Forum PC Town

Strona Główna     FAQFAQ  SzukajSzukaj  UżytkownicyUżytkownicy  GrupyGrupy


Forum komputerowe PC Town Strona Główna » Kompiradło » Windows » svchost.exe Poprzedni temat :: Następny temat
svchost.exe
Autor Wiadomość
maniek910


Skąd: Kalisz
Wysłany: 2010-03-16, 17:06   svchost.exe
Powiem krótko , jak to wyłączyć ? Próbowałem wyłączyć aktualizacje automatyczną ale nic to nie dało a to zużywa mi 100% CPU .
_________________
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2010-03-16, 17:50   
Może to infekcja??? Logów podać nie zaszkodzi, z: OTL i GMER (przed uruchomieniem użyj Defoggera)
_________________
 
   
maniek910


Skąd: Kalisz
Wysłany: 2010-03-16, 19:26   
nie wiedziałem co wkleić to wklejam all


OTL Extras logfile created on: 2010-03-16 18:55:35 - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = E:\Documents and Settings\Krzysztof\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 014,00 Mb Total Physical Memory | 662,00 Mb Available Physical Memory | 65,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): E:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 18,75 Gb Total Space | 18,55 Gb Free Space | 98,93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,99 Gb Total Space | 35,63 Gb Free Space | 64,80% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRZYS
Current User Name: Krzysztof
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2938F0AE-8E6A-40E7-965A-817FE867F300}" = Nawigator
"{350C97C2-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9CA789-3AAC-4F5E-B42D-EA4232DAC60F}" = Atheros Wireless LAN
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{D3E3F224-704C-4873-BA3E-0B8D3D4C59E8}" = Samsung PC Studio 3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0719150-F183-4097-BA61-9FD6CC7FE908}" = Stitch Era 10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Pakiet sterowników systemu Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Pakiet sterowników systemu Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Free Easy Burner_is1" = Free Easy Burner V 1.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.0
"Mozilla Firefox (1.0.4)" = Mozilla Firefox (1.0.4)
"Nero8Lite_is1" = Nero 8 Lite 8.3.6.0
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = Archiwizator WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-11-10 04:47:40 | Computer Name = KRZYS | Source = MsiInstaller | ID = 10005
Description = Produkt: Nawigator -- Błąd 2755. Server returned unexpected error
3 attempting to install package F:\Nawigator.msi.

Error - 2009-11-24 16:37:32 | Computer Name = KRZYS | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca mplayerc.exe, wersja 1.2.1008.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.

Error - 2009-12-10 16:54:12 | Computer Name = KRZYS | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 6.0.2900.2180, moduł
powodujący błąd mshtml.dll, wersja 6.0.2900.2180, adres błędu 0x0007f463.

[ System Events ]
Error - 2010-03-16 11:14:22 | Computer Name = KRZYS | Source = Service Control Manager | ID = 7031
Description = Usługa Program uruchamiający proces serwera DCOM niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca
czynność korekcyjna: Uruchom ponownie komputer.

Error - 2010-03-16 11:14:22 | Computer Name = KRZYS | Source = Service Control Manager | ID = 7034
Description = Usługa Usługi terminalowe niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-03-16 11:21:01 | Computer Name = KRZYS | Source = Service Control Manager | ID = 7031
Description = Usługa Program uruchamiający proces serwera DCOM niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca
czynność korekcyjna: Uruchom ponownie komputer.

Error - 2010-03-16 11:21:01 | Computer Name = KRZYS | Source = Service Control Manager | ID = 7034
Description = Usługa Usługi terminalowe niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-03-16 11:21:30 | Computer Name = KRZYS | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2010-03-16 11:28:19 | Computer Name = KRZYS | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2010-03-16 11:45:10 | Computer Name = KRZYS | Source = Service Control Manager | ID = 7031
Description = Usługa Program uruchamiający proces serwera DCOM niespodziewanie zakończyła
pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca
czynność korekcyjna: Uruchom ponownie komputer.

