Spowalniający komputer + wirus/robak

**Posty:** 12 · przez **MrAkad** 19 Lut 2009, 17:53

Mam taki problem, że jak chce otworzyć jakikolwiek program zajmuje mi to conajmniej 1 min. Do tego zawsze przy skanowaniu programem anty spyware pokazuje mi się tracking cookie.

Log z Hijack:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:50:08, on 2009-02-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Java\jre6\bin\jusched.exe D:\Program Files\Netia\Bezpieczny Internet\Common\FSM32.EXE D:\Program Files\Messenger\msmsgs.exe D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe D:\Program Files\Winamp Remote\bin\OrbTray.exe D:\Program Files\Nowe Gadu-Gadu\gg.exe D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe D:\Program Files\Winamp Remote\bin\Orb.exe D:\Program Files\MagicDisc\MagicDisc.exe D:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe D:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe D:\Program Files\Secunia\PSI (RC3)\psi.exe D:\Program Files\OpenOffice.org 2.2\program\soffice.exe D:\Program Files\OpenOffice.org 2.2\program\soffice.BIN D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsgk32st.exe D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\FSGK32.EXE D:\Program Files\Netia\Bezpieczny Internet\Common\FSMA32.EXE D:\Program Files\Netia\Bezpieczny Internet\Common\FSMB32.EXE D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Netia\Bezpieczny Internet\Common\FCH32.EXE D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsqh.exe D:\Program Files\Netia\Bezpieczny Internet\Common\FAMEH32.EXE D:\Program Files\Netia\Bezpieczny Internet\FSGUI\fsguidll.exe D:\WINDOWS\System32\nvsvc32.exe D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe D:\Program Files\Netia\Bezpieczny Internet\FWES\Program\fsdfwd.exe D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fssm32.exe D:\Program Files\Netia\Bezpieczny Internet\FSAUA\program\fsaua.exe D:\Program Files\Netia\Bezpieczny Internet\FSAUA\program\fsus.exe D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsav32.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\uTorrent\uTorrent.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - D:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] D:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\Netia\Bezpieczny Internet\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\Netia\Bezpieczny Internet\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [WinZix Service] D:\Program Files\WinZix\wakeservice.exe O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Policies\Explorer\Run: [w] %SystemRoot%\WinRaR.exe O4 - HKCU\..\Policies\Explorer\Run: [wm] %SystemRoot%\winlogor.exe O4 - HKCU\..\Policies\Explorer\Run: [wl] %SystemRoot%\intent.exe O4 - HKCU\..\Policies\Explorer\Run: [mm] %SystemRoot%\sourro.exe O4 - HKCU\..\Policies\Explorer\Run: [zx] %SystemRoot%\winadr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: My_AutoWarkey_Script.lnk = D:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: OpenOffice.org 2.2.lnk = D:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: Secunia PSI (RC3).lnk = D:\Program Files\Secunia\PSI (RC3)\psi.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe O12 - Plugin for .mpeg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{02F7145B-8A62-4C61-8D26-F7853120BEC7}: NameServer = 213.241.79.37 83.238.255.76 O20 - Winlogon Notify: logdit - D:\WINDOWS\ O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\ORSP Client\fsorsp.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 8272 bytes

Z Combofix niestety nie jestem w stanie wrzucić loga bo prawdopodobnie nie działa tak jak powinien (nie wiem czemu

) przy próbie otwarcia pokazuje mi pasek z wczytaniem po czym komputer odświerza mi się 2 razy i pojawia się puste okno i na tym sie konczy

**Posty:** 18165 · przez **wojtas** 19 Lut 2009, 18:03

skasuj wpisy + pogrubione do kosza:

O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] D:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
O4 - HKCU\..\Policies\Explorer\Run: [w] %SystemRoot%\WinRaR.exe
O4 - HKCU\..\Policies\Explorer\Run: [wm] %SystemRoot%\winlogor.exe
O4 - HKCU\..\Policies\Explorer\Run: [wl] %SystemRoot%\intent.exe
O4 - HKCU\..\Policies\Explorer\Run: [mm] %SystemRoot%\sourro.exe
O4 - HKCU\..\Policies\Explorer\Run: [zx] %SystemRoot%\winadr.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe

i daj loga z rsita

**Posty:** 12 · przez **MrAkad** 19 Lut 2009, 18:09

Logi skasowane a czy mógłbyś mi podać jakiś aktualny mirror do rsita bo z tego co jest podany tutaj: jak-generujemy-logi-z-combofixa-oraz-rsita-vt95026.html jest chyba nieaktualny bo mi się strona nie wczytuje. I dzięki za tak szybkie zainteresowanie się

**Posty:** 18165 · przez **wojtas** 19 Lut 2009, 18:20

dziala link tam: ale łap:

http://wyslijto.pl/plik/cq5opqltq2

**Posty:** 12 · przez **MrAkad** 19 Lut 2009, 18:31

Ok dzięki.

Log:

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.05 (written by random/random) Run by Konrad at 2009-02-19 17:29:20 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive D: has 15 GB (21%) free of 69 GB Total RAM: 511 MB (36% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:29:26, on 2009-02-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Java\jre6\bin\jusched.exe D:\Program Files\Netia\Bezpieczny Internet\Common\FSM32.EXE D:\Program Files\Messenger\msmsgs.exe D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe D:\Program Files\Winamp Remote\bin\OrbTray.exe D:\Program Files\Nowe Gadu-Gadu\gg.exe D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe D:\Program Files\Winamp Remote\bin\Orb.exe D:\Program Files\MagicDisc\MagicDisc.exe D:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe D:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe D:\Program Files\Secunia\PSI (RC3)\psi.exe D:\Program Files\OpenOffice.org 2.2\program\soffice.exe D:\Program Files\OpenOffice.org 2.2\program\soffice.BIN D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsgk32st.exe D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\FSGK32.EXE D:\Program Files\Netia\Bezpieczny Internet\Common\FSMA32.EXE D:\Program Files\Netia\Bezpieczny Internet\Common\FSMB32.EXE D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Netia\Bezpieczny Internet\Common\FCH32.EXE D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsqh.exe D:\Program Files\Netia\Bezpieczny Internet\Common\FAMEH32.EXE D:\Program Files\Netia\Bezpieczny Internet\FSGUI\fsguidll.exe D:\WINDOWS\System32\nvsvc32.exe D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe D:\Program Files\Netia\Bezpieczny Internet\FWES\Program\fsdfwd.exe D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fssm32.exe D:\Program Files\Netia\Bezpieczny Internet\FSAUA\program\fsaua.exe D:\Program Files\Netia\Bezpieczny Internet\FSAUA\program\fsus.exe D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsav32.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\uTorrent\uTorrent.exe D:\Documents and Settings\Konrad\Pulpit\RSIT.exe D:\Program Files\Trend Micro\HijackThis\Konrad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - D:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\Netia\Bezpieczny Internet\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\Netia\Bezpieczny Internet\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [WinZix Service] D:\Program Files\WinZix\wakeservice.exe O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Policies\Explorer\Run: [w] %SystemRoot%\WinRaR.exe O4 - HKCU\..\Policies\Explorer\Run: [wm] %SystemRoot%\winlogor.exe O4 - HKCU\..\Policies\Explorer\Run: [wl] %SystemRoot%\intent.exe O4 - HKCU\..\Policies\Explorer\Run: [mm] %SystemRoot%\sourro.exe O4 - HKCU\..\Policies\Explorer\Run: [zx] %SystemRoot%\winadr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: My_AutoWarkey_Script.lnk = D:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: OpenOffice.org 2.2.lnk = D:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: Secunia PSI (RC3).lnk = D:\Program Files\Secunia\PSI (RC3)\psi.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe O12 - Plugin for .mpeg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{02F7145B-8A62-4C61-8D26-F7853120BEC7}: NameServer = 213.241.79.37 83.238.255.76 O20 - Winlogon Notify: logdit - D:\WINDOWS\ O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\ORSP Client\fsorsp.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 7912 bytes ======Scheduled tasks folder====== D:\WINDOWS\tasks\A605C61F9176775F.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] Winamp Toolbar Loader - D:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - D:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - D:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "PCSuiteTrayApplication"=D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376] "SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2008-12-06 136600] "Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "F-Secure Manager"=D:\Program Files\Netia\Bezpieczny Internet\Common\FSM32.EXE [2008-09-23 182936] "F-Secure TNB"=D:\Program Files\Netia\Bezpieczny Internet\FSGUI\TNBUtil.exe [2008-09-23 957024] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=D:\Program Files\MSN Messenger\msnmsgr.exe /background [] "MSMSGS"=D:\Program Files\Messenger\msmsgs.exe [2004-08-03 1667584] "PcSync"=D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-06-19 1449984] "WinZix Service"=D:\Program Files\WinZix\wakeservice.exe [] "BitComet"=D:\Program Files\BitComet\BitComet.exe /tray [] "Orb"=D:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904] "DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] "Nowe Gadu-Gadu"=D:\Program Files\Nowe Gadu-Gadu\gg.exe [2008-12-22 8966760] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "w"=D:\WINDOWS\WinRaR.exe [] "wm"=D:\WINDOWS\winlogor.exe [] "wl"=D:\WINDOWS\intent.exe [] "mm"=D:\WINDOWS\sourro.exe [] "zx"=D:\WINDOWS\winadr.exe [] D:\Documents and Settings\All Users\Menu Start\Programy\Autostart Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe D:\Documents and Settings\Konrad\Menu Start\Programy\Autostart Cyber-shot Viewer Media Check Tool.lnk - D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe My_AutoWarkey_Script.lnk - D:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe OpenOffice.org 2.2.lnk - D:\Program Files\OpenOffice.org 2.2\program\quickstart.exe Secunia PSI (RC3).lnk - D:\Program Files\Secunia\PSI (RC3)\psi.