Prosze o sprawdzenie loga z Hijackthis


(Norek93) #1

Wiec tak zaczne od tego ze, nie moge wogole otwierac zadnych programow... dopiero po zmienieniu ich nazwy. Tak samo bylo z Hijackthis musialem usunoc 1 litere z nazwy. Nic nie moge wejsc w panelu sterowania... Nie wiem jak dopuscilem sie do tego czegos... ale wklejam juz loga mam nadzieje ze cos znajdziecie. Poniewaz nawet nie moge zainstalowac zadnego antiwirusa . Czy pozostal aby format?

Logfile of HijackThis v1.99.1 

Scan saved at 12:34, on 2008-06-13 

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) 


Running processes: 

C:\WINDOWS\System32\smss.exe 

C:\WINDOWS\system32\csrss.exe 

C:\WINDOWS\system32\winlogon.exe 

C:\WINDOWS\system32\services.exe 

C:\WINDOWS\system32\lsass.exe 

C:\WINDOWS\system32\svchost.exe 

C:\WINDOWS\system32\svchost.exe 

C:\WINDOWS\System32\svchost.exe 

C:\WINDOWS\system32\svchost.exe 

C:\WINDOWS\system32\svchost.exe 

C:\WINDOWS\Explorer.EXE 

C:\WINDOWS\system32\spoolsv.exe 

C:\WINDOWS\system32\nvsvc32.exe 

C:\WINDOWS\system32\svchost.exe 

C:\WINDOWS\System32\alg.exe 

C:\WINDOWS\htpatch.exe 

C:\WINDOWS\system32\RunDll32.exe 

C:\WINDOWS\system32\RUNDLL32.EXE 

C:\Program Files\CyberLink\PCM4Everio\EverioService.exe 

C:\WINDOWS\system32\ctfmon.exe 

C:\Program Files\AutoConnect\AutoConnect.exe 

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe 

C:\WINDOWS\system32\wscntfy.exe 

C:\WINDOWS\system32\taskmgr.exe 

C:\Program Files\Avant Browser\avant.exe 

C:\Program Files\WinRAR\WinRAR.exe 

C:\Program Files\WinRAR\WinRAR.exe 

C:\Documents and Settings\Michal\Pulpit\HijackThi.exe 


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza 

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, 

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing) 

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) 

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe 

O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe 

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd 

O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\system32\Rscmpt.exe 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install 

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF 

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause 

O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" 

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" 

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray 

O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe 

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" 

O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe 

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe 

O4 - Global Startup: qkpj.exe 

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm022YYPL 

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm 

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm 

O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm 

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm 

O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm 

O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll 

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/WebfettiInitialSetup1.0.1.0.cab 

O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx 

O17 - HKLM\System\CCS\Services\Tcpip\..\{583B0752-AE9C-44CC-8A9E-B9F5EF91B71F}: NameServer = 194.204.159.1 217.98.63.164 

O17 - HKLM\System\CS1\Services\Tcpip\..\{583B0752-AE9C-44CC-8A9E-B9F5EF91B71F}: NameServer = 194.204.159.1 217.98.63.164 

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing) 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe 

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Jestem w tym zielony wiec jakby ktos mogl szczegolowa istrukcje_W dniu_ 13.06.2008 , o godzinie 13:04 został dopisany post przez NorsunA to jeszcze 1 log po tym jak w Hijackthis wziolem fix cheked jak wysztkie zaznaczylem... i po zrestartowaniu komputera.

Logfile of HijackThis v1.99.1

Scan saved at 12:56, on 2008-06-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\braviax.exe

C:\Program Files\Avant Browser\avant.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Michal\Pulpit\HijackThi.exe


F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm

O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{583B0752-AE9C-44CC-8A9E-B9F5EF91B71F}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{583B0752-AE9C-44CC-8A9E-B9F5EF91B71F}: NameServer = 194.204.159.1 217.98.63.164

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Łukasz14) #2

Człowieku co Ty zrobiłeś?! Po co brałeś wszysko we fix'a?! #-o :expressionless:


(Norek93) #3

Wiec... zrobilem blad jestes w tym zielony 1st raz oblusgiwalem hijackthis myslallem ze to cos pomoze, ale da sie cos jeszcze z tym zrobic? Poniewac te 1st log jest bez fix'ow


(Agatonster) #4

Norsun ,

Zapoznaj się z tematem Ważny komunikat dotyczący tytułowania tematów - popraw tytuł na konkretny, mówiący o problemie.

