Chciałem się upewnić,że wszytsko jest ok i nie mam nic na komputerze :
LOG z HJ :
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:37, on 2009-03-22
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:pl
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ArcaBit Control (ArcaRemoteService) - Unknown owner - C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe (file missing)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ArcaBit Backup Service (AVBackup) - Unknown owner - C:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ArcaBit Tasks Service (AVTasks2) - Unknown owner - C:\PROGRA~1\ArcaBit\Common\ARCATA~1.EXE (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 5060 bytes
+++
- Kod: Zaznacz wszystko
********************************************************************************
* *
* FixIEDef Log *
* Version 1.7.22.7514 *
* *
********************************************************************************
Created at 12:40:53 on Sunday, March 22, 2009
Time Zone : (GMT+01:00) Sarajewo, Skopie, Warszawa, Zagrzeb
Logged On User : Dom
Operating System : Microsoft® Windows Vista™ Ultimate Service Pack 1
OS Architecture : X86
System Langauge : Polish
Keyboard Layout : Polish
1
+++
zaraz dodam ComboFixa i RSIT
Dodano 22.03.2009 12:53:07:
- Kod: Zaznacz wszystko
ComboFix 09-03-19.02 - Dom 2009-03-22 12:46:38.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1045.18.3326.2383 [GMT 1:00]
Uruchomiony z: c:\users\Dom\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Utworzono nowy punkt przywracania
* Resident AV is active
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-22 do 2009-03-22 )))))))))))))))))))))))))))))))
.
2009-03-22 12:39 . 2009-03-22 12:39 <DIR> d-------- C:\ERDNT
2009-03-22 12:39 . 2009-03-22 12:39 <DIR> d-------- C:\!FixIEDef
2009-03-21 19:16 . 2009-03-21 19:16 <DIR> d-------- C:\VundoFix Backups
2009-03-19 16:13 . 2009-03-19 16:13 <DIR> d-------- c:\users\Dom\AppData\Roaming\Logitech
2009-03-19 16:12 . 2009-03-19 16:12 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-03-19 16:11 . 2009-03-19 16:11 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-03-19 16:11 . 2009-03-19 16:11 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-03-19 16:10 . 2009-03-19 16:10 <DIR> d-------- c:\users\All Users\Logitech
2009-03-19 16:10 . 2009-03-19 16:10 <DIR> d-------- c:\programdata\Logitech
2009-03-19 16:10 . 2009-03-19 16:12 <DIR> d-------- c:\program files\Logitech
2009-03-19 16:10 . 2009-03-19 16:12 <DIR> d-------- c:\program files\Common Files\Logishrd
2009-03-19 16:10 . 2007-11-15 10:06 301,656 --a------ c:\windows\System32\BtCoreIf.dll
2009-03-19 16:10 . 2007-11-15 10:07 170,512 --a------ c:\windows\System32\kemutb.dll
2009-03-19 16:10 . 2007-11-15 10:07 141,840 --a------ c:\windows\System32\KemUtil.dll
2009-03-19 16:10 . 2007-11-15 10:07 117,264 --a------ c:\windows\System32\KemWnd.dll
2009-03-19 16:10 . 2007-11-15 10:07 76,304 --a------ c:\windows\System32\KemXML.dll
2009-03-19 16:09 . 2009-03-19 16:09 <DIR> d-------- c:\users\All Users\LogiShrd
2009-03-19 16:09 . 2009-03-19 16:09 <DIR> d-------- c:\programdata\LogiShrd
2009-03-11 01:50 . 2009-03-11 01:50 <DIR> d-------- c:\users\Dom\DoctorWeb
2009-03-10 18:17 . 2009-03-10 18:17 163 --a------ c:\users\Dom\FIX.REG
2009-03-09 17:27 . 2009-03-09 17:27 <DIR> d-------- c:\users\Dom\AppData\Roaming\GanymedeNet
2009-03-09 17:27 . 2009-03-09 17:27 4 --a------ c:\windows\System32\proc1114473455.bin
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 11:02 --------- d-----w c:\program files\Steam
2009-03-22 10:55 --------- d-----w c:\program files\Common Files\Steam
2009-03-19 15:12 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-19 15:03 --------- d-----w c:\program files\Common Files\Logitech
2009-02-18 23:59 34,883 ----a-w c:\users\Dom\zalaczniki.zip
