kajfi8
(Cbz)
2 Październik 2007 00:01
#1
Ostatnio niestety zainstalowalem ten syf. Chyba wiekaszosc z was wie dlaczego… Oczywiscie aby moc obejrzec sciagniety przez torrent film. Czy ktos wie jak usunac wirusy (z tego co czytalem malware) ktore niewatpliwie mam w systemie?? Probowalem robic scan systemu i wyrzucilo troche plikow reszte usunalem recznie ale i tak caly czas Norton ostrzega “Norton Internet Worm Protection has detected and blocked an intrusion attempt”. Zaznacze jeszcze ze gdy probuje uruchomic Windows (Home Edition SP2) w trybie Safe to komp sie sam wylacza po zaladowaniu systemu. Nie moge tez odtwarzac filmow w niczym innym jak VLc player. To chyba wszystko. Prosze o pomoc. Z gory dziekuje…
Złączono Posta : 01.10.2007 (Pon) 18:22
A oto log z Hijack:
Scan saved at 7:17:59 PM, on 10/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\program files\divx\divx pro codec\gain_trickler_3202.exe C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\DOCUME~1\MICHAL\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\honestech\honestech TVR\scheduleTV.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer1\NXIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer1\NXToolBar.dll O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM…\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM…\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [intelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” O4 - HKLM…\Run: [intelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless O4 - HKLM…\Run: [EOUApp] “C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe” O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM…\Run: [Trickler] “c:\program files\divx\divx pro codec\gain_trickler_3202.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM…\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM…\Run: [sSBkgdUpdate] “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot O4 - HKLM…\Run: [OpwareSE4] “C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Application Data\live 64 math does\Dash Type.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - HKCU…\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU…\Run: [One Stupid] C:\DOCUME~1\MICHAL\APPLIC~1\DRVTYP~1\math htm okay.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer1\NXAddList.html O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer1\NXAddLink.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll ,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll ,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 2499919781 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe – End of file - 11705 bytes
jessica
(jessica)
2 Październik 2007 06:51
#2
>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked .
Oprócz szpiega w codecu, masz też infekcję “LOP”.
Użyj -->NoLOP
Kliknij na “Search and Destroy”
Po pracy narzędzie utworzy log w lokalizacji C:\NoLop.log .
Potem daj log z ComboFix (na dole tej strony z linku) -
Log wklej na http://wklej.org/ , a w poście daj tylko link.(czyli skopiuj adres z paska adresów) .
Zobaczymy, co jeszcze zostanie do usunięcia po użyciu “NoLOP”.
jessi
kajfi8
(Cbz)
2 Październik 2007 22:09
#3
Ok wklejam logi z Deckard’s bo Combofix cos mi nie dzialal…
Main.txt :
Deckard’s System Scanner v20070905.67 Run by MICHAL on 2007-10-02 16:55:35 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable…success. – Last 1 Restore Point(s) – 1: 2007-10-02 21:55:40 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. System Drive C: has 4.1 GiB (less than 15%) free. – HijackThis (run as MICHAL.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:57, on 2007-10-02 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\DOCUME~1\MICHAL\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\honestech\honestech TVR\scheduleTV.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\MICHAL\Local Settings\Temporary Internet Files\Content.IE5\R70SUAEP\dss[1].exe C:\PROGRA~1\TRENDM~1\HIJACK~1\MICHAL.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer1\NXIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer1\NXToolBar.dll O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM…\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM…\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [intelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” O4 - HKLM…\Run: [intelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless O4 - HKLM…\Run: [EOUApp] “C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe” O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM…\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM…\Run: [sSBkgdUpdate] “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot O4 - HKLM…\Run: [OpwareSE4] “C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” O4 - HKCU…\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer1\NXAddList.html O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer1\NXAddLink.