Proszę poprawić pisownię w opisie problemu.

W celu dokonania korekty proszę użyć przycisku ac7a4cd89050aa6e.gifprzy poście otwierającym ten temat.

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.

Ważne

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów w tym dziale, przeczytaj i zastosuj się do Tematu


(Łukasz14) #5

Norsun , tak ale teraz ten 1 log już jest nie ważny...

A co do tego drugiego log'a to jest czysty.


(antiferno) #6

nie czysty bo wydaje mi sie ze braviax.exe to wirus :stuck_out_tongue:


(Łukasz14) #7

antiferno , możliwe ,że masz rację :smiley:


(huber2t) #8

Daj nowy log z Deckard's System Scanner


(Norek93) #9

braviax.exe juz usuniety :slight_smile: teraz tak na prosbe dwa loga z dss :).

Deckard's System Scanner v20071014.68

Run by Michal on 2008-06-13 21:45:01

Computer is in Normal Mode.

--------------------------------------------------------------------------------


-- System Restore --------------------------------------------------------------


Successfully created a Deckard's System Scanner Restore Point.



-- Last 5 Restore Point(s) --

22: 2008-06-13 19:45:07 UTC - RP52 - Deckard's System Scanner Restore Point

21: 2008-06-13 09:39:10 UTC - RP51 - ComboFix created restore point

20: 2008-06-12 15:42:05 UTC - RP50 - Installed Python

19: 2008-06-12 15:41:52 UTC - RP49 - Installed Applet_App

18: 2008-06-12 15:41:45 UTC - RP48 - Installed Applet_Email



-- First Restore Point -- 

1: 2008-06-04 11:59:45 UTC - RP31 - Punkt kontrolny systemu



Backed up registry hives.

Performed disk cleanup.


[color=red]Percentage of Memory in Use: 77% (more than 75%).[/color]

[color=red]Total Physical Memory: 384 MiB (512 MiB recommended).[/color]



-- HijackThis (run as Michal.exe) ----------------------------------------------


Unable to find log (file not found); running clone.

-- HijackThis Clone ------------------------------------------------------------



Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-06-13 21:45:30

Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\drivers\services.exe

C:\Program Files\foobar2000\foobar2000.exe

C:\Documents and Settings\Michal\Pulpit\dss.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [msm] C:\WINDOWS\system32\drivers\services.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{583B0752-AE9C-44CC-8A9E-B9F5EF91B71F}: NameServer = 194.204.159.1 217.98.63.164

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe



--

End of file - 3061 bytes


-- HijackThis Fixed Entries (C:\DOCUME~1\Michal\Pulpit\backups\) ---------------


backup-20080613-123643-108 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

backup-20080613-123643-191 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

backup-20080613-123724-100 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

backup-20080613-123724-115 O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

backup-20080613-123724-130 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

backup-20080613-123724-180 O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe

backup-20080613-123724-252 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

backup-20080613-123724-284 O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

backup-20080613-123724-328 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm022YYPL

backup-20080613-123724-346 O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

backup-20080613-123724-365 O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe

backup-20080613-123724-411 O8 - Extra context menu item: Szukaj - C:\Program Files\Avant Browser\Search.htm

backup-20080613-123724-429 O8 - Extra context menu item: Dodaj do listy blokowanych reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm

backup-20080613-123724-433 O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

backup-20080613-123724-439 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

backup-20080613-123724-441 O8 - Extra context menu item: Blokuj wszystkie obrazy z tego serwera - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

backup-20080613-123724-461 O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)

backup-20080613-123724-481 O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\system32\Rscmpt.exe