2009-02-10 21:53 --------- d-----w c:\users\Dom\AppData\Roaming\teamspeak2
2009-02-10 21:53 --------- d-----w c:\program files\Teamspeak2_RC2
2009-02-07 07:57 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-02-07 07:57 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-02-07 07:57 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2009-02-07 07:57 --------- d-----w c:\programdata\avg8
2009-02-06 20:34 --------- d-----w c:\program files\Trend Micro
2009-02-06 20:26 50,688 ----a-w c:\users\Dom\ATF-Cleaner.exe
2009-02-02 19:11 --------- d-----w c:\program files\Vidalia Bundle
2009-02-02 19:11 --------- d-----w c:\program files\SkanerOnline
2009-01-31 15:08 --------- d-----w c:\programdata\Microsoft Help
2009-01-31 15:07 --------- d-----w c:\program files\Microsoft Works
2009-01-31 15:06 --------- d-----w c:\program files\Microsoft.NET
2009-01-31 13:31 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-26 13:55 --------- d-----w c:\users\Dom\AppData\Roaming\Corel
2009-01-26 13:55 --------- d-----w c:\programdata\Corel
2009-01-26 13:54 --------- d-----w c:\programdata\Borland
2009-01-26 13:47 8 --sh--r c:\users\All Users\15C7767172.sys
2009-01-26 13:47 8 --sh--r c:\programdata\15C7767172.sys
2009-01-26 13:47 2,828 --sha-w c:\users\All Users\KGyGaAvL.sys
2009-01-26 13:47 2,828 --sha-w c:\programdata\KGyGaAvL.sys
2009-01-25 14:47 --------- d-----w c:\programdata\TVU Networks
2008-12-22 08:05 51,232 ----a-w c:\users\Dom\wwdc.exe
2008-09-28 13:53 242,176 ----a-w c:\users\Dom\aequitas.exe
2008-09-26 13:21 1,136,128 ----a-w c:\users\Dom\AequiAPI.dll
2008-04-16 19:04 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-07 1601304]
"diagnostics"="c:\program files\Thomson\ST330\diagnostics\diagnostics.exe" [2008-12-17 557149]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 c:\windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-03-19 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-03-19 784912]
NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2008-12-17 155715]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 11:04 2127296 c:\program files\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 c:\program files\Java\jre1.6.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 19:49 36352 c:\program files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{94EF9BF6-231C-4B27-B942-9DB68F00B20B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{30BC7E75-AC1D-4F58-90DF-837E8873D1CA}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{312766FB-2843-4637-9A22-E6561F2F236F}"= UDP:c:\users\Dom\AppData\Local\Temp\RarSFX1\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard
"{D59C81EB-092F-4F63-873A-1FF41C5C534B}"= TCP:c:\users\Dom\AppData\Local\Temp\RarSFX1\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard
"{630D427E-1672-441D-8FB2-1F4EA962CA14}"= UDP:c:\users\Dom\AppData\Local\Temp\RarSFX2\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard
"{DEE0F4BD-DD8D-4A74-B120-E7CFF021DF40}"= TCP:c:\users\Dom\AppData\Local\Temp\RarSFX2\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard
"{F52D7C74-3CD8-4CBC-91D2-08F5DD292033}"= UDP:c:\users\Dom\AppData\Local\Temp\RarSFX3\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard
"{D1E037A3-FE29-41FB-A678-BF007BF97322}"= TCP:c:\users\Dom\AppData\Local\Temp\RarSFX3\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard
"{5B03697C-773E-4A8D-838E-9F5FA87CC90E}"= UDP:c:\users\Dom\AppData\Local\Temp\RarSFX4\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard
"{B2191528-A58C-47D4-B9B7-E9FB11AA345A}"= TCP:c:\users\Dom\AppData\Local\Temp\RarSFX4\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard
"{FE12D0F1-6AC9-4CE7-BCED-E074E1A0336B}"= UDP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
"{169FEB98-A68D-4E98-97A5-FF011E92D78D}"= TCP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service
