Braviax.exe - wersja nowa (!)


(Dawid Pietruszka) #1

Witam,

starszą wersją tego spyware był krzyżyk na czerwonym tle, gdzie łatwo się go usuwało, jednak nowa wersja wykrzyknik na kółku, nie jest już taka łatwa, blokuje ona wszystkie programy które ją usuwają (hijackthis, sdfix, combofix itd.) (nawet po zmianie nazwy), wyłączenie przywracania systemu nie działa, jedynie spyware doctor ją usuwa, restartuje kompa i już niema, ale po następnym restarcie - znowu się pojawia i spyware doctor blokuje dostęp do explorer.exe przez braviax...

Hmm... Jest to najnowsza wersja, co można zrobić :s?

PS. Nie prosić o logi z ... bo nic nie chodzi ;/

kay


(arapo) #2

Zmień główny plik HijackThis .exe na rozszerzenie .com czyli wyglądało by to tak HijackThis.com

To samo zrób z ComboFix tzn rozszerz.exe na .com i spróbuj uruchomić


(Dawid Pietruszka) #3

Nie odpala...

edit

zmieniłem killbox.exe na killbox2.exe i odpalil.. usunelem braviaxa i nie ma go, ale spybot przy starcie blokuje jego wpisy rejestru


(arapo) #4

To wygeneruj teraz logi z ComboFix jeżeli dasz rade.


(Leon$) #5

tu sobie poczytaj jak pobrać i uruchomić Combofix http://www.searchengines.pl/index.php?s ... ntry395642

:slight_smile:


(arapo) #6

Czy wystąpiły u Ciebie problemy z aplikacją Generic Host process for Windows32 Services ?


(Dawid Pietruszka) #7

Nie.


(Leon$) #8

doczekamy się loga Combofixa

jak nie idzie pobierz Deckard's System Scanner (DSS):

http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=392369entry392369

:slight_smile:


(Dawid Pietruszka) #9

DSS:

Main:

Deckard's System Scanner v20071014.68

Run by Kay on 2008-04-23 18:48:15

Computer is in Normal Mode.

--------------------------------------------------------------------------------


-- System Restore --------------------------------------------------------------


System Restore is disabled; attempting to re-enable...success.



-- Last 1 Restore Point(s) --

1: 2008-04-23 16:48:26 UTC - RP1 - Punkt kontrolny systemu



Backed up registry hives.

Performed disk cleanup.


[color=red]Percentage of Memory in Use: 79% (more than 75%).[/color]

[color=red]System Drive C: has 0.59 GiB (less than 15%) free.[/color]



-- HijackThis (run as Kay.exe) -------------------------------------------------


Unable to find log (file not found); running clone.

-- HijackThis Clone ------------------------------------------------------------



Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-04-23 18:51:18

Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

K:\Spyware Doctor\pctsAuxs.exe

K:\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\alg.exe

K:\Spyware Doctor\Update.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

K:\Spyware Doctor\pctsTray.exe

C:\Program Files\WapSter\AQQ\AQQ.exe

C:\Program Files\UberIcon\UberIcon Manager.exe

C:\Program Files\WinRoll\winroll.exe

C:\Program Files\YzShadow\YzShadow.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.bin

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\netcut\netcut.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Kay\Pulpit\PowerMenu.exe

C:\Program Files\Opera 9.5 beta\opera.exe

C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe

C:\Program Files\foobar2000\foobar2000.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Kay\Dane aplikacji\Opera\Opera 9.5 beta\profile\cache4\temporary_download\dss66.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [ISTray] "K:\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\drivers\scanner\TBRIDGE\BIN\RegisterDropHandler.exe

O4 - HKLM\..\RunOnce: [My Global Search Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2

O4 - HKLM\..\RunOnceEx: [Flags] 128

O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe

O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"

O4 - HKCU\..\Run: [WinRoll] "C:\Program Files\WinRoll\winroll.exe"

O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Startup: Skrót do start.lnk = C:\Documents and Settings\Kay\Pulpit\start.bat

