Ratujcie...! Dołączam log z HiJacka, SilentRunners i RSIT.
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:33:16, on 2009-09-13
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
D:\Programy\Avast\ashDisp.exe
D:\Programy\Winamp\winampa.exe
C:\Program Files\Vtune\TBPANEL.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
D:\Programy\Java\bin\jusched.exe
D:\Programy\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Planet WL-U350\WlanMonitor.exe
C:\Windows\system32\taskeng.exe
D:\Programy\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Windows\system32\conime.exe
D:\Programy\Spybot - Search & Destroy\SpybotSD.exe
D:\Programy\Avast\ashSimpl.exe
D:\Programy\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Norbert.exe
D:\Programy\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] D:\Programy\Avast\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programy\Java\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Programy\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Configuration & Monitor Utility.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast\ashWebSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Programy\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: sofatnet Service (sofatnet) - Sigma Designs In - C:\Windows\system32\sofatnet.exe
--
End of file - 4075 bytes
- Kod: Zaznacz wszystko
"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu-Gadu" = ""D:\Programy\Gadu-Gadu\gg.exe" /tray" [file not found]
"Nowe Gadu-Gadu" = ""D:\Programy\Nowe Gadu-Gadu\gg.exe"" ["GG Network S.A."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Windows Defender" = "C:\Program Files\Windows Defender\MSASCui.exe -hide"
"avast!" = "D:\Programy\Avast\ashDisp.exe" ["ALWIL Software"]
"WinampAgent" = "D:\Programy\Winamp\winampa.exe" [null data]
"TBPanel" = "C:\Program Files\Vtune\TBPanel.exe /A" [null data]
"NvSvc" = "RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS]
"NvCplDaemon" = "RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"SunJavaUpdateSched" = ""D:\Programy\Java\bin\jusched.exe"" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In SSV Helper"
\InProcServer32\(Default) = "D:\Programy\Java\bin\ssv.dll" ["Sun Microsystems, Inc."]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "D:\Programy\Java\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Programy\Avast\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" ["Alexander Roshal"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"aswBoot.exe /A:"C:\Program Files;C:\ProgramData;C:\Windows" /L:"English" /KBD:2" ["ALWIL Software"]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Programy\Avast\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" ["Alexander Roshal"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Programy\Avast\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" ["Alexander Roshal"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
"EnableLUA" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
"EnableVirtualization" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Windows\system32\config\systemprofile\Pictures\LewJudy.jpg"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Users\Norbert\Pictures\LewJudy.jpg"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\Windows\system32\AvastSS.scr" ["ALWIL Software"]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""D:\Kodeki\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["mpc-hc@Sourceforge"]
MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""D:\Kodeki\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["mpc-hc@Sourceforge"]
MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""D:\Kodeki\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"]
MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""D:\Kodeki\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"]
VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = ""D:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1" ["the VideoLAN Team"]
VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = ""D:\Programy\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1" ["the VideoLAN Team"]
WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "D:\Programy\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""D:\Programy\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = ""D:\Programy\Winamp\winamp.exe"" ["Nullsoft"]
Startup items in "Norbert" & "All Users" startup folders:
---------------------------------------------------------
C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"Configuration & Monitor Utility" -> shortcut to: "C:\Program Files\Planet WL-U350\WlanMonitor.exe" ["ATMEL"]
Non-disabled Scheduled Tasks:
-----------------------------
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