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll ,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll ,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 2499919781 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe – End of file - 11141 bytes – HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups) ----------- backup-20071002-143102-321 O4 - HKLM…\Run: [MATH DOES FIRST MODE] C:\Documents and Settings\All Users\Application Data\live 64 math does\Dash Type.exe backup-20071002-143102-542 O4 - HKLM…\Run: [Trickler] “c:\program files\divx\divx pro codec\gain_trickler_3202.exe” backup-20071002-143102-717 O4 - HKCU…\Run: [One Stupid] C:\DOCUME~1\MICHAL\APPLIC~1\DRVTYP~1\math htm okay.exe backup-20071002-143102-811 O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE – File Associations ----------------------------------------------------------- All associations okay. – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 giveio - c:\windows\system32\giveio.sys R0 speedfan - c:\windows\system32\speedfan.sys R0 sr (System Restore Filter Driver) - c:\windows\systemroot\system32\drivers\sr.sys (file missing) R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing) S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing) S2 WDMTVTuner (Universal WDM TV Tuner) - c:\windows\system32\drivers\wdmtuner.sys S3 catchme - c:\docume~1\michal\locals~1\temp\catchme.sys (file missing) S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing) – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe R2 Viewpoint Manager Service - “c:\program files\viewpoint\common\viewpointservice.exe” R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe – Device Manager: Disabled ---------------------------------------------------- No disabled devices found. – Scheduled Tasks ------------------------------------------------------------- 2007-09-21 20:00:07 532 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - MICHAL.job – Files created between 2007-09-02 and 2007-10-02 ----------------------------- 2007-10-02 14:33:25 0 d-------- C:\NoLopBackups 2007-10-01 19:17:05 0 d-------- C:\Program Files\Trend Micro 2007-09-30 11:52:16 1890 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-09-30 11:52:16 56 -r-hs---- C:\WINDOWS\system32\C218146AE4.sys 2007-09-28 20:45:18 0 d-------- C:\Documents and Settings\MICHAL\Application Data\vlc 2007-09-28 20:42:29 0 d-------- C:\Program Files\VideoLAN 2007-09-28 16:00:51 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2007-09-28 16:00:51 0 d–h----- C:\Documents and Settings\Administrator\Recent 2007-09-28 16:00:51 0 d–h----- C:\Documents and Settings\Administrator\PrintHood 2007-09-28 16:00:51 0 d–h----- C:\Documents and Settings\Administrator\NetHood 2007-09-28 16:00:51 0 d-------- C:\Documents and Settings\Administrator\My Documents 2007-09-28 16:00:51 0 d–h----- C:\Documents and Settings\Administrator\Local Settings 2007-09-28 16:00:51 0 d-------- C:\Documents and Settings\Administrator\Favorites 2007-09-28 16:00:51 0 d-------- C:\Documents and Settings\Administrator\Desktop 2007-09-28 16:00:51 0 d—s---- C:\Documents and Settings\Administrator\Cookies 2007-09-28 16:00:51 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2007-09-28 16:00:51 0 d—s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2007-09-28 16:00:50 0 d–h----- C:\Documents and Settings\Administrator\Templates 2007-09-28 16:00:50 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2007-09-28 16:00:50 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-09-28 05:16:04 0 d-------- C:\Documents and Settings\All Users\Application Data\live 64 math does 2007-09-28 05:15:44 0 d-------- C:\Program Files\Drv type tool 2007-09-28 05:15:43 0 d-------- C:\Documents and Settings\MICHAL\Application Data\Drv type tool 2007-09-26 17:08:09 51600 --a------ C:\WINDOWS\system32\RadLightMPCUninstall.exe 2007-09-26 16:40:17 0 d-------- C:\Program Files\Arial Audio Converter 2007-09-15 17:38:41 0 d-------- C:\ERI 2007-09-03 11:57:43 0 d-------- C:\Documents and Settings\MICHAL\Application Data\Media Player Classic 2007-09-03 11:57:05 0 d-------- C:\Program Files\Real Alternative 2007-09-03 11:57:05 0 d-------- C:\Program Files\Media Player Classic 2007-09-03 11:57:05 0 d-------- C:\Documents and Settings\MICHAL\Application Data\Real 2007-09-03 11:57:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Real 2007-09-02 19:50:13 0 d-------- C:\Program Files\eMule – Find3M Report --------------------------------------------------------------- 2007-10-02 16:51:42 0 d-------- C:\Program Files\Common Files 2007-09-30 11:52:19 0 d-------- C:\Program Files\DivX 2007-09-28 16:10:05 0 d-------- C:\Program Files\Norton AntiVirus 2007-09-28 16:10:03 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-09-28 16:07:56 0 d-------- C:\Program Files\Symantec 2007-09-28 14:35:16 0 d-------- C:\Documents and Settings\MICHAL\Application Data\uTorrent 2007-09-18 13:56:52 0 d-------- C:\Program Files\Xi 2007-09-13 16:04:49 0 d-------- C:\Documents and Settings\MICHAL\Application Data\Skype 2007-09-08 15:18:31 0 d-------- C:\Documents and Settings\MICHAL\Application Data\Canon 2007-09-02 20:18:39 0 d-------- C:\Program Files\DC++ 2007-08-27 18:45:31 0 d-------- C:\Program Files\Winamp 2007-08-02 21:07:33 0 d-a------ C:\Program Files\Furnish Pro 2007-08-02 14:29:23 0 d-------- C:\Program Files\Java 2007-07-26 20:23:29 14167 --a------ C:\videoplay 2007-07-26 20:22:20 109159 --a------ C:\watch 2007-07-16 21:10:51 8963 --a------ C:\169193 – Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2005-08-12 15:43] “RTHDCPL”=“RTHDCPL.EXE” [2006-11-02 18:36 C:\WINDOWS\RTHDCPL.exe] “AzMixerSel”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [2006-11-02 18:36] “LVCOMSX”=“C:\WINDOWS\system32\LVCOMSX.EXE” [2005-11-30 21:39] “LogitechVideo[inspector]”=“C:\Program Files\Acer\OrbiCam\InstallHelper.exe” [2005-11-29 15:51] “LogitechCameraService(E)”=“C:\WINDOWS\system32\ElkCtrl.exe” [2004-11-01 18:22] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2005-11-02 16:11] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2005-11-02 16:11] “IntelZeroConfig”=“C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe” [2005-11-28 12:41] “IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2005-11-28 12:41] “EOUApp”=“C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe” [2005-11-28 12:47] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-01-09 17:32] “Symantec NetDriver Monitor”=“C:\PROGRA~1\SYMNET~1\SNDMon.exe” [2007-09-28 16:07] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2005-09-25 20:11] “LogitechCameraAssistant”=“C:\Program Files\Acer\OrbiCam\CameraAssistant.exe” [2005-11-29 15:45] “CanonMyPrinter”=“C:\Program Files\Canon\MyPrinter\BJMyPrt.exe” [2006-03-21 20:30] “SSBkgdUpdate”=“C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2003-09-30 01:14] “OpwareSE4”=“C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe” [2006-03-21 14:19] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 07:00] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [2005-09-25 20:11] “AnyDVD”=“C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe” [2007-06-23 06:13] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 11:24] – Hosts ----------------------------------------------------------------------- 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 60 more entries in hosts file. – End of Deckard’s System Scanner: finished at 2007-10-02 17:00:09 ------------
Extra.txt :
Deckard’s System Scanner v20070905.67 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- – System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz CPU 1: Genuine Intel® CPU T2300 @ 1.66GHz Percentage of Memory in Use: 24% Physical Memory (total/avail): 2046.04 MiB / 1552.36 MiB Pagefile Memory (total/avail): 3938.94 MiB / 3547.93 MiB Virtual Memory (total/avail): 2047.88 MiB / 1966.89 MiB C: is Fixed (NTFS) - 58.59 GiB total, 4.1 GiB free. D: is CDROM (CDFS) E: is Fixed (NTFS) - 53.19 GiB total, 0.27 GiB free. \.\PHYSICALDRIVE0 - TOSHIBA MK1234GSX - 111.79 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 58.59 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 53.19 GiB - E: – Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. AntivirusOverride is set. FW: Norton Internet Worm Protection v2005 (Symantec) AV: Norton AntiVirus 2005 v2005 (Symantec Corporation) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll ,-20000" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll ,-20000" “C:\Program Files\Gadu-Gadu\gg.exe”=“C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glówny” “C:\Program Files\uTorrent\utorrent.exe”=“C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent” “C:\Program Files\DC++\DCPlusPlus.exe”=“C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++” “C:\Program Files\Xi\NetXfer\NetTransport.exe”=“C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager” “C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe”=“C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Windows Media Audio (wma)” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype” – Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\MICHAL\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=MICHAL-2E0A7630 