Error - 2010-03-16 11:45:10 | Computer Name = KRZYS | Source = Service Control Manager | ID = 7034
Description = Usługa Usługi terminalowe niespodziewanie zakończyła pracę. Wystąpiło
to razy: 1.

Error - 2010-03-16 11:52:28 | Computer Name = KRZYS | Source = Service Control Manager | ID = 7023
Description = Usługa Przeglądarka komputera zakończyła działanie; wystąpił następujący
błąd: %%1460

Error - 2010-03-16 11:53:34 | Computer Name = KRZYS | Source = Service Control Manager | ID = 7011
Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji
z usługi AntiVirScheduler.


< End of report >
_________________
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2010-03-16, 20:57   
Podaj ten drugi log z OTL (OTL.txt). No i nie widzę loga z Gmera.
_________________
 
   
maniek910


Skąd: Kalisz
Wysłany: 2010-03-17, 11:49   
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-17 11:47:57
Windows 5.1.2600 Dodatek Service Pack 2
Running: gmer.exe; Driver: E:\DOCUME~1\KRZYSZ~1\USTAWI~1\Temp\kxtdqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.pak2 E:\WINDOWS\system32\drivers\udliiajr.sys entry point in ".pak2" section [0xF757913D]
? E:\WINDOWS\system32\drivers\udliiajr.sys Urządzenie podłączone do komputera nie działa.
PAGE Ntfs.sys F73A4E88 4 Bytes CALL 863EA011

---- User code sections - GMER 1.0.15 ----

.text E:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtQueryDirectoryFile + 6 7C90DF64 4 Bytes [90, 61, F1, 00]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86352580

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] udliiajr <-- ROOTKIT !! !

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\udliiajr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\udliiajr@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\udliiajr@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\udliiajr@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\udliiajr@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\udliiajr@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\udliiajr@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\udliiajr@Group Boot Bus Extender

---- EOF - GMER 1.0.15 ----
Na końcu wyświetliło że znalazło Rokita ;/ a to z OTL-a

OTL logfile created on: 2010-03-16 18:55:35 - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = E:\Documents and Settings\Krzysztof\Pulpit
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 014,00 Mb Total Physical Memory | 662,00 Mb Available Physical Memory | 65,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): E:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 18,75 Gb Total Space | 18,55 Gb Free Space | 98,93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,99 Gb Total Space | 35,63 Gb Free Space | 64,80% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRZYS
Current User Name: Krzysztof
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-03-16 18:50:30 | 000,556,032 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Krzysztof\Pulpit\OTL.exe
PRC - [2010-03-16 18:04:31 | 000,524,632 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010-03-16 18:04:30 | 001,029,456 | ---- | M] (Lavasoft) -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009-06-21 11:46:59 | 000,151,297 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2009-06-21 11:46:59 | 000,068,865 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2009-06-18 21:29:28 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- E:\Documents and Settings\Krzysztof\Ustawienia lokalne\Temp\RtkBtMnt.exe
PRC - [2008-06-12 13:28:45 | 000,266,497 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2006-10-05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- E:\WINDOWS\system32\agrsmsvc.exe
PRC - [2005-05-11 19:11:00 | 006,631,017 | ---- | M] (Mozilla) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004-08-03 23:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010-03-16 18:50:30 | 000,556,032 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Krzysztof\Pulpit\OTL.exe
MOD - [2006-05-03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\framedyn.dll
MOD - [2004-08-03 23:42:34 | 001,050,624 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-03-16 18:04:30 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009-06-21 11:46:59 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2009-06-21 11:46:59 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2006-10-05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- E:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2009-07-12 22:12:54 | 000,005,632 | ---- | M] () [File_System | System | Running] -- E:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-07-03 15:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009-06-21 11:47:01 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009-06-21 11:46:59 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009-06-21 11:46:59 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2007-12-10 14:15:02 | 005,851,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007-07-10 02:56:00 | 004,449,280 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-06-18 11:03:32 | 000,737,280 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\athr.sys -- (athr)
DRV - [2007-06-06 05:51:04 | 000,161,792 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007-05-02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007-05-02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007-05-02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007-03-09 07:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007-03-01 09:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006-11-15 07:00:58 | 000,528,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005-01-07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2002-09-16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1292428093-436374069-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Mozilla Firefox 1.0.4\Extensions\\Components: E:\Program Files\Mozilla Firefox\Components [2009-08-05 12:08:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.4\Extensions\\Plugins: E:\Program Files\Mozilla Firefox\Plugins [2009-10-09 15:39:55 | 000,000,000 | ---D | M]