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logdit] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoInstrumentation"=1 "NoStartMenuSubFolders"=1 "NoFavoritesMenu"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\Gadu-Gadu\gg.exe"="D:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "D:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="D:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)" "D:\Program Files\Steam\SteamApps\naps0n_pl\counter-strike source\hl2.exe"="D:\Program Files\Steam\SteamApps\naps0n_pl\counter-strike source\hl2.exe:*:Disabled:hl2" "D:\Program Files\BitComet\BitComet.exe"="D:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule" "D:\Documents and Settings\Konrad\Pulpit\wtv\wtvClient.exe"="D:\Documents and Settings\Konrad\Pulpit\wtv\wtvClient.exe:*:Enabled:wtvClient" "D:\Program Files\Warcraft III\Warcraft III.exe"="D:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III" "D:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe"="D:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe:*:Enabled:GG E-Sports Platform Client" "D:\Program Files\Last.fm\LastFM.exe"="D:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm" "D:\Program Files\mIRC\mirc.exe"="D:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC" "D:\Documents and Settings\Konrad\Ustawienia lokalne\Temp\PowerFootball\PowerFootball-OpenGL.exe"="D:\Documents and Settings\Konrad\Ustawienia lokalne\Temp\PowerFootball\PowerFootball-OpenGL.exe:*:Enabled:PowerFootball-OpenGL" "D:\Program Files\EA GAMES\Ultima Online Mondain's Legacy\client.exe"="D:\Program Files\EA GAMES\Ultima Online Mondain's Legacy\client.exe:*:Enabled:Ultima Online Client" "D:\Program Files\Steam\Steam.exe"="D:\Program Files\Steam\Steam.exe:*:Enabled:Steam" "D:\Program Files\Octoshape Streaming Services\Konrad\OctoshapeClient.exe"="D:\Program Files\Octoshape Streaming Services\Konrad\OctoshapeClient.exe:*:Enabled:OctoshapeClient" "D:\Program Files\Metin2_PL\metin2.bin"="D:\Program Files\Metin2_PL\metin2.bin:*:Enabled:metin2" "D:\Program Files\NAPI-PROJEKT\napisy.exe"="D:\Program Files\NAPI-PROJEKT\napisy.exe:*:Enabled:www.napiprojekt.pl" "D:\TDU\TestDriveUnlimited.exe"="D:\TDU\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited" "D:\WINDOWS\system32\dpvsetup.exe"="D:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "D:\WINDOWS\system32\rundll32.exe"="D:\WINDOWS\system32\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikację" "D:\Documents and Settings\Konrad\Pulpit\listchecker\pickup.listchecker.exe"="D:\Documents and Settings\Konrad\Pulpit\listchecker\pickup.listchecker.exe:*:Enabled:pickup.listchecker" "D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "D:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe"="D:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe:*:Enabled:Garena" "D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "D:\Program Files\Paradox Entertainment\Europa Universalis 2\EU2.exe"="D:\Program Files\Paradox Entertainment\Europa Universalis 2\EU2.exe:*:Enabled:Europa Universalis II" "D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "D:\Program Files\Winamp Remote\bin\Orb.exe"="D:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "D:\Program Files\Winamp Remote\bin\OrbTray.exe"="D:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena" "D:\Program Files\Nowe Gadu-Gadu\gg.exe"="D:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta" "D:\Program Files\PokerStrategy\PokerStrategy Elephant\PokerStrategy Elephant.exe"="D:\Program Files\PokerStrategy\PokerStrategy Elephant\PokerStrategy Elephant.exe:*:Enabled:PokerStrategy Elephant" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68fc0372-fa91-11dd-804a-00304f318351}] shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ee71749-f95d-11db-954d-00304f318351}] shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aceb4fc3-3b5b-11dc-9666-00304f318351}] shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef3bf3ee-606e-11dc-96e7-00304f318351}] shell\AutoRun\command - I:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f61df9ec-e47d-11dd-bfe8-00304f318351}] shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn ======List of files/folders created in the last 1 months====== 2009-02-19 17:29:20 ----D---- D:\rsit 2009-02-19 16:35:22 ----D---- D:\ComboFix 2009-02-19 16:35:21 ----A---- D:\WINDOWS\system32\CF27886.exe 2009-02-19 16:05:55 ----A---- D:\WINDOWS\system32\CF22116.exe 2009-02-19 15:58:03 ----A---- D:\WINDOWS\system32\CF20584.exe 2009-02-19 15:53:45 ----D---- D:\ComboFix1 2009-02-19 15:53:45 ----A---- D:\WINDOWS\system32\CF19722.exe 2009-02-19 15:31:42 ----A---- D:\WINDOWS\system32\CF15408.exe 2009-02-19 15:16:12 ----A---- D:\WINDOWS\system32\CF12371.exe 2009-02-19 15:11:58 ----A---- D:\WINDOWS\system32\CF11542.exe 2009-02-19 15:05:59 ----A---- D:\WINDOWS\system32\CF10373.exe 2009-02-19 15:03:04 ----A---- D:\WINDOWS\system32\CF9801.exe 2009-02-19 15:02:28 ----D---- D:\WINDOWS\ERDNT 2009-02-19 15:02:28 ----D---- D:\Qoobox 2009-02-19 15:02:27 ----A---- D:\WINDOWS\system32\CF9364.exe 2009-02-15 21:23:40 ----D---- D:\Poker 2009-02-12 19:29:27 ----D---- D:\Program Files\MSXML 4.0 2009-02-12 19:24:08 ----D---- D:\Program Files\Asseco Poland SA 2009-02-11 21:29:42 ----D---- D:\!KillBox 2009-02-02 18:21:05 ----D---- D:\Documents and Settings\Konrad\Dane aplikacji\F-Secure 2009-02-02 18:11:40 ----D---- D:\Program Files\Netia 2009-02-02 17:55:23 ----D---- D:\Documents and Settings\All Users\Dane aplikacji\fssg 2009-02-02 17:53:38 ----D---- D:\Documents and Settings\All Users\Dane aplikacji\f-secure ======List of files/folders modified in the last 1 