"UserTask-Roam" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"
-> {HKLM...CLSID} = "Certificate Services Client Task Handler"
\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]
"OptinNotification" -> launches: "%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c -i" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
"Microsoft-Windows-DiskDiagnosticDataCollector" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]
"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0) -gc" [MS]
"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]
"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery" [MS]
"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"
-> {HKLM...CLSID} = "HotStart User Agent"
\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]
"TMM" -> launches: "{35EF4182-F900-4632-B072-8639E4478A61}"
-> {HKLM...CLSID} = "Transient Multi-Monitor Manager"
\InProcServer32\(Default) = "C:\Windows\System32\TMM.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"
-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"
\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
"NAPStatus UI" -> launches: "{f09878a1-4652-4292-aa63-8c7d4fd7648f}"
-> {HKLM...CLSID} = "Nap ITask Handler Implementation"
\InProcServer32\(Default) = "C:\Windows\System32\QAgent.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
"ConvertLogEntries" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
"RACAgent" -> (HIDDEN!) launches: "%windir%\system32\RacAgent.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Shell
"CrawlStartPages" -> launches: "{51653423-e62d-4ff7-894a-dabb2b8e21e2}"
-> {HKLM...CLSID} = "CrawlStartPages Task Handler"
\InProcServer32\(Default) = "C:\Windows\System32\srchadmin.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"
-> {HKLM...CLSID} = "GadgetsManager Class"
\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
"IpAddressConflict1" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]
"IpAddressConflict2" -> launches: "rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"
-> {HKLM...CLSID} = "MsCtfMonitor task handler"
\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"
-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"
\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Wired
"GatherWiredInfo" -> launches: "%windir%\system32\gatherWiredInfo.vbs" [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
"GatherWirelessInfo" -> launches: "%windir%\system32\gatherWirelessInfo.vbs" [null data]
C:\Windows\System32\Tasks\Microsoft\Windows Defender
"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]
000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 18
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Autokonfiguracja sieci WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}
avast! Antivirus, avast! Antivirus, ""D:\Programy\Avast\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Programy\Avast\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Programy\Avast\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Programy\Avast\ashWebSv.exe" /service" ["ALWIL Software"]
EvdoServer, EvdoServer, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\system32\EvdoServer.dll" ["X-Ways Software Technology"]}
Izolacja klucza CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS]
Protokół uwierzytelniania rozszerzonego (EAP), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}
SBSD Security Center Service, SBSDWSCService, "D:\Programy\Spybot - Search & Destroy\SDWinSec.exe" ["Safer Networking Ltd."]
sofatnet Service, sofatnet, "C:\Windows\system32\sofatnet.exe" ["Sigma Designs Inc"]
Windows Driver Foundation — User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}
Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}
---------- (launch time: 2009-09-13 09:31:54)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 30 seconds, including 5 seconds for message boxes)
- Kod: Zaznacz wszystko
Logfile of random's system information tool 1.06 (written by random/random)
Run by Norbert at 2009-09-13 09:33:43
Microsoft® Windows Vista™ Home Premium
System drive C: has 85 GB (85%) free of 100 GB
Total RAM: 2047 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:33:45, on 2009-09-13
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
D:\Programy\Avast\ashDisp.exe
D:\Programy\Winamp\winampa.exe
C:\Program Files\Vtune\TBPANEL.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
D:\Programy\Java\bin\jusched.exe
D:\Programy\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Planet WL-U350\WlanMonitor.exe
C:\Windows\system32\taskeng.exe
D:\Programy\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Windows\system32\conime.exe
D:\Programy\Spybot - Search & Destroy\SpybotSD.exe
D:\Programy\Avast\ashSimpl.exe
