszystko: lcmmfu.cpl Antywirus Wersja Ostatnia aktualizacja Wynik a-squared 4.0.0.101 2009.05.24 - AhnLab-V3 5.0.0.2 2009.05.24 - AntiVir 7.9.0.168 2009.05.24 - Antiy-AVL 2.0.3.1 2009.05.22 - Authentium5.1.2.4 2009.05.24 - Avast 4.8.1335.0 2009.05.24 - AVG 8.5.0.339 2009.05.24 - BitDefender 7.2 2009.05.24 - CAT-QuickHeal10.00 2009.05.23 - ClamAV 0.94.1 2009.05.24 - Comodo 1157 2009.05.08 - DrWeb 5.0.0.12182 2009.05.24 - eSafe 7.0.17.0 2009.05.24 Suspicious File eTrust-Vet 31.6.6519 2009.05.23 - F-Prot 4.4.4.56 2009.05.24 - F-Secure 8.0.14470.0 2009.05.24 - Fortinet 3.117.0.0 2009.05.24 - GData 19 2009.05.24 - Ikarus T3.1.1.49.0 2009.05.24 - K7AntiVirus 7.10.741 2009.05.21 - Kaspersky 7.0.0.125 2009.05.24 - McAfee 5625 2009.05.24 - McAfee+Artemis 5625 2009.05.24 - McAfee-GW-Edition6.7.62009.05.24 - Microsoft 1.4701 2009.05.24 - NOD32 4098 2009.05.22 - Norman 6.01.05 2009.05.22 - nProtect 2009.1.8.0 2009.05.24 - Panda 10.0.0.14 2009.05.24 - PCTools 4.4.2.0 2009.05.21 - Prevx 3.0 2009.05.24 - Rising 21.30.62.00 2009.05.24 - Sophos 4.42.0 2009.05.24 - Sunbelt 3.2.1858.2 2009.05.24 - Symantec 1.4.4.12 2009.05.24 - TheHacker 6.3.4.3.331 2009.05.22 - TrendMicro 8.950.0.1092 2009.05.23 - VBA32 3.12.10.5 2009.05.24 - ViRobot 2009.5.23.1749 2009.05.23 - VirusBuster 4.6.5.0 2009.05.24 - Dodatkowe informacje File size: 126976 bytes MD5...: f2d597b3d2ea0928ba4067b5b515d303 SHA1..: f9d728961868575e863931f19fe350022a37b752 SHA256: 80989ca5c749f82e86f333d9c1a41d67bffd211b7178e46ca83e10dbf1448b75 SHA512: 1d7d95c8bd5c6b46415672e342d88eb68a6c3bc727b7fdcbf3921fe2f33a0668 e47748b5e1f82305da4db799de3469d362757c965845e216be7b4c0b8b04d9ba ssdeep: 3072:q1wtBf9p1gWiE/Q8uYLgw9s7ot5uzeXIb5vB:q1YpCLE/Q8DLi7ovuzeXIb 5vB PEiD..: ASPack v2.12 TrID..: File type identification Win 9x/ME Control Panel applet (43.5%) Win32 Executable Generic (23.9%) Win32 Dynamic Link Library (generic) (21.2%) Generic Win/DOS Executable (5.6%) DOS Executable Generic (5.6%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3f001 timedatestamp.....: 0x45d64c21 (Sat Feb 17 00:28:17 2007) machinetype.......: 0x14c (I386) ( 7 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x29000 0xf600 8.00 0f430b1331861b34759dadd8a423c756 .rdata 0x2a000 0x4000 0x4000 4.74 01d5c9c6f123a0421040a1b8ee90f2c6 .data 0x2e000 0x4000 0xc00 7.59 fba20d22a41b736b8fba1295519f4292 .rsrc 0x32000 0xa000 0x1600 5.50 6c20c848d68579a260afa13088752f46 .reloc 0x3c000 0x3000 0x1a00 7.83 127c019641989fc1d4af5453b4aa4ee1 .vdata 0x3f000 0x8000 0x7800 4.80 11079e1670e025672e598a6256b106eb .adata 0x47000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e ( 10 imports ) > kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA > comctl32.dll: ImageList_Destroy > netapi32.dll: Netbios > user32.dll: InsertMenuA > gdi32.dll: DeleteObject > comdlg32.dll: GetSaveFileNameA > advapi32.dll: RegQueryValueExA > shell32.dll: SHGetFileInfoA > ole32.dll: StringFromIID > msvcr71.dll: strcmp ( 4 exports ) CPlApplet, DllCanUnloadNow, DllGetClassObject, DllRegisterServer PDFiD.: - RDS...: NSRL Reference Data Set - packers (Kaspersky): ASPack packers (F-Prot): Aspack