months====== 2009-02-19 17:28:59 ----D---- D:\Documents and Settings\Konrad\Dane aplikacji\uTorrent 2009-02-19 16:57:54 ----D---- D:\WINDOWS\Temp 2009-02-19 16:43:50 ----D---- D:\Program Files\Mozilla Firefox 2009-02-19 16:43:10 ----D---- D:\WINDOWS\system32\CatRoot2 2009-02-19 16:42:57 ----D---- D:\WINDOWS\system32 2009-02-19 16:41:51 ----D---- D:\Program Files\Winamp Remote 2009-02-19 16:41:39 ----D---- D:\Documents and Settings\Konrad\Dane aplikacji\OpenOffice.org2 2009-02-19 15:52:19 ----D---- D:\WINDOWS 2009-02-19 15:01:10 ----D---- D:\WINDOWS\Prefetch 2009-02-19 14:46:38 ----D---- D:\Program Files 2009-02-19 14:44:42 ----SHD---- D:\WINDOWS\Installer 2009-02-19 14:42:54 ----D---- D:\Program Files\PokerStrategy 2009-02-19 14:40:32 ----D---- D:\WINDOWS\WinSxS 2009-02-19 14:00:00 ----A---- D:\WINDOWS\SchedLgU.Txt 2009-02-17 19:22:30 ----D---- D:\Program Files\Full Tilt Poker 2009-02-16 16:33:26 ----D---- D:\Downloads 2009-02-15 21:53:12 ----D---- D:\Program Files\Warkeys 2009-02-15 21:53:01 ----D---- D:\Program Files\Warcraft III 2009-02-15 21:51:40 ----HD---- D:\Program Files\InstallShield Installation Information 2009-02-11 20:45:26 ----D---- D:\WINDOWS\system32\drivers 2009-02-10 18:19:33 ----D---- D:\Program Files\PokerStars 2009-02-05 12:27:59 ----HD---- D:\WINDOWS\inf 2009-02-02 18:57:48 ----SHD---- D:\System Volume Information 2009-02-02 18:57:48 ----D---- D:\WINDOWS\system32\Restore 2009-02-02 18:13:48 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI 2009-02-01 16:17:55 ----D---- D:\WINDOWS\system32\ReinstallBackups 2009-01-30 17:53:39 ----D---- D:\Program Files\PartyGaming 2009-01-28 16:56:00 ----D---- D:\muzyka ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 DumaNT;NVIDIA Stereo Helper Service; D:\WINDOWS\System32\DRIVERS\dumant.sys [2002-11-18 399700] R1 F-Secure HIPS;F-Secure HIPS Driver; \??\D:\Program Files\Netia\Bezpieczny Internet\HIPS\drivers\fshs.sys [] R1 intelppm;Sterownik procesora Intel; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 40320] R2 windrvNT;windrvNT; \??\D:\WINDOWS\system32\windrvNT.sys [] R3 cmuda;C-Media WDM Audio Interface; D:\WINDOWS\system32\drivers\cmuda.sys [2003-05-01 743367] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\minifilter\fsgk.sys [] R3 hidusb;Sterownik Microsoft klasy HID; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-29 9600] R3 mcdbus;Driver for MagicISO SCSI Host Controller; D:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-05-27 96896] R3 mouhid;Sterownik myszy HID; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-29 12160] R3 nv;nv; D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 PSI;PSI; D:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808] R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; D:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; D:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Koncentrator z obsługą USB2; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] S3 catchme;catchme; \??\D:\DOCUME~1\Konrad\USTAWI~1\Temp\catchme.sys [] S3 cdiskdun;cdiskdun; \??\D:\DOCUME~1\Konrad\USTAWI~1\Temp\cdiskdun.sys [] S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [] S3 nm;Sterownik monitora sieci; D:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320] S3 Nokia USB Generic;Nokia USB Generic; D:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704] S3 Nokia USB Modem;Nokia USB Modem; D:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312] S3 Nokia USB Phone Parent;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488] S3 Nokia USB Port;Nokia USB Port; D:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-05-29 13312] S3 npkcrypt;npkcrypt; \??\D:\Program Files\Lineage II\system\npkcrypt.sys [] S3 SONYPVU1;Sterownik filtru USB Sony (SONYPVU1); D:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 usbprint;Klasa PRINTER USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 USBSTOR;Sterownik magazynu masowego USB; D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S4 F-Secure Filter;F-Secure File System Filter; \??\D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\Win2K\FSfilter.sys [] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\Win2K\FSrec.sys [] S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys [] S4 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-29 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsgk32st.exe [2008-09-23 215648] R2 FSMA;F-Secure Management Agent; D:\Program Files\Netia\Bezpieczny Internet\Common\FSMA32.EXE [2008-09-23 117400] R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2008-12-06 152984] R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\System32\nvsvc32.exe [2006-10-22 159810] R3 FSAUA;F-Secure Automatic Update Agent; D:\Program Files\Netia\Bezpieczny Internet\FSAUA\program\fsaua.exe [2008-09-23 490080] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; D:\Program Files\Netia\Bezpieczny Internet\FWES\Program\fsdfwd.exe [2008-09-23 510560] R3 FSORSPClient;F-Secure ORSP Client; D:\Program Files\Netia\Bezpieczny Internet\ORSP Client\fsorsp.exe [2008-09-23 55904] R3 ServiceLayer;ServiceLayer; D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080] S2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337] S2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; d:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 MSSQLServerADHelper;MSSQLServerADHelper; D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872] S3 usprserv;User Privilege Service; D:\WINDOWS\System32\svchost.exe [2004-08-03 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF-----------------