D:\Programy\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Norbert.exe
C:\Windows\System32\WScript.exe
D:\Programy\RSIT.exe
D:\Programy\HijackThis\Norbert.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programy\Java\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programy\Java\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] D:\Programy\Avast\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programy\Java\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "D:\Programy\Nowe Gadu-Gadu\gg.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Configuration & Monitor Utility.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast\ashWebSv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Programy\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: sofatnet Service (sofatnet) - Sigma Designs In - C:\Windows\system32\sofatnet.exe
--
End of file - 4094 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Programy\Java\bin\ssv.dll [2009-09-10 321312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Programy\Java\bin\jp2ssv.dll [2009-09-10 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-02 1004136]
"avast!"=D:\Programy\Avast\ashDisp.exe [2009-08-17 81000]
"WinampAgent"=D:\Programy\Winamp\winampa.exe [2009-07-01 58368]
"TBPanel"=C:\Program Files\Vtune\TBPanel.exe [2008-01-29 2170880]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2008-01-08 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-01-08 8530464]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-01-08 81920]
"SunJavaUpdateSched"=D:\Programy\Java\bin\jusched.exe [2009-09-10 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"=D:\Programy\Gadu-Gadu\gg.exe /tray []
"Nowe Gadu-Gadu"=D:\Programy\Nowe Gadu-Gadu\gg.exe [2009-09-12 11391592]
C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Configuration & Monitor Utility.lnk - C:\Program Files\Planet WL-U350\WlanMonitor.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\system32\winlogon.exe"="C:\Windows\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{836621e5-9dfe-11de-beed-806e6f6e6963}]
shell\AutoRun\command - F:\Nvsetup.exe
======List of files/folders created in the last 1 months======
2013-09-08 13:18:42 ----A---- C:\Windows\system32\W32N50.dll
2009-09-13 09:32:08 ----D---- C:\rsit
2009-09-13 09:32:08 ----D---- C:\Program Files\trend micro
2009-09-12 11:47:14 ----D---- C:\ProgramData\OpenFM
2009-09-12 11:47:13 ----D---- C:\Users\Norbert\AppData\Roaming\OpenFM
2009-09-12 11:43:15 ----D---- C:\Users\Norbert\AppData\Roaming\Nowe Gadu-Gadu
2009-09-11 13:23:57 ----D---- C:\Users\Norbert\AppData\Roaming\WinRAR
2009-09-11 13:21:46 ----A---- C:\Windows\WORDPAD.INI
2009-09-10 20:57:07 ----AD---- C:\ProgramData\TEMP
2009-09-10 20:31:35 ----A---- C:\Windows\system32\ztvunrar36.dll
2009-09-10 20:31:35 ----A---- C:\Windows\system32\ztvunace26.dll
2009-09-10 20:31:35 ----A---- C:\Windows\system32\ztvcabinet.dll
2009-09-10 20:31:35 ----A---- C:\Windows\system32\unrar3.dll
2009-09-10 20:31:35 ----A---- C:\Windows\system32\unacev2.dll
2009-09-10 20:10:41 ----A---- C:\Windows\system32\javaws.exe
2009-09-10 20:10:41 ----A---- C:\Windows\system32\javaw.exe
2009-09-10 20:10:41 ----A---- C:\Windows\system32\java.exe
2009-09-10 20:10:41 ----A---- C:\Windows\system32\deploytk.dll
2009-09-10 15:24:57 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-09-10 15:05:46 ----D---- C:\ProgramData\NVIDIA
2009-09-10 15:03:49 ----A---- C:\Windows\system32\nvexpbar.dll
2009-09-10 15:03:49 ----A---- C:\Windows\system32\nvcpluir.dll
2009-09-10 15:03:49 ----A---- C:\Windows\system32\nvcplui.exe
2009-09-10 15:03:25 ----A---- C:\Windows\system32\NVUNINST.EXE
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvwssr.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvwss.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvwgf2um.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvvitvsr.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvvitvs.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvudisp.exe
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvsvc.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvoglv32.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmoblsr.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmobls.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmctray.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmccssr.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmccss.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmccsrs.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvmccs.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvgamesr.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvgames.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvdispsr.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvdisps.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvd3dum.dll