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Skrót do RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: https://www.credit-suisse.com (HKCU)

O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab

O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{52A2AF84-9CAE-4D47-B8F0-249DB657EAEE}: NameServer = 194.204.152.34,194.204.159.1

O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCDEB668-67FD-4C1F-84D7-F8DACBC8F839}: NameServer = 194.204.159.1,194.204.152.34

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll

O20 - AppInit_DLLs: cru629.dat

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll

O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\ESET\nod32krn.exe

O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe

O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - K:\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - K:\Spyware Doctor\pctsSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe



--

End of file - 7286 bytes


-- HijackThis Fixed Entries (D:\pulpit\DAWID_~1\backups\) ----------------------


backup-20080120-202608-185 O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://london.access.credit-suisse.com/CitrixSessionInit/ICAWEB/icaweb.cab

backup-20080120-202608-281 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

backup-20080120-202608-417 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

backup-20080120-202608-637 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

backup-20080120-202608-720 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

backup-20080120-202608-918 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

backup-20080120-202609-891 O16 - DPF: {6416C78A-E810-445C-8712-1785809FA433} - https://london.access.credit-suisse.com/CitrixLogonPoint/London/EPAClient/EPAClient.exe


-- File Associations -----------------------------------------------------------


[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]

[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]

[COLOR=red].reg - regfile - shell\open\command - "regedit.exe" "%1"[/COLOR]



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys 

R1 ISODrive (ISO DVD/CD-ROM Device Driver) - c:\1\ultraiso\drivers\isodrive.sys 

R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys 

R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys 

R3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys 

R3 RadProbe (Radeon Probe Driver) - c:\windows\system32\drivers\radprobe.sys 


S2 USB680x (USB Scanner) - c:\windows\system32\drivers\uscanner.sys 

S3 PsSdkLB - c:\windows\system32\drivers\pssdklb.drv (file missing)



-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


S2 RadClock - c:\windows\system32\radclock.exe 

S3 r_server (Remote Administrator Service) - "c:\windows\system32\r_server.exe" /service 

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" 



-- Device Manager: Disabled ----------------------------------------------------


Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: Mysz zgodna z PS/2

Device ID: ACPI\PNP0F13\4&15F50029&0

Manufacturer: Microsoft

Name: Mysz zgodna z PS/2

PNP Device ID: ACPI\PNP0F13\4&15F50029&0

Service: i8042prt


Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: IBM USB Serial Converter

Device ID: USB\VID_04B3&PID_4482\IB06LUHD

Manufacturer: 

Name: IBM USB Serial Converter

PNP Device ID: USB\VID_04B3&PID_4482\IB06LUHD

Service: 


Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}

Description: Cyfrowy kamkorder wideo firmy Samsung

Device ID: ROOT\IMAGE\0001

Manufacturer: Samsung

Name: Cyfrowy kamkorder wideo firmy Samsung

PNP Device ID: ROOT\IMAGE\0001

Service: MSDV



-- Files created between 2008-03-23 and 2008-04-23 -----------------------------


2008-04-23 12:22:19 16896 --a------ C:\WINDOWS\braviax.exe

2008-04-22 20:44:41 0 d-------- C:\!KillBox

2008-04-22 20:38:16 0 d-------- C:\backreg

2008-04-22 20:33:27 0 d-------- C:\Program Files\RogueRemover

2008-04-22 14:03:16 6144 --a------ C:\WINDOWS\system32\cru629.dat

2008-04-22 14:03:16 6144 --a------ C:\WINDOWS\cru629.dat

2008-04-20 13:03:38 0 d--hs---- C:\FOUND.005

2008-04-15 16:55:26 208896 --a------ C:\WINDOWS\system32\lame_enc.dll 

2008-04-15 16:40:11 0 d-------- C:\Program Files\Audacity

2008-04-14 14:34:08 0 d--hs---- C:\FOUND.004

2008-04-13 19:19:44 0 d--hs---- C:\FOUND.003

2008-04-12 09:13:41 0 d-------- C:\Program Files\Common Files\DirectX

2008-04-05 20:43:30 0 d-------- C:\WINDOWS\Matura 2008 Język Angielski

2008-04-04 19:01:50 1777664 --a------ C:\WINDOWS\system32\gdiplus.dll 

2008-04-04 17:23:31 0 d-------- C:\Program Files\RouterControl

2008-04-03 18:38:34 0 d-------- C:\Program Files\MyGlobalSearch

2008-04-03 18:38:30 0 d-------- C:\Program Files\BearShare

2008-04-03 18:10:14 0 d-------- C:\Program Files\Real Alternative

2008-03-31 20:48:59 225280 --a------ C:\WINDOWS\system32\rewire.dll 

2008-03-31 20:48:30 0 d-------- C:\Program Files\VstPlugins

2008-03-31 20:48:15 0 d-------- C:\Program Files\Image-Line

2008-03-31 20:48:13 0 d-------- C:\Program Files\Outsim

2008-03-29 18:04:31 0 d-------- C:\Program Files\Satsuki Decoder Pack

2008-03-29 15:57:47 0 d-------- C:\Perl

2008-03-29 12:37:04 61440 --a------ C:\WINDOWS\system32\drivers\wpdmfq.sys

2008-03-29 12:05:30 2234 --a------ C:\WINDOWS\system32\tmp.reg

2008-03-29 12:03:40 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-03-29 12:03:40 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe 

2008-03-29 12:03:40 86528 --a------ C:\WINDOWS\system32\VACFix.exe 

2008-03-29 12:03:40 82432 --a------ C:\WINDOWS\system32\IEDFix.exe 

2008-03-29 12:03:40 51200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-03-29 12:03:39 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 

2008-03-29 12:03:39 53248 --a------ C:\WINDOWS\system32\Process.exe 

2008-03-29 11:40:36 0 d-------- C:\Program Files\usuwanie

2008-03-29 10:50:46 298104 --a------ C:\WINDOWS\system32\imon.dll 

2008-03-25 12:06:02 0 d--hs---- C:\FOUND.002

2008-03-23 18:45:27 0 d-------- C:\WINDOWS\Sun



-- Find3M Report ---------------------------------------------------------------


2008-04-22 20:38:18 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Regrun

2008-04-15 16:42:34 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Audacity

2008-04-13 09:56:56 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\MakeUpPilot

2008-04-09 16:36:42 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Consultia

2008-04-08 14:43:04 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\FreeCall

2008-04-03 18:10:16 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Real

2008-03-29 13:30:52 454380 --a------ C:\WINDOWS\system32\perfh015.dat

2008-03-29 13:30:52 77186 --a------ C:\WINDOWS\system32\perfc015.dat

2008-03-29 11:53:50 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\PC Tools

2008-03-22 10:34:08 0 d-------- C:\Program Files\NAPI-PROJEKT

2008-03-16 14:03:54 0 d-------- C:\Program Files\7-Zip

2008-03-15 18:41:46 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Talkback

2008-03-15 12:04:26 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Dev-Cpp

2008-03-01 16:39:34 0 d-------- C:\Program Files\Radmin

2008-03-01 09:58:10 0 d-------- C:\Program Files\SMAC

2008-02-28 21:29:12 0 d-------- C:\Program Files\CDRWIN 6

2008-02-28 21:28:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-02-28 21:00:34 0 d-------- C:\Program Files\Alcohol52

2008-02-28 19:38:38 0 d-------- C:\Program Files\ATITool

2008-02-28 17:37:18 0 d-------- C:\Program Files\AIDA32

2008-02-27 18:49:10 0 d-------- C:\Program Files\XP Repair Pro 2007

2008-02-27 18:24:20 0 d-------- C:\Program Files\RME

2008-02-23 09:55:36 0 d-------- C:\Program Files\Notepad++

2008-02-23 09:55:36 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\Notepad++