i info

Kod: Zaznacz wszystko: info.txt logfile of random's system information tool 1.05 2009-02-19 17:29:30 ======Uninstall list====== -->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F} -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB" -->"D:\Program Files\Netia\Bezpieczny Internet\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall" -->D:\Program Files\DivX\ConverterUninstall.exe /CONVERTER -->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly -->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly -->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly -->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf ACE Mega CoDecS Pack-->"D:\Program Files\ACE Mega CoDecS Pack\unins000.exe" Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 7.0 CE-->D:\WINDOWS\ISUN0415.EXE -f"D:\Program Files\Adobe\Photoshop 7.0 CE\Uninst.isu" -c"D:\Program Files\Adobe\Photoshop 7.0 CE\Uninst.dll" Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player-->D:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE D:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log ALLPlayer V2.3.1-->"D:\Program Files\MarBit\ALLPlayer\unins000.exe" BE Inspired! Matura 2008 - poziom podstawowy-->"D:\WINDOWS\BE Inspired! Matura 2008 - poziom podstawowy\uninstall.exe" "/U:D:\Program Files\BE Inspired! Matura 2008 - poziom podstawowy\Uninstall\uninstall.xml" Bezpieczny Internet-->"D:\Program Files\Netia\Bezpieczny Internet\FSGUI\PostInstall.exe" /tUnInstall CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe" Centennia Historical Atlas ver. 3.11-->"D:\Program Files\Centennia Historical Atlas v3.11\unins000.exe" C-Media 3D Audio-->D:\WINDOWS\CMIUnInstall.exe Codec 8.3a-->"D:\Program Files\Codec\Uninstall\unins000.exe" DeepBurner v1.8.0.224-->"D:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "D:\Program Files\Astonsoft\DeepBurner\install.log" DivX Content Uploader-->D:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter-->D:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player-->D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Full Tilt Poker-->"D:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly Gimnazjum klasa 1 - Geografia-->D:\WINDOWS\IsUn0415.exe -f"D:\Program Files\Gimnazjum klasa 1 - Geografia\Uninst.isu" -c"D:\Program Files\Gimnazjum klasa 1 - Geografia\UninstallProject.dll" Gimnazjum klasa 2 – Geografia-->D:\WINDOWS\IsUn0415.exe -f"D:\Program Files\Gimnazjum klasa 2 - Geografia\Uninst.isu" -c"D:\Program Files\Gimnazjum klasa 2 - Geografia\UninstallProject.dll" Gimnazjum klasa 3 - Geografia-->D:\WINDOWS\IsUn0415.exe -f"D:\Program Files\Gimnazjum klasa 3 - Geografia\Uninst.isu" -c"D:\Program Files\Gimnazjum klasa 3 - Geografia\UninstallProject.dll" HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Indeo® Software-->D:\WINDOWS\IsUninst.exe -f"D:\Program Files\Ligos\Indeo\Uninst.isu" -c"D:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll" Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} MansionPoker-->"D:\Poker\MansionPoker\_SetupPoker.exe" /uninstall Matura 2008 - część 1-->C:\matura20081\_uninstall\uninstall.exe Matura_testy_2007 1.0-->D:\Program Files\Matura_testy_2007\uninst.exe Medal of Honor Allied Assault-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9 Microsoft .NET Framework 2.0 Language Pack - DEU-->D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe Microsoft .NET Framework 2.0-->D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft .NET Framework 3.0-->d:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003} Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0.6)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} NAPIPROJEKT 1.0.6.1-->"D:\Program Files\NAPI-PROJEKT\unins000.exe" Nokia Connectivity Cable Driver-->MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3} Nokia PC Connectivity Solution-->MsiExec.exe /I{9F2BDC61-4D2D-47C0-BCB6-7D43D0EA7948} Nokia PC Suite-->MsiExec.exe /I{79880ACC-B5AB-486A-B95D-03F55DF3F9C6} Nowe Gadu-Gadu-->D:\Program Files\Nowe Gadu-Gadu\Uninstall.exe NVIDIA Drivers-->D:\WINDOWS\System32\nvudisp.exe UninstallGUI NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 D:\WINDOWS\INF\nvstereo.inf OpenOffice.org 2.2-->MsiExec.exe /I{30C399C5-21B3-499E-9589-4852FE72D91D} PartyPoker-->"D:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "D:\Program Files\PartyGaming\PartyPoker\install.log" Płatnik 7.03.001-->D:\Program Files\InstallShield Installation Information\{05381030-963D-4779-BECA-0D7D49268EDB}\setup.exe -runfromtemp -l0x0015 -removeonly PokerStars-->"D:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars Real Alternative 1.8.4-->"D:\Program Files\Real Alternative\unins000.exe" Secunia PSI (RC3)-->"D:\Program Files\Secunia\PSI (RC3)\uninstall.exe" Skaner on-line mks_vir-->D:\WINDOWS\system32\SkanerOnlineUninstall.exe Sony Picture Utility-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly Sony USB Driver-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL SuperMemo Historia-->D:\WINDOWS\IsUn0415.exe -f"D:\SuperMemo Historia\Uninst.isu" Testy gimnazjalne 2009 1.0-->D:\Program Files\Gazeta Wyborcza\Testy gimnazjalne 2009\Uninst.exe Testy maturalne - Historia (wersja demonstracyjna)-->D:\Program Files\AidemMedia\Demo\TestHistoria\SXUNINST.EXE Testy maturalne 2009 1.0-->D:\Program Files\Gazeta Wyborcza\ms2009\Uninst.exe Winamp Remote-->"D:\Program Files\Winamp Remote\uninstall.exe" Winamp Toolbar for Firefox-->"D:\Documents and Settings\Konrad\Dane aplikacji\Mozilla\Firefox\Profiles\eil9yvew.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe" Winamp Toolbar for Internet Explorer-->"D:\Program Files\Winamp Toolbar\uninstall.exe" Winamp-->"D:\Program Files\Winamp\UninstWA.exe" Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->D:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u D:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf Windows Imaging Component-->"D:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"D:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Media Player 10-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Windows XP Service Pack 2-->D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe =====HijackThis Backups===== O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\PartyGaming\PartyPoker\RunApp.exe O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] D:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe Hosts File Missing System event log Computer Name: KONRAD-8KDULD6U Event Code: 6005 Message: Uruchomiono usługę Dziennik zdarzeń. Record Number: 39019 Source Name: EventLog Time Written: 20090201202331.000000+060 Event Type: informacje User: Computer Name: KONRAD-8KDULD6U Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Dodatek Service Pack 2 Multiprocessor Free. Record Number: 39018 Source Name: EventLog Time Written: 20090201202331.000000+060 Event Type: informacje User: Computer Name: KONRAD-8KDULD6U Event Code: 6006 Message: Zatrzymano usługę Dziennik zdarzeń. Record Number: 39017 Source Name: EventLog Time Written: 20090201202231.000000+060 Event Type: informacje User: Computer Name: KONRAD-8KDULD6U Event Code: 20159 Message: Połączenie z Połączenie szerokopasmowe ustanowione przez użytkownika acrtyydp@enetia.pl za pomocą urządzenia PPPoE6-0 zostało rozłączone. Record Number: 39016 Source Name: RemoteAccess Time Written: 20090201202229.000000+060 Event Type: informacje User: Computer Name: KONRAD-8KDULD6U Event Code: 7035 Message: Do usługi GarenaPEngine został pomyślnie wysłany kod sterowania uruchom. Record Number: 39015 Source Name: Service Control Manager Time Written: 20090201201925.000000+060 Event Type: informacje User: KONRAD-8KDULD6U\Konrad Application event log Computer Name: KONRAD-8KDULD6U Event Code: 101 Message: wuauclt (1332) Aparat bazy danych został zatrzymany. Record Number: 3734 Source Name: ESENT Time Written: 20081207121039.000000+060 Event Type: informacje User: Computer Name: KONRAD-8KDULD6U Event Code: 103 Message: wuaueng.dll (1332) SUS20ClientDataStore: Aparat bazy danych zatrzymał wystąpienie (0). Record Number: 3733 Source Name: ESENT Time Written: 20081207121039.000000+060 Event Type: informacje User: Computer Name: KONRAD-8KDULD6U Event Code: 102 Message: wuaueng.dll (1332) SUS20ClientDataStore: Aparat bazy danych uruchomił nowe wystąpienie (0). Record Number: 3732 Source Name: ESENT Time Written: 20081207120515.000000+060 Event Type: informacje User: Computer Name: KONRAD-8KDULD6U Event Code: 100 Message: wuauclt (1332) Aparat bazy danych 5.01.2600.2180 został uruchomiony. Record Number: 3731 Source Name: ESENT Time Written: 20081207120515.000000+060 Event Type: informacje User: Computer Name: KONRAD-8KDULD6U Event Code: 101 Message: wuauclt (3440) Aparat bazy danych został zatrzymany. Record Number: 3730 Source Name: ESENT Time Written: 20081207110810.000000+060 Event Type: informacje User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\Microsoft SQL Server\80\Tools\Binn\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0209 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF-----------------

**Posty:** 18165 · przez **wojtas** 19 Lut 2009, 18:36

skasuj:

O4 - HKCU\..\Policies\Explorer\Run: [w] %SystemRoot%\WinRaR.exe
O4 - HKCU\..\Policies\Explorer\Run: [wm] %SystemRoot%\winlogor.exe
O4 - HKCU\..\Policies\Explorer\Run: [wl] %SystemRoot%\intent.exe
O4 - HKCU\..\Policies\Explorer\Run: [mm] %SystemRoot%\sourro.exe
O4 - HKCU\..\Policies\Explorer\Run: [zx] %SystemRoot%\winadr.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe

**Posty:** 12 · przez **MrAkad** 19 Lut 2009, 18:38

Już. Czy to już wszystko ?