[2009-06-19 15:42:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Krzysztof\Dane aplikacji\Mozilla\Firefox\Profiles\smq8pu14.default\extensions
[2009-06-19 15:42:52 | 000,000,000 | ---D | M] (Firefox (default)) -- E:\Documents and Settings\Krzysztof\Dane aplikacji\Mozilla\Firefox\Profiles\smq8pu14.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-06-19 15:43:01 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2009-06-18 14:15:19 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\defaults\profile\extensions
[2009-06-18 14:15:19 | 000,000,000 | ---D | M] (Firefox (default)) -- E:\Program Files\Mozilla Firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005-05-11 19:11:00 | 000,041,578 | ---- | M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\jar50.dll
[2005-05-11 19:11:00 | 000,048,228 | ---- | M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2005-05-11 19:11:00 | 000,159,340 | ---- | M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2005-05-11 19:11:00 | 000,003,710 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\allegro.png
[2005-05-11 19:11:00 | 000,000,864 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\allegro.src
[2005-05-11 19:11:00 | 000,001,076 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2010-03-05 18:46:50 | 000,000,750 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\google.src
[2005-05-11 19:11:00 | 000,000,260 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\onet.gif
[2005-05-11 19:11:00 | 000,000,944 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\onet.src
[2005-05-11 19:11:00 | 000,000,318 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\pwn.gif
[2005-05-11 19:11:00 | 000,000,582 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\pwn.src
[2005-05-11 19:11:00 | 000,000,718 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\szukacz.png
[2005-05-11 19:11:00 | 000,000,922 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\szukacz.src
[2005-05-11 19:11:00 | 000,000,459 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.png
[2005-05-11 19:11:00 | 000,001,056 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.src

