Skocz do zawartości

Kameelll

Stały użytkownik
 Pokaż profil  Zobacz aktywność

  • Postów

    11

  • Dołączył

  • Ostatnia wizyta

Osiągnięcia Kameelll

Newbie

Newbie (1/14)

0

Reputacja

  1. Kameelll
    Podczas próby uruchomienia systemu awaryjnego na początku lądują się jakieś pliki a po chwili wyskakuje mi napis "Press ESC to cancel loading STPD.sys" naciskam ESC, nic się nie dzieje i pozostaje tylko restart komputera...
  2. Kameelll
    To jak skończy mi się skanować system avirą to włączę tryb awaryjny z wierszem poleceń i będę uruchamiał z TC.
  3. Kameelll
    Nie mam możliwości podpięcia dysku do innego kompa, który ma Avirę. U siebie odinstalowałem Kaspersky Internet Security, zainstalowałem Avirę, Outpoust Firewall Pro oraz Anti Trojan Elite. Z konsoli odzyskiwania usunąłem ten isyriy.sys, oraz avast!UpdateAgent(Avira wywalał ze jest to trojan, ale nie mógł go usunąć ani nic z nim zrobić). Teraz robie skany Anti Trojan Elite a później włączę skan Avirą.
  4. Kameelll
    Usunąłem go z konsoli odzyskiwania. Użyć teraz CFScript'a z ComboFixem czy OTL?
  5. Kameelll
    Nic z tego. Podczas "Moving file C:\WINDOWS\system32\drivers\isyriy.sys" OTL zawiesza się (pojawia się napis brak odpowiedzi) i pozostaje tylko reset komputera:(
  6. Kameelll
    z C:\WINDOWS\system32\drivers\isyriy.sys nie da się usunać, wyskakuje że jest to plik systemowy(bla,bla,bla) naciskam żeby usunęło i nic sie nie dzieje. A w C:\Documents and Settings\Zygmunt\Menu Start\Programy\Autostart\ikowin32.exe nie pokazuje mi ikowin32.exe Zaraz dam loga z combofixa. EDIT:// Nie mogę wejść do trybu awaryjnego, podcza uruchamiania naciskam F8 wybieram tryb awaryjny, ładują sie jakieś pliki, a poźniej na dle wyskakuje "Press ESC to cancel loading SPTD.sys" naciskam ESC i w lewym górnym rogu pojawia się znak "_" miga i nic się nie dzieje :/
  7. Kameelll
    » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - LOG z RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by Zygmunt at 2009-08-27 20:11:08 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive C: has 29 GB (49%) free of 60 GB Total RAM: 1023 MB (54% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:11:10, on 2009-08-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\avast!UpdateAgent.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Zygmunt\Pulpit\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Zygmunt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8A4395DC-5696-4E0B-8BC2-4C3257ECE987}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast!UpdateAgent.exe - Unknown owner - C:\WINDOWS\System32\avast!UpdateAgent.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Usługa Google Update (gupdate1ca0ab8ed296efa) (gupdate1ca0ab8ed296efa) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5651 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}] PDF-XChange Viewer IE-Plugin - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll [2009-08-14 1093400] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2003-09-05 878080] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-10 148888] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-04-17 16143872] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-24 208616] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "AutoConnect"=C:\Program Files\AutoConnect\AutoConnect.exe [2004-08-28 295424] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] C:\Program Files\Alcohol Soft\aaAlcohol 120\axcmd.exe [2009-04-24 203928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe [2009-06-12 5047808] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-05-28 10486376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe [2005-11-23 1060864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2009-06-26 25604904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe [2009-07-12 5113430] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isyriy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\isyriy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoSMMyPictures"=1 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander" "C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\Program