**Posty:** 18165 · przez **wojtas** 19 Lut 2009, 18:42

daj nowego loga z rsita.. a grasz w pokera czy cos na kompie ?

**Posty:** 12 · przez **MrAkad** 19 Lut 2009, 18:44

Tak gram.

i log

Kod: Zaznacz wszystko: Logfile of random's system information tool 1.05 (written by random/random) Run by Konrad at 2009-02-19 17:43:32 Microsoft Windows XP Professional Dodatek Service Pack 2 System drive D: has 15 GB (21%) free of 69 GB Total RAM: 511 MB (27% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:43:40, on 2009-02-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Java\jre6\bin\jusched.exe D:\Program Files\Netia\Bezpieczny Internet\Common\FSM32.EXE D:\Program Files\Messenger\msmsgs.exe D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe D:\Program Files\Winamp Remote\bin\OrbTray.exe D:\Program Files\Nowe Gadu-Gadu\gg.exe D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe D:\Program Files\Winamp Remote\bin\Orb.exe D:\Program Files\MagicDisc\MagicDisc.exe D:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe D:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe D:\Program Files\Secunia\PSI (RC3)\psi.exe D:\Program Files\OpenOffice.org 2.2\program\soffice.exe D:\Program Files\OpenOffice.org 2.2\program\soffice.BIN D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsgk32st.exe D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\FSGK32.EXE D:\Program Files\Netia\Bezpieczny Internet\Common\FSMA32.EXE D:\Program Files\Netia\Bezpieczny Internet\Common\FSMB32.EXE D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Netia\Bezpieczny Internet\Common\FCH32.EXE D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsqh.exe D:\Program Files\Netia\Bezpieczny Internet\Common\FAMEH32.EXE D:\Program Files\Netia\Bezpieczny Internet\FSGUI\fsguidll.exe D:\WINDOWS\System32\nvsvc32.exe D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe D:\Program Files\Netia\Bezpieczny Internet\FWES\Program\fsdfwd.exe D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fssm32.exe D:\Program Files\Netia\Bezpieczny Internet\FSAUA\program\fsaua.exe D:\Program Files\Netia\Bezpieczny Internet\FSAUA\program\fsus.exe D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsav32.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\uTorrent\uTorrent.exe D:\Documents and Settings\Konrad\Pulpit\RSIT.exe D:\Program Files\Trend Micro\HijackThis\Konrad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - D:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\Netia\Bezpieczny Internet\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\Netia\Bezpieczny Internet\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [WinZix Service] D:\Program Files\WinZix\wakeservice.exe O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray O4 - HKCU\..\Run: [Orb] "D:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: My_AutoWarkey_Script.lnk = D:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: OpenOffice.org 2.2.lnk = D:\Program Files\OpenOffice.org 2.2\program\quickstart.exe O4 - Startup: Secunia PSI (RC3).lnk = D:\Program Files\Secunia\PSI (RC3)\psi.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Winamp Search - D:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O12 - Plugin for .mpeg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{02F7145B-8A62-4C61-8D26-F7853120BEC7}: NameServer = 213.241.79.37 83.238.255.76 O20 - Winlogon Notify: logdit - D:\WINDOWS\ O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - D:\Program Files\Netia\Bezpieczny Internet\ORSP Client\fsorsp.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 7458 bytes ======Scheduled tasks folder====== D:\WINDOWS\tasks\A605C61F9176775F.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] Winamp Toolbar Loader - D:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - D:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - D:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "PCSuiteTrayApplication"=D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376] "SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2008-12-06 136600] "Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "F-Secure Manager"=D:\Program Files\Netia\Bezpieczny Internet\Common\FSM32.EXE [2008-09-23 182936] "F-Secure TNB"=D:\Program Files\Netia\Bezpieczny Internet\FSGUI\TNBUtil.exe [2008-09-23 957024] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=D:\Program Files\MSN Messenger\msnmsgr.exe /background [] "MSMSGS"=D:\Program Files\Messenger\msmsgs.exe [2004-08-03 1667584] "PcSync"=D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-06-19 1449984] "WinZix Service"=D:\Program Files\WinZix\wakeservice.exe [] "BitComet"=D:\Program Files\BitComet\BitComet.exe /tray [] "Orb"=D:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904] "DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] "Nowe Gadu-Gadu"=D:\Program Files\Nowe Gadu-Gadu\gg.exe [2008-12-22 8966760] D:\Documents and Settings\All Users\Menu Start\Programy\Autostart Adobe Gamma Loader.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe D:\Documents and Settings\Konrad\Menu Start\Programy\Autostart Cyber-shot Viewer Media Check Tool.lnk - D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe My_AutoWarkey_Script.lnk - D:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe OpenOffice.org 2.2.lnk - D:\Program Files\OpenOffice.org 2.2\program\quickstart.exe Secunia PSI (RC3).lnk - D:\Program Files\Secunia\PSI (RC3)\psi.