2008-02-23 09:51:02 0 d-------- C:\Documents and Settings\Kay\Dane aplikacji\FileZilla

2008-02-23 09:50:20 0 d-------- C:\Program Files\FileZilla

2008-02-10 18:21:42 68 --a------ C:\PACKAGEINFO

2008-02-10 18:21:40 16 --a------ C:\DVCLAL

2008-02-06 11:21:58 77890 --a------ C:\WINDOWS\system32\nvidiaverify8.exe

2008-02-03 15:40:46 39541 --a------ C:\WINDOWS\pclxl.dll

2008-02-03 15:37:12 676864 --a------ C:\pcl5eres.dll 



-- Registry Dump ---------------------------------------------------------------


*Note* empty entries & legit default entries are not shown



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]

"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-26 00:41]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]

"ISTray"="K:\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AQQ"="C:\PROGRA~1\WapSter\AQQ\AQQ.exe" [2007-02-28 13:18]

"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-02-24 01:32]

"WinRoll"="C:\Program Files\WinRoll\winroll.exe" [2006-01-01 23:27]

"Yz Shadow"="C:\Program Files\YzShadow\YzShadow.exe" [2006-02-24 03:51]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"My Global Search Uninstall"=rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"RegisterDropHandler"=C:\drivers\scanner\TBRIDGE\BIN\RegisterDropHandler.exe


C:\Documents and Settings\Kay\Menu Start\Programy\Autostart\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]

Skr˘t do start.lnk - C:\Documents and Settings\Kay\Pulpit\start.bat [2007-12-28 19:40:48]

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

Skr˘t do RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2007-12-23 18:37:57]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2005-04-27 03:49 200704]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=cru629.dat


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]

C:\WINDOWS\system32\ctfmona.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CubeDesktop]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Ram Optimizer]

C:\Program Files\Free Ram Optimizer\fro.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GreedyTorrent]

"C:\1\GreedyTorrent\GTor.exe" -tray


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]

C:\drivers\scanner\TBRIDGE\BIN\InstantAccess.exe /h


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSCTFMON]

C:\WINDOWS\SYSTEM32\nvidiaverify8.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]

"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ping]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]

C:\drivers\scanner\TBRIDGE\BIN\RegisterDropHandler.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyRid]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

K:\Program Files\Image\TrueImageMonitor.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"C:\Program Files\Winamp\winampa.exe"





-- Hosts -----------------------------------------------------------------------


127.0.0.1	www.007guard.com

127.0.0.1	007guard.com

127.0.0.1	008i.com

127.0.0.1	www.008k.com

127.0.0.1	008k.com

127.0.0.1	www.00hq.com

127.0.0.1	00hq.com

127.0.0.1	010402.com

127.0.0.1	www.032439.com

127.0.0.1	032439.com


7890 more entries in hosts file.



-- End of Deckard's System Scanner: finished at 2008-04-23 18:54:44 ------------

Extra:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------


-- System Information ----------------------------------------------------------


Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: Polish


CPU 0: Procesor Intel Pentium III

Percentage of Memory in Use: 81%

Physical Memory (total/avail): 511.42 MiB / 95.34 MiB

Pagefile Memory (total/avail): 1249.7 MiB / 464.84 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1930.46 MiB


A: is Removable (Unformatted)

C: is Fixed (FAT32) - 6.82 GiB total, 0.59 GiB free. 

D: is Fixed (NTFS) - 22.65 GiB total, 2.85 GiB free. 

E: is CDROM (No Media)

F: is CDROM (No Media)

H: is CDROM (No Media)

K: is Fixed (FAT32) - 18.63 GiB total, 4.52 GiB free. 


\\.\PHYSICALDRIVE0 - SAMSUNG SV0412H - 37.3 GiB - 4 partitions

  \PARTITION0 (bootable) - Unknown - 6.83 GiB - C:

  \PARTITION1 - Unknown - 6.83 GiB

  \PARTITION2 - Unknown - 1004.06 MiB

  \PARTITION3 - Rozszerzona z rozszerzonym przerwaniem 13 - 22.65 GiB - D:


\\.\PHYSICALDRIVE1 - WDC WD200BB-60CVB0 - 18.64 GiB - 1 partition

  \PARTITION0 (bootable) - Unknown - 18.64 GiB - K:




-- Security Center -------------------------------------------------------------


AUOptions is disabled.