2009-09-10 15:03:18 ----A---- C:\Windows\system32\nvcolor.exe
2009-09-10 15:03:18 ----A---- C:\Windows\system32\dpinst.exe
2009-09-10 15:03:17 ----A---- C:\Windows\system32\nvcpl.dll
2009-09-10 15:03:17 ----A---- C:\Windows\system32\nvcod100.dll
2009-09-10 15:03:17 ----A---- C:\Windows\system32\nvcod.dll
2009-09-10 15:03:17 ----A---- C:\Windows\system32\nvapi.dll
2009-09-10 15:00:15 ----A---- C:\Windows\ntbtlog.txt
2009-09-10 14:51:24 ----A---- C:\Windows\DFC.INI
2009-09-10 14:45:43 ----D---- C:\Users\Norbert\AppData\Roaming\Gadu-Gadu
2009-09-10 14:39:06 ----A---- C:\Windows\system32\xactengine2_10.dll
2009-09-10 14:39:06 ----A---- C:\Windows\system32\d3dx10_36.dll
2009-09-10 14:39:06 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2009-09-10 14:39:05 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-09-10 14:39:05 ----A---- C:\Windows\system32\d3dx9_36.dll
2009-09-10 14:39:05 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-09-10 14:39:05 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-09-10 14:39:04 ----A---- C:\Windows\system32\xinput1_3.dll
2009-09-10 14:39:04 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-09-10 14:39:04 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2009-09-10 14:39:04 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-09-10 14:39:04 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-09-10 14:39:04 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-09-10 14:39:04 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-09-10 14:39:03 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-09-10 14:39:03 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-09-10 14:39:03 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-09-10 14:39:03 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-09-10 14:39:02 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-09-10 14:39:02 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-09-10 14:39:02 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-09-10 14:39:02 ----A---- C:\Windows\system32\d3dx10.dll
2009-09-10 14:39:01 ----A---- C:\Windows\system32\xinput1_2.dll
2009-09-10 14:39:01 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-09-10 14:39:01 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-09-10 14:39:01 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-09-10 14:39:01 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-09-10 14:39:01 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-09-10 14:39:00 ----A---- C:\Windows\system32\xinput1_1.dll
2009-09-10 14:39:00 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-09-10 14:38:55 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-09-10 14:38:55 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-09-10 14:38:55 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-09-10 14:38:55 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-09-10 14:38:55 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-09-10 14:38:54 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-09-10 14:38:54 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-09-10 14:38:53 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-09-10 14:38:53 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-09-10 14:38:15 ----D---- C:\Program Files\Vtune
2009-09-10 14:38:12 ----D---- C:\Windows\Panther
2009-09-10 14:38:00 ----RAS---- C:\BOOTSECT.BAK
2009-09-10 14:37:59 ----SHD---- C:\Boot
2009-09-10 14:22:41 ----D---- C:\Users\Norbert\AppData\Roaming\Macromedia
2009-09-10 14:22:41 ----D---- C:\Users\Norbert\AppData\Roaming\Adobe
2009-09-10 14:21:01 ----D---- C:\Windows\Minidump
2009-09-10 14:05:22 ----D---- C:\Program Files\Intel
2009-09-10 14:02:40 ----D---- C:\Users\Norbert\AppData\Roaming\vlc
2009-09-10 14:02:33 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-09-10 14:02:32 ----D---- C:\Users\Norbert\AppData\Roaming\Winamp
2009-09-10 14:02:02 ----A---- C:\Windows\system32\rmoc3260.dll
2009-09-10 14:02:02 ----A---- C:\Windows\system32\pndx5032.dll
2009-09-10 14:02:02 ----A---- C:\Windows\system32\pndx5016.dll
2009-09-10 14:02:02 ----A---- C:\Windows\system32\pncrt.dll
2009-09-10 14:02:01 ----D---- C:\Users\Norbert\AppData\Roaming\Real
2009-09-10 14:02:01 ----D---- C:\ProgramData\Real
2009-09-10 14:01:41 ----A---- C:\Windows\system32\unrar.dll
2009-09-10 14:01:41 ----A---- C:\Windows\avisplitter.ini
2009-09-10 14:01:40 ----A---- C:\Windows\system32\yv12vfw.dll
2009-09-10 14:01:40 ----A---- C:\Windows\system32\xvidvfw.dll
2009-09-10 14:01:40 ----A---- C:\Windows\system32\xvidcore.dll
2009-09-10 14:01:40 ----A---- C:\Windows\system32\qt-dx331.dll
2009-09-10 14:01:40 ----A---- C:\Windows\system32\dpl100.dll
2009-09-10 14:01:40 ----A---- C:\Windows\system32\divx.dll