O1 HOSTS File: ([2001-10-26 16:45:16 | 000,000,742 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] E:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [INPROCOMMWireless] E:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe File not found
O4 - HKLM..\Run: [sysgif32] E:\WINDOWS\Temp\~TMD.tmp (tzuk)
O4 - Startup: E:\Documents and Settings\Krzysztof\Menu Start\Programy\Autostart\winesm32.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-436374069-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macrome...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 217.172.224.160 89.228.7.226
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - E:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///E:/Documents%20and%20Settings/Krzysztof/Pulpit/:
O24 - Desktop Components:1 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: E:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
O33 - MountPoints2\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
O33 - MountPoints2\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\Shell\AutoRun\command - "" = G:\mbvd.exe -- File not found
O33 - MountPoints2\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\Shell\open\Command - "" = G:\mbvd.exe -- File not found
O33 - MountPoints2\{e4a37460-8385-11de-b3b2-001b38d88684}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
O33 - MountPoints2\{e4a37460-8385-11de-b3b2-001b38d88684}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - E:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- E:\Documents and Settings\Krzysztof\Pulpit\CA3WHBVK.
[2010-03-16 18:50:29 | 000,556,032 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Krzysztof\Pulpit\OTL.exe
[2010-03-16 18:05:10 | 000,064,160 | ---- | C] (Lavasoft AB) -- E:\WINDOWS\System32\drivers\Lbd.sys
[2010-03-16 18:03:57 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\All Users\Dane aplikacji\{EF63305C-BAD7-4144-9208-D65528260864}
[2010-03-16 18:02:23 | 000,000,000 | ---D | C] -- E:\Program Files\Lavasoft
[2010-03-16 18:02:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
[2010-03-16 17:57:55 | 060,857,536 | ---- | C] (Lavasoft ) -- E:\Documents and Settings\Krzysztof\Pulpit\Ad-AwareAE.exe
[2010-03-16 16:55:31 | 001,273,736 | ---- | C] (Microsoft Corporation) -- E:\Documents and Settings\Krzysztof\Pulpit\WindowsXP-KB927891-v3-x86-PLK.exe
[2010-03-03 16:29:52 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Krzysztof\Pulpit\Nowy folder (2)
[2010-02-24 18:28:45 | 004,938,120 | ---- | C] (Microsoft Corporation) -- E:\Documents and Settings\Krzysztof\Pulpit\Silverlight.exe
[2009-06-18 13:01:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-06-18 12:40:28 | 000,000,000 | --SD | M] -- E:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-06-18 12:40:28 | 000,000,000 | --SD | M] -- E:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-06-18 12:40:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- E:\Documents and Settings\Krzysztof\Pulpit\CA3WHBVK.
[2010-03-16 19:13:23 | 000,802,304 | ---- | M] () -- E:\WINDOWS\System32\drivers\udliiajr.sys
[2010-03-16 18:50:30 | 000,556,032 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Krzysztof\Pulpit\OTL.exe
[2010-03-16 18:34:07 | 000,000,060 | ---- | M] () -- E:\WINDOWS\wininit.ini
[2010-03-16 18:07:10 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010-03-16 18:07:06 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010-03-16 18:06:10 | 003,145,728 | -H-- | M] () -- E:\Documents and Settings\Krzysztof\NTUSER.DAT
[2010-03-16 18:06:10 | 000,000,188 | -HS- | M] () -- E:\Documents and Settings\Krzysztof\ntuser.ini
[2010-03-16 18:05:31 | 000,000,472 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-03-16 18:04:53 | 000,015,688 | ---- | M] () -- E:\WINDOWS\System32\lsdelete.exe
[2010-03-16 18:03:44 | 000,000,867 | ---- | M] () -- E:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk
[2010-03-16 17:12:04 | 060,857,536 | ---- | M] (Lavasoft ) -- E:\Documents and Settings\Krzysztof\Pulpit\Ad-AwareAE.exe
[2010-03-16 16:58:58 | 000,356,068 | ---- | M] () -- E:\WINDOWS\System32\perfh015.dat
[2010-03-16 16:58:58 | 000,311,938 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2010-03-16 16:58:58 | 000,049,910 | ---- | M] () -- E:\WINDOWS\System32\perfc015.dat