-- Environment Variables -------------------------------------------------------


ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Kay\Dane aplikacji

ArmServerInfo=000E07A6

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=DAVID

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Kay

LOGONSERVER=\\DAVID

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\Perl\site\bin;C:\Perl\bin;D:\Perl\bin\;K:\delphi7_personal\TUTAJ\Bin;K:\delphi7_personal\TUTAJ\Projects\Bpl\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Satsuki Decoder Pack\filtres

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=080a

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Kay\USTAWI~1\Temp

TMP=C:\DOCUME~1\Kay\USTAWI~1\Temp

USERDOMAIN=DAVID

USERNAME=Kay

USERPROFILE=C:\Documents and Settings\Kay

windir=C:\WINDOWS



-- User Profiles ---------------------------------------------------------------


Ala [I](admin)[/I]

Ewa [I](admin)[/I]

Kay [I](admin)[/I]

Administrator [I](new local, admin)[/I]



-- Add/Remove Programs ---------------------------------------------------------


 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"

Ace Ventura --> C:\WINDOWS\uninst.exe -fc:\1\ace\DeIsL1.isu

ActivePerl 5.10.0 Build 1002 --> MsiExec.exe /I{49C69876-0196-4620-B237-EA334C2E40B5}

ActivePerl Build 623 --> MsiExec.exe /I{2876C84B-F2D9-40E6-A522-E0856519E838}

Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}

Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}

Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}

Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}

Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

AIDA32 v3.93 --> "C:\Program Files\AIDA32\unins000.exe"

Archiwizator WinRAR --> C:\Program Files\WinRAR\uninstall.exe

ASIO4ALL --> k:\flstudio\kodeki\asio4all\uninstall.exe

ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center --> MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe"

µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

Audacity 1.3.4 (Unicode) --> "C:\Program Files\Audacity\unins000.exe"

Blitz3D Demo V1.83 --> k:\blitz3d\unins000.exe

Borland Delphi 7 --> MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}

CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"

CDRWIN 6.1 --> MsiExec.exe /I{C8310658-4019-4934-A7AC-AD1E35EDD8F5}

Cheat Engine 5.4 --> "k:\cheatengine\unins000.exe"

CloneCD --> "C:\Program Files\CloneCD\ccd-uninst.exe" /D="C:\Program Files\CloneCD"

Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe

Commando --> C:\WINDOWS\uninst.exe -fk:\stare\COMMANDOSS2\DeIsL1.isu

Commandos, Beyond the Call of Duty --> C:\WINDOWS\uninst.exe -fk:\stare\COMANDOS\DeIsL1.isu

CubeDesktop 1.1.3 --> K:\beryl\nowszy\uninst.exe

Dev-C++ 5 beta 9 release (4.9.9.2) --> "D:\cpp\uninstall.exe"

EmEditor Professional (English) --> MsiExec.exe /I{632F04A6-D7EC-4954-8091-8A69CEB1845F}

EPAFactory Endpoint Analysis Client 3.65 --> MsiExec.exe /I{FC40677C-7D54-4836-9EDA-459DDBD42A9D}

FileZilla Client 3.0.7.1 --> C:\Program Files\FileZilla\uninstall.exe

FL Studio v7.0 --> "K:\flstudio\unins000.exe"

FlyakiteOSX --> C:\WINDOWS\FlyakiteOSX\Uninstall.exe

foobar2000 v0.9.4.5 --> "C:\Program Files\foobar2000\uninstall.exe"

Free Ram Optimizer XP 1.0 --> "C:\Program Files\Free Ram Optimizer\unins000.exe"

Gadu-Gadu 7.7 --> C:\Program Files\Gadu-Gadu\Setup.exe

GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\system32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\system32\ShellExt\GMailFS.inf

