Postąpiłam wg zaleceń miłych forumowiczów i podaję loga :

http://www.nopaste.pl/ocl

http://www.nopaste.pl/oco

Jeżeli ktoś ma chwilke aby się temu przyjrzeć, to będę wdzięczna

Pozdrawiam

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny.

Pozdrawiam Gutek

Pobierz The Avenger.W okienku, które się otworzy wklej:

kopiuj >> klikasz na Paste Script from Clipboard >> Execute >> Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.

Pokaż nowy log OTL.txt oraz log z czyszczenia.

Drobna poprawka:

@Gutek zapomniał o usunięciu usługi tego pól-Rootkita C:\WINDOWS\System32\drivers\ xsbbr.sys

(OTL nie pokazuje tej uslugi, bo nie jest w stanie jej zobaczyć)

więc do Avengera wklej ten tekst:

proszę, oto log po czyszczeniu :

OTL logfile created on: 2010-03-30 17:13:32 - Run 2

OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Właściciel\Pulpit

Windows XP Home Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

511,00 Mb Total Physical Memory | 227,00 Mb Available Physical Memory | 44,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 81,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19,53 Gb Total Space | 4,31 Gb Free Space | 22,04% Space Free | Partition Type: NTFS

Drive D: | 19,53 Gb Total Space | 11,05 Gb Free Space | 56,59% Space Free | Partition Type: NTFS

Drive E: | 35,45 Gb Total Space | 28,63 Gb Free Space | 80,77% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: KRZYSZTO-AD7D0D

Current User Name: Właściciel

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-03-29 21:04:15 | 000,555,520 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Właściciel\Pulpit\OTL.exe

PRC - [2010-02-02 23:45:50 | 014,252,952 | ---- | M] (Redefine Sp z o.o.) – C:\Program Files\ipla\ipla.exe

PRC - [2009-04-23 05:16:44 | 007,418,368 | ---- | M] (OpenOffice.org) – C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2009-04-23 05:15:34 | 007,424,000 | ---- | M] (OpenOffice.org) – C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2008-09-25 16:33:02 | 000,039,408 | ---- | M] (Google Inc.) – C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2008-05-02 06:15:46 | 000,015,872 | ---- | M] () – C:\Program Files\Unlocker\UnlockerAssistant.exe

PRC - [2007-06-13 15:23:49 | 001,034,752 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe

PRC - [2006-03-01 10:22:04 | 000,577,536 | R— | M] (Realtek Semiconductor Corp.) – C:\WINDOWS\SOUNDMAN.EXE

PRC - [2006-02-21 18:15:54 | 000,035,328 | ---- | M] () – D:\winamp\winampa.exe

PRC - [2005-09-24 07:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) – C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

========== Modules (SafeList) ==========

MOD - [2010-03-29 21:04:15 | 000,555,520 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Właściciel\Pulpit\OTL.exe

MOD - [2008-05-02 06:15:35 | 000,004,608 | ---- | M] () – C:\Program Files\Unlocker\UnlockerHook.dll

MOD - [2006-08-25 17:51:13 | 001,054,208 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] – -- (NMIndexingService)

SRV - [2007-02-05 11:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe – (SSScsiSV)

SRV - [2007-02-05 11:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe – (SonicStage Back-End Service)

SRV - [2006-12-14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe – (MSCSPTISRV)

SRV - [2006-12-14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe – (SPTISRV)

SRV - [2006-12-14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] – C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe – (PACSPTISVR)

SRV - [2005-11-14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe – (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2006-08-11 15:42:42 | 003,958,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\nv4_mini.sys – (nv)

DRV - [2006-03-31 08:38:48 | 003,960,896 | R— | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ALCXWDM.SYS – (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2006-02-23 05:39:06 | 000,011,264 | R— | M] (VIA Technologies,Inc) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\xfilt.sys – (xfilt)

DRV - [2006-02-23 05:38:32 | 000,009,728 | R— | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\videX32.sys – (videX32)

DRV - [2005-11-03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] – C:\WINDOWS\System32\drivers\sfvfs02.sys – (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV - [2005-08-10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] – C:\WINDOWS\System32\drivers\sfdrv01.sys – (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2005-05-16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] – C:\WINDOWS\System32\drivers\sfhlp02.sys – (sfhlp02) StarForce Protection Helper Driver (version 2.x)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU…\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = *.local

[2009-07-08 20:42:37 | 000,000,000 | —D | M] – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\extensions

[2009-07-08 20:42:37 | 000,000,000 | —D | M] (No name found) – C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\extensions{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2004-08-04 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10_userdata\ggbho.2.dll (GG Network S.A.)

