Skocz do zawartości
Zepop

Restart Kompa

Rekomendowane odpowiedzi

Witam, od jakiegoś czasu komputer mi się restartuje po kilkunastu minutach (w trybie awaryjnym się nie restartuje). Na dodatek NOD32 padł i nie mogę go uruchomić ponieważ wyskakuję "Nie można połączyć z jądrem" - to samo mam gdy próbuje ponownie zainstalować. Czyli tak:

 

1. Co mam zrobić z tym restartowaniem? (wiem że to na bank nie wina sprzętu)

2. Jak przywrócić do życia NOD32? (restart zaczął się wtedy gdy nod padł)

 

Prosiłbym o szybką pomoc. Jak coś to loga z hijacka nie wkleję bo nie chce się program uruchomić.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

O to log z OTviewIt:

(Extras.txt też mam dać?)

 

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - LOG
OTViewIt logfile created on: 2009-04-26 21:20:32 - Run 5

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Gohan\Pulpit

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = )

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

191,23 Mb Total Physical Memory | 63,61 Mb Available Physical Memory | 33,26% Memory free

1,05 Gb Paging File | 0,83 Gb Available in Paging File | 79,23% Paging File free

Paging file location(s): C:\pagefile.sys 450 765;D:\pagefile.sys 450 765;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 35,46 Gb Total Space | 10,56 Gb Free Space | 29,79% Space Free | Partition Type: NTFS

Drive D: | 39,06 Gb Total Space | 18,80 Gb Free Space | 48,13% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: XXX-Y62FDI51OLJ

Current User Name: Gohan

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2008-01-14 16:23:48 | 00,081,920 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe

[2008-03-03 16:18:28 | 00,204,800 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe

[2006-10-19 22:43:24 | 00,282,624 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\bdmcon.exe

[2006-10-11 18:22:18 | 00,049,152 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\bdagent.exe

[2006-09-01 16:57:48 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe

[2009-03-08 12:31:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe

[2004-08-13 18:41:26 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe

[2008-08-04 01:02:20 | 00,036,352 | ---- | M] () -- D:\Program Files\Winamp\winampa.exe

[2004-08-22 17:05:02 | 00,081,920 | ---- | M] (DAEMON'S HOME) -- D:\Program Files\D-Tools\daemon.exe

[2008-04-17 15:14:00 | 00,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[2008-04-17 15:14:00 | 00,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

[2007-03-06 11:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

[2009-03-08 12:31:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

[2003-02-21 14:16:16 | 00,061,440 | ---- | M] (Tracker Software Products) -- C:\WINDOWS\system32\PDFSaver.exe

[2006-03-03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

[2007-03-03 14:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

[2006-11-09 13:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

[2007-01-09 15:17:26 | 00,233,472 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

[2007-03-08 18:29:14 | 00,081,920 | ---- | M] () -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

[2007-01-31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

[2006-11-23 12:24:40 | 00,389,120 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\vsserv.exe

[2004-08-04 01:44:26 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe

[2005-05-26 05:16:34 | 00,125,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2004-08-04 01:44:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

[2009-04-26 21:12:39 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gohan\Pulpit\OTViewIt.exe

[2009-04-26 21:20:05 | 00,032,284 | ---- | M] () -- C:\WINDOWS\Temp\BND.tmp

 

========== (O23) Win32 Services ==========

 

[2008-04-17 15:14:00 | 00,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])

[2005-09-23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2007-03-08 18:29:14 | 00,081,920 | ---- | M] () -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe -- (bdss [Auto | Running])

[2007-03-06 11:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])

[2007-01-31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])

[2005-09-23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

File not found -- -- (FirebirdServerMAGIXInstance [On_Demand | Stopped])

[2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2009-03-08 12:31:16 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2007-01-09 15:17:26 | 00,233,472 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])

[2009-04-17 15:33:14 | 00,324,016 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mks_services.exe -- (mks_services [Auto | Stopped])

[2003-07-28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2006-03-03 22:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [unknown | Running])

[2007-03-03 14:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])

[2006-11-23 12:24:40 | 00,389,120 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\vsserv.exe -- (VSSERV [Auto | Running])

[2006-12-01 12:46:28 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[2006-11-09 13:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM [Auto | Running])

 

========== Driver Services ==========

 

[2004-08-04 00:14:16 | 00,030,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\acpi32.sys -- (acpi32 [Auto | Stopped])

[2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\aehaga.sys -- (aehaga [boot | Running])