Files\Midway Home Entertainment\Rise and Fall\RiseAndFall.exe"="C:\Program Files\Midway Home Entertainment\Rise and Fall\RiseAndFall.exe:*:Enabled:Rise And Fall" "E:\Civilization IV\Civilization4.exe"="E:\Civilization IV\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "E:\Blood Bowl\BB.exe"="E:\Blood Bowl\BB.exe:*:Enabled:Blood Bowl" "E:\Blood Bowl\Autorun\Exe\Autorun.exe"="E:\Blood Bowl\Autorun\Exe\Autorun.exe:*:Enabled:Blood Bowl - AutoRun" "E:\Earth 2160\Earth2160_NO_SSE.exe"="E:\Earth 2160\Earth2160_NO_SSE.exe:*:Enabled:Earth 2160" "E:\Earth 2160\Earth2160_SSE.exe"="E:\Earth 2160\Earth2160_SSE.exe:*:Enabled:Earth 2160" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2009-08-27 20:09:14 ----D---- C:\Program Files\SkanerOnline 2009-08-27 16:58:01 ----A---- C:\WINDOWS\system32\msonpmon.dll 2009-08-27 16:55:52 ----D---- C:\Program Files\Microsoft Works 2009-08-27 16:55:41 ----D---- C:\Program Files\MSBuild 2009-08-27 16:55:18 ----D---- C:\Program Files\Microsoft Visual Studio 2009-08-27 16:55:17 ----D---- C:\Program Files\Common Files\DESIGNER 2009-08-27 16:54:29 ----D---- C:\Program Files\Microsoft.NET 2009-08-27 16:52:34 ----D---- C:\Program Files\Microsoft Visual Studio 8 2009-08-27 16:51:40 ----D---- C:\WINDOWS\SHELLNEW 2009-08-27 16:51:10 ----D---- C:\Program Files\Microsoft Office 2009-08-27 16:51:08 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2009-08-27 16:50:34 ----RHD---- C:\MSOCache 2009-08-26 22:28:37 ----A---- C:\Boot.bak 2009-08-26 22:28:33 ----RASHD---- C:\cmdcons 2009-08-26 22:26:58 ----A---- C:\WINDOWS\zip.exe 2009-08-26 22:26:58 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-08-26 22:26:58 ----A---- C:\WINDOWS\SWSC.exe 2009-08-26 22:26:58 ----A---- C:\WINDOWS\SWREG.exe 2009-08-26 22:26:58 ----A---- C:\WINDOWS\sed.exe 2009-08-26 22:26:58 ----A---- C:\WINDOWS\PEV.exe 2009-08-26 22:26:58 ----A---- C:\WINDOWS\NIRCMD.exe 2009-08-26 22:26:58 ----A---- C:\WINDOWS\grep.exe 2009-08-26 22:26:49 ----SD---- C:\ComboFix 2009-08-26 22:26:49 ----A---- C:\WINDOWS\system32\CF11516.exe 2009-08-25 20:13:50 ----D---- C:\WINDOWS\Minidump 2009-08-25 19:02:49 ----D---- C:\rsit 2009-08-25 18:56:48 ----D---- C:\WINDOWS\ERDNT 2009-08-25 18:56:11 ----D---- C:\Qoobox 2009-08-25 18:51:50 ----D---- C:\Program Files\Trend Micro 2009-08-25 14:14:54 ----A---- C:\WINDOWS\system32\avast!UpdateAgent.exe 2009-08-24 18:44:51 ----D---- C:\Program Files\Techland 2009-08-23 19:59:18 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Vidalia 2009-08-23 19:41:03 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Tor 2009-08-23 19:41:02 ----D---- C:\Program Files\Vidalia Bundle 2009-08-22 21:39:38 ----D---- C:\totalcmd 2009-08-22 21:39:38 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\GHISLER 2009-08-20 22:11:07 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google 2009-08-20 22:11:02 ----D---- C:\Program Files\IrfanView 2009-08-20 14:10:36 ----D---- C:\WINDOWS\speech 2009-08-20 14:10:22 ----D---- C:\Program Files\ivo 2009-08-20 13:37:44 ----D---- C:\Program Files\Tracker Software 2009-08-15 11:52:29 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Black Sea Studios 2009-08-14 23:09:41 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\AdobeUM 2009-08-12 22:35:15 ----D---- C:\Program Files\PhotoFiltre 2009-08-12 12:33:27 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts 2009-08-11 21:32:18 ----D---- C:\WINDOWS\system32\appmgmt 2009-08-11 21:26:00 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Hide IP NG 2009-08-11 16:36:29 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\SPORE 2009-08-10 18:32:24 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\CityInteractive 2009-08-04 13:39:52 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\My Games ======List of files/folders modified in the last 1 months====== 2009-08-27 20:11:04 ----D---- C:\WINDOWS\Temp 2009-08-27 20:09:14 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-08-27 20:09:14 ----RD---- C:\Program Files 2009-08-27 20:09:13 ----D---- C:\WINDOWS\system32 2009-08-27 20:09:12 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-27 