GreedyTorrent v1.01 beta build 170 --> "C:\1\GreedyTorrent\unins000.exe"

GTAViceCarEditor 1.1.1 --> k:\gry\vc\inne\car\unins000.exe

HijackThis 1.99.1 --> D:\pulpit\DaWiD_to ja ;d\HijackThis.exe /uninstall

HyperCam 2 --> "C:\Program Files\HyperCam2\UnHyCam2.exe"

I-Doser v4 --> K:\david\dser\Uninstal.exe

iColorFolder --> C:\Program Files\iColorFolder\uninstall.exe

IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe

IMG Tool (remove only) --> "k:\gry\vc\INNE\imgtools\Uninstall.exe"

Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Leksykon Architektura --> C:\WINDOWS\IsUn0415.exe -fd:\Uninst.isu -cd:\UninstallProject.dll

MakeUp Pilot 2.00 --> d:\oczysc\unins000.exe

Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover\unins000.exe"

Matura 2008 Język Angielski --> "C:\WINDOWS\Matura 2008 Język Angielski\uninstall.exe" "/U:D:\\Uninstall\uninstall.xml"

MotoGP URT 3 --> K:\MotoGP3\unins000.exe

Mozilla Firefox (2.0.0.13) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mu --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}\Setup.exe" -l0x9 UNINSTALL

NAPIPROJEKT 1.0.6.1 --> "C:\Program Files\NAPI-PROJEKT\unins000.exe"

Need for Speed™ Most Wanted --> K:\nfs\omg\EAUninstall.exe

NetCut 2.08 --> "C:\Program Files\netcut\unins000.exe"

No-IP.com DUC (remove only) --> "C:\Program Files\No-IP\DUC20.exe" -uninstall

NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"

Notepad++ --> C:\Program Files\Notepad++\uninstall.exe

OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}

Opera --> C:\PROGRA~1\OPERA9~1.5BE\uninst\unwise.exe C:\PROGRA~1\OPERA9~1.5BE\uninst\install.log

Opera 9.25 --> MsiExec.exe /X{C619B312-19F3-460A-9F7B-443248379F18}

Phobos --> K:\1\klon\Uninstall.exe

PoiZone --> C:\Program Files\Image-Line\PoiZone\uninstall.exe

Prime95 --> "C:\Program Files\podkrecanie\Prime95\Uninstall.exe" "C:\Program Files\podkrecanie\Prime95\install.log"

Python 2.4 --> MsiExec.exe /I{82D9302E-F209-4805-B548-52087047483A}

QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

RadLinker --> MsiExec.exe /I{238ABEB6-42D2-4DD7-9928-DE8431519C61}

Real Alternative 1.7.5 --> "C:\Program Files\Real Alternative\unins000.exe"

Real Desktop 1.15 --> "k:\real\unins000.exe"

Remere's Map Editor --> C:\Program Files\RME\uninstall.exe

Remote Administrator v2.2 --> C:\Program Files\Radmin\uninstal.exe

Right Click Image Converter --> "d:\ppmc\uninstall.exe"

RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"

RouterControl 1.90 --> C:\WINDOWS\RCoUn.EXE /UnInst:"C:\WINDOWS\RouterControl_Uninstall.in"

Satsuki Decoder Pack --> C:\Program Files\Satsuki Decoder Pack\Uninstall.exe

SHOUTcast DNAS (remove only) --> "C:\Program Files\SHOUTcast\uninst-dnas.exe"

SHOUTcast Source DSP 1.8.2 (remove only) --> C:\Program Files\Winamp\uninst-dsp.exe

SilentNight Radio --> MsiExec.exe /X{F94E1DD2-B859-47E0-9A30-0532482DC4EA}

Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

SMAC 1.2 Evaluation Edition --> C:\PROGRA~1\SMAC\UNWISE.EXE C:\PROGRA~1\SMAC\INSTALL.LOG

SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} 

Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Spyware Doctor 5.5 --> K:\Spyware Doctor\unins000.exe /LOG

System Antywirusowy NOD32 --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL

Tasker version 3.13 --> "C:\Program Files\Tasker\unins000.exe"

Tibia --> "K:\1\prawdziwek\unins000.exe"

Tibia MULTI-ip changer --> k:\tibia\UNinstaller.exe

TibiaTek Bot --> MsiExec.exe /I{D5A6831B-C39B-47BE-B4E4-DB323922E61F}

Tiger System Preferences v2 --> C:\Program Files\Tiger System Preferences v2\Uninstal.exe

Top 2500 English Words --> "D:\Top 2500 English Words\unins000.exe"

ToxicIII --> C:\Program Files\VstPlugins\ToxicIII\uninstall.exe

Ulead VideoStudio 8.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F1DA6BF-3614-48A1-9970-9E90F646789E}\setup.exe" -l0x9 

UltraISO Premium V8.65 --> "C:\1\UltraISO\unins000.exe"

USB Scanner --> C:\drivers\scanner\UNINSTAL\SETUP.EXE

Virtual DJ - Atomix Productions --> K:\VIRTUA~1\UNWISE.EXE K:\VIRTUA~1\INSTALL.LOG

VNC 4.0 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"

WapSter AQQ --> C:\Program Files\WapSter\AQQ\uninstall.exe

Winamp --> "C:\Program Files\Winamp\UninstWA.exe"

Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe

XP Repair Pro 2007 --> MsiExec.exe /X{7D5EDF94-4A58-4C53-A07A-1E4B535307D5}



-- Application Event Log -------------------------------------------------------


Event Record #/Type1947 / Error

Event Submitted/Written: 04/22/2008 09:22:09 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Aplikacja zawieszająca SpybotSD2.exe, wersja 1.5.2.20, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Event Record #/Type1915 / Error

Event Submitted/Written: 04/20/2008 06:13:30 PM

Event ID/Source: 10005 / MsiInstaller

Event Description:

Product: Acronis True Image Home -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2755. The arguments are: 112, C:\DOCUME~1\Kay\USTAWI~1\Temp\C71D1A2C-F2B9-4116-B1C9-262E1F05C07E\AcronisTrueImage.msi,


Event Record #/Type1912 / Error

Event Submitted/Written: 04/20/2008 01:20:36 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Aplikacja zawieszająca explorer.exe, wersja 6.0.2900.2180, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Event Record #/Type1911 / Error

Event Submitted/Written: 04/20/2008 01:17:58 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Aplikacja zawieszająca wmplayer.exe, wersja 9.0.0.3250, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Event Record #/Type1897 / Error

Event Submitted/Written: 04/19/2008 11:37:52 PM

Event ID/Source: 1000 / Application Error

Event Description:

Aplikacja powodująca błąd nvidiaverify8.exe, wersja 0.0.0.0, moduł powodujący błąd nvidiaverify8.exe, wersja 0.0.0.0, adres błędu 0x000047d0.

Przetwarzanie zdarzenia określonego nośnika dla [nvidiaverify8.exe!ws!]




-- Security Event Log ----------------------------------------------------------


No Errors/Warnings found.



-- System Event Log ------------------------------------------------------------


Event Record #/Type9874 / Warning

Event Submitted/Written: 04/23/2008 03:14:18 PM

Event ID/Source: 4226 / Tcpip

Event Description:

Protokół TCP/IP osiągnął limit zabezpieczeń ustalony dla liczby równoczesnych prób połączeń TCP.


Event Record #/Type9872 / Error

Event Submitted/Written: 04/23/2008 00:51:22 PM

Event ID/Source: 8032 / BROWSER

Event Description:

Usługa przeglądarki zbyt wiele razy nie zdołała pobrać listy kopii zapasowych w transporcie \Device\NetBT_Tcpip_{52A2AF84-9CAE-4D47-B8F0-249DB657EAEE}.

Przeglądarka zapasowa jest zatrzymywana.