[2006-03-03 14:53:06 | 00,007,808 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdfdll.sys -- (bdfdll [On_Demand | Running])

[2006-01-09 18:50:34 | 00,014,145 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFSDRV [On_Demand | Running])

[2006-06-28 17:13:54 | 00,010,768 | ---- | M] () -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRSDRV [Auto | Running])

[2005-05-12 08:21:08 | 01,332,544 | R--- | M] (C-Media Inc) -- C:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda [On_Demand | Running])

[2008-09-05 01:00:00 | 00,023,152 | ---- | M] () -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver [On_Demand | Stopped])

[2001-08-17 21:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Running])

[2008-11-12 20:53:26 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])

[2008-06-02 15:19:12 | 00,042,376 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [boot | Running])

[2008-06-02 15:19:16 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [system | Running])

[2009-04-06 23:11:52 | 00,020,784 | ---- | M] () -- C:\WINDOWS\system32\mksfwallf.sys -- (mksfwallf [Disabled | Stopped])

[2009-04-06 23:11:54 | 00,022,320 | ---- | M] () -- C:\WINDOWS\system32\mksfwallt.sys -- (mksfwallt [Disabled | Stopped])

[2009-04-20 19:22:52 | 00,013,024 | ---- | M] () -- C:\WINDOWS\system32\mksidsa.sys -- (mksidsa [Disabled | Stopped])

[2009-04-06 23:12:34 | 00,627,424 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mksmonen.sys -- (MksMonEn [On_Demand | Stopped])

[2009-04-07 16:05:22 | 00,099,040 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mksmonev.sys -- (MksMonEv [On_Demand | Stopped])

[2009-04-06 23:12:38 | 00,033,656 | ---- | M] () -- C:\Program Files\mks_vir_9\bin\mksmonfd.sys -- (MksMonFd [On_Demand | Stopped])

[2005-02-09 11:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI [system | Running])

[2001-08-17 23:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007-12-12 00:34:50 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\sdeaha.sys -- (sdeaha [boot | Running])

[2002-03-25 21:02:14 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2005-08-10 14:44:04 | 00,050,688 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running])

[2005-05-16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running])

[2005-11-03 16:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [boot | Running])

[2008-02-29 17:11:36 | 00,716,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2007-07-03 16:54:24 | 00,080,552 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped])

[2007-07-03 16:57:24 | 00,011,944 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])

[2007-07-03 16:58:20 | 00,106,792 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])

[2006-07-24 16:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [system | Running])

[2008-07-13 01:29:13 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])

[2004-08-04 00:07:44 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [boot | Running])

[2005-08-29 23:05:00 | 00,021,344 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus [On_Demand | Stopped])

[2005-08-29 23:05:00 | 00,038,144 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])

[2005-08-29 23:05:00 | 00,039,248 | ---- | M] (LG Electronics Inc.) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])

[2008-03-11 18:08:32 | 00,286,464 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Running])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.gazeta.pl/0,0.html?p=3

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://home.microsoft.com/access/autosearch.asp?p=%s

"provider"=MSN

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (HKLM) -- C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll (BitComet)

{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (HKLM) -- C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll (Microsoft Corporation)

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

{F156768E-81EF-470C-9057-481BA8380DBA} (HKLM) -- C:\Program Files\FlashGet\getflash.dll (www.flashget.com)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll (Microsoft Corporation)

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" (SOFTWIN S.R.L.)

"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg (SOFTWIN S.R.L.)

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd File not found

"DAEMON Tools-1033"="D:\Program Files\D-Tools\daemon.exe" -lang 1033 (DAEMON'S HOME)

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)

"msnappau"="C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe" (Microsoft Corporation)

"MSPY2002"=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC ()

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Nero AG)

"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)

"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)

"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe /boot (Simply Super Software)

"VTTimer"=VTTimer.exe (S3 Graphics, Inc.)

"VTTrayp"=VTtrayp.exe (S3 Graphics Co., Ltd.)

"WinampAgent"="D:\Program Files\Winamp\winampa.exe" ()

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" /tray (Gadu-Gadu S.A.)