20:06:08 ----D---- C:\Program Files\Mozilla Firefox 2009-08-27 19:54:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-27 19:50:59 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2009-08-27 19:50:49 ----D---- C:\Program Files\AutoConnect 2009-08-27 17:22:51 ----SD---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Microsoft 2009-08-27 16:58:21 ----SHD---- C:\WINDOWS\Installer 2009-08-27 16:58:11 ----RSD---- C:\WINDOWS\assembly 2009-08-27 16:57:43 ----D---- C:\WINDOWS\system32\config 2009-08-27 16:55:47 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-08-27 16:55:44 ----D---- C:\WINDOWS\WinSxS 2009-08-27 16:55:17 ----D---- C:\Program Files\Common Files 2009-08-27 16:54:51 ----RSD---- C:\WINDOWS\Fonts 2009-08-27 16:54:30 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2009-08-27 16:52:10 ----A---- C:\WINDOWS\win.ini 2009-08-27 16:52:07 ----D---- C:\Program Files\Common Files\System 2009-08-27 16:51:40 ----D---- C:\WINDOWS 2009-08-27 16:51:10 ----HD---- C:\WINDOWS\inf 2009-08-27 09:52:21 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-26 22:29:04 ----D---- C:\WINDOWS\system32\drivers 2009-08-26 22:28:37 ----RASH---- C:\boot.ini 2009-08-25 18:41:19 ----D---- C:\Program Files\Google 2009-08-25 18:38:22 ----SD---- C:\WINDOWS\Tasks 2009-08-25 18:36:28 ----A---- C:\WINDOWS\system.ini 2009-08-25 18:36:27 ----D---- C:\WINDOWS\pss 2009-08-25 14:15:04 ----D---- C:\WINDOWS\Prefetch 2009-08-24 21:54:20 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Skype 2009-08-24 20:20:26 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\skypePM 2009-08-22 21:17:37 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Nowe Gadu-Gadu 2009-08-21 12:23:24 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Google 2009-08-16 15:16:59 ----D---- C:\Program Files\ArtMoney 2009-08-12 12:31:42 ----D---- C:\Program Files\Electronic Arts 2009-08-12 09:15:27 ----HD---- C:\Program Files\InstallShield Installation Information 2009-08-11 16:33:12 ----A---- C:\WINDOWS\system32\CmdLineExt.dll 2009-08-11 13:54:50 ----D---- C:\WINDOWS\system32\DirectX 2009-08-10 22:29:16 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-10 19:48:21 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\BESTplayer 2009-08-10 17:16:14 ----D---- C:\WINDOWS\system32\mui 2009-08-10 17:16:14 ----D---- C:\Program Files\Internet Explorer 2009-08-05 20:09:23 ----D---- C:\Program Files\Alcohol Soft 2009-08-04 10:57:48 ----D---- C:\WINDOWS\system32\Macromed 2009-08-04 10:57:40 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Macromedia ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-07-24 226832] R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-09-05 53600] R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-09-05 70624] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616] R3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-07-25 25280] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] S1 6602d2ea;6602d2ea; C:\WINDOWS\System32\drivers\6602d2ea.sys [] S2 isyriy;isyriy; C:\WINDOWS\system32\drivers\isyriy.sys [2009-08-25 243712] S2 ljaygr;ljaygr; \??\C:\WINDOWS\system32\Drivers\ljaygr.sys [] S3 a07piitd;a07piitd; C:\WINDOWS\system32\drivers\a07piitd.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\Zygmunt\USTAWI~1\Temp\catchme.sys [] S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 mbamswissarmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192] R2 avast!UpdateAgent.exe;avast!UpdateAgent.exe; C:\WINDOWS\System32\avast!UpdateAgent.exe [2009-08-25 36864] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-24 208616] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-10 152984] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920] S2 gupdate1ca0ab8ed296efa;Usługa Google Update (gupdate1ca0ab8ed296efa); C:\Program Files\Google\Update\GoogleUpdate.exe /svc [] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- EDIT:// Pomoże mi ktoś czy nie?! Skanowałem komputer Kasperskym Internet Security 8, Malvarebytes i MKS-virem i za każdym razem skanowanie zatrzymuje się na C:/WINDOWS/system32/drivers/isapnp.sys lub C:/WINDOWS/system32/drivers/ipsec.sys ....