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\MICHAL LOGONSERVER=\MICHAL-2E0A7630 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Pixie\bin PATHEXT=.COM ;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PIXIEHOME=C:\Program Files\Pixie PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0e08 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SHADERS=%PIXIEHOME%\shaders SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\MICHAL\LOCALS~1\Temp TMP=C:\DOCUME~1\MICHAL\LOCALS~1\Temp USERDOMAIN=MICHAL-2E0A7630 USERNAME=MICHAL USERPROFILE=C:\Documents and Settings\MICHAL windir=C:\WINDOWS – User Profiles --------------------------------------------------------------- MICHAL (admin) – Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf µTorrent --> “C:\Program Files\uTorrent\uninstall.exe” µTorrent --> “C:\Program Files\uTorrent\uTorrent.exe” /UNINSTALL 01-mp3search 4.0 --> C:\PROGRA~1\01-MP3~1\Setup.exe /remove 3wPlayer version 1.5.0.0 --> “C:\Program Files\3wPlayer\unins000.exe” AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe Acer OrbiCam Driver --> “C:\Program Files\Common Files\Acer\OrbiCam\BIN\SETUP.EXE” UNINSTALL REMOVEPROMPT -l0409 Acer OrbiCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}\setup.exe” -l0x9 Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0.5 - Polish --> MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-A70500000002} ALLPlayer V2.3.1 --> “C:\Program Files\MarBit\ALLPlayer\unins000.exe” AnyDVD --> “C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe” /D=“C:\Program Files\SlySoft\AnyDVD” ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE” -l0x9 ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> MsiExec.exe /I{642FCF93-54AE-4F75-A2E2-124DE3756C59} ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Canon MP Navigator 3.0 --> “C:\Program Files\Canon\MP Navigator 3.0\Maint.exe” /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP600 --> “C:\WINDOWS\system32\CanonIJ Uninstaller Information{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe” /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009 Canon MP600 User Registration --> C:\Program Files\Canon\IJEREG\MP600\UNINST.EXE Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB} CiD Help --> C:\DOCUME~1\MICHAL\APPLIC~1\DRVTYP~1\math htm okay.exe -uninstall CZATeriaKam 1.4 --> C:\Program Files\INTERIAPL\CZATeria\uninst.exe DC++ 0.699 --> “C:\Program Files\DC++\uninstall.exe” DivoCodec version 1.3.0.0 --> “C:\Program Files\DivoCodec\unins000.exe” DivX 5.0.2 Pro Bundle --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Pro Trial --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" eMule --> “C:\Program Files\eMule\Uninstall.exe” ERI’s Salary Assessor --> C:\ERI\ErisaWin\UNWISE.EXE C:\ERI\ErisaWin\INSTALL.LOG FERRO Cyfrowy Magnetowid --> C:\WINDOWS\GPInstall.exe “/UNINST=C:\Program Files\FERRO Software\FerroCM\UnInst.log” “/APPNAME=FERRO Cyfrowy Magnetowid” Furnish Pro --> C:\WINDOWS\unvise32.exe C:\Program Files\Furnish Pro\Furnish Pro uninstal.log Gadu-Gadu 7.6 --> C:\Program Files\Gadu-Gadu\Setup.exe HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_AcrS1025\HXFSETUP.EXE -U -IAcrS1025.inf High Definition Audio Driver Package - KB888111 --> “C:\WINDOWS$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe” HijackThis 2.0.2 --> “C:\Program Files\Trend Micro\HijackThis\HijackThis.exe” /uninstall honestech TVR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{BE27845A-6438-4DCF-AE3D-44EC96CB31CA}\setup.exe” -l0x9 Hotfix for Windows Media Format 11 SDK (KB929399) --> “C:\WINDOWS$NtUninstallKB929399$\spuninst\spuninst.exe” Hotfix for Windows Media Format SDK (KB902344) --> “C:\WINDOWS$NtUninstallKB902344$\spuninst\spuninst.exe” Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Kamerzysta (deinstalacja) --> “C:\Program Files\Onet\Kamerzysta\odinstaluj.exe” LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE LiveUpdate 3.0 (Symantec Corporation) --> “C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE” /U mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} mEoU --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F} mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft Base Smart Card Cryptographic Service Provider Package --> “C:\WINDOWS$NtUninstallbasecsp$\spuninst\spuninst.exe” Microsoft Compression Client Pack 1.0 for Windows XP --> “C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe” Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> “C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe” mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC} mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA} mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Nero 