"Gohan"=C:\Documents and Settings\Gohan\Gohan.exe /i File not found

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found

"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe File not found

"Steam"=D:\Program Files\Steam\Steam.exe -silent File not found

 

========== (O4) Startup Folders ==========

 

[2002-09-13 12:09:58 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[2006-10-23 00:01:50 | 00,734,872 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

[2003-02-21 14:16:16 | 00,061,440 | ---- | M] (Tracker Software Products) -- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Symfonia® PDF.lnk = C:\WINDOWS\system32\PDFSaver.exe

[2008-05-24 16:24:10 | 00,275,456 | ---- | M] () -- C:\Documents and Settings\Gohan\Menu Start\Programy\Autostart\ePSXe 1.7.0.lnk = D:\Program Files\eEPSXe 1.7.0\ePSXe.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel\HomePage]

""=0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableRegistryTools"=0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\dontdisplaylastusername]

""=0

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"disableregistrytools"=0

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools]

""=0

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip]

""=0

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

&Ściągnij przy pomocy FlashGet'a: C:\Program Files\FlashGet\JC_LINK.HTM [2006-10-27 05:43:20 | 00,001,898 | ---- | M] ()

&Ściągnij wszystko przy pomocy FlashGet'a: C:\Program Files\FlashGet\JC_ALL.HTM [2000-02-06 05:06:06 | 00,000,575 | ---- | M] ()

Download all links using BitComet: C:\Program Files\BitComet\BitComet.exe [2007-02-08 10:49:42 | 04,526,144 | ---- | M] (www.BitComet.com)

Download all videos using BitComet: C:\Program Files\BitComet\BitComet.exe [2007-02-08 10:49:42 | 04,526,144 | ---- | M] (www.BitComet.com)

Download link using &BitComet: C:\Program Files\BitComet\BitComet.exe [2007-02-08 10:49:42 | 04,526,144 | ---- | M] (www.BitComet.com)

E&ksport do programu Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003-08-13 11:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Badanie -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003-07-15 07:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Button: FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2007-03-20 12:40:34 | 01,708,032 | ---- | M] (FlashGet.com)

{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}: Menu: FlashGet -- %ProgramFiles%\FlashGet\flashget.exe [2007-03-20 12:40:34 | 01,708,032 | ---- | M] (FlashGet.com)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004-08-04 01:44:26 | 01,667,584 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004-08-04 01:44:26 | 01,667,584 | ---- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2002-09-20 19:04:26 | 00,945,693 | ---- | M] (Microsoft Corporation)

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [badanie] -> [2003-07-15 07:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> [2007-03-20 12:40:34 | 01,708,032 | ---- | M] (FlashGet.com)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-08-04 01:44:26 | 01,667,584 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s

PluginsPageFriendlyName: "" = Galeria Microsoft ActiveX

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{00000161-0000-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/msaudio.cab -- Reg Error: Key does not exist or could not be opened.

{6FC19219-C47E-4880-9A79-D218A1C374F9}: http://www.netmarble.jp/_common/cab/NMJTransX.cab -- NMJTransX Control

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.

Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

 

========== (O17) DNS Name Servers ==========

 

{64BD22FD-8508-42E0-A51F-82C5B722F3F3} (Servers: | Description: Karta Fast Ethernet zgodna z VIA)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT [sET PATH=C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter | ]

[2007-04-25 15:13:18 | 00,000,095 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[1 C:\*.tmp files]

[6 C:\WINDOWS\*.tmp files]

[6 C:\Documents and Settings\Gohan\Moje dokumenty\*.tmp files]

[2009-04-26 21:12:27 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gohan\Pulpit\OTViewIt.exe

[2009-04-26 19:45:37 | 00,459,816 | ---- | C] () -- C:\Documents and Settings\Gohan\Pulpit\IMG_0074.jpg

[2009-04-26 19:44:54 | 00,492,740 | ---- | C] () -- C:\Documents and Settings\Gohan\Pulpit\IMG_0073.jpg

[2009-04-26 19:44:13 | 00,463,752 | ---- | C] () -- C:\Documents and Settings\Gohan\Pulpit\IMG_0072.jpg

[2009-04-26 11:38:27 | 13,775,744 | ---- | C] (Doctor Web, Ltd.) -- C:\launch.exe

[2009-04-25 21:39:07 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009-04-25 21:37:55 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31914.exe

[2009-04-25 21:16:02 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF27637.exe

[2009-04-25 21:01:32 | 00,000,000 | ---D | C] -- C:\Program Files\mks_vir_9

[2009-04-25 20:56:26 | 00,001,655 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Spyware Doctor.lnk

[2009-04-25 20:56:23 | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys

[2009-04-25 20:56:23 | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys

[2009-04-25 20:56:23 | 00,042,376 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys

[2009-04-25 20:56:23 | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\kcom.sys