"TCP Query User{7D4D77DF-28D3-4E89-98FD-DC9D95E4A0E1}c:\\program files\\steam\\steamapps\\fisq\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\fisq\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{3F79F56D-2DBF-4B03-BF0F-2E0EA87BCCD5}c:\\program files\\steam\\steamapps\\fisq\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\fisq\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{2C8D7456-A4E9-4A28-9D06-4E3F663F9D11}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"UDP Query User{9A28137A-A81B-4A18-AA3D-B11CDE45034A}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"TCP Query User{2CF305F5-9119-49C8-A7A0-38DEC13DE82F}c:\\users\\dom\\desktop\\azereus.exe"= UDP:c:\users\dom\desktop\azereus.exe:azereus
"UDP Query User{C6EB05E8-D0B4-41D6-8AE5-3C0CCEDAD024}c:\\users\\dom\\desktop\\azereus.exe"= TCP:c:\users\dom\desktop\azereus.exe:azereus
"TCP Query User{9FFB30B7-A068-4B2F-B735-8588F36024A1}d:\\azer\\azereus.exe"= UDP:d:\azer\azereus.exe:azereus
"UDP Query User{235BF3FA-4EEC-4295-874C-7A64F24B95C4}d:\\azer\\azereus.exe"= TCP:d:\azer\azereus.exe:azereus
"{BE6A5F68-824A-40E8-A0D2-FBEB05393703}"= Disabled:UDP:50000:ArcaVir CommunicationPort (A)
"{E54CDC02-2523-4FEE-813C-D49A438D1EE7}"= Disabled:UDP:50001:ArcaVir CommunicationPort (S)
"{10C9A816-9FA1-4CB8-8C40-58EA51AC821B}"= Disabled:UDP:14380:BitComet 14380 TCP
"{0EC7FD63-0F83-4771-AF0D-721E29C3156F}"= Disabled:TCP:14380:BitComet 14380 UDP
"TCP Query User{F46D95D1-4C4D-46C7-9449-8CD84306974B}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{5CEC2D62-915C-4ADA-9C00-85E17FFE41F9}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{8D679661-18EF-488D-B314-121217B530D4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{E2C37AD0-C230-4827-9698-0236D437ECDA}c:\\program files\\bitcomet\\bitcomet.exe"= Disabled:UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{65999302-7D2C-4932-A640-E585D442B836}c:\\program files\\bitcomet\\bitcomet.exe"= Disabled:TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{66243DE4-1FF9-4104-A807-91BD868C81CA}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{EDC5215B-8D5E-4A33-A221-BB1D999533D2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B87023C3-607A-49B3-9953-8FCB28345001}c:\\users\\dom\\downloads\\gback\\azereus.exe"= UDP:c:\users\dom\downloads\gback\azereus.exe:azereus
"UDP Query User{A2BD9D84-B504-4115-9588-0303BAB0B5B5}c:\\users\\dom\\downloads\\gback\\azereus.exe"= TCP:c:\users\dom\downloads\gback\azereus.exe:azereus
"TCP Query User{2CE8EB3D-D148-47A6-9914-16F4B717D750}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.437\\gback\\azereus.exe"= UDP:c:\users\dom\appdata\local\temp\rar$ex00.437\gback\azereus.exe:azereus
"UDP Query User{1ED43A47-BE9F-4688-A3D8-386D9C3E4E3F}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.437\\gback\\azereus.exe"= TCP:c:\users\dom\appdata\local\temp\rar$ex00.437\gback\azereus.exe:azereus
"TCP Query User{4A20687B-59ED-4F91-9D5C-90128FA683AE}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.734\\gback\\azereus.exe"= UDP:c:\users\dom\appdata\local\temp\rar$ex00.734\gback\azereus.exe:azereus
"UDP Query User{C44954D2-CE9A-43E9-ADF1-498A6022DD07}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.734\\gback\\azereus.exe"= TCP:c:\users\dom\appdata\local\temp\rar$ex00.734\gback\azereus.exe:azereus
"TCP Query User{4C28990D-FB8F-428C-A03B-FBF8678848C3}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.484\\gback\\azereus.exe"= UDP:c:\users\dom\appdata\local\temp\rar$ex00.484\gback\azereus.exe:azereus
"UDP Query User{7E9EB060-2441-49A0-AA97-0617A9C6A85B}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.484\\gback\\azereus.exe"= TCP:c:\users\dom\appdata\local\temp\rar$ex00.484\gback\azereus.exe:azereus
"TCP Query User{D81E1BC7-885C-4F5E-A92B-061EF801F8CC}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.890\\gback\\azereus.exe"= UDP:c:\users\dom\appdata\local\temp\rar$ex00.890\gback\azereus.exe:azereus
