Keylogger, zapewne trudny do wykrycia


(Chruposz) #1

Ostatnio zostalem zhakowany 2 razy w grze jaka jest Tibia.

Tzn. przechwycono moj numer konta i haslo, zeby wykorzystac postac.

Pomagano mi na innym forum, ale nadal nie wiem czy kg zostal usuniety, poniewaz nie otrzymalem takiej odpowiedzi.

Wiec prosze kogos z was, czy mogl by sprawdzic moj log HJT.

A oto moj log:

Logfile of HijackThis v1.99.1

Scan saved at 13:04:01, on 2008-07-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20696)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\LClock\LClock.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\PSIService.exe

C:\Documents and Settings\JA\Pulpit\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ulubione

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm

O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [INTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

Jezeli ktos bylby w stanie pomoc mi zlikwidowac keyloggera, to serdecznie dziekuje i pozdrawiam.


(pycia14) #2

Log czysty,daj log z Combofix


(Chruposz) #3

ComboFix mi nie dziala, nie wiem czemu. Dlatego daje log z dss.

Zawartosc main.txt :

Deckard's System Scanner v20071014.68

Run by JA on 2008-07-03 13:31:24

Computer is in Normal Mode.

--------------------------------------------------------------------------------


-- System Restore --------------------------------------------------------------


Unable to create WMI object; Operacja ukończona pomyślnie.



Backed up registry hives.

Performed disk cleanup.


[color=red]System Drive C: has 3 GiB (less than 15%) free.[/color]



-- HijackThis (run as JA.exe) --------------------------------------------------


Logfile of HijackThis v1.99.1

Scan saved at 13:33:30, on 2008-07-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20696)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\LClock\LClock.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\PSIService.exe

C:\PROGRA~1\NEOSTR~1\neostradatp.exe

C:\PROGRA~1\NEOSTR~1\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Toaster.exe

C:\PROGRA~1\NEOSTR~1\Inactivity.exe

C:\PROGRA~1\NEOSTR~1\PollingModule.exe

C:\PROGRA~1\NEOSTR~1\Watch.exe

C:\Documents and Settings\JA\Pulpit\dss.exe

C:\DOCUME~1\JA\Pulpit\HIJACK~1\JA.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ulubione

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm

O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [INTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DBB9270C-25DC-40B2-A37C-F79FD01216F4}: NameServer = 194.204.159.1 217.98.63.164

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe



-- HijackThis Fixed Entries (C:\DOCUME~1\JA\Pulpit\HIJACK~1\backups\) ----------


backup-20080703-080910-150 O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

backup-20080703-080910-266 O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\system32\Java(TM) Platform SEwb.dll

backup-20080703-080910-349 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/

backup-20080703-081900-445 O4 - HKCU\..\Run: [Patched] C:\WINDOWS\patched.exe


-- File Associations -----------------------------------------------------------


[COLOR=red].bat - batfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ShinyBlack\Mad-B ShinyBlack.icl,50[/COLOR]

[COLOR=red].cmd - cmdfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ShinyBlack\Mad-B ShinyBlack.icl,50[/COLOR]

[COLOR=red].chm - chm.file - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ShinyBlack\Mad-B ShinyBlack.icl,60[/COLOR]

[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]

[COLOR=red].cpl - cplfile - shell\runas\command - unable to read value[/COLOR]

[COLOR=red].hlp - hlpfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ShinyBlack\Mad-B ShinyBlack.icl,65[/COLOR]

[COLOR=red].inf - inffile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ShinyBlack\Mad-B ShinyBlack.icl,85[/COLOR]

[COLOR=red].ini - inifile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ShinyBlack\Mad-B ShinyBlack.icl,40[/COLOR]

[COLOR=red].js - JSFile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ShinyBlack\Mad-B ShinyBlack.icl,69[/COLOR]

[COLOR=red].reg - regfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ShinyBlack\Mad-B ShinyBlack.icl,97[/COLOR]

[COLOR=red].reg - regfile - shell\open\command - "regedit.exe" "%1"[/COLOR]

[COLOR=red].txt - txtfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ShinyBlack\Mad-B ShinyBlack.icl,51[/COLOR]

[COLOR=red].vbs - VBSFile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\ShinyBlack\Mad-B ShinyBlack.icl,99[/COLOR]



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


R3 Stmatm (ATM/ADSL miniport) - c:\windows\system32\drivers\stmatm.sys 

R3 TaurusUsb (ADSL Modem USB Service) - c:\windows\system32\drivers\torususb.sys


S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)

S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys 



-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


R2 FTRTSVC (France Telecom Routing Table Service) - c:\windows\system32\ftrtsvc.exe 

R2 ProtexisLicensing - c:\windows\system32\psiservice.exe 



-- Device Manager: Disabled ----------------------------------------------------


No disabled devices found.