[2009-04-25 20:51:36 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2009-04-25 20:51:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gohan\Dane aplikacji\PC Tools

[2009-04-25 20:38:45 | 00,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Trojan Remover.lnk

[2009-04-25 20:38:42 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2009-04-25 20:38:42 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2009-04-25 20:38:41 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll

[2009-04-25 20:38:41 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll

[2009-04-25 20:38:41 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll

[2009-04-25 20:38:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gohan\Dane aplikacji\Simply Super Software

[2009-04-25 20:02:45 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE

[2009-04-25 19:51:40 | 00,000,304 | ---- | C] () -- C:\Boot.bak

[2009-04-25 19:51:36 | 00,262,400 | ---- | C] () -- C:\cmldr

[2009-04-25 19:51:33 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009-04-25 19:49:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009-04-25 19:06:36 | 00,000,000 | ---D | C] -- C:\hijackthis

[2009-04-25 19:06:17 | 00,212,849 | ---- | C] () -- C:\hijackthis.zip

[2009-04-25 19:01:47 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\HiJackThis.exe

[2009-04-25 18:18:20 | 26,742,5628 | -H-- | C] () -- C:\khbvf.w

[2009-04-25 17:05:02 | 21,287,9174 | -H-- | C] () -- C:\tkjnm_1k.w

[2009-04-25 14:45:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gohan\Moje dokumenty\Canon Utilities

[2009-04-24 17:09:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2009-04-24 11:47:27 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009-04-23 09:53:55 | 31,257,088 | ---- | C] () -- C:\eav_nt32_plk.msi

[2009-04-23 09:50:02 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Gohan\Pulpit\HijackThis.lnk

[2009-04-23 09:50:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009-04-23 09:49:48 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\HJTInstall.exe

[2009-04-22 21:50:06 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Gohan\Pulpit\~$Paul,.doc

[2009-04-22 17:55:07 | 00,012,046 | ---- | C] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175506.reg

[2009-04-22 17:54:45 | 00,012,970 | ---- | C] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175444.reg

[2009-04-22 17:54:12 | 00,171,182 | ---- | C] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175411.reg

[2009-04-22 17:53:52 | 00,046,764 | ---- | C] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175351.reg

[2009-04-22 17:53:29 | 00,232,814 | ---- | C] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175328.reg

[2009-04-22 17:52:48 | 00,244,350 | ---- | C] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175244.reg

[2009-04-22 17:51:54 | 00,231,196 | ---- | C] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175151.reg

[2009-04-22 17:33:24 | 00,000,000 | ---D | C] -- C:\Program Files\Anti Trojan Elite

[2009-04-22 17:26:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software

[2009-04-22 17:26:54 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover

[2009-04-22 17:26:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gohan\Moje dokumenty\Simply Super Software

[2009-04-22 17:11:58 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2009-04-21 14:51:23 | 30,973,5965 | -H-- | C] () -- C:\fdsd.w

[2009-04-21 08:09:29 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Gohan\Pulpit\~$wy Dokument programu Microsoft Word (3).doc

[2009-04-20 19:22:52 | 00,013,024 | ---- | C] () -- C:\WINDOWS\System32\mksidsa.sys

[2009-04-20 18:56:42 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Gohan\Pulpit\Nowy Dokument programu Microsoft Word (3).doc

[2009-04-19 14:54:58 | 14,501,4355 | -H-- | C] () -- C:\mbdhc.w

[2009-04-19 14:22:10 | 58,313,959 | -H-- | C] () -- C:\bfdfrt.f

[2009-04-17 13:59:03 | 00,020,480 | -HS- | C] () -- C:\WINDOWS\System32\accwizo.dll

[2009-04-17 13:50:01 | 00,000,086 | --S- | C] () -- C:\WINDOWS\System32\1145050997.dat

[2009-04-13 11:16:45 | 01,767,332 | ---- | C] () -- C:\Guitar_Lesson_John_Petrucci_-_Rock_Discipline.PDF

[2009-04-12 13:30:02 | 00,000,000 | ---D | C] -- C:\Program Files\URUSoft

[2009-04-08 16:45:34 | 36,305,8106 | -H-- | C] () -- C:\btasfl.w

[2009-04-07 17:10:35 | 01,209,128 | ---- | C] () -- C:\1173625295912un3.jpg

[2009-04-07 11:14:25 | 00,000,000 | ---D | C] -- C:\KAT-TUN

[2009-04-07 10:57:21 | 00,000,000 | ---D | C] -- C:\[RESCUE]Group n mixed photos

[2009-04-06 23:11:54 | 00,022,320 | ---- | C] () -- C:\WINDOWS\System32\mksfwallt.sys