"UDP Query User{EF8E3885-CFE7-487E-8675-C9B16EF4CFD0}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.890\\gback\\azereus.exe"= TCP:c:\users\dom\appdata\local\temp\rar$ex00.890\gback\azereus.exe:azereus
"TCP Query User{5F7D0662-041F-4E12-99F3-C9633A73520F}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.390\\gback\\azereus.exe"= UDP:c:\users\dom\appdata\local\temp\rar$ex00.390\gback\azereus.exe:azereus
"UDP Query User{EF0E6F79-ED5C-4A57-ADE8-6FAB0F9DC3D9}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.390\\gback\\azereus.exe"= TCP:c:\users\dom\appdata\local\temp\rar$ex00.390\gback\azereus.exe:azereus
"TCP Query User{A992A367-3377-4587-8E24-E368C70396F9}d:\\azer\\gback\\azereus.exe"= UDP:d:\azer\gback\azereus.exe:azereus
"UDP Query User{18F52018-184D-4ACE-ABD9-66F59B10D00F}d:\\azer\\gback\\azereus.exe"= TCP:d:\azer\gback\azereus.exe:azereus
"TCP Query User{E1D83859-63F2-460E-9B4D-F98C069FA2B3}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.860\\gback\\azereus.exe"= UDP:c:\users\dom\appdata\local\temp\rar$ex00.860\gback\azereus.exe:azereus
"UDP Query User{EC13AEA3-12B4-4CCC-B49D-0CECED38CBE0}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.860\\gback\\azereus.exe"= TCP:c:\users\dom\appdata\local\temp\rar$ex00.860\gback\azereus.exe:azereus
"TCP Query User{B3FEB3BE-6345-4C00-8C2C-AF8DA1F9148C}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.625\\gback\\azereus.exe"= UDP:c:\users\dom\appdata\local\temp\rar$ex00.625\gback\azereus.exe:azereus
"UDP Query User{E16A12DB-6E2C-4C04-B824-B594F2C68497}c:\\users\\dom\\appdata\\local\\temp\\rar$ex00.625\\gback\\azereus.exe"= TCP:c:\users\dom\appdata\local\temp\rar$ex00.625\gback\azereus.exe:azereus
"TCP Query User{1AA72925-E9AD-4F99-BDB3-46CE07376CCF}d:\\azer\\gback\\gback\\azereus.exe"= UDP:d:\azer\gback\gback\azereus.exe:azereus
"UDP Query User{71A171E5-45F5-430D-9F28-4AE9046B5BA2}d:\\azer\\gback\\gback\\azereus.exe"= TCP:d:\azer\gback\gback\azereus.exe:azereus
"TCP Query User{A96A8995-4FB7-4F93-A9FC-01BD1AA8DB0C}c:\\users\\dom\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\dom\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"UDP Query User{325E059A-9B08-4BCA-A022-C15D6B44B284}c:\\users\\dom\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\dom\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"TCP Query User{AD56DF22-D9E4-4234-A8BF-4090720A19BC}d:\\azer hlc\\cyber\\azereus.exe"= UDP:d:\azer hlc\cyber\azereus.exe:azereus
"UDP Query User{00361117-A59E-452F-8833-022AD56CCAE4}d:\\azer hlc\\cyber\\azereus.exe"= TCP:d:\azer hlc\cyber\azereus.exe:azereus
"{01F95D72-EC10-4339-9FB1-D3C243FA3E86}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6E324E17-2B49-4452-B217-0C5E07C7E472}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D4631F4A-B418-4DAE-B142-40CB05E50B22}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{CD1EBE92-C0C6-469A-A261-4C8276B07420}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{5DF3B6DE-915A-440B-B39E-F8FD634288AA}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DA3D0FBA-7634-4D2F-8CD0-065751FD3C92}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-12-17 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-02-07 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-17 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-17 298264]
R3 ST330;ST330;c:\windows\System32\drivers\st330.sys [2008-12-17 30464]
R3 STBUS;STBUS;c:\windows\System32\drivers\stbus.sys [2008-12-17 12672]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\System32\drivers\steth.sys [2008-12-17 40320]
S2 ArcaRemoteService;ArcaBit Control;c:\program files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe --> c:\program files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe [?]