  8. Kameelll
    No i jest coś nie tak... zrobiłem wszystko tak jak piszesz i od 30 minut stoi na "Ukończono etap_17". I nawet nie da się tego wyłączyć 8O Dziwne że podczas skanowania Malvarebytes i Kasperskym też w pewnym momencie się zawiesza i nie idzie dalej... EDIT:// Zapomniałem doda że po uruchomieniu komputera w menedżerze zadań jest avast!UpdateAgent, chociaż wywaliłem go HijackThisem(nie mialem avasta)
  9. Kameelll
    HijackThisem usunałem ale nie wiem co mam zrobic tym ComboFixem 8O
  10. Kameelll
    Hmmm... teraz juz nie pokazuje się ze jest trojan bo HijackThisem usunąłem AvastUpdterAgent(nie wiem skąd to się wzięło bo nigdy nie miałem avasta), ale w kasperskym tak jak wtedy skanowanie zatrzymuje się na : c:\windows\system32\drivers\hdaudbus.sys//PE_Patch Ps. To co zrobić z tym ikowin32.exe ?
  11. Kameelll
    Kaspersky Internet Security wykrywa mi trojana na kompie i pisze że po ponownym uruchomieniu wirus zostanie skasowany, problem w tym że i Kaspersy i Malvarebytes w trakcie skanowania zaiweszają się a po resecie wirus nadal istnieje. Zamieszczam logi z HijackThis. HijackThis » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:52:01, on 2009-08-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (file missing) O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing) O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: ikowin32.exe O8 - Extra context menu item: dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8A4395DC-5696-4E0B-8BC2-4C3257ECE987}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\ mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\ KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast!UpdateAgent.exe - Unknown owner - C:\WINDOWS\System32\avast!UpdateAgent.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Usługa Google Update (gupdate1ca0ab8ed296efa) (gupdate1ca0ab8ed296efa) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5360 bytes logi z RSIT » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - LOG info.txt logfile of random's system information tool 1.06 2009-08-25 19:02:57 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 4Story 1.5-->"E:\4Story\unins000.exe" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A70000000000} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Advent Rising-->D:\[gluteus maximus] sraka\System\Setup.exe uninstall "Advent" Aktualizator Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Angielski w pigułce 3.0-->"D:\English Translator 3\Angielski w pigulce 3.0\unins000.exe" Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe ArtMoney SE v7.31-->"C:\Program Files\ArtMoney\Uninstall\unins000.exe" ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean AutoConnect v0.1.2.5-->C:\Program Files\AutoConnect\uninst.exe Cheat Engine 5.5-->"C:\Program Files\Cheat Engine\unins000.exe" EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe Earth 2160-->E:\EARTH2~1\Uninstall_Earth2160.exe /U E:\EARTH2~1\install.log ffdshow [rev 3029] [2009-07-10]-->"C:\Program Files\ffdshow\unins000.exe" GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.39\Installer\setup.exe" --uninstall --system-level Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst. exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe IVONA - syntezator mowy, wersja rehabilitacyjna-->C:\Program Files\ivo\Ivona_Rehab-1.0\UsunIvonaRehab.exe Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} Knights of Honor - patch polonizujący 1.05-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver. exe /M{F6D8E60A-D3E1-4BF0-BEDE-3DF57D99A21E} Knights of Honor-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver. exe /M{D51E56E9-2FD4-45EA-BC5F-806AD9B87945} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Nowe Gadu-Gadu-->C:\Program Files\Nowe Gadu-Gadu\Uninstall.exe PDF-Viewer-->"C:\Program Files\Tracker Software\PDF Viewer\unins000.exe" PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe" Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\ Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\ Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly Skype web features-->MsiExec.exe /I{F1362843-0E0E-4F74-8662-724CF101ADCE} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Sp5-->MsiExec.exe /I{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C} Sp5Intl-->MsiExec.exe /I{FD4B33E1-24AE-4535-AA7B-162B30FB57CD} Sp5TTInt-->MsiExec.exe /I{E415C943-37E5-473F-8BAE-043C56734124} SpCommon-->MsiExec.exe /I{6C3959C6-943E-44B3-BAAD-570B04B134E5} SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel SPORE™ — śmieszne i straszne części stworów-->"C:\Program Files\InstallShield Installation Information\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\SPORE_BP1Setup.exe" -runfromtemp -l0x0015 -removeonly SpPhones-->MsiExec.exe /I{4DFF1415-4C29-44A8-BFD4-2BCE249C4991} TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe UEFA EURO 2008™-->MsiExec.exe /X{94894501-EC12-432B-B8E2-AA8470CC6266} Uplink-->MsiExec.exe /X{3546E51D-9682-41E3-B7E8-8E01727F8936} VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver. exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} WapSter AQQ-->C:\Program Files\WapSter\WapSter AQQ\uninstall.exe ======Hosts File====== 127.0.0.1 serial.alcohol-soft.com 127.0.0.1 www.alcohol-soft.com 127.0.0.1 images.alcohol-soft.com 127.0.0.1 trial.alcohol-soft.com 127.0.0.1 alcohol-soft.com ======System event log====== Computer Name: KOMPUTER-A47909 Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 3968 Source Name: Cdrom Time Written: 20090811140457.000000+120 Event Type: błąd User: Computer Name: KOMPUTER-A47909 Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 3967 Source Name: Cdrom Time Written: 20090811140457.000000+120 Event Type: błąd User: Computer Name: KOMPUTER-A47909 Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 3966 Source Name: Cdrom Time Written: 20090811140457.000000+120 Event Type: błąd User: Computer Name: KOMPUTER-A47909 Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 3965 Source Name: Cdrom Time Written: 20090811140457.000000+120 Event Type: błąd User: Computer Name: KOMPUTER-A47909 Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 3964 Source Name: Cdrom Time Written: 20090811140457.000000+120 Event Type: błąd User: =====Application event log===== Computer Name: KOMPUTER-A47909 Event Code: 105 Message: The service was started. Record Number: 1337 Source Name: ATI Smart Time Written: 20090819140454.000000+120 Event Type: informacje User: Computer Name: KOMPUTER-A47909 Event Code: 1517 Message: System Windows zapisał rejestr użytkownika KOMPUTER-A47909\Zygmunt, kiedy aplikacja lub usługa nadal użytkowała rejestr podczas wylogowania. Pamięć używana przez rejestr użytkownika nie została zwolniona. Rejestr zostanie zwolniony, kiedy nie będzie używany. Najczęstszą tego przyczyną są usługi uruchamiane z konta użytkownika. Próbuj skonfigurować te usługi, aby były uruchamiane z konta LocalService lub NetworkService. Record Number: 1336 Source Name: Userenv Time Written: 20090819135929.000000+120 Event Type: ostrzeżenie User: ZARZĄDZANIE NT\SYSTEM Computer Name: KOMPUTER-A47909 Event Code: 0 Message: Record Number: 1335 Source Name: gusvc Time Written: 20090819125000.000000+120 Event Type: informacje User: Computer Name: KOMPUTER-A47909 Event Code: 0 Message: Record Number: 1334 Source Name: gusvc Time Written: 20090819124900.000000+120 Event Type: informacje User: Computer Name: KOMPUTER-A47909 Event Code: 0 Message: Record Number: 1333 Source Name: gusvc Time Written: 20090819102113.000000+120 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel "PROCESSOR_REVISION"=0407 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - LOG C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Zygmunt\Pulpit\OTL.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Documents and Settings\Zygmunt\Pulpit\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Zygmunt.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (file missing) O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing) O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: ikowin32.exe O8 - Extra context menu item: dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8A4395DC-5696-4E0B-8BC2-4C3257ECE987}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast!UpdateAgent.exe - Unknown owner - C:\WINDOWS\System32\avast!UpdateAgent.