[2009-04-06 23:11:52 | 00,020,784 | ---- | C] () -- C:\WINDOWS\System32\mksfwallf.sys

[2009-04-02 21:12:32 | 00,032,768 | ---- | C] () -- C:\Documents and Settings\Gohan\Pulpit\Paul,.doc

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\*.tmp files]

[1 C:\WINDOWS\System32\*.tmp files]

[6 C:\WINDOWS\*.tmp files]

[6 C:\Documents and Settings\Gohan\Moje dokumenty\*.tmp files]

[52 C:\Documents and Settings\Gohan\Pulpit\*.tmp files]

[2009-04-26 21:19:30 | 00,400,744 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-04-26 21:19:30 | 00,061,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-04-26 21:19:30 | 00,003,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-04-26 21:19:30 | 00,000,670 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat

[2009-04-26 21:19:30 | 00,000,232 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat

[2009-04-26 21:17:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-04-26 21:17:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-04-26 21:12:39 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gohan\Pulpit\OTViewIt.exe

[2009-04-26 19:45:37 | 00,459,816 | ---- | M] () -- C:\Documents and Settings\Gohan\Pulpit\IMG_0074.jpg

[2009-04-26 19:44:54 | 00,492,740 | ---- | M] () -- C:\Documents and Settings\Gohan\Pulpit\IMG_0073.jpg

[2009-04-26 19:44:13 | 00,463,752 | ---- | M] () -- C:\Documents and Settings\Gohan\Pulpit\IMG_0072.jpg

[2009-04-26 19:39:44 | 00,000,021 | ---- | M] () -- C:\WINDOWS\pit2007.ini

[2009-04-26 19:32:33 | 00,032,768 | ---- | M] () -- C:\Documents and Settings\Gohan\Pulpit\Paul,.doc

[2009-04-26 18:00:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2009-04-26 15:16:31 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009-04-26 12:13:08 | 00,122,368 | ---- | M] () -- C:\Documents and Settings\Gohan\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-04-26 11:40:11 | 13,775,744 | ---- | M] (Doctor Web, Ltd.) -- C:\launch.exe

[2009-04-25 21:37:05 | 00,395,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31914.exe

[2009-04-25 21:30:24 | 00,000,271 | ---- | M] () -- C:\WINDOWS\system.ini

[2009-04-25 21:26:48 | 00,053,248 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE

[2009-04-25 21:25:14 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009-04-25 21:15:15 | 00,395,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF27637.exe

[2009-04-25 20:56:26 | 00,001,655 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Spyware Doctor.lnk

[2009-04-25 20:38:45 | 00,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Trojan Remover.lnk

[2009-04-25 19:51:40 | 00,000,374 | RHS- | M] () -- C:\boot.ini

[2009-04-25 19:22:52 | 31,257,088 | ---- | M] () -- C:\eav_nt32_plk.msi

[2009-04-25 19:06:24 | 00,212,849 | ---- | M] () -- C:\hijackthis.zip

[2009-04-25 19:01:43 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe

[2009-04-25 18:42:21 | 26,742,5628 | -H-- | M] () -- C:\khbvf.w

[2009-04-25 17:24:22 | 21,287,9174 | -H-- | M] () -- C:\tkjnm_1k.w

[2009-04-25 11:42:39 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009-04-24 11:46:05 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-04-23 10:40:26 | 00,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-04-23 09:50:02 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Gohan\Pulpit\HijackThis.lnk

[2009-04-23 09:49:48 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe

[2009-04-23 09:42:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-04-22 21:50:06 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Gohan\Pulpit\~$Paul,.doc

[2009-04-22 17:55:09 | 00,012,046 | ---- | M] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175506.reg

[2009-04-22 17:54:47 | 00,012,970 | ---- | M] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175444.reg

[2009-04-22 17:54:16 | 00,171,182 | ---- | M] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175411.reg

[2009-04-22 17:53:54 | 00,046,764 | ---- | M] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175351.reg

[2009-04-22 17:53:33 | 00,232,814 | ---- | M] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175328.reg

[2009-04-22 17:52:54 | 00,244,350 | ---- | M] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175244.reg

[2009-04-22 17:52:16 | 00,231,196 | ---- | M] () -- C:\Documents and Settings\Gohan\Moje dokumenty\cc_20090422_175151.reg