-- Files created between 2008-06-03 and 2008-07-03 -----------------------------


2008-07-03 13:29:45 394240 --a------ C:\WINDOWS\system32\CF12355.exe 

2008-07-03 13:29:14 394240 --a------ C:\WINDOWS\system32\CF12250.exe 

2008-07-03 13:29:10 0 d-------- C:\327882R2FWJFW

2008-06-28 20:51:32 0 d-------- C:\Program Files\ASIO4ALL v2

2008-06-27 06:40:53 0 d-------- C:\Program Files\DAEMON Tools Lite

2008-06-26 14:11:31 0 d-------- C:\Automap

2008-06-26 09:54:43 0 d-------- C:\Program Files\Tibia

2008-06-26 07:20:28 0 d-------- C:\Program Files\MSBuild

2008-06-26 07:20:24 0 d-------- C:\WINDOWS\system32\XPSViewer

2008-06-26 07:20:19 0 d-------- C:\Program Files\Reference Assemblies

2008-06-23 14:23:38 0 d-------- C:\WINDOWS\DF5A03CCD5AA43D8B948D9903F2AF94A.TMP

2008-06-19 14:01:16 0 d-------- C:\Program Files\Asprate

2008-06-17 19:48:39 0 d--h----- C:\WINDOWS\PIF

2008-06-17 18:50:59 0 d-------- C:\WINDOWS\WindowsAdministration

2008-06-14 17:24:06 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-06-14 17:24:06 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-06-14 17:23:43 507936 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-06-14 17:23:43 3143200 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-06-14 17:23:43 0 d-------- C:\Program Files\Kaspersky Lab

2008-06-14 15:03:12 0 d-------- C:\Program Files\Aston

2008-06-11 18:54:19 0 d-------- C:\Program Files\RME

2008-06-11 09:29:59 86016 -----n--- C:\WINDOWS\unvise32.exe 

2008-06-09 18:29:03 0 d-------- C:\Program Files\Hamachi

2008-06-07 15:50:47 0 d-------- C:\Program Files\Graffiti Studio 2.0

2008-06-06 18:38:42 0 d-------- C:\Program Files\Xilisoft

2008-06-05 16:19:11 0 d-------- C:\Program Files\Belt Generator

2008-06-05 08:17:54 0 d-------- C:\download

2008-06-05 07:56:55 0 d-------- C:\Program Files\Offline Explorer Pro

2008-06-04 17:42:35 0 d-------- C:\Program Files\Robster Productions

2008-06-03 19:58:39 0 d-------- C:\Program Files\Common Files\Adobe

2008-06-03 19:57:33 0 d-------- C:\WINDOWS\Cache



-- Find3M Report ---------------------------------------------------------------


2008-07-03 13:29:33 0 d-------- C:\Program Files\neostrada tp

2008-07-03 12:52:06 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Hamachi

2008-07-03 06:10:06 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\uTorrent

2008-07-02 16:28:15 0 d-------- C:\Program Files\AIMP2

2008-07-02 11:56:16 5018 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-07-02 11:56:16 168 -r-hs---- C:\WINDOWS\system32\61A95D1343.sys

2008-07-01 07:38:56 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\FileZilla

2008-06-30 23:58:22 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Thinstall

2008-06-30 23:38:07 0 d-------- C:\Program Files\VstPlugins

2008-06-30 12:04:22 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Tibia

2008-06-29 12:21:33 0 d-------- C:\Program Files\Image-Line

2008-06-29 12:18:11 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Juce VST Host

2008-06-27 06:38:18 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\DAEMON Tools

2008-06-26 07:20:51 471010 --a------ C:\WINDOWS\system32\perfh015.dat

2008-06-26 07:20:51 76116 --a------ C:\WINDOWS\system32\perfc015.dat

2008-06-25 10:22:24 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Offline Explorer

2008-06-21 10:51:03 0 d-------- C:\Program Files\Common Files

2008-06-20 15:27:15 0 d-------- C:\Program Files\Mozilla Thunderbird

2008-06-14 15:54:03 0 --a------ C:\Program Files\AstonWriteTest.txt

2008-06-14 15:54:03 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Aston

2008-06-14 12:45:01 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Nero

2008-06-13 21:29:24 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Corel

2008-06-13 15:50:31 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2008-06-12 10:45:48 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Mozilla