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Usługa Google Update (gupdate1ca0ab8ed296efa) (gupdate1ca0ab8ed296efa) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 5439 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}] PDF-XChange Viewer IE-Plugin - C:\Program Files\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll [2009-08-14 1093400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2003-09-05 878080] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-10 148888] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-04-17 16143872] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "Regedit32"=C:\WINDOWS\system32\regedit.exe [] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-24 208616] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "AutoConnect"=C:\Program Files\AutoConnect\AutoConnect.exe [2004-08-28 295424] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] C:\Program Files\Alcohol Soft\aaAlcohol 120\axcmd.exe [2009-04-24 203928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ] C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe [2009-06-12 5047808] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Antivirus 2010] C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe /hide [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu] C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-05-28 10486376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe [2005-11-23 1060864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2009-06-26 25604904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe [2009-07-12 5113430] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Zygmunt^Menu Start^Programy^Autostart^ikowin32.exe] C:\Documents and Settings\Zygmunt\Menu Start\Programy\Autostart\ikowin32.exe [2004-08-04 23040] C:\Documents and Settings\Zygmunt\Menu Start\Programy\Autostart ikowin32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-02-26 126976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isyriy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\isyriy] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoSMMyPictures"=1 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\ firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled: @xpsp2res.dll,-22019" "C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander" "C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu" "C:\Program Files\Midway Home Entertainment\Rise and Fall\RiseAndFall.exe"="C:\Program Files\Midway Home Entertainment\Rise and Fall\RiseAndFall.exe:*:Enabled:Rise And Fall" "E:\Civilization IV\Civilization4.exe"="E:\Civilization IV\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "E:\Blood Bowl\BB.exe"="E:\Blood Bowl\BB.exe:*:Enabled:Blood Bowl" "E:\Blood Bowl\Autorun\Exe\Autorun.exe"="E:\Blood Bowl\Autorun\Exe\Autorun.exe:*:Enabled:Blood Bowl - AutoRun" "E:\Earth 2160\Earth2160_NO_SSE.exe"="E:\Earth 2160\Earth2160_NO_SSE.exe:*:Enabled:Earth 2160" "E:\Earth 2160\Earth2160_SSE.exe"="E:\Earth 2160\Earth2160_SSE.exe:*:Enabled:Earth 2160" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\ services.exe:*:Enabled:services" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\ firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled: @xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2009-08-25 19:02:49 ----D---- C:\rsit 2009-08-25 18:56:48 ----D---- C:\WINDOWS\ERDNT 2009-08-25 18:56:47 ----SD---- C:\ComboFix 2009-08-25 18:56:11 ----D---- C:\Qoobox 2009-08-25 18:51:50 ----D---- C:\Program Files\Trend Micro 2009-08-25 14:14:54 ----A---- C:\WINDOWS\system32\avast!UpdateAgent.exe 2009-08-24 18:44:51 ----D---- C:\Program Files\Techland 2009-08-23 19:59:18 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Vidalia 2009-08-23 19:41:03 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Tor 2009-08-23 19:41:02 ----D---- C:\Program Files\Vidalia Bundle 2009-08-22 21:39:38 ----D---- C:\totalcmd 2009-08-22 21:39:38 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\GHISLER 2009-08-20 22:11:07 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google 2009-08-20 22:11:02 ----D---- C:\Program Files\IrfanView 2009-08-20 14:10:36 ----D---- C:\WINDOWS\speech 2009-08-20 14:10:22 ----D---- C:\Program Files\ivo 2009-08-20 13:37:44 ----D---- C:\Program Files\Tracker Software 2009-08-15 11:52:29 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Black Sea Studios 2009-08-14 23:09:41 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\AdobeUM 2009-08-12 22:35:15 ----D---- C:\Program Files\PhotoFiltre 2009-08-12 12:33:27 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts 2009-08-11 21:32:18 ----D---- C:\WINDOWS\system32\appmgmt 2009-08-11 