S2 AVBackup;ArcaBit Backup Service;c:\program files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe --> c:\program files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe [?]
S2 AVTasks2;ArcaBit Tasks Service;c:\progra~1\ArcaBit\Common\ARCATA~1.EXE --> c:\progra~1\ArcaBit\Common\ARCATA~1.EXE [?]
S3 vmmouse;VMware Pointing Device;c:\windows\System32\drivers\vmmouse.sys [2008-04-16 11696]
S3 vmx_svga;vmx_svga;c:\windows\System32\drivers\vmx_svga.sys [2008-04-16 62768]
.
Zawartość folderu 'Zaplanowane zadania'
2009-03-22 c:\windows\Tasks\User_Feed_Synchronization-{246AD1E8-2520-4098-AD2D-F27B767CFFE0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 22:33]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
MSConfigStartUp-Logitech Utility - Logi_MwX.Exe
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
TCP: {8CBA24B3-9835-478F-A2A1-868EC66CF709} = 213.241.79.37 83.238.255.76
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\izn5r2ki.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.livescore.com/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPROULETTE.dll
FF - plugin: c:\users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\izn5r2ki.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}\plugins\npOggX.dll
FF - plugin: c:\users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\izn5r2ki.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\izn5r2ki.default\extensions\tcastv1@tom.com\plugins\nptcast40.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 12:48:16
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'Explorer.exe'(6004)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Gadu-Gadu\ggwhook.dll
.
Czas ukończenia: 2009-03-22 12:51:02
ComboFix-quarantined-files.txt 2009-03-22 11:50:59
Przed: 155 692 408 832 bajtów wolnych
Po: 155,247,616,000 bajtów wolnych
218
Dodano 22.03.2009 12:56:03:
RSIT :
- Kod: Zaznacz wszystko
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dom at 2009-03-22 12:53:40
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 148 GB (84%) free of 177 GB
Total RAM: 3326 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:41, on 2009-03-22
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Dom\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dom.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:pl
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CBA24B3-9835-478F-A2A1-868EC66CF709}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ArcaBit Control (ArcaRemoteService) - Unknown owner - C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe (file missing)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ArcaBit Backup Service (AVBackup) - Unknown owner - C:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ArcaBit Tasks Service (AVTasks2) - Unknown owner - C:\PROGRA~1\ArcaBit\Common\ARCATA~1.EXE (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 5319 bytes
======Scheduled tasks folder======
C:\Windows\tasks\User_Feed_Synchronization-{246AD1E8-2520-4098-AD2D-F27B767CFFE0}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-07 1078552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-07 1601304]
"diagnostics"=C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe [2008-12-17 557149]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-09-21 55824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"Gadu-Gadu"=C:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
C:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-04-01 36352]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2009-03-22 12:53:40 ----D---- C:\rsit
2009-03-22 12:51:04 ----D---- C:\Windows\temp
2009-03-22 12:51:03 ----A---- C:\ComboFix.txt
2009-03-22 12:45:41 ----A---- C:\Windows\NIRCMD.exe
2009-03-22 12:45:40 ----A---- C:\Windows\zip.exe
2009-03-22 12:45:40 ----A---- C:\Windows\VFIND.exe
2009-03-22 12:45:40 ----A---- C:\Windows\SWREG.exe
2009-03-22 12:45:40 ----A---- C:\Windows\sed.exe
2009-03-22 12:45:40 ----A---- C:\Windows\grep.exe
2009-03-22 12:45:40 ----A---- C:\Windows\fdsv.exe
2009-03-22 12:45:39 ----A---- C:\Windows\SWXCACLS.exe