[2010-03-16 16:58:58 | 000,040,326 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2010-03-16 16:58:56 | 000,763,990 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2010-03-16 16:51:00 | 001,273,736 | ---- | M] (Microsoft Corporation) -- E:\Documents and Settings\Krzysztof\Pulpit\WindowsXP-KB927891-v3-x86-PLK.exe
[2010-03-16 16:17:37 | 000,019,616 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
[2010-03-15 21:26:16 | 000,005,192 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\1.JPG
[2010-03-15 21:22:03 | 000,008,697 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\EMBLEMAT_DO_MUNDURU_CWICZEBNEGO.gif
[2010-03-14 09:08:10 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010-03-09 19:07:50 | 000,000,004 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Dane aplikacji\avdrn.dat
[2010-03-09 09:51:58 | 000,033,792 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\2.doc
[2010-03-08 21:16:34 | 000,806,472 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00539.JPG
[2010-03-08 14:02:58 | 000,892,350 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00536.JPG
[2010-03-08 14:02:42 | 000,773,225 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00535.JPG
[2010-03-08 14:02:28 | 000,786,416 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00534.JPG
[2010-03-08 14:02:12 | 000,898,115 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00533.JPG
[2010-03-08 14:01:52 | 000,880,924 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00532.JPG
[2010-03-08 07:27:09 | 000,000,069 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2010-03-06 18:16:06 | 000,024,064 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Moje dokumenty\28900904,zalacznik.doc
[2010-03-03 16:55:10 | 000,025,980 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\kolo.jpg
[2010-02-25 19:48:43 | 000,173,079 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\IMGP0494.jpg
[2010-02-25 19:47:36 | 000,050,790 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\major.jpg
[2010-02-25 19:46:43 | 000,072,928 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\paragraf.jpg
[2010-02-25 15:57:46 | 000,051,825 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\orzel.JPG
[2010-02-25 15:56:21 | 000,163,574 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\509px-Herb_Polski.svg
[2010-02-24 23:57:06 | 004,938,120 | ---- | M] (Microsoft Corporation) -- E:\Documents and Settings\Krzysztof\Pulpit\Silverlight.exe
[2010-02-24 18:46:24 | 000,114,199 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\orzełek.jpg
[2010-02-24 18:39:56 | 000,000,417 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\Onet.pl-Poczta.url
[2010-02-21 16:12:34 | 000,530,280 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00682.JPG
[2010-02-21 16:09:22 | 000,499,472 | ---- | M] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00681.JPG
[3 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-03-16 18:54:24 | 000,015,688 | ---- | C] () -- E:\WINDOWS\System32\lsdelete.exe
[2010-03-16 18:34:07 | 000,000,060 | ---- | C] () -- E:\WINDOWS\wininit.ini
[2010-03-16 18:05:30 | 000,000,472 | ---- | C] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-03-16 18:03:44 | 000,000,867 | ---- | C] () -- E:\Documents and Settings\All Users\Pulpit\Ad-Aware.lnk
[2010-03-15 21:26:16 | 000,005,192 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\1.JPG
[2010-03-15 21:25:32 | 000,008,697 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\EMBLEMAT_DO_MUNDURU_CWICZEBNEGO.gif
[2010-03-09 19:08:17 | 000,802,304 | ---- | C] () -- E:\WINDOWS\System32\drivers\udliiajr.sys
[2010-03-09 19:07:56 | 000,000,016 | ---- | C] () -- E:\Documents and Settings\NetworkService\Dane aplikacji\rbuwzv.dat
[2010-03-09 19:07:50 | 000,000,004 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Dane aplikacji\avdrn.dat
[2010-03-08 22:44:47 | 000,806,472 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00539.JPG
[2010-03-08 15:05:37 | 000,892,350 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00536.JPG
[2010-03-08 15:05:36 | 000,773,225 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00535.JPG
[2010-03-08 15:05:35 | 000,786,416 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00534.JPG
[2010-03-08 15:05:33 | 000,898,115 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00533.JPG