2008-06-12 10:45:47 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Thunderbird

2008-06-07 10:58:46 0 d-------- C:\Program Files\Silkroad

2008-06-03 19:58:58 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Adobe

2008-05-31 16:40:59 0 d-------- C:\Program Files\OpenAL

2008-05-31 16:25:08 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-05-31 16:24:27 0 d-------- C:\Program Files\Codemasters

2008-05-29 22:56:35 1424 --a------ C:\WINDOWS\mozver.dat

2008-05-29 22:56:32 0 d-------- C:\Program Files\DivX

2008-05-29 13:29:20 0 d-------- C:\Program Files\WebServ

2008-05-29 09:11:21 0 d-------- C:\Program Files\windows nt

2008-05-29 09:11:21 0 d-------- C:\Program Files\msn gaming zone

2008-05-29 09:11:21 0 d-------- C:\Program Files\movie maker

2008-05-29 09:11:21 0 d-------- C:\Program Files\microsoft frontpage

2008-05-29 09:11:21 0 d-------- C:\Program Files\Common Files\speechengines

2008-05-28 15:07:49 20898 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat

2008-05-28 15:07:49 164352 --a------ C:\WINDOWS\system32\SpoonUninstall.exe

2008-05-28 15:07:47 0 d-------- C:\Program Files\Illustrate

2008-05-28 07:19:15 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Dev-Cpp

2008-05-26 07:38:13 0 d-------- C:\Program Files\Banner Maker Pro 7

2008-05-25 11:12:37 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Sony

2008-05-25 10:05:24 0 d-------- C:\Program Files\Common Files\Stardock

2008-05-25 10:05:22 0 d-------- C:\Program Files\Stardock

2008-05-24 21:35:11 0 d-------- C:\Program Files\QT Lite

2008-05-24 21:34:53 0 d-------- C:\Program Files\Apple Software Update

2008-05-24 13:50:17 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Reallusion

2008-05-24 12:29:54 0 d-------- C:\Program Files\VirtualDJ

2008-05-23 21:52:06 0 d-------- C:\Program Files\Gadu-Gadu

2008-05-22 07:12:21 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Touchstone

2008-05-21 23:46:21 0 d-------- C:\Program Files\Touchstone

2008-05-21 23:13:43 0 d-------- C:\Program Files\AGEIA Technologies

2008-05-21 23:13:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-05-21 14:04:21 0 d-------- C:\Program Files\NAPI-PROJEKT

2008-05-20 18:30:22 0 d-------- C:\Program Files\FileZilla FTP Client

2008-05-20 18:23:40 0 d-------- C:\Program Files\Total Commander

2008-05-20 18:16:41 0 d-------- C:\Program Files\PhotoFiltre

2008-05-18 16:15:17 0 d-------- C:\Program Files\Sony

2008-05-17 13:31:11 0 d-------- C:\Program Files\SubEdit-Player

2008-05-17 09:43:16 14 --a------ C:\WINDOWS\system32\systeminfo.dll

2008-05-15 20:22:10 0 d-------- C:\Program Files\BearShare

2008-05-15 13:33:06 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\InstallShield

2008-05-15 13:31:37 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Ubisoft

2008-05-15 10:03:11 0 d-------- C:\Program Files\Syncrosoft

2008-05-15 09:35:57 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Steinberg

2008-05-14 06:08:27 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Publish Providers

2008-05-13 21:24:39 0 d-------- C:\Program Files\XN Resource Editor

2008-05-13 21:21:48 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\PE Explorer

2008-05-13 19:48:02 0 d-------- C:\Program Files\Common Files\Thraex Software

2008-05-13 17:35:41 378416 --a------ C:\WINDOWS\system32\decrypter.exe 

2008-05-13 14:55:13 8 --a------ C:\WINDOWS\system32\nvModes.dat

2008-05-13 12:38:49 0 --a------ C:\WINDOWS\nsreg.dat

2008-05-13 10:58:31 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Gadu-Gadu

2008-05-13 10:50:11 0 d-------- C:\Program Files\Outsim

2008-05-13 10:30:23 0 d-------- C:\Program Files\Common Files\ODBC

2008-05-13 10:30:09 62 --ahs---- C:\Documents and Settings\JA\Dane aplikacji\desktop.ini