21:26:00 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Hide IP NG 2009-08-11 16:36:29 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\SPORE 2009-08-10 18:32:24 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\CityInteractive 2009-08-04 13:39:52 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\My Games 2009-07-26 14:33:08 ----A---- C:\WINDOWS\War3Unin.exe ======List of files/folders modified in the last 1 months====== 2009-08-25 19:02:54 ----D---- C:\WINDOWS\Temp 2009-08-25 19:02:06 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2009-08-25 18:57:32 ----D---- C:\WINDOWS 2009-08-25 18:57:27 ----D---- C:\WINDOWS\system32 2009-08-25 18:51:50 ----RD---- C:\Program Files 2009-08-25 18:48:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-25 18:44:27 ----D---- C:\Program Files\Mozilla Firefox 2009-08-25 18:44:13 ----D---- C:\Program Files\AutoConnect 2009-08-25 18:42:38 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-25 18:41:19 ----D---- C:\Program Files\Google 2009-08-25 18:38:22 ----SD---- C:\WINDOWS\Tasks 2009-08-25 18:36:28 ----SH---- C:\boot.ini 2009-08-25 18:36:28 ----A---- C:\WINDOWS\win.ini 2009-08-25 18:36:28 ----A---- C:\WINDOWS\system.ini 2009-08-25 18:36:27 ----D---- C:\WINDOWS\pss 2009-08-25 17:08:58 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-25 14:15:04 ----D---- C:\WINDOWS\Prefetch 2009-08-25 14:15:00 ----D---- C:\WINDOWS\system32\drivers 2009-08-25 14:12:48 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-08-25 14:12:48 ----HD---- C:\WINDOWS\inf 2009-08-24 21:54:20 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Skype 2009-08-24 20:20:26 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\skypePM 2009-08-24 18:44:56 ----SHD---- C:\WINDOWS\Installer 2009-08-22 21:17:37 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Nowe Gadu-Gadu 2009-08-21 12:23:24 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Google 2009-08-20 14:12:55 ----SD---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Microsoft 2009-08-16 15:16:59 ----D---- C:\Program Files\ArtMoney 2009-08-12 12:31:42 ----D---- C:\Program Files\Electronic Arts 2009-08-12 09:15:27 ----HD---- C:\Program Files\InstallShield Installation Information 2009-08-11 16:33:12 ----A---- C:\WINDOWS\system32\CmdLineExt.dll 2009-08-11 13:54:44 ----D---- C:\WINDOWS\system32\DirectX 2009-08-10 22:29:16 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-10 19:48:21 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\BESTplayer 2009-08-10 18:32:16 ----RSD---- C:\WINDOWS\assembly 2009-08-10 17:16:46 ----D---- C:\WINDOWS\WinSxS 2009-08-10 17:16:14 ----D---- C:\WINDOWS\system32\mui 2009-08-10 17:16:14 ----D---- C:\Program Files\Internet Explorer 2009-08-05 20:09:23 ----D---- C:\Program Files\Alcohol Soft 2009-08-04 14:27:51 ----RSD---- C:\WINDOWS\Fonts 2009-08-04 10:57:48 ----D---- C:\WINDOWS\system32\Macromed 2009-08-04 10:57:40 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\Macromedia 2009-07-26 21:49:59 ----D---- C:\Documents and Settings\Zygmunt\Dane aplikacji\teamspeak2 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-07-24 226832] R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-09-05 53600] R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-09-05 70624] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616] R3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-07-25 25280] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 mbamswissarmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480] S2 isyriy;isyriy; C:\WINDOWS\system32\drivers\isyriy.sys [2009-08-25 243712] S3 af4f340i;af4f340i; C:\WINDOWS\system32\drivers\af4f340i.sys [] S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] S3 usbprint;Klasa PRINTER USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-26 520192] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-07-24 208616] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-10 152984] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920] S2 avast!UpdateAgent.exe;avast!UpdateAgent.exe; C:\WINDOWS\System32\avast!UpdateAgent.exe [2009-08-25 36864] S2 gupdate1ca0ab8ed296efa;Usługa Google Update (gupdate1ca0ab8ed296efa); C:\Program Files\Google\Update\GoogleUpdate.exe /svc [] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] -----------------EOF-----------------
×
×
  • Dodaj nową pozycję...