backup-20080613-123724-545 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

backup-20080613-123724-592 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

backup-20080613-123724-613 O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe

backup-20080613-123724-647 O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

backup-20080613-123724-653 O8 - Extra context menu item: Otwórz w nowym Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm

backup-20080613-123724-705 O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"

backup-20080613-123724-714 O8 - Extra context menu item: Otwórz wszystkie adresy z tej strony... - C:\Program Files\Avant Browser\OpenAllLinks.htm

backup-20080613-123724-769 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

backup-20080613-123724-786 O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

backup-20080613-123724-812 O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

backup-20080613-123724-848 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

backup-20080613-123724-855 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

backup-20080613-123724-871 O4 - Global Startup: qkpj.exe

backup-20080613-123724-999 O8 - Extra context menu item: Podświetl - C:\Program Files\Avant Browser\Highlight.htm

backup-20080613-123725-716 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/WebfettiInitialSetup1.0.1.0.cab

backup-20080613-123725-941 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

backup-20080613-123725-965 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

backup-20080613-123726-330 O17 - HKLM\System\CCS\Services\Tcpip\..\{583B0752-AE9C-44CC-8A9E-B9F5EF91B71F}: NameServer = 194.204.159.1 217.98.63.164

backup-20080613-123726-384 O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

backup-20080613-123726-717 O17 - HKLM\System\CS1\Services\Tcpip\..\{583B0752-AE9C-44CC-8A9E-B9F5EF91B71F}: NameServer = 194.204.159.1 217.98.63.164

backup-20080613-123726-726 O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx

backup-20080613-123726-775 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

backup-20080613-123726-978 O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)


-- File Associations -----------------------------------------------------------


[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]

[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]



-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------


R1 StarOpen - c:\windows\system32\drivers\staropen.sys

R3 e4usbaw (USB ADSL2 WAN Adapter) - c:\windows\system32\drivers\e4usbaw.sys 


S2 IKANLOADER2 (General Purpose USB Driver (e4ldr.sys)) - c:\windows\system32\drivers\e4ldr.sys 



-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------


R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" 



-- Device Manager: Disabled ----------------------------------------------------


No disabled devices found.