7 Ultra Edition --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031} Nero Recode CE --> C:\WINDOWS\UNRecode.exe /UNINSTALL NetXfer 2.23.334 --> “C:\Program Files\Xi\NetXfer1\unins000.exe” Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B} Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4} Onet.pl - Skype 3.0 --> “C:\Program Files\Skype\Phone\unins000.exe” Pixie 1.4.1 --> “C:\Program Files\Pixie\unins000.exe” RadLight MPC DirectShow Filter (remove only) --> “C:\WINDOWS\system32\RadLightMPCUninstall.exe” Real Alternative 1.52 --> “C:\Program Files\Real Alternative\unins000.exe” Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe” -l0x9 -removeonly ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5} Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} SMSC CIR HID V5.3.2600.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe” -l0x9 UNINSTALL SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} SpeedFan (remove only) --> “C:\Program Files\SpeedFan\uninstall.exe” Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09} Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138} SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} Synaptics Pointing Device Driver --> rundll32.exe “C:\Program Files\Synaptics\SynTP\SynISDLL.dll”,standAloneUninstall Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FF6F491D-BC82-4DCC-A72F-1824957C6466} /l1033 VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679} Winamp (remove only) --> “C:\Program Files\Winamp\UninstWA.exe” Windows Media Format 11 runtime --> “C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe” Windows Media Format SDK Hotfix - KB891122 --> “C:\WINDOWS$NtUninstallKB891122$\spuninst\spuninst.exe” WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe XviD 1.1 final uninstall --> “C:\Program Files\XviD\unins000.exe” – Application Event Log ------------------------------------------------------- Event Record #/Type19443 / Error Event Submitted/Written: 09/28/2007 03:51:58 PM Event ID/Source: 1001 / Application Error Event Description: Fault bucket 00733296. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Event Record #/Type19442 / Error Event Submitted/Written: 09/28/2007 03:51:50 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. Processing media-specific event for [drwtsn32.exe!ws!] Event Record #/Type19441 / Error Event Submitted/Written: 09/28/2007 03:51:44 PM Event ID/Source: 1001 / Application Error Event Description: Fault bucket 484490985. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Event Record #/Type19440 / Error Event Submitted/Written: 09/28/2007 03:51:34 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application explorer.exe, version 6.0.2900.3156, faulting module shell32.dll, version 6.0.2900.3051, fault address 0x00035880. Processing media-specific event for [explorer.exe!ws!] Event Record #/Type19367 / Warning Event Submitted/Written: 09/28/2007 09:47:45 AM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. – Security Event Log ---------------------------------------------------------- No Errors/Warnings found. – System Event Log ------------------------------------------------------------ Event Record #/Type41395 / Warning Event Submitted/Written: 10/02/2007 04:51:11 PM / 10/02/2007 04:51:39 PM Event ID/Source: 4 / b57w2k Event Description: Broadcom NetLink Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected. Event Record #/Type41382 / Error Event Submitted/Written: 10/02/2007 04:51:23 PM Event ID/Source: 7000 / Service Control Manager Event Description: The Universal WDM TV Tuner service failed to start due to the following error: %%1058 Event Record #/Type41381 / Error Event Submitted/Written: 10/02/2007 04:51:23 PM Event ID/Source: 7000 / Service Control Manager Event Description: The SAA7134 TV Card service failed to start due to the following error: %%1058 Event Record #/Type41376 / Warning Event Submitted/Written: 10/02/2007 04:13:10 PM Event ID/Source: 2504 / Server Event Description: The server could not bind to the transport \Device\NetBT_Tcpip_{63351975-1DC8-408D-A062-97E1CD570B69}. Event Record #/Type41374 / Warning Event Submitted/Written: 10/02/2007 04:13:01 PM Event ID/Source: 1007 / Dhcp Event Description: Your computer has automatically configured the IP address for the Network Card with network address 00130221505D. The IP address being used is 169.254.164.35. – End of Deckard’s System Scanner: finished at 2007-10-02 17:00:09 ------------
Gutek
(Gutek)
2 Październik 2007 22:32
#4
jessica:
Użyj -->NoLOP
czy było narzędzie użyte?