2009-03-22 12:45:39 ----A---- C:\Windows\SWSC.exe
2009-03-22 12:45:34 ----D---- C:\ComboFix
2009-03-22 12:45:18 ----D---- C:\Qoobox
2009-03-22 12:39:30 ----D---- C:\ERDNT
2009-03-22 12:39:15 ----D---- C:\!FixIEDef
2009-03-21 19:16:07 ----D---- C:\VundoFix Backups
2009-03-21 19:16:07 ----A---- C:\VundoFix.txt
2009-03-19 16:13:54 ----D---- C:\Users\Dom\AppData\Roaming\Logitech
2009-03-19 16:12:46 ----R---- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2009-03-19 16:10:59 ----A---- C:\Windows\system32\BtCoreIf.dll
2009-03-19 16:10:56 ----A---- C:\Windows\system32\KemXML.dll
2009-03-19 16:10:56 ----A---- C:\Windows\system32\KemWnd.dll
2009-03-19 16:10:56 ----A---- C:\Windows\system32\KemUtil.dll
2009-03-19 16:10:56 ----A---- C:\Windows\system32\kemutb.dll
2009-03-19 16:10:48 ----D---- C:\ProgramData\Logitech
2009-03-19 16:10:46 ----D---- C:\Program Files\Common Files\Logishrd
2009-03-19 16:10:43 ----D---- C:\Program Files\Logitech
2009-03-19 16:09:47 ----D---- C:\ProgramData\LogiShrd
2009-03-09 17:27:14 ----D---- C:\Users\Dom\AppData\Roaming\GanymedeNet
======List of files/folders modified in the last 1 months======
2009-03-22 12:51:12 ----D---- C:\Program Files\Mozilla Firefox
2009-03-22 12:51:05 ----D---- C:\Windows\system32\pl-PL
2009-03-22 12:51:05 ----D---- C:\Windows\System32
2009-03-22 12:51:04 ----D---- C:\Windows
2009-03-22 12:48:17 ----A---- C:\Windows\system.ini
2009-03-22 12:47:25 ----D---- C:\Windows\system32\drivers
2009-03-22 12:47:25 ----D---- C:\Windows\AppPatch
2009-03-22 12:47:24 ----D---- C:\Program Files\Common Files
2009-03-22 12:47:06 ----D---- C:\Windows\Prefetch
2009-03-22 12:46:39 ----HD---- C:\$AVG8.VAULT$
2009-03-22 12:46:02 ----SHD---- C:\System Volume Information
2009-03-22 12:02:36 ----D---- C:\Program Files\Steam
2009-03-22 11:55:47 ----D---- C:\Program Files\Common Files\Steam
2009-03-22 09:05:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-22 09:05:27 ----D---- C:\Windows\inf
2009-03-19 16:12:53 ----SHD---- C:\Windows\Installer
2009-03-19 16:12:45 ----RD---- C:\Program Files
2009-03-19 16:12:41 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-19 16:12:09 ----D---- C:\Windows\winsxs
2009-03-19 16:11:58 ----D---- C:\Windows\system32\catroot
2009-03-19 16:10:48 ----HD---- C:\ProgramData
2009-03-19 16:03:20 ----D---- C:\Program Files\Common Files\Logitech
2009-03-19 00:35:40 ----D---- C:\Windows\pss
2009-03-16 12:18:02 ----SD---- C:\Users\Dom\AppData\Roaming\Microsoft
2009-03-12 21:58:19 ----D---- C:\Windows\system32\NDF
2009-03-10 18:25:19 ----SD---- C:\Windows\Downloaded Program Files
2009-03-10 09:52:28 ----D---- C:\Windows\system32\catroot2
2009-03-09 17:27:14 ----A---- C:\Windows\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-02-07 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-02-07 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-02-07 107272]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-08 3895808]
R3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2007-09-21 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2007-09-21 28432]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 ST330;ST330; C:\Windows\system32\drivers\st330.sys [2008-12-17 30464]
R3 STBUS;STBUS; C:\Windows\system32\drivers\stbus.sys [2008-12-17 12672]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver; C:\Windows\system32\DRIVERS\steth.sys [2008-12-17 40320]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CmBatt;Sterownik zasilacza Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 vmmouse;VMware Pointing Device; C:\Windows\system32\DRIVERS\vmmouse.sys [2008-03-04 11696]
S3 vmx_svga;vmx_svga; C:\Windows\system32\DRIVERS\vmx_svga.sys [2008-03-04 62768]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 ErrDev;Błąd sprzętowy — sterownik urządzenia (Microsoft); C:\Windows\system32\drivers\errdev.sys [2008-01-18 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-18 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-18 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-08-08 700416]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-07 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-07 298264]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 st330service;SpeedTouch 330 Manager; C:\Program Files/Thomson/ST330/service/st330service.exe [2008-12-17 581632]