-- Files created between 2008-05-13 and 2008-06-13 -----------------------------


2008-06-13 14:09:23 33856 --a------ C:\WINDOWS\system32\drivers\services.exe

2008-06-13 13:38:13 0 d-------- C:\Program Files\Lavasoft

2008-06-13 13:30:46 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll

2008-06-13 13:30:46 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll

2008-06-13 13:30:46 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 

2008-06-13 13:30:46 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll

2008-06-13 13:30:46 75264 --a------ C:\WINDOWS\system32\unacev2.dll

2008-06-13 13:30:45 0 d-------- C:\Program Files\Trojan Remover

2008-06-13 12:01:35 6656 --a------ C:\WINDOWS\system32\univrs32.dat

2008-06-13 11:55:17 0 d-------- C:\ComboFi

2008-06-13 11:45:59 0 d--hs---- C:\WINDOWS\system32\dllcache

2008-06-13 11:44:50 53248 --a------ C:\WINDOWS\PSEXESVC.EXE 

2008-06-13 11:38:36 68096 --a------ C:\WINDOWS\zip.exe

2008-06-13 11:38:36 49152 --a------ C:\WINDOWS\VFind.exe

2008-06-13 11:38:36 212480 --a------ C:\WINDOWS\swxcacls.exe 

2008-06-13 11:38:36 136704 --a------ C:\WINDOWS\swsc.exe 

2008-06-13 11:38:36 161792 --a------ C:\WINDOWS\swreg.exe 

2008-06-13 11:38:36 98816 --a------ C:\WINDOWS\sed.exe

2008-06-13 11:38:36 80412 --a------ C:\WINDOWS\grep.exe

2008-06-13 11:38:36 89504 --a------ C:\WINDOWS\fdsv.exe 

2008-06-13 11:36:19 0 d-------- C:\Program Files\RogueRemover FREE

2008-06-13 11:06:40 0 d--hs---- C:\WINDOWS\system32\wsnpoem

2008-06-12 17:43:06 163840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr 

2008-06-12 17:42:33 212480 --a------ C:\WINDOWS\pcdlib32.dll 

2008-06-12 17:42:33 0 d-------- C:\Program Files\ArcSoft

2008-06-12 17:42:07 57344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll

2008-06-12 17:42:07 290919 --a------ C:\WINDOWS\system32\pythoncom21.dll

2008-06-12 17:42:07 708696 --a------ C:\WINDOWS\system32\python21.dll 

2008-06-12 17:42:05 0 d-------- C:\Program Files\Common Files\Python

2008-06-12 17:39:46 96768 --a------ C:\WINDOWS\SlantAdj.dll

2008-06-12 17:39:46 3136 --a------ C:\WINDOWS\Ade001.bin

2008-06-12 17:39:46 73216 --a------ C:\WINDOWS\ADE.DLL 

2008-06-12 17:39:10 0 d-------- C:\Program Files\EPSON

2008-06-12 17:38:26 0 d-------- C:\EPSON

2008-06-08 20:34:32 107966 -r-hs---- C:\qa8sywva.cmd

2008-06-08 00:19:44 0 d-------- C:\Program Files\MarBit

2008-06-07 19:28:01 0 d-------- C:\Program Files\Tibia

2008-06-07 18:49:24 0 d-------- C:\Program Files\Asprate

2008-05-25 14:12:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-05-21 10:58:01 106582 -r-hs---- C:\tfk8.exe

2008-05-20 16:58:09 198144 -----n--- C:\WINDOWS\system32\_psisdecd.dll

2008-05-20 16:57:59 44544 --a------ C:\WINDOWS\system32\msxml4a.dll 

2008-05-20 16:55:02 0 d-------- C:\Program Files\CyberLink

2008-05-20 16:54:36 0 d-------- C:\Program Files\Digital Photo Navigator 1.5

2008-05-16 22:23:23 0 d-------- C:\Program Files\sXe Injected

2008-05-16 14:06:24 0 d-------- C:\WINDOWS\Cache

2008-05-16 13:59:15 0 d-------- C:\WINDOWS\Profiles

2008-05-16 13:59:13 0 d-------- C:\WINDOWS\system32\Adobe



-- Find3M Report ---------------------------------------------------------------


2008-06-13 21:45:26 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Avant Browser

2008-06-13 18:51:31 0 d-------- C:\Program Files\foobar2000

2008-06-13 13:41:11 0 d-------- C:\Program Files\AutoConnect

2008-06-13 13:38:19 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Lavasoft

2008-06-13 13:30:45 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Simply Super Software

2008-06-12 17:54:54 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\gtk-2.0

2008-06-12 17:46:17 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\ArcSoft

2008-06-12 17:42:33 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-06-12 17:42:05 0 d-------- C:\Program Files\Common Files

2008-06-07 22:17:31 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Tibia

2008-05-25 12:58:54 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Winamp

2008-05-23 14:55:47 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Ahead

2008-05-20 17:21:05 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\CyberLink

2008-05-16 14:08:37 0 d-------- C:\Program Files\Common Files\Adobe

2008-05-16 13:59:13 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\InterTrust

2008-05-16 13:59:13 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Adobe

2008-05-16 11:13:26 0 d-------- C:\Program Files\Avant Browser

2008-05-14 22:35:28 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Avant Profiles

2008-05-14 11:22:37 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Media Player Classic