O3 - HKLM…\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKCU…\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKCU…\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()

O4 - HKLM…\Run: [4shared Update] C:\Program Files\4shared Desktop\checkUpdate.exe (New IT Solutions)

O4 - HKLM…\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM…\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM…\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM…\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKLM…\Run: [WinampAgent] D:\winamp\winampa.exe ()

O4 - HKCU…\Run: [iPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe File not found

O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Download all 4shared files - C:\Program Files\4shared Desktop\down_all.htm ()

O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ … vc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl … rashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Java Plug-in 1.6.0_10)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-09-17 22:04:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [NTFS]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM…comfile [open] – “%1” %*

O35 - HKLM…exefile [open] – “%1” %*

O37 - HKLM…com [@ = ComFile] – “%1” %*

O37 - HKLM…exe [@ = exefile] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2010-03-30 17:05:20 | 000,000,000 | —D | C] – C:\WINDOWS\LastGood

[2010-03-30 17:01:19 | 000,000,000 | —D | C] – C:_OTL

[2010-03-30 16:53:12 | 000,000,000 | —D | C] – C:\Documents and Settings\Właściciel\Pulpit\avenger

[2010-03-30 16:49:00 | 000,000,000 | -HSD | C] – C:\RECYCLER

[2010-03-29 21:04:12 | 000,555,520 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\Właściciel\Pulpit\OTL.exe

[2010-03-29 09:36:45 | 000,000,000 | RHSD | C] – C:\cmdcons

[2010-03-29 09:34:00 | 000,212,480 | ---- | C] (SteelWerX) – C:\WINDOWS\SWXCACLS.exe

[2010-03-29 09:34:00 | 000,161,792 | ---- | C] (SteelWerX) – C:\WINDOWS\SWREG.exe

[2010-03-29 09:34:00 | 000,136,704 | ---- | C] (SteelWerX) – C:\WINDOWS\SWSC.exe

[2010-03-29 09:34:00 | 000,031,232 | ---- | C] (NirSoft) – C:\WINDOWS\NIRCMD.exe

[2010-03-29 09:33:42 | 000,000,000 | —D | C] – C:\WINDOWS\ERDNT

[2010-03-28 21:22:07 | 000,000,000 | —D | C] – C:\Config.Msi

[2010-03-27 08:57:44 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\OpenFM

[2010-03-27 08:57:39 | 000,000,000 | —D | C] – C:\Documents and Settings\Właściciel\Dane aplikacji\OpenFM

[2010-03-27 08:44:49 | 000,000,000 | —D | C] – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\cache

[2010-03-27 08:41:17 | 000,000,000 | —D | C] – C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10

[2010-03-16 19:29:21 | 000,000,000 | —D | C] – C:\Documents and Settings\Właściciel\Dane aplikacji\AnvSoft

[2010-03-16 18:50:10 | 000,008,704 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbdjpn.dll

[2010-03-16 18:50:10 | 000,008,704 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\kbdjpn.dll

[2010-03-16 18:50:10 | 000,008,192 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbdkor.dll

[2010-03-16 18:50:10 | 000,008,192 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\kbdkor.dll

[2010-03-16 18:50:09 | 000,006,144 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbd106.dll

[2010-03-16 18:50:09 | 000,006,144 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\kbd106.dll

[2010-03-16 18:50:09 | 000,006,144 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbd101c.dll

[2010-03-16 18:50:09 | 000,006,144 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\kbd101c.dll

[2010-03-16 18:50:09 | 000,005,632 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbd103.dll

[2010-03-16 18:50:09 | 000,005,632 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\kbd103.dll

[2010-03-16 18:50:06 | 000,006,144 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\kbd101b.dll

[2010-03-16 18:50:06 | 000,006,144 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\dllcache\kbd101b.dll

[2010-03-15 10:24:01 | 000,000,000 | —D | C] – C:\Documents and Settings\Właściciel\Dane aplikacji\vlc

[2010-03-12 09:49:15 | 000,000,000 | —D | C] – C:\Documents and Settings\Właściciel\Pulpit\metro

[2009-08-22 20:23:04 | 000,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\4shared.com

[2008-11-22 21:23:01 | 000,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple

[2008-09-23 23:41:36 | 000,000,000 | —D | M] – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\ESET