2008-05-13 10:27:00 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Media Player Classic

2008-05-13 10:20:47 0 d-------- C:\Program Files\uTorrent

2008-05-13 10:17:50 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Talkback

2008-05-13 10:08:43 0 d-------- C:\Program Files\VS Revo Group

2008-05-13 10:04:18 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Creative

2008-05-13 09:41:13 0 d-------- C:\Program Files\ZTE ZXDSL 852

2008-05-13 09:40:55 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Macromedia

2008-05-13 09:34:54 0 d-------- C:\Program Files\Alcohol Soft

2008-05-13 09:32:55 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\GRETECH

2008-05-13 09:19:14 0 d-------- C:\Program Files\Creative

2008-05-13 09:17:54 0 d-------- C:\Program Files\Common Files\InstallShield

2008-05-13 09:15:24 0 d-------- C:\Program Files\Intel

2008-05-13 08:42:23 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Identities

2008-05-13 08:41:06 0 d-------- C:\Program Files\SUPERAntiSpyware

2008-05-13 08:41:06 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\SUPERAntiSpyware.com

2008-05-13 08:40:58 0 d-------- C:\Program Files\OO Software

2008-05-13 08:40:36 0 d-------- C:\Program Files\K-Lite Codec Pack

2008-05-13 08:40:34 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Real

2008-05-13 08:40:31 0 d-------- C:\Program Files\Java

2008-05-13 08:40:20 0 d-------- C:\Program Files\Common Files\Java

2008-05-13 08:40:10 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\Sun

2008-05-13 08:40:04 0 d-------- C:\Program Files\GRETECH

2008-05-13 08:38:58 0 d-------- C:\Program Files\Nero

2008-05-13 08:38:57 0 d-------- C:\Program Files\Common Files\Nero

2008-05-13 08:38:44 0 d-------- C:\Program Files\Foxit Reader

2008-05-13 08:38:18 0 d-------- C:\Program Files\MSXML 4.0

2008-05-13 08:38:14 0 d-------- C:\Program Files\MSXML 6.0

2008-05-13 08:37:54 0 -rahs---- C:\MSDOS.SYS

2008-05-13 08:37:54 0 -rahs---- C:\IO.SYS

2008-05-13 08:37:54 0 --a------ C:\CONFIG.SYS

2008-05-13 08:37:54 0 --a------ C:\AUTOEXEC.BAT

2008-05-13 08:37:15 0 d--h----- C:\Program Files\WindowsUpdate

2008-05-13 08:37:04 0 d-------- C:\Program Files\Common Files\MSSoap

2008-05-13 08:36:48 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat

2008-05-13 08:35:55 0 d-------- C:\Documents and Settings\JA\Dane aplikacji\WinRAR

2008-05-13 08:35:50 0 d-------- C:\Program Files\Utilities

2008-05-13 08:35:47 0 d-------- C:\Program Files\Windows Sidebar

2008-05-13 08:35:46 0 d-------- C:\Program Files\CCleaner

2008-05-13 08:35:44 0 d-------- C:\Program Files\LClock

2008-05-13 08:35:44 0 d-------- C:\Program Files\Desktop

2008-05-13 08:35:16 0 d-------- C:\Program Files\Windows Media Connect 2

2008-05-04 11:11:32 2482176 --a------ C:\WINDOWS\system32\FerOTS.exe



-- Registry Dump ---------------------------------------------------------------


*Note* empty entries & legit default entries are not shown




-- End of Deckard's System Scanner: finished at 2008-07-03 13:33:44 ------------

Zawartosc extra.txt :

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------


-- System Information ----------------------------------------------------------


Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: Polish


CPU 0: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz

CPU 1: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz

Percentage of Memory in Use: 16%

Physical Memory (total/avail): 2046.42 MiB / 1710.82 MiB

Pagefile Memory (total/avail): 4001.3 MiB / 3750.43 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1925.15 MiB


C: is Fixed (NTFS) - 27.35 GiB total, 3 GiB free. 

D: is Fixed (NTFS) - 82.63 GiB total, 9.92 GiB free. 

E: is Fixed (NTFS) - 39.07 GiB total, 11.15 GiB free. 

F: is CDROM (No Media)

G: is CDROM (No Media)

H: is CDROM (No Media)


\\.\PHYSICALDRIVE0 - ST3160811AS - 149.05 GiB - 3 partitions

  \PARTITION0 (bootable) - Instalowalny system plików - 27.35 GiB - C:

  \PARTITION1 - Rozszerzona z rozszerzonym przerwaniem 13 - 121.7 GiB - D: - E:




-- Security Center -------------------------------------------------------------


AUOptions is scheduled to auto-install.