2008-05-11 12:51:15 0 d-------- C:\Program Files\VirtualNetwork

2008-05-10 10:52:49 0 d-------- C:\Program Files\Common Files\Nero

2008-05-10 10:51:30 0 d-------- C:\Program Files\Ahead

2008-05-10 10:51:18 0 d-------- C:\Program Files\Common Files\Ahead

2008-05-02 21:36:11 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Samsung

2008-05-02 19:38:59 355486 --a------ C:\WINDOWS\system32\perfh015.dat

2008-05-02 19:38:59 49492 --a------ C:\WINDOWS\system32\perfc015.dat

2008-05-02 18:59:52 0 d-------- C:\Program Files\Samsung

2008-04-28 14:42:14 104269 -r-hs---- C:\jfvkcsy.bat

2008-04-27 20:04:40 105128 -r-hs---- C:\oq.cmd

2008-04-26 14:43:09 103457 -r-hs---- C:\0n.bat

2008-04-26 09:39:30 0 d-------- C:\Program Files\BearShare

2008-04-25 22:59:47 0 d-------- C:\Program Files\Damian Pasternak

2008-04-25 22:56:19 0 d-------- C:\Program Files\Winamp

2008-04-25 22:55:05 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\foobar2000

2008-04-25 22:10:32 0 d-------- C:\Program Files\Tasker

2008-04-25 21:46:49 0 d-------- C:\Program Files\DVD Shrink

2008-04-25 12:10:14 104161 -r-hs---- C:\1dg.exe

2008-04-24 20:59:30 0 d-------- C:\Program Files\K-Lite Codec Pack

2008-04-24 20:21:40 0 d-------- C:\Program Files\Common Files\InstallShield

2008-04-24 19:39:26 102822 -r-hs---- C:\lkxcqdb.bat

2008-04-24 15:39:53 0 d-------- C:\Program Files\Common Files\ODBC

2008-04-24 15:39:50 0 d-------- C:\Program Files\Common Files\SpeechEngines

2008-04-24 15:39:17 62 --ahs---- C:\Documents and Settings\Michal\Dane aplikacji\desktop.ini

2008-04-24 14:56:15 0 d-------- C:\Program Files\SAGEM

2008-04-24 14:55:33 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Macromedia

2008-04-24 14:43:55 0 d-------- C:\Documents and Settings\Michal\Dane aplikacji\Identities

2008-04-24 14:27:06 0 d-------- C:\Program Files\GIMP-2.0

2008-04-24 14:18:08 0 d-------- C:\Program Files\Gadu-Gadu

2008-04-24 14:12:36 0 d-------- C:\Program Files\C-Media 3D Audio

2008-04-24 14:11:19 0 d-------- C:\Program Files\SiSLan

2008-04-24 13:49:37 0 -rahs---- C:\MSDOS.SYS

2008-04-24 13:49:37 0 -rahs---- C:\IO.SYS

2008-04-24 13:49:37 0 --a------ C:\CONFIG.SYS

2008-04-24 13:49:37 0 --a------ C:\AUTOEXEC.BAT

2008-04-24 13:47:44 0 d--h----- C:\Program Files\WindowsUpdate

2008-04-24 13:47:40 0 d-------- C:\Program Files\Usługi online

2008-04-24 13:46:52 0 d-------- C:\Program Files\Common Files\MSSoap

2008-04-24 13:46:43 0 d-------- C:\Program Files\Movie Maker

2008-04-24 13:45:42 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat

2008-04-24 13:45:09 0 d-------- C:\Program Files\Messenger

2008-04-24 13:45:05 0 d-------- C:\Program Files\MSN Gaming Zone

2008-04-24 13:44:56 0 d-------- C:\Program Files\Windows NT



-- Registry Dump ---------------------------------------------------------------


*Note* empty entries & legit default entries are not shown



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-17 07:35]

"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-06-03 20:33]

"msm"="C:\WINDOWS\system32\drivers\services.exe" [2008-06-13 14:09]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-02-17 15:03]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"=1 (0x1)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ClearRecentDocsOnExit"=1 (0x1)


[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ClearRecentDocsOnExit"=1 (0x1)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

@="Service"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e44cf96-1eb5-11dd-abb3-4d6564696130}]

AutoRun\command- G:\jfvkcsy.bat

explore\Command- G:\jfvkcsy.bat

open\Command- G:\jfvkcsy.bat


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e44cf9c-1eb5-11dd-abb3-000b6a1e9955}]

AutoRun\command- G:\jfvkcsy.bat

explore\Command- G:\jfvkcsy.bat

open\Command- G:\jfvkcsy.bat


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c416123-2eeb-11dd-ac1b-4d6564696130}]