kolejny

Kod: Zaznacz wszystko: mmfs.dll Antywirus Wersja Ostatnia aktualizacja Wynik a-squared 4.0.0.101 2009.05.24 - AhnLab-V3 5.0.0.2 2009.05.24 - AntiVir 7.9.0.168 2009.05.24 - Antiy-AVL 2.0.3.1 2009.05.22 - Authentium 5.1.2.4 2009.05.24 - Avast 4.8.1335.0 2009.05.24 - AVG 8.5.0.339 2009.05.24 - BitDefender 7.2 2009.05.24 - CAT-QuickHeal 10.00 2009.05.23 - ClamAV 0.94.1 2009.05.24 - Comodo 1157 2009.05.08 - DrWeb 5.0.0.12182 2009.05.24 - eSafe 7.0.17.0 2009.05.24 Suspicious File eTrust-Vet 31.6.6519 2009.05.23 - F-Prot 4.4.4.56 2009.05.24 - F-Secure 8.0.14470.0 2009.05.24 - Fortinet 3.117.0.0 2009.05.24 - GData 19 2009.05.24 - Ikarus T3.1.1.49.0 2009.05.24 - K7AntiVirus 7.10.741 2009.05.21 - Kaspersky 7.0.0.125 2009.05.24 - McAfee 5625 2009.05.24 - McAfee+Artemis 5625 2009.05.24 - McAfee-GW-Edition 6.7.6 2009.05.24 - Microsoft 1.4701 2009.05.24 - NOD32 4098 2009.05.22 - Norman 6.01.05 2009.05.22 - nProtect 2009.1.8.0 2009.05.24 - Panda 10.0.0.14 2009.05.24 - PCTools 4.4.2.0 2009.05.21 - Prevx 3.0 2009.05.24 - Rising 21.30.62.00 2009.05.24 - Sophos 4.42.0 2009.05.24 - Sunbelt 3.2.1858.2 2009.05.24 - Symantec 1.4.4.12 2009.05.24 - TheHacker 6.3.4.3.331 2009.05.22 - TrendMicro 8.950.0.1092 2009.05.23 - VBA32 3.12.10.5 2009.05.24 - ViRobot 2009.5.23.1749 2009.05.23 - VirusBuster 4.6.5.0 2009.05.24 - Dodatkowe informacje File size: 48640 bytes MD5...: 94fb3dbf6ba736930bd926cfa8239eac SHA1..: 369dcb7a2c06b7c1f6bfdaa55443101ce83d4990 SHA256: ae96d1a4e17793ace92562a7380f23b3c33c03b020da1054a61a58defc60ea0e SHA512: 43a1ebee123e1f0dc21c50c4037247146b4d63e2b6e40ed91642e5afaf483fa8 af201c2edfd9398e743729954250ee7cf17e144287076aae1e415f85fafe97ee ssdeep: 768:TKlMX+RM4637PI0Swz5PC2ZFdHUC2rOysO9L72KMkIyhtEMho9qz+0x/ha5: GlMORMFb5C2Zb32rObO9P2tkIyhtEMhv PEiD..: ASPack v2.12 TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1b001 timedatestamp.....: 0x44122c74 (Sat Mar 11 01:48:36 2006) machinetype.......: 0x14c (I386) ( 7 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x14000 0x7000 7.99 8259fc47cef7b5f9a48641f63585b172 .rdata 0x15000 0x2000 0x2000 3.57 2ce1af6b2a1122f43e0c6fd496260c6e .data 0x17000 0x1000 0x400 6.96 991f4068f4465fc80e15962c3c5e7f54 .rsrc 0x18000 0x1000 0x200 0.90 fd71934afb7c56fe0922ff2b838e38df .reloc 0x19000 0x2000 0xe00 7.51 a310c19870747a96f138a23e01cab815 .vdata 0x1b000 0x2000 0x1400 5.62 88648ea867e5254158e3703a7717d78e .adata 0x1d000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e ( 4 imports ) > kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA > user32.dll: EnableWindow > advapi32.dll: DeregisterEventSource > msvcrt.dll: sprintf ( 2 exports ) DllRegisterServer, Service PDFiD.: - RDS...: NSRL Reference Data Set - CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=94fb3dbf6ba736930bd926cfa8239eac' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=94fb3dbf6ba736930bd926cfa8239eac</a> packers (Kaspersky): ASPack packers (F-Prot): Aspack

i ostatni:

Kod: Zaznacz wszystko: Rundservice.exe Antywirus Wersja Ostatnia aktualizacja Wynik a-squared 4.0.0.101 2009.05.24 - AhnLab-V3 5.0.0.2 2009.05.24 - AntiVir 7.9.0.168 2009.05.24 - Antiy-AVL 2.0.3.1 2009.05.22 - Authentium 5.1.2.4 2009.05.24 - Avast 4.8.1335.0 2009.05.24 - AVG 8.5.0.339 2009.05.24 - BitDefender 7.2 2009.05.24 - CAT-QuickHeal 10.00 2009.05.23 - ClamAV 0.94.1 2009.05.24 - Comodo 1157 2009.05.08 - DrWeb 5.0.0.12182 2009.05.24 - eSafe 7.0.17.0 2009.05.24 - eTrust-Vet 31.6.6519 2009.05.23 - F-Prot 4.4.4.56 2009.05.24 - F-Secure 8.0.14470.0 2009.05.24 - Fortinet 3.117.0.0 2009.05.24 - GData 19 2009.05.24 - Ikarus T3.1.1.49.0 2009.05.24 - K7AntiVirus 7.10.741 2009.05.21 - Kaspersky 7.0.0.125 2009.05.24 - McAfee 5625 2009.05.24 - McAfee+Artemis 5625 2009.05.24 - McAfee-GW-Edition 6.7.6 2009.05.24 - Microsoft 1.4701 2009.05.24 - NOD32 4098 2009.05.22 - Norman 6.01.05 2009.05.22 - nProtect 2009.1.8.0 2009.05.24 - Panda 10.0.0.14 2009.05.24 - PCTools 4.4.2.0 2009.05.21 - Prevx 3.0 2009.05.24 - Rising 21.30.62.00 2009.05.24 Trojan.Mmfs.Runservice Sophos 4.42.0 2009.05.24 - Sunbelt 3.2.1858.2 2009.05.24 - Symantec 1.4.4.12 2009.05.24 - TheHacker 6.3.4.3.331 2009.05.22 - TrendMicro 8.950.0.1092 2009.05.23 - VBA32 3.12.10.5 2009.05.24 - ViRobot 2009.5.23.1749 2009.05.23 - VirusBuster 4.6.5.0 2009.05.24 - Dodatkowe informacje File size: 2560 bytes MD5...: 29fab5363138f6e322f4cd780ed9d337 SHA1..: a8b494d736c665b463b71c44ca99f248fd938d6d SHA256: 39ae6e21d116aec9ea65632f3325e848ffbec6169a88adc4814639f97a290d91 SHA512: a83ffc92bfc3fc491298ef5e350dea4a2a1910a22b89f1a286e1b26fedf3a297 41af8caed99ae66408e20ea3f4a4a78be86de547a0f2c754f03c56dec47ad80e ssdeep: 24:eFGSMXqR5UPUCrtvdIQTJd+Vg/HeNywaXDRp:iLvaDtvdJd+Km5c/ PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x107c timedatestamp.....: 0x3903779f (Sun Apr 23 22:22:23 2000) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xef 0x200 3.21 31813831462b8356ec567f991c829575 .rdata 0x2000 0x15e 0x200 3.18 f9090c2980006b256d419bfa831f9be8 .data 0x3000 0xf0 0x200 1.21 a68d255a411db3b4b5453083e9c4266d ( 3 imports ) > KERNEL32.dll: GetVersionExA, LoadLibraryA, GetProcAddress, GetLastError > USER32.dll: wsprintfA > ADVAPI32.dll: DeregisterEventSource, RegisterEventSourceA, ReportEventA ( 0 exports ) PDFiD.: - RDS...: NSRL Reference Data Set - ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=29fab5363138f6e322f4cd780ed9d337' target='_blank'>http://www.threatexpert.com/report.aspx?md5=29fab5363138f6e322f4cd780ed9d337</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=29fab5363138f6e322f4cd780ed9d337' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=29fab5363138f6e322f4cd780ed9d337</a>

**Posty:** 18165 · przez **wojtas** 24 Maj 2009, 22:45

1.Uruchom OTListIt2 z opcji CleanUp
2. wykonaj optymalizację windowsa
3.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
4. Wykonaj skan Dr. Web CureIt
5. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym (skasuj co znajdzie)

Malwarebytes Anti-Malware.

Jeśli masz Adobe Reader to zaaktualizuj go do najnowszej wersji