2009-09-10 14:01:39 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2009-09-10 14:01:39 ----A---- C:\Windows\system32\ff_vfw.dll
2009-09-10 14:01:08 ----A---- C:\Windows\system32\MSVCR71.dll
2009-09-10 14:01:08 ----A---- C:\Windows\system32\MSVCP71.dll
2009-09-10 14:01:08 ----A---- C:\Windows\system32\MFC71.dll
2009-09-10 14:01:08 ----A---- C:\Windows\system32\aswBoot.exe
2009-09-10 14:00:46 ----D---- C:\Program Files\InstallShield Installation Information
2009-09-10 14:00:44 ----D---- C:\Windows\system32\Macromed
2009-09-10 14:00:43 ----D---- C:\Program Files\Planet WL-U350
2009-09-10 14:00:28 ----D---- C:\Program Files\Common Files\InstallShield
2009-09-10 14:00:27 ----SHD---- C:\Windows\Installer
2009-09-10 13:55:34 ----D---- C:\Users\Norbert\AppData\Roaming\Mozilla
2009-09-10 13:52:41 ----D---- C:\Users\Norbert\AppData\Roaming\Identities
2009-09-10 13:52:36 ----SD---- C:\Users\Norbert\AppData\Roaming\Microsoft
2009-09-10 13:52:36 ----D---- C:\Users\Norbert\AppData\Roaming\Media Center Programs
2009-09-10 13:51:06 ----SHD---- C:\ProgramData\Ulubione
2009-09-10 13:51:06 ----SHD---- C:\ProgramData\Szablony
2009-09-10 13:51:06 ----SHD---- C:\ProgramData\Pulpit
2009-09-10 13:51:06 ----SHD---- C:\ProgramData\Menu Start
2009-09-10 13:51:06 ----SHD---- C:\ProgramData\Dokumenty
2009-09-10 13:51:06 ----SHD---- C:\ProgramData\Dane aplikacji
2009-09-10 13:41:16 ----D---- C:\Windows\SoftwareDistribution
2009-09-10 13:40:20 ----D---- C:\Windows\system32\catroot2
2009-09-10 13:40:10 ----D---- C:\Windows\Debug
2009-09-10 13:39:06 ----D---- C:\Windows\Prefetch
2009-09-10 13:38:56 ----SHD---- C:\System Volume Information
======List of files/folders modified in the last 1 months======
2009-09-13 09:33:44 ----D---- C:\Windows\Temp
2009-09-13 09:32:08 ----RD---- C:\Program Files
2009-09-13 09:17:55 ----D---- C:\Windows\System32
2009-09-13 09:17:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-13 09:17:54 ----D---- C:\Windows\inf
2009-09-13 01:08:30 ----D---- C:\Windows
2009-09-12 11:58:22 ----HD---- C:\Windows\system32\GroupPolicy
2009-09-12 11:58:22 ----HD---- C:\ProgramData
2009-09-12 11:43:32 ----D---- C:\Windows\winsxs
2009-09-12 11:43:20 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-11 15:48:26 ----D---- C:\Windows\system32\WDI
2009-09-10 15:03:46 ----D---- C:\Windows\Help
2009-09-10 15:03:42 ----D---- C:\Windows\system32\drivers
2009-09-10 15:03:40 ----D---- C:\Windows\system32\catroot
2009-09-10 15:03:03 ----RSD---- C:\Windows\assembly
2009-09-10 14:51:31 ----SD---- C:\Windows\Downloaded Program Files
2009-09-10 14:38:56 ----D---- C:\Windows\Microsoft.NET
2009-09-10 14:37:59 ----D---- C:\Windows\system32\pl-PL
2009-09-10 14:23:43 ----SD---- C:\ProgramData\Microsoft
2009-09-10 14:02:33 ----D---- C:\Program Files\Common Files
2009-09-10 14:00:29 ----D---- C:\Windows\system32\restore
2009-09-10 13:52:50 ----SHD---- C:\$Recycle.Bin
2009-09-10 13:52:35 ----RD---- C:\Users
2009-09-10 13:51:37 ----D---- C:\Windows\rescache
2009-09-10 13:51:06 ----D---- C:\Program Files\Windows NT
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-08-17 51376]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]
R2 TBPanel;TBPanel; C:\Windows\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 HdAudAddService;Sterownik funkcji Microsoft 1.1 UAA dla usługi standardu High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-01-08 8236960]
R3 PLANET FVNETusb (AR)(R);PLANET FVNETusb (AR)(R) Service for PLANET WL-U350 Wireless USB Adapter; C:\Windows\system32\DRIVERS\vnetusbr.sys [2003-01-17 93312]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 Cardex;Cardex; \??\C:\Windows\system32\drivers\TBPANEL.SYS [2007-03-16 12256]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2009-09-10 14656]
S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 RTL8169;Sterownik kart Realtek 8169 dla systemu NT; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; D:\Programy\Avast\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; D:\Programy\Avast\ashServ.exe [2009-08-17 138680]
R2 EvdoServer;EvdoServer; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 SBSDWSCService;SBSD Security Center Service; D:\Programy\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 sofatnet;sofatnet Service; C:\Windows\system32\sofatnet.exe [2006-11-02 115200]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\Programy\Avast\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; D:\Programy\Avast\ashWebSv.exe [2009-08-17 352920]
-----------------EOF-----------------
Dodano 13 Wrz 2009, 09:44:
Dołączam jeszcze screena z problemu, który mam z sytemem:
Nie działa mi łącze microsoft.com... Niech pomoże ktoś bardzo obeznany, to jest ciężka sprawa.
Może coś przeoczyłem, ale wydaje mi się że jest czysty... 