AutoRun\command- G:\qa8sywva.cmd

explore\Command- G:\qa8sywva.cmd

open\Command- G:\qa8sywva.cmd


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65c21b50-2653-11dd-abd9-4d6564696130}]

AutoRun\command- G:\jfvkcsy.bat

explore\Command- G:\jfvkcsy.bat

open\Command- G:\jfvkcsy.bat


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eff702b-2191-11dd-abbf-4d6564696130}]

AutoRun\command- G:\qa8sywva.cmd

explore\Command- G:\qa8sywva.cmd

open\Command- G:\qa8sywva.cmd





-- Hosts -----------------------------------------------------------------------


127.0.0.1 norton.com

127.0.0.1 multitrader.info

127.0.0.1 reggame.biz

127.0.0.1 tele-globus.biz

127.0.0.1 newasp.com.cn

127.0.0.1 mygolddinar.com

127.0.0.1 xfatum.com

127.0.0.1 think-adz2.com

127.0.0.1 daoway.biz

127.0.0.1 school-172.info


5 more entries in hosts file.



-- End of Deckard's System Scanner: finished at 2008-06-13 21:46:03 ------------

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------


-- System Information ----------------------------------------------------------


Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: Polish


CPU 0: AMD Athlon(tm) XP 2000+

Percentage of Memory in Use: 66%

Physical Memory (total/avail): 383.48 MiB / 130.06 MiB

Pagefile Memory (total/avail): 922.16 MiB / 774.62 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1935.76 MiB


C: is Fixed (NTFS) - 7.96 GiB total, 3.73 GiB free. 

D: is Fixed (NTFS) - 29.3 GiB total, 6.59 GiB free. 

E: is CDROM (No Media)

F: is CDROM (CDFS)


\\.\PHYSICALDRIVE0 - ST340015A - 37.27 GiB - 2 partitions

  \PARTITION0 (bootable) - Instalowalny system plików - 7.96 GiB - C:

  \PARTITION1 - Rozszerzona z rozszerzonym przerwaniem 13 - 29.3 GiB - D:




-- Security Center -------------------------------------------------------------


AUOptions is disabled.



-- Environment Variables -------------------------------------------------------


ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Michal\Dane aplikacji

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=MICHAť

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Michal

LOGONSERVER=\\MICHAť

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Samsung\Samsung PC Studio 3

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0801

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Michal\USTAWI~1\Temp

TMP=C:\DOCUME~1\Michal\USTAWI~1\Temp

USERDOMAIN=MICHAť

USERNAME=Michal

USERPROFILE=C:\Documents and Settings\Michal

windir=C:\WINDOWS



-- User Profiles ---------------------------------------------------------------


Michal [I](admin)[/I]

Administrator [I](new local, admin)[/I]



-- Add/Remove Programs ---------------------------------------------------------


 --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9 

 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9 

 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9 

 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x9 

 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9 

 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9 

 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9 

 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9 

 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}\setup.exe" -l0x9 

 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9 

 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9 

 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9 

 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 6.0.2 CE --> MsiExec.exe /I{AC76BA86-7AD7-1038-7B44-CEA000000001}

ALLPlayer V3.X --> "C:\Program Files\MarBit\ALLPlayer\unins000.exe"

Archiwizator WinRAR --> C:\Program Files\WinRAR\uninstall.exe

ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\setup.exe" -l0x9 -uninst 

AutoConnect v0.1.2.5 --> C:\Program Files\AutoConnect\uninst.exe

Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"

BearShare --> C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG

C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe

CWK (Czasowy Wyłącznik Komputera) --> "C:\Program Files\Damian Pasternak\CWK\CWK.exe" /uninstall

Digital Photo Navigator 1.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}\setup.EXE" -l0x9 

DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"

EPSON Copy Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" ADDREMOVEDLG

EPSON Photo Print --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"

EPSON Smart Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\setup.exe" -l0x9 Uninstall

EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" -l0x15 UNINSTALL

foobar2000 v0.9.4 --> "C:\Program Files\foobar2000\uninstall.exe"