[2010-03-08 15:05:32 | 000,880,924 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00532.JPG
[2010-03-03 16:55:54 | 000,025,980 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\kolo.jpg
[2010-02-25 19:48:43 | 000,173,079 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\IMGP0494.jpg
[2010-02-25 19:47:36 | 000,050,790 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\major.jpg
[2010-02-25 19:46:43 | 000,072,928 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\paragraf.jpg
[2010-02-25 15:57:46 | 000,051,825 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\orzel.JPG
[2010-02-25 15:56:48 | 000,163,574 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\509px-Herb_Polski.svg
[2010-02-24 18:46:24 | 000,114,199 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\orzełek.jpg
[2010-02-24 18:39:33 | 000,000,417 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\Onet.pl-Poczta.url
[2010-02-21 16:12:34 | 000,530,280 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00682.JPG
[2010-02-21 16:09:22 | 000,499,472 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Pulpit\DSC00681.JPG
[2010-01-26 16:58:56 | 000,000,042 | ---- | C] () -- E:\WINDOWS\BDNET32.INI
[2009-10-09 15:40:13 | 000,000,385 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2009-09-25 17:50:55 | 000,000,754 | ---- | C] () -- E:\WINDOWS\WORDPAD.INI
[2009-08-05 15:16:18 | 000,000,238 | ---- | C] () -- E:\WINDOWS\SIERRA.INI
[2009-08-05 14:06:21 | 000,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2009-08-05 12:08:33 | 000,168,448 | ---- | C] () -- E:\WINDOWS\System32\unrar.dll
[2009-08-05 12:08:32 | 000,000,038 | ---- | C] () -- E:\WINDOWS\avisplitter.ini
[2009-08-05 12:08:30 | 003,596,288 | ---- | C] () -- E:\WINDOWS\System32\qt-dx331.dll
[2009-08-05 12:08:30 | 000,881,664 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll
[2009-08-05 12:08:30 | 000,205,824 | ---- | C] () -- E:\WINDOWS\System32\xvidvfw.dll
[2009-08-05 12:08:29 | 000,085,504 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll
[2009-08-05 12:08:29 | 000,000,547 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-08-03 15:21:35 | 000,013,576 | ---- | C] () -- E:\WINDOWS\System32\wnaspi32.dll
[2009-07-12 22:14:05 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt
[2009-07-12 21:55:57 | 000,005,632 | ---- | C] () -- E:\WINDOWS\System32\drivers\StarOpen.sys
[2009-06-27 16:13:25 | 000,027,648 | ---- | C] () -- E:\Documents and Settings\Krzysztof\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-19 15:19:54 | 001,399,880 | ---- | C] () -- E:\WINDOWS\System32\igklg450.dll
[2009-06-19 15:19:53 | 001,843,784 | ---- | C] () -- E:\WINDOWS\System32\igklg400.dll
[2009-06-19 15:19:53 | 000,147,456 | ---- | C] () -- E:\WINDOWS\System32\igfxCoIn_v4885.dll
[2009-06-19 15:19:53 | 000,104,636 | ---- | C] () -- E:\WINDOWS\System32\igmedcompkrn.dll
[2009-06-18 12:55:03 | 000,081,920 | ---- | C] () -- E:\WINDOWS\System32\ieencode.dll
[2003-01-07 16:05:08 | 000,002,695 | ---- | C] () -- E:\WINDOWS\System32\OUTLPERF.INI
[2002-02-27 10:41:28 | 000,024,576 | ---- | C] () -- E:\WINDOWS\System32\nsldappr32v50.dll
[2002-02-27 10:41:26 | 000,139,264 | ---- | C] () -- E:\WINDOWS\System32\nsldap32v50.dll
[2002-02-27 10:41:26 | 000,040,960 | ---- | C] () -- E:\WINDOWS\System32\nsldapssl32v50.dll
[2001-07-22 03:41:32 | 000,027,440 | ---- | C] () -- E:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010-01-26 17:21:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\Sierra
[2010-03-16 18:03:57 | 000,000,000 | -H-D | M] -- E:\Documents and Settings\All Users\Dane aplikacji\{EF63305C-BAD7-4144-9208-D65528260864}
[2009-06-20 21:50:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Krzysztof\Dane aplikacji\GetRightToGo
[2009-06-23 13:44:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Krzysztof\Dane aplikacji\Nowe Gadu-Gadu
[2009-06-23 14:57:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Krzysztof\Dane aplikacji\OpenFM
[2009-07-12 22:14:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Krzysztof\Dane aplikacji\Samsung
[2009-06-21 12:34:29 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Krzysztof\Dane aplikacji\Thinstall
[2010-03-16 18:05:31 | 000,000,472 | ---- | M] () -- E:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========