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logdit] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoInstrumentation"=1 "NoStartMenuSubFolders"=1 "NoFavoritesMenu"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\Gadu-Gadu\gg.exe"="D:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program główny" "D:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="D:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)" "D:\Program Files\Steam\SteamApps\naps0n_pl\counter-strike source\hl2.exe"="D:\Program Files\Steam\SteamApps\naps0n_pl\counter-strike source\hl2.exe:*:Disabled:hl2" "D:\Program Files\BitComet\BitComet.exe"="D:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule" "D:\Documents and Settings\Konrad\Pulpit\wtv\wtvClient.exe"="D:\Documents and Settings\Konrad\Pulpit\wtv\wtvClient.exe:*:Enabled:wtvClient" "D:\Program Files\Warcraft III\Warcraft III.exe"="D:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III" "D:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe"="D:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe:*:Enabled:GG E-Sports Platform Client" "D:\Program Files\Last.fm\LastFM.exe"="D:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm" "D:\Program Files\mIRC\mirc.exe"="D:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC" "D:\Documents and Settings\Konrad\Ustawienia lokalne\Temp\PowerFootball\PowerFootball-OpenGL.exe"="D:\Documents and Settings\Konrad\Ustawienia lokalne\Temp\PowerFootball\PowerFootball-OpenGL.exe:*:Enabled:PowerFootball-OpenGL" "D:\Program Files\EA GAMES\Ultima Online Mondain's Legacy\client.exe"="D:\Program Files\EA GAMES\Ultima Online Mondain's Legacy\client.exe:*:Enabled:Ultima Online Client" "D:\Program Files\Steam\Steam.exe"="D:\Program Files\Steam\Steam.exe:*:Enabled:Steam" "D:\Program Files\Octoshape Streaming Services\Konrad\OctoshapeClient.exe"="D:\Program Files\Octoshape Streaming Services\Konrad\OctoshapeClient.exe:*:Enabled:OctoshapeClient" "D:\Program Files\Metin2_PL\metin2.bin"="D:\Program Files\Metin2_PL\metin2.bin:*:Enabled:metin2" "D:\Program Files\NAPI-PROJEKT\napisy.exe"="D:\Program Files\NAPI-PROJEKT\napisy.exe:*:Enabled:www.napiprojekt.pl" "D:\TDU\TestDriveUnlimited.exe"="D:\TDU\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited" "D:\WINDOWS\system32\dpvsetup.exe"="D:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "D:\WINDOWS\system32\rundll32.exe"="D:\WINDOWS\system32\rundll32.exe:*:Enabled:Uruchamia plik DLL jako aplikację" "D:\Documents and Settings\Konrad\Pulpit\listchecker\pickup.listchecker.exe"="D:\Documents and Settings\Konrad\Pulpit\listchecker\pickup.listchecker.exe:*:Enabled:pickup.listchecker" "D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "D:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe"="D:\Program Files\Ocean Technology\GG E-Sports Platform\Garena.exe:*:Enabled:Garena" "D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "D:\Program Files\Paradox Entertainment\Europa Universalis 2\EU2.exe"="D:\Program Files\Paradox Entertainment\Europa Universalis 2\EU2.exe:*:Enabled:Europa Universalis II" "D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "D:\Program Files\Winamp Remote\bin\Orb.exe"="D:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "D:\Program Files\Winamp Remote\bin\OrbTray.exe"="D:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena" "D:\Program Files\Nowe Gadu-Gadu\gg.exe"="D:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu beta" "D:\Program Files\PokerStrategy\PokerStrategy Elephant\PokerStrategy Elephant.exe"="D:\Program Files\PokerStrategy\PokerStrategy Elephant\PokerStrategy Elephant.exe:*:Enabled:PokerStrategy Elephant" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68fc0372-fa91-11dd-804a-00304f318351}] shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ee71749-f95d-11db-954d-00304f318351}] shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aceb4fc3-3b5b-11dc-9666-00304f318351}] shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef3bf3ee-606e-11dc-96e7-00304f318351}] shell\AutoRun\command - I:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f61df9ec-e47d-11dd-bfe8-00304f318351}] shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn ======List of files/folders created in the last 1 months====== 2009-02-19 17:29:20 ----D---- D:\rsit 2009-02-19 16:35:21 ----A---- D:\WINDOWS\system32\CF27886.exe 2009-02-19 16:05:55 ----A---- D:\WINDOWS\system32\CF22116.exe 2009-02-19 15:58:03 ----A---- D:\WINDOWS\system32\CF20584.exe 2009-02-19 15:53:45 ----D---- D:\ComboFix1 2009-02-19 15:53:45 ----A---- D:\WINDOWS\system32\CF19722.exe 2009-02-19 15:31:42 ----A---- D:\WINDOWS\system32\CF15408.exe 2009-02-19 15:16:12 ----A---- D:\WINDOWS\system32\CF12371.exe 2009-02-19 15:11:58 ----A---- D:\WINDOWS\system32\CF11542.exe 2009-02-19 15:05:59 ----A---- D:\WINDOWS\system32\CF10373.exe 2009-02-19 15:03:04 ----A---- D:\WINDOWS\system32\CF9801.exe 2009-02-19 15:02:28 ----D---- D:\WINDOWS\ERDNT 2009-02-19 15:02:28 ----D---- D:\Qoobox 2009-02-19 15:02:27 ----A---- D:\WINDOWS\system32\CF9364.exe 2009-02-15 21:23:40 ----D---- D:\Poker 2009-02-12 19:29:27 ----D---- D:\Program Files\MSXML 4.0 2009-02-12 19:24:08 ----D---- D:\Program Files\Asseco Poland SA 2009-02-11 21:29:42 ----D---- D:\!KillBox 2009-02-02 18:21:05 ----D---- D:\Documents and Settings\Konrad\Dane aplikacji\F-Secure 2009-02-02 18:11:40 ----D---- D:\Program Files\Netia 2009-02-02 17:55:23 ----D---- D:\Documents and Settings\All Users\Dane aplikacji\fssg 2009-02-02 17:53:38 ----D---- D:\Documents and Settings\All Users\Dane aplikacji\f-secure ======List of files/folders modified in the last 1 months====== 2009-02-19 17:43:11 ----D---- D:\Documents and Settings\Konrad\Dane aplikacji\uTorrent 2009-02-19 16:57:54 ----D---- D:\WINDOWS\Temp 2009-02-19 16:43:50 ----D---- D:\Program Files\Mozilla Firefox 2009-02-19 16:43:10 ----D---- D:\WINDOWS\system32\CatRoot2 2009-02-19 16:42:57 ----D---- D:\WINDOWS\system32 2009-02-19 16:41:51 ----D---- D:\Program Files\Winamp Remote 2009-02-19 16:41:39 ----D---- D:\Documents and Settings\Konrad\Dane aplikacji\OpenOffice.org2 2009-02-19 15:52:19 ----D---- D:\WINDOWS 2009-02-19 15:01:10 ----D---- D:\WINDOWS\Prefetch 2009-02-19 14:46:38 ----D---- D:\Program Files 2009-02-19 14:44:42 ----SHD---- D:\WINDOWS\Installer 2009-02-19 14:42:54 ----D---- D:\Program Files\PokerStrategy 2009-02-19 14:40:32 ----D---- D:\WINDOWS\WinSxS 2009-02-19 14:00:00 ----A---- D:\WINDOWS\SchedLgU.Txt 2009-02-17 19:22:30 ----D---- D:\Program Files\Full Tilt Poker 2009-02-16 16:33:26 ----D---- D:\Downloads 2009-02-15 21:53:12 ----D---- D:\Program Files\Warkeys 2009-02-15 21:53:01 ----D---- D:\Program Files\Warcraft III 2009-02-15 21:51:40 ----HD---- D:\Program Files\InstallShield Installation Information 2009-02-11 20:45:26 ----D---- D:\WINDOWS\system32\drivers 2009-02-10 18:19:33 ----D---- D:\Program Files\PokerStars 2009-02-05 12:27:59 ----HD---- D:\WINDOWS\inf 2009-02-02 18:57:48 ----SHD---- D:\System Volume Information 2009-02-02 18:57:48 ----D---- D:\WINDOWS\system32\Restore 2009-02-02 18:13:48 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI 2009-02-01 16:17:55 ----D---- D:\WINDOWS\system32\ReinstallBackups 2009-01-30 17:53:39 ----D---- D:\Program Files\PartyGaming 2009-01-28 16:56:00 ----D---- D:\muzyka ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 DumaNT;NVIDIA Stereo Helper Service; D:\WINDOWS\System32\DRIVERS\dumant.sys [2002-11-18 399700] R1 F-Secure HIPS;F-Secure HIPS Driver; \??\D:\Program Files\Netia\Bezpieczny Internet\HIPS\drivers\fshs.sys [] R1 intelppm;Sterownik procesora Intel; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 40320] R2 windrvNT;windrvNT; \??\D:\WINDOWS\system32\windrvNT.sys [] R3 cmuda;C-Media WDM Audio Interface; D:\WINDOWS\system32\drivers\cmuda.sys [2003-05-01 743367] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\minifilter\fsgk.sys [] R3 hidusb;Sterownik Microsoft klasy HID; D:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-29 9600] R3 mcdbus;Driver for MagicISO SCSI Host Controller; D:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-05-27 96896] R3 mouhid;Sterownik myszy HID; D:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-29 12160] R3 nv;nv; D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 PSI;PSI; D:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-06-16 7808] R3 rtl8139;Sterownik NT karty Realtek RTL8139(A/B/C)-based PCI Fast Ethernet; D:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; D:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Koncentrator z obsługą USB2; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] S3 catchme;catchme; \??\D:\DOCUME~1\Konrad\USTAWI~1\Temp\catchme.sys [] S3 cdiskdun;cdiskdun; \??\D:\DOCUME~1\Konrad\USTAWI~1\Temp\cdiskdun.sys [] S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [] S3 nm;Sterownik monitora sieci; D:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320] S3 Nokia USB Generic;Nokia USB Generic; D:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704] S3 Nokia USB Modem;Nokia USB Modem; D:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312] S3 Nokia USB Phone Parent;Nokia USB Phone Parent; D:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488] S3 Nokia USB Port;Nokia USB Port; D:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-05-29 13312] S3 npkcrypt;npkcrypt; \??\D:\Program Files\Lineage II\system\npkcrypt.sys [] S3 SONYPVU1;Sterownik filtru USB Sony (SONYPVU1); D:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 usbprint;Klasa PRINTER USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 USBSTOR;Sterownik magazynu masowego USB; D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S4 F-Secure Filter;F-Secure File System Filter; \??\D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\Win2K\FSfilter.sys [] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\Win2K\FSrec.sys [] S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys [] S4 WS2IFSL;Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-29 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; D:\Program Files\Netia\Bezpieczny Internet\Anti-Virus\fsgk32st.exe [2008-09-23 215648] R2 FSMA;F-Secure Management Agent; D:\Program Files\Netia\Bezpieczny Internet\Common\FSMA32.EXE [2008-09-23 117400] R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2008-12-06 152984] R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\System32\nvsvc32.exe [2006-10-22 159810] R3 FSAUA;F-Secure Automatic Update Agent; D:\Program Files\Netia\Bezpieczny Internet\FSAUA\program\fsaua.exe [2008-09-23 490080] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; D:\Program Files\Netia\Bezpieczny Internet\FWES\Program\fsdfwd.exe [2008-09-23 510560] R3 FSORSPClient;F-Secure ORSP Client; D:\Program Files\Netia\Bezpieczny Internet\ORSP Client\fsorsp.exe [2008-09-23 55904] R3 ServiceLayer;ServiceLayer; D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080] S2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337] S2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; d:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 MSSQLServerADHelper;MSSQLServerADHelper; D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872] S3 usprserv;User Privilege Service; D:\WINDOWS\System32\svchost.exe [2004-08-03 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF-----------------

**Posty:** 18165 · przez **wojtas** 19 Lut 2009, 20:59

skasuj:

O20 - Winlogon Notify: logdit - D:\WINDOWS\

potem ten plik:

D:\WINDOWS\tasks\A605C61F9176775F.job

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

**Posty:** 12 · przez **MrAkad** 19 Lut 2009, 23:26

Do punktu 5 włącznie wszystko bez problemów. Kaspersky nie włącza mi się przez IE wcześniej winamp remote mi przekierowywał jak wyrzuciłem go to wogóle mi się strona nie włącza a do FixIEDef żaden link mi nie działa każda strona z mirrorem na jaką próbuję wejść poprostu nie działa

**Posty:** 18165 · przez **wojtas** 20 Lut 2009, 00:44

a moze na mozilli ?? a jak nie to przeskanuj ktoryms z tych:

skanery-on-line-vt95247.html

**Posty:** 12 · przez **MrAkad** 20 Lut 2009, 14:16

Dziwne ale żadna z tych stron ze skanerami online nie chce mi się włączyć

**Posty:** 18165 · przez **wojtas** 20 Lut 2009, 16:13

a na roznych przegladarkach ? sprobuj

a jak nie to jeszcze raz nowy log z combofixa

Kto jest na forum