S2 ArcaRemoteService;ArcaBit Control; C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe []
S2 AVBackup;ArcaBit Backup Service; C:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe []
S2 AVTasks2;ArcaBit Tasks Service; C:\PROGRA~1\ArcaBit\Common\ARCATA~1.EXE []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-03-22 316664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
-----------------EOF-----------------
- Kod: Zaznacz wszystko
info.txt logfile of random's system information tool 1.06 2009-03-22 12:53:43
======Uninstall list======
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8 - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A81200000003}
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Gadu-Gadu 7.7-->C:\Program Files\Gadu-Gadu\Setup.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HydraVision-->MsiExec.exe /X{AB7D99DA-A740-3EC8-9CBC-330B994DF46B}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kalendarz XP v29.85-->C:\Program Files\Kalendarz XP\uninstall.exe
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Mega Codec Pack 3.6.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0015 -removeonly
Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}
Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Natural Color-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Produkt Microsoft Office Standard 2007 w wersji próbnej-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0015 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
SpeedTouch 330-->C:\Program Files\Thomson\ST330\Uninstall\stInstall.exe -s:scen_uninstall_st330.xml -l:pl
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Winamp 5.531 PL-->"C:\Program Files\Winamp\UninstWA_PL.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
======Security center information======
AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender
======System event log======
Computer Name: Dom-PC
Event Code: 20267
Message: Identyfikator połączenia={8B51504B-A32A-4067-BF66-4AD33CE8758E}: Użytkownik qrppyaxr@net24.com.pl pomyślnie ustanowił połączenie z My ISP za pomocą urządzenia PPPoE2-0.
Record Number: 36606
Source Name: RemoteAccess
Time Written: 20090322115223.000000-000
Event Type: Informacje
User:
Computer Name: Dom-PC
Event Code: 4201
Message: System wykrył, że karta sieciowa My ISP została podłączona do sieci i ma zainicjowane normalne działanie.
Record Number: 36607
Source Name: Tcpip
Time Written: 20090322115222.902836-000
Event Type: Informacje
User:
Computer Name: Dom-PC
Event Code: 2505
Message: Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{8CBA24B3-9835-478F-A2A1-868EC66CF709}, ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.
Record Number: 36608
Source Name: Server
Time Written: 20090322115231.000000-000
Event Type: Błąd
User:
Computer Name: Dom-PC
Event Code: 2505
Message: Serwer nie mógł utworzyć powiązania do transportu \Device\NetBT_Tcpip_{8CBA24B3-9835-478F-A2A1-868EC66CF709}, ponieważ inny komputer w sieci ma tę samą nazwę. Nie można uruchomić serwera.
Record Number: 36609
Source Name: Server
Time Written: 20090322115239.000000-000
Event Type: Błąd
User:
Computer Name: Dom-PC
Event Code: 20003
Message: Usługa zarządzania sterownikami zakończyła proces dodawania usługi tunnel dla wystąpienia urządzenia o identyfikatorze ROOT\*ISATAP\0012 z następującym stanem: 0.
Record Number: 36610
Source Name: Microsoft-Windows-User-PnP
Time Written: 20090322115238.184086-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM
=====Application event log=====
Computer Name: Dom-PC
Event Code: 20223
Message: Identyfikator CoId={8B51504B-A32A-4067-BF66-4AD33CE8758E}: Użytkownik Dom-PC\Dom pomyślnie ustanowił łącze do serwera dostępu zdalnego, korzystając z następującego urządzenia:
Server address/Phone Number = 0
Device = Miniport WAN (PPPOE)
Port = PPPoE2-0
MediaType = PPPoE.