< End of report >
_________________
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2010-03-17, 20:20   
No i tak jak podejrzewałem, jest syf. Pobierz The Avenger w pole Input script here wklej poniższy tekst:
Kod:
Files to delete:
E:\Documents and Settings\Krzysztof\Menu Start\Programy\Autostart\winesm32.exe
E:\WINDOWS\System32\drivers\udliiajr.sys
E:\Documents and Settings\NetworkService\Dane aplikacji\rbuwzv.dat
E:\Documents and Settings\Krzysztof\Dane aplikacji\avdrn.dat

Folders to delete
E:\WINDOWS\Temp

Drivers to delete:
udliiajr

klikasz Execute -> Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu wklej raport na forum C:\avenger.txt

Uruchom OTL -> w oknie Custom Scans/Fixes wklej:
Cytat:
:OTL
O4 - HKLM..\Run: [INPROCOMMWireless] E:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe File not found
O4 - HKLM..\Run: [sysgif32] E:\WINDOWS\Temp\~TMD.tmp (tzuk)
O33 - MountPoints2\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
O33 - MountPoints2\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
O33 - MountPoints2\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\Shell\AutoRun\command - "" = G:\mbvd.exe -- File not found
O33 - MountPoints2\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\Shell\open\Command - "" = G:\mbvd.exe -- File not found
O33 - MountPoints2\{e4a37460-8385-11de-b3b2-001b38d88684}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
O33 - MountPoints2\{e4a37460-8385-11de-b3b2-001b38d88684}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe

:Commands
[emptytemp]

Klikasz Run Fix. Dajesz log z usuwania + nowe logi z OTL + nowy log z Gmer
_________________
 
   
maniek910


Skąd: Kalisz
Wysłany: 2010-03-18, 20:24   
Wkleje Logi ale na ten moment wzglada że usterka ustąpiła :P nie zapeszając :D


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at E:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "E:\Documents and Settings\Krzysztof\Menu Start\Programy\Autostart\winesm32.exe" not found!
Deletion of file "E:\Documents and Settings\Krzysztof\Menu Start\Programy\Autostart\winesm32.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "E:\WINDOWS\System32\drivers\udliiajr.sys" deleted successfully.
File "E:\Documents and Settings\NetworkService\Dane aplikacji\rbuwzv.dat" deleted successfully.
File "E:\Documents and Settings\Krzysztof\Dane aplikacji\avdrn.dat" deleted successfully.

Error: file "Folders to delete" not found!
Deletion of file "Folders to delete" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: "E:\WINDOWS\Temp" is a folder, not a file!
Deletion of file "E:\WINDOWS\Temp" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory

Driver "udliiajr" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.




____________________________________________________


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\INPROCOMMWireless deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysgif32 deleted successfully.
File move failed. E:\WINDOWS\Temp\~TMD.tmp scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\ not found.
File E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e9765e-5cdb-11de-964c-c5f1c8e93dcb}\ not found.
File E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\ not found.
File G:\mbvd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcd09dfe-81bf-11de-b3a3-001b38d88684}\ not found.
File G:\mbvd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4a37460-8385-11de-b3b2-001b38d88684}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4a37460-8385-11de-b3b2-001b38d88684}\ not found.
File E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4a37460-8385-11de-b3b2-001b38d88684}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4a37460-8385-11de-b3b2-001b38d88684}\ not found.
File E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Krzysztof
->Temp folder emptied: 139956695 bytes
->Temporary Internet Files folder emptied: 22986108 bytes
->Flash cache emptied: 28249 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119389 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20084616 bytes
RecycleBin emptied: 97337 bytes

Total Files Cleaned = 176,00 mb


OTL by OldTimer - Version 3.1.37.2 log created on 03182010_201426

Files\Folders moved on Reboot...
File\Folder E:\WINDOWS\Temp\~TMD.tmp not found!

Registry entries deleted on Reboot...
_________________
 
   
@Blade@ 

Pomógł: 8 razy
Wysłany: 2010-03-18, 20:55   
Podaj jeszcze nowy log z OTL robiony opcją Run Scan
_________________
 
   
Wyświetl posty z ostatnich:   
Forum komputerowe PC Town Strona Główna » Kompiradło » Windows » svchost.exe
Odpowiedz do tematu
Możesz pisać nowe tematy
Możesz odpowiadać w tematach
Nie możesz zmieniać swoich postów
Nie możesz usuwać swoich postów
Nie możesz głosować w ankietach
Nie możesz załączać plików na tym forum
Możesz ściągać załączniki na tym forum
 Dodaj temat do Ulubionych
Wersja do druku

Skocz do:  

Powered by phpBB modified by Przemo © 2003 phpBB Group - opowiadania
system walidacji dla gości opracował Petermechanic
Forum komputerowe
Strona wygenerowana w 0,25 sekundy. Zapytań do SQL: 10