[2008-09-17 22:08:24 | 000,000,000 | —D | M] – C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2008-09-17 22:07:49 | 000,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2008-09-17 22:04:39 | 000,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2008-09-17 22:04:39 | 000,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

========== Files - Modified Within 30 Days ==========

[2010-03-30 17:15:45 | 000,804,864 | ---- | M] () – C:\WINDOWS\System32\drivers\xsbbr.sys

[2010-03-30 17:12:57 | 000,081,191 | ---- | M] () – C:\WINDOWS\System32\nvapps.xml

[2010-03-30 17:03:47 | 000,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT

[2010-03-30 17:03:44 | 000,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat

[2010-03-30 17:02:40 | 005,505,024 | ---- | M] () – C:\Documents and Settings\Właściciel\ntuser.dat

[2010-03-30 17:02:40 | 000,000,188 | -HS- | M] () – C:\Documents and Settings\Właściciel\ntuser.ini

[2010-03-30 16:51:08 | 000,724,952 | ---- | M] () – C:\Documents and Settings\Właściciel\Pulpit\avenger.zip

[2010-03-30 16:23:34 | 000,013,646 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl

[2010-03-29 22:48:48 | 004,807,390 | -H-- | M] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-03-29 21:04:15 | 000,555,520 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Właściciel\Pulpit\OTL.exe

[2010-03-29 10:35:18 | 000,000,227 | ---- | M] () – C:\WINDOWS\system.ini

[2010-03-29 09:36:52 | 000,000,281 | RHS- | M] () – C:\boot.ini

[2010-03-29 08:25:56 | 000,001,114 | ---- | M] () – C:\Documents and Settings\Właściciel\Pulpit\Complete IncrediMail Installation.lnk

[2010-03-28 17:51:06 | 000,000,036 | ---- | M] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\housecall.guid.cache

[2010-03-28 17:37:18 | 000,000,077 | ---- | M] () – C:\Documents and Settings\Właściciel\default.pls

[2010-03-28 17:37:09 | 000,000,069 | ---- | M] () – C:\WINDOWS\NeroDigital.ini

[2010-03-28 14:35:08 | 000,355,830 | ---- | M] () – C:\WINDOWS\System32\perfh015.dat

[2010-03-28 14:35:08 | 000,311,740 | ---- | M] () – C:\WINDOWS\System32\perfh009.dat

[2010-03-28 14:35:08 | 000,049,712 | ---- | M] () – C:\WINDOWS\System32\perfc015.dat

[2010-03-28 14:35:08 | 000,040,128 | ---- | M] () – C:\WINDOWS\System32\perfc009.dat

[2010-03-28 14:35:06 | 000,764,054 | ---- | M] () – C:\WINDOWS\System32\PerfStringBackup.INI

[2010-03-27 21:23:04 | 000,000,284 | ---- | M] () – C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010-03-26 20:39:18 | 000,000,020 | ---- | M] () – C:\WINDOWS\naglos.INI

[2010-03-24 19:43:37 | 000,012,288 | ---- | M] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-03-12 18:02:38 | 000,261,632 | ---- | M] () – C:\WINDOWS\PEV.exe

[2010-03-01 15:24:00 | 000,000,223 | ---- | M] () – C:\Documents and Settings\All Users\Pulpit\Mafia.lnk

========== Files Created - No Company Name ==========

[2010-03-30 16:50:59 | 000,724,952 | ---- | C] () – C:\Documents and Settings\Właściciel\Pulpit\avenger.zip

[2010-03-29 09:36:52 | 000,000,211 | ---- | C] () – C:\Boot.bak

[2010-03-29 09:36:47 | 000,262,400 | ---- | C] () – C:\cmldr

[2010-03-29 09:34:00 | 000,261,632 | ---- | C] () – C:\WINDOWS\PEV.exe

[2010-03-29 09:34:00 | 000,098,816 | ---- | C] () – C:\WINDOWS\sed.exe

[2010-03-29 09:34:00 | 000,080,412 | ---- | C] () – C:\WINDOWS\grep.exe

[2010-03-29 09:34:00 | 000,077,312 | ---- | C] () – C:\WINDOWS\MBR.exe

[2010-03-29 09:34:00 | 000,068,096 | ---- | C] () – C:\WINDOWS\zip.exe

[2010-03-28 17:51:06 | 000,000,036 | ---- | C] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\housecall.guid.cache