Event Record #/Type9871 / Warning

Event Submitted/Written: 04/23/2008 00:49:52 PM

Event ID/Source: 8021 / BROWSER

Event Description:

Przeglądarka nie mogła pobrać listy serwerów z przeglądarki głównej \\PIOTR w sieci \Device\NetBT_Tcpip_{52A2AF84-9CAE-4D47-B8F0-249DB657EAEE}.

Przedstawione dane to kod błędu.


Event Record #/Type9870 / Warning

Event Submitted/Written: 04/23/2008 00:49:22 PM

Event ID/Source: 8022 / BROWSER

Event Description:

Przeglądarka nie mogła pobrać listy domen z przeglądarki głównej \\PIOTR w sieci \Device\NetBT_Tcpip_{52A2AF84-9CAE-4D47-B8F0-249DB657EAEE}.

Przedstawione dane to kod błędu.


Event Record #/Type9852 / Error

Event Submitted/Written: 04/23/2008 00:23:23 PM

Event ID/Source: 7026 / Service Control Manager

Event Description:

Nie można załadować następujących sterowników startu rozruchowego lub systemowego: 

IKFileSec




-- End of Deckard's System Scanner: finished at 2008-04-23 18:54:44 ------------

Dodam, że też niechciał odpalić (jedynie przy zmianie nazwy odpalił)

Kay


(Leon$) #10

Spróbuj pobrać HijackThis wersje com http://www.searchengines.pl/Narzedzia-HijackThis-i-Silent-Runners-t15989.html

wpisy

usuń HijackThisem >> Fix checked

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Pobierz i uruchom narzędzie The Avenger Zaznaczasz tekst podany do usunięcia na forum

kopiuj klikasz na Paste Script from Clipboard Execute Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Potem spróbuj uruchomić Combofixa

:slight_smile:


(Dawid Pietruszka) #11

Nie tak łatwo z nim ; d

dalej siedzi mi w systemie ;/

log z avengera:

Logfile of The Avenger Version 2.0, (c) by Swandog46

http://swandog46.geekstogo.com


Platform: Windows XP


*******************


Script file opened successfully.

Script file read successfully.


Backups directory opened successfully at C:\Avenger


*******************


Beginning to process script file:


Rootkit scan active.

No rootkits found!


File "C:\WINDOWS\braviax.exe" deleted successfully.

File "C:\WINDOWS\system32\WS2Fix.exe" deleted successfully.

File "C:\WINDOWS\system32\VCCLSID.exe" deleted successfully.

File "C:\WINDOWS\system32\VACFix.exe" deleted successfully.

File "C:\WINDOWS\system32\IEDFix.exe" deleted successfully.

File "C:\WINDOWS\system32\dumphive.exe" deleted successfully.

File "C:\WINDOWS\system32\SrchSTS.exe" deleted successfully.

File "C:\WINDOWS\system32\Process.exe" deleted successfully.

File "C:\WINDOWS\system32\cru629.dat" deleted successfully.

File "C:\WINDOWS\cru629.dat" deleted successfully.

Folder "C:\FOUND.005" deleted successfully.

Folder "C:\FOUND.004" deleted successfully.

Folder "C:\FOUND.003" deleted successfully.

Folder "C:\Program Files\MyGlobalSearch" deleted successfully.

Folder "C:\FOUND.002" deleted successfully.


Completed script processing.


*******************


Finished! Terminate.

(huber2t) #12

Daj nowy log z Combofix


(Dawid Pietruszka) #13

"blokuje ona wszystkie programy które ją usuwają (hijackthis, sdfix, combofix itd.) " Nie mogę otworzyć CF ...


(huber2t) #14

Spróbuj podczas pobierania zapisujemy nie pod nazwą ComboFix.exe tylko z kreską pomiędzy:

Combo-Fix.exe


(Dawid Pietruszka) #15

nie uruchamia się, tzn. uruchamia się ale brakuje mu jakiś plików


(Gutek) #16

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym

Po tym Pobierz program SDFix

-