Record Number: 12431
Source Name: RasClient
Time Written: 20090322115221.000000-000
Event Type: Informacje
User:
Computer Name: Dom-PC
Event Code: 20224
Message: Identyfikator CoId={8B51504B-A32A-4067-BF66-4AD33CE8758E}: Łącze do serwera dostępu zdalnego zostało ustanowione przez użytkownika Dom-PC\Dom.
Record Number: 12432
Source Name: RasClient
Time Written: 20090322115221.000000-000
Event Type: Informacje
User:
Computer Name: Dom-PC
Event Code: 20225
Message: Identyfikator CoId={8B51504B-A32A-4067-BF66-4AD33CE8758E}: Użytkownik Dom-PC\Dom wybrał numer w celu nawiązania połączenia o nazwie My ISP z serwerem dostępu zdalnego, które zostało pomyślnie nawiązane. Parametry połączenia:
TunnelIpAddress = 77.253.55.137
TunnelIpv6Address = None
Dial-in User = qrppyaxr@net24.com.pl.
Record Number: 12433
Source Name: RasClient
Time Written: 20090322115223.000000-000
Event Type: Informacje
User:
Computer Name: Dom-PC
Event Code: 1054
Message: Błąd składnika. hr=0x80049E00, [4, 3]
Record Number: 12434
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20090322115231.000000-000
Event Type: Ostrzeżenie
User:
Computer Name: Dom-PC
Event Code: 1015
Message: Szczegóły wartości HRESULT. Zwrócona wartość hr=0xC004F022, pierwotna wartość hr=0x80049E00
Record Number: 12435
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20090322115231.000000-000
Event Type: Ostrzeżenie
User:
=====Security event log=====
Computer Name: Dom-PC
Event Code: 5038
Message: Funkcja sprawdzania integralności kodu wykryła, że skrót obrazu pliku jest nieprawidłowy. Plik mógł zostać uszkodzony z powodu nieautoryzowanej modyfikacji. Nieprawidłowy skrót może wskazywać potencjalny problem z urządzeniem dyskowym.
Nazwa pliku: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 19464
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090322115341.851072-000
Event Type: Niepowodzenie inspekcji
User:
Computer Name: Dom-PC
Event Code: 5038
Message: Funkcja sprawdzania integralności kodu wykryła, że skrót obrazu pliku jest nieprawidłowy. Plik mógł zostać uszkodzony z powodu nieautoryzowanej modyfikacji. Nieprawidłowy skrót może wskazywać potencjalny problem z urządzeniem dyskowym.
Nazwa pliku: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 19465
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090322115341.866697-000
Event Type: Niepowodzenie inspekcji
User:
Computer Name: Dom-PC
Event Code: 5038
Message: Funkcja sprawdzania integralności kodu wykryła, że skrót obrazu pliku jest nieprawidłowy. Plik mógł zostać uszkodzony z powodu nieautoryzowanej modyfikacji. Nieprawidłowy skrót może wskazywać potencjalny problem z urządzeniem dyskowym.
Nazwa pliku: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 19466
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090322115341.866697-000
Event Type: Niepowodzenie inspekcji
User:
Computer Name: Dom-PC
Event Code: 5038
Message: Funkcja sprawdzania integralności kodu wykryła, że skrót obrazu pliku jest nieprawidłowy. Plik mógł zostać uszkodzony z powodu nieautoryzowanej modyfikacji. Nieprawidłowy skrót może wskazywać potencjalny problem z urządzeniem dyskowym.
Nazwa pliku: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 19467
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090322115341.882322-000
Event Type: Niepowodzenie inspekcji
User:
Computer Name: Dom-PC
Event Code: 5038
Message: Funkcja sprawdzania integralności kodu wykryła, że skrót obrazu pliku jest nieprawidłowy. Plik mógł zostać uszkodzony z powodu nieautoryzowanej modyfikacji. Nieprawidłowy skrót może wskazywać potencjalny problem z urządzeniem dyskowym.
Nazwa pliku: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 19468
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090322115341.882322-000
Event Type: Niepowodzenie inspekcji
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=3
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_LEVEL"=16
"PROCESSOR_REVISION"=0203
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
-----------------EOF-----------------