[2010-03-27 14:51:20 | 000,804,864 | ---- | C] () – C:\WINDOWS\System32\drivers\xsbbr.sys

[2010-03-26 20:39:18 | 000,000,020 | ---- | C] () – C:\WINDOWS\naglos.INI

[2010-03-14 21:59:16 | 000,000,069 | ---- | C] () – C:\WINDOWS\NeroDigital.ini

[2010-03-08 14:15:00 | 000,001,114 | ---- | C] () – C:\Documents and Settings\Właściciel\Pulpit\Complete IncrediMail Installation.lnk

[2010-03-01 15:24:00 | 000,000,223 | ---- | C] () – C:\Documents and Settings\All Users\Pulpit\Mafia.lnk

[2009-11-17 20:29:59 | 000,532,480 | ---- | C] () – C:\WINDOWS\System32\CddbPlaylist2Sony.dll

[2009-10-27 20:33:17 | 000,076,407 | ---- | C] () – C:\Documents and Settings\Właściciel\Dane aplikacji\Smiley.ico

[2009-10-13 17:37:23 | 000,178,176 | ---- | C] () – C:\WINDOWS\System32\unrar.dll

[2008-11-29 14:47:41 | 000,010,240 | ---- | C] () – C:\WINDOWS\System32\vidx16.dll

[2008-11-29 12:14:24 | 000,047,104 | ---- | C] () – C:\WINDOWS\System32\KMVIDC32.DLL

[2008-10-20 18:50:15 | 000,000,000 | ---- | C] () – C:\WINDOWS\Viewer.INI

[2008-09-19 19:26:53 | 000,012,288 | ---- | C] () – C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-09-19 17:52:51 | 000,135,168 | R— | C] () – C:\WINDOWS\System32\RTLCPAPI.dll

[2008-09-17 22:19:40 | 000,114,688 | ---- | C] () – C:\WINDOWS\System32\WLANUTL.dll

[2006-08-11 15:45:20 | 000,581,632 | ---- | C] () – C:\WINDOWS\System32\nvhwvid.dll

[2006-08-11 15:43:10 | 000,196,608 | ---- | C] () – C:\WINDOWS\System32\nvapi.dll

[2006-08-11 15:43:00 | 001,662,976 | ---- | C] () – C:\WINDOWS\System32\nvwdmcpl.dll

[2006-08-11 15:43:00 | 001,470,464 | ---- | C] () – C:\WINDOWS\System32\nview.dll

[2006-08-11 15:43:00 | 001,019,904 | ---- | C] () – C:\WINDOWS\System32\nvwimg.dll

[2006-08-11 15:43:00 | 000,466,944 | ---- | C] () – C:\WINDOWS\System32\nvshell.dll

[2006-08-11 15:43:00 | 000,286,720 | ---- | C] () – C:\WINDOWS\System32\nvnt4cpl.dll

< End of report >

A to log z Avengera :

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File “C:\WINDOWS\System32\drivers\xsbbr.sys” deleted successfully.

Error: file “C:\Documents and Settings\NetworkService\Dane aplikacji\jasltw.dat” not found!

Deletion of file “C:\Documents and Settings\NetworkService\Dane aplikacji\jasltw.dat” failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

–> the object does not exist

Error: file “C:\Documents and Settings\Właściciel\Dane aplikacji\avdrn.dat” not found!

Deletion of file “C:\Documents and Settings\Właściciel\Dane aplikacji\avdrn.dat” failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

–> the object does not exist

Driver “xsbbr” deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Chyba jest o.k bo komputer śmiga jak dawniej

Dzięki za pomoc i pozdrawiam

Aha, tego pól-Rootkita też chyba usunęło.

Jeszcze raz dzięki!

Co było wpierw robione: Avenger czy OTL?

Bo w logu dalej widać tego pół-Rootkita.

Ściągnij -->Avenger.

wklej do niego ten tekst:

Files to delete:

C:\WINDOWS\System32\drivers\xsbbr.sys


Drivers to delete:

xsbbr

Kliknij w " Execute" i zatwierdź restart komputera.

Zrestartuj komputer.

Daj Raport z Avengera z C:\avenger.txt.

Oraz nowy log z OTL.

Log wklej na http://wklejto.pl/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów

jessi

ona34 ,

Dlaczego ignorujesz zalecenie ? :?

Popraw tytuł na konkretny, mówiący o problemie, w przeciwnym wypadku temat zaliczy Kosz.

Więcej uwag nie będzie.