-- Environment Variables -------------------------------------------------------


ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\JA\Dane aplikacji

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=SPEED_XP

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\JA

LOGONSERVER=\\SPEED_XP

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QT Lite\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0f02

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\JA\USTAWI~1\Temp

TMP=C:\DOCUME~1\JA\USTAWI~1\Temp

USERDOMAIN=SPEED_XP

USERNAME=JA

USERPROFILE=C:\Documents and Settings\JA

windir=C:\WINDOWS



-- User Profiles ---------------------------------------------------------------


JA [I](admin)[/I]

Marcin [I](admin)[/I]



-- Add/Remove Programs ---------------------------------------------------------




-- Application Event Log -------------------------------------------------------


Event Record #/Type2055 / Warning

Event Submitted/Written: 07/03/2008 01:06:16 PM

Event ID/Source: 60 / WinMgmt

Event Description:

Protokół WMI ADAP nie mógł przetworzyć bibliotek wydajności: 0x80041001.


Event Record #/Type2053 / Error

Event Submitted/Written: 07/03/2008 01:02:06 PM

Event ID/Source: 1007 / Userenv

Event Description:

System Windows nie może określić skojarzonej lokacji dla tego komputera. (Serwer RPC jest niedostępny. ). Przetwarzanie zasad grupy zostało przerwane.


Event Record #/Type2052 / Error

Event Submitted/Written: 07/03/2008 01:02:06 PM

Event ID/Source: 1007 / Userenv

Event Description:

System Windows nie może określić skojarzonej lokacji dla tego komputera. (Serwer RPC jest niedostępny. ). Przetwarzanie zasad grupy zostało przerwane.


Event Record #/Type2050 / Error

Event Submitted/Written: 07/03/2008 00:03:59 PM

Event ID/Source: 1007 / Userenv

Event Description:

System Windows nie może określić skojarzonej lokacji dla tego komputera. (Serwer RPC jest niedostępny. ). Przetwarzanie zasad grupy zostało przerwane.


Event Record #/Type2049 / Error

Event Submitted/Written: 07/03/2008 11:44:00 AM

Event ID/Source: 1007 / Userenv

Event Description:

System Windows nie może określić skojarzonej lokacji dla tego komputera. (Serwer RPC jest niedostępny. ). Przetwarzanie zasad grupy zostało przerwane.




-- Security Event Log ----------------------------------------------------------


No Errors/Warnings found.



-- System Event Log ------------------------------------------------------------


Event Record #/Type3253 / Warning

Event Submitted/Written: 06/30/2008 10:06:54 AM

Event ID/Source: 1073 / USER32

Event Description:

Próba wyłączenie zasilania SPEED_XP nie powiodła się


Event Record #/Type3108 / Error

Event Submitted/Written: 06/26/2008 09:22:58 PM

Event ID/Source: 59 / SideBySide

Event Description:

Generate Activation Context nie powiodło się dla D:\Program Files\Tibia810\TibiaTekBot Injected DLL.dll.

Odpowiedni komunikat o błędzie: Operacja ukończona pomyślnie.

.


Event Record #/Type3107 / Error

Event Submitted/Written: 06/26/2008 09:22:58 PM

Event ID/Source: 59 / SideBySide

Event Description:

Resolve Partial Assembly nie powiodło się dla Microsoft.VC90.DebugCRT.

Odpowiedni komunikat o błędzie: Odnośny zestaw nie jest zainstalowany w tym systemie.

.


Event Record #/Type3106 / Error

Event Submitted/Written: 06/26/2008 09:22:57 PM

Event ID/Source: 32 / SideBySide

Event Description:

Nie można odnaleźć zestawu zależnego Microsoft.VC90.DebugCRT; ostatni błąd: Odnośny zestaw nie jest zainstalowany w tym systemie.


Event Record #/Type2386 / Error

Event Submitted/Written: 06/14/2008 04:50:00 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

Nie można uruchomić usługi Kaspersky Internet Security 7.0 z powodu następującego błędu: 

%%3




-- End of Deckard's System Scanner: finished at 2008-07-03 13:33:44 ------------

(Gutek) #4

Użyj Dr. Web CureIt - http://www.freedrweb.com/ i przeskanuj komputer