Pobierz program SDFix
kajfi8
(Cbz)
2 Październik 2007 23:45
#5
Tak Nolop bylo uzyte oto log :
a to Report.txt z SDfix:
SDFix: Version 1.107 Run by MICHAL on 2007-10-02 at 18:31 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll ,-20000" “C:\Program Files\Gadu-Gadu\gg.exe”=“C:\Program Files\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program gl¢wny” “C:\Program Files\uTorrent\utorrent.exe”=“C:\Program Files\uTorrent\utorrent.exe:*:Enabled:æTorrent” “C:\Program Files\DC++\DCPlusPlus.exe”=“C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++” “C:\Program Files\Xi\NetXfer\NetTransport.exe”=“C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager” “C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe”=“C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Windows Media Audio (wma)” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" “%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll ,-20000" Remaining Files: --------------- Files with Hidden Attributes: Sun 30 Sep 2007 56 …SHR — “C:\WINDOWS\system32\C218146AE4.sys” Sun 30 Sep 2007 1,890 A.SH. — “C:\WINDOWS\system32\KGyGaAvL.sys” Sun 24 Jun 2007 4,348 A.SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak” Tue 7 Feb 2006 299,008 A…H. — “C:\Program Files\Canon\MP Navigator 3.0\Maint.exe” Mon 19 Dec 2005 61,440 A…H. — “C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll” Mon 12 Feb 2007 0 A.SH. — “C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp” Thu 21 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\0e809bhy.TMP” Sun 24 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\0yukbpyz.TMP” Tue 19 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\1keo56zu.TMP” Wed 20 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\421wh7yf.TMP” Sun 1 Jul 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\4jbpft7b.TMP” Sat 23 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\4nkov039.TMP” Mon 18 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\7359xx0q.TMP” Thu 5 Jul 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\7mrvlc9j.TMP” Sun 24 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\8tf64sq9.TMP” Tue 26 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\8wqll3he.TMP” Mon 2 Jul 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\aima01ls.TMP” Wed 4 Jul 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\b7csl2jr.TMP” Thu 28 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\bbnjl6k6.TMP” Sat 30 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\cech8vqe.TMP” Wed 27 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\f0vuxfvm.TMP” Wed 27 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\pqm1vmri.TMP” Sun 1 Jul 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\pz5lp800.TMP” Mon 2 Jul 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\rtueadmb.TMP” Thu 5 Jul 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\s7cwwj1i.TMP” Sun 1 Jul 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\saa2e4b9.TMP” Sun 8 Jul 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\sgohg21e.TMP” Wed 20 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\suj0msyn.TMP” Sun 24 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\tq55xsyf.TMP” Thu 21 Jun 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\u18lutf4.TMP” Sun 8 Jul 2007 616,448 A.SH. — “C:\Deckard\System Scanner\backup\WINDOWS\temp\vepnyh2j.TMP” Finished!
Gutek
(Gutek)
3 Październik 2007 21:23
#6
Usuń folder C:\Deckard\System Scanner\ backup
kajfi8
(Cbz)
3 Październik 2007 21:53
#7
Ok usuniety…
Czy to wszystko?
Komputer wydaje sie dzialac poprawnie, bez zadnych dziwnych zachowan.
Gutek
(Gutek)
3 Październik 2007 21:55
#8
Mozesz jeszcze na wszelki wypadek użyć jakiegoś skanera online - Skanery do wyboru
kajfi8
(Cbz)
4 Październik 2007 02:21
#9
Ok zrobilem scan “a-squared Anti-Malwere” i duzo syfu pokazal. Wklejam log i napiszcie prosze czy moge usunac te pliki bo narazie dalem na kwarantanne…
http://www.wklej.org/id/d7ba1ecf40
Gutek
(Gutek)
4 Październik 2007 22:09
#10
klucze do kasacji, ale użyj http://www.superantispyware.com i przelec kompa
kajfi8
(Cbz)
5 Październik 2007 01:24
#11
ok usunalem te 3 wpisy (byly kilkakrotnie)
a to log z Superantispyware:
http://wklej.org/id/f19b5fd548
Co z tym zrobic? Bo siedzi tego sporo…
Gutek
(Gutek)
5 Październik 2007 23:08
#12
Wyłącz przywracanie systemu.
Użyj narzędzia NoLop
kajfi8
(Cbz)
7 Październik 2007 19:02
#13
Nolop mowi : “No infected files founded”…
Gutek
(Gutek)
7 Październik 2007 21:46
#14
Na koniec nowy log z Combo
kajfi8
(Cbz)
9 Październik 2007 23:28
#15
Log z Deckards bo Combo nie idzie…
http://www.wklej.org/id/cae9f663c4
kajfi8
(Cbz)
10 Październik 2007 22:31
#17
Ok WIELKIE Dzieki… Przyjmujecie jakies donacje?
mam ten sam problem: próbowałem tego samego jak opisałeś u kolegi. Filmy mi nie odtwarza AllPlayer. Nie wiem co dalej z tym zrobić.
Proszę o podpowiedz.
– Dodane 23.05.2009 (So) 14:06 –
Już działa! Odinstalowałem allplayera i zainstalowałem ponownie i wszystko działa no jeszcze nie wiem czy wszystko, jak coś to dam znać.
Przepraszam, że tak pochopnie napisałem na forum, ale siedzę z tym od rana i obłędu dostawałem.
Pozdrawiam.