[2009-04-21 15:44:21 | 30,973,5965 | -H-- | M] () -- C:\fdsd.w

[2009-04-21 08:09:29 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Gohan\Pulpit\~$wy Dokument programu Microsoft Word (3).doc

[2009-04-20 21:19:52 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Gohan\Pulpit\Nowy Dokument programu Microsoft Word (3).doc

[2009-04-20 19:22:52 | 00,013,024 | ---- | M] () -- C:\WINDOWS\System32\mksidsa.sys

[2009-04-19 15:08:24 | 14,501,4355 | -H-- | M] () -- C:\mbdhc.w

[2009-04-19 14:54:00 | 58,313,959 | -H-- | M] () -- C:\bfdfrt.f

[2009-04-17 16:43:45 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin

[2009-04-17 13:59:11 | 00,000,086 | --S- | M] () -- C:\WINDOWS\System32\1145050997.dat

[2009-04-17 13:59:03 | 00,020,480 | -HS- | M] () -- C:\WINDOWS\System32\accwizo.dll

[2009-04-16 14:42:53 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Gohan\Pulpit\Mój.doc

[2009-04-13 11:16:48 | 01,767,332 | ---- | M] () -- C:\Guitar_Lesson_John_Petrucci_-_Rock_Discipline.PDF

[2009-04-08 17:20:56 | 36,305,8106 | -H-- | M] () -- C:\btasfl.w

[2009-04-07 21:36:07 | 00,001,025 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-04-07 17:10:37 | 01,209,128 | ---- | M] () -- C:\1173625295912un3.jpg

[2009-04-06 23:11:54 | 00,022,320 | ---- | M] () -- C:\WINDOWS\System32\mksfwallt.sys

[2009-04-06 23:11:52 | 00,020,784 | ---- | M] () -- C:\WINDOWS\System32\mksfwallf.sys

< End of report >

Dr.web nie chce się uruchomić, zresztą dłuższy skan jest nie możliwy bo próbowałem kilkoma programami i komp resetował się po kilku minutach... Plików z NODa też nie sprawdzę ponieważ wcześniej, gdy chciałem zainstalować go ponownie to wyskoczył ten sam error (brak połączenia) i z tego co widzę to usunęło jego pliki. Będę wdzięczny za przejrzenie loga oraz za dalsze wskazówki.

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

Sprawdziles pliki na jotti jak prosilem?

 

Odinstaluj te wszystkie antywirusy (mks itd).

Widze, ze BitDefender dziala, on tez nic nie wykrywa?

 

Co to za pliki?

C:\khbvf.w

C:\tkjnm_1k.w

C:\fdsd.w

C:\mbdhc.w

C:\bfdfrt.f

C:\btasfl.w

 

Sciagnij OTMoveIt3.exe, w oknie: "Paste Instructions for Items to be Moved", wklej:

 

:Processes

explorer.exe

 

:Reg

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gohan"=-

 

:Files

C:\WINDOWS\Temp\BND.tmp

C:\WINDOWS\system32\drivers\sdeaha.sys

C:\WINDOWS\system32\drivers\aehaga.sys

C:\WINDOWS\System32\CF31914.exe

C:\WINDOWS\System32\CF27637.exe

C:\WINDOWS\System32\CF27637.exe

 

:Services

aehaga

sdeaha

 

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

 

Po wykonaniu skopiuj wszystko z "Results window" lub log z C:\_OTMoveIt\MovedFiles o ile bedzie wymagany reset i wklej na forum.

 

Nastepnie sprobuj uruchomic combofix.exe, zapisz go pod zmieniona nazwa np. qwerty21.com + skan Dr.Web o ile zadziala.

Edytowane przez Kolobos

Udostępnij tę odpowiedź


Odnośnik do odpowiedzi
Udostępnij na innych stronach

Dołącz do dyskusji

Możesz dodać zawartość już teraz a zarejestrować się później. Jeśli posiadasz już konto, zaloguj się aby dodać zawartość za jego pomocą.

Gość
Dodaj odpowiedź do tematu...

×   Wklejono zawartość z formatowaniem.   Przywróć formatowanie

  Dozwolonych jest tylko 75 emoji.

×   Odnośnik został automatycznie osadzony.   Przywróć wyświetlanie jako odnośnik

×   Przywrócono poprzednią zawartość.   Wyczyść edytor

×   Nie możesz bezpośrednio wkleić grafiki. Dodaj lub załącz grafiki z adresu URL.

Ładowanie


×
×
  • Dodaj nową pozycję...