Gadu-Gadu 7.1 --> C:\Program Files\Gadu-Gadu\Setup.exe

GIMP 2.4.4 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"

HijackThis 1.99.1 --> C:\Documents and Settings\Michal\Pulpit\HijackThis.exe /uninstall

K-Lite Codec Pack 2.80 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"

Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"

My Web Search (Webfetti) --> rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O 

Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""

Nokia Connectivity Cable Driver --> RUNDLL32.EXE nsesetup.dll,DoNTUninst

NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI

PowerCinema NE for Everio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39CEE1F2-12B6-4C50-9131-04BFCA110578}\setup.exe" -uninstall

PowerDirector Express --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall

PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall

SAGEM F@st 800-840 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\Setup.exe" -l0x15 

SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe

Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly

Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly

ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG

SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe

sXe Injected --> "C:\Program Files\sXe Injected\uninstall.exe"

Tasker version 3.13 --> "C:\Program Files\Tasker\unins000.exe"

Tibia --> "C:\Program Files\Tibia\unins000.exe"

Tibia MULTI-ip changer --> C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe

Trojan Remover 6.7.0 --> "C:\Program Files\Trojan Remover\unins000.exe"

VirtualNetwork --> "C:\Program Files\VirtualNetwork\Uninstall.exe"

Winamp --> "C:\Program Files\Winamp\UninstWA.exe"



-- Application Event Log -------------------------------------------------------


Event Record #/Type646 / Error

Event Submitted/Written: 06/13/2008 11:38:55 AM

Event ID/Source: 1000 / Application Error

Event Description:

Aplikacja powodująca błąd help.exe, wersja 0.0.0.0, moduł powodujący błąd help.exe, wersja 0.0.0.0, adres błędu 0x0004008b.

Przetwarzanie zdarzenia określonego nośnika dla [help.exe!ws!]


Event Record #/Type626 / Error

Event Submitted/Written: 06/10/2008 09:31:39 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Aplikacja zawieszająca avant.exe, wersja 10.2.0.52, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Event Record #/Type620 / Error

Event Submitted/Written: 06/10/2008 07:14:03 AM

Event ID/Source: 1000 / Application Error

Event Description:

Aplikacja powodująca błąd nbj.exe, wersja 1.2.0.56, moduł powodujący błąd advrcntr.dll, wersja 1.2.12.2314, adres błędu 0x0001d144.

Przetwarzanie zdarzenia określonego nośnika dla [nbj.exe!ws!]


Event Record #/Type611 / Error

Event Submitted/Written: 06/08/2008 11:30:05 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Aplikacja zawieszająca winamp.exe, wersja 5.5.3.1898, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.


Event Record #/Type610 / Error

Event Submitted/Written: 06/08/2008 11:30:03 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Aplikacja zawieszająca winamp.exe, wersja 5.5.3.1898, moduł zawieszenia hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.




-- Security Event Log ----------------------------------------------------------


No Errors/Warnings found.



-- System Event Log ------------------------------------------------------------


Event Record #/Type4010 / Warning

Event Submitted/Written: 06/13/2008 09:22:16 PM

Event ID/Source: 4226 / Tcpip

Event Description:

Protokół TCP/IP osiągnął limit zabezpieczeń ustalony dla liczby równoczesnych prób połączeń TCP.


Event Record #/Type4009 / Warning

Event Submitted/Written: 06/13/2008 09:07:16 PM

Event ID/Source: 4226 / Tcpip

Event Description:

Protokół TCP/IP osiągnął limit zabezpieczeń ustalony dla liczby równoczesnych prób połączeń TCP.


Event Record #/Type3977 / Error

Event Submitted/Written: 06/13/2008 07:56:21 PM

Event ID/Source: 7026 / Service Control Manager

Event Description:

Nie można załadować następujących sterowników startu rozruchowego lub systemowego: 

Beep


Event Record #/Type3976 / Error

Event Submitted/Written: 06/13/2008 07:56:20 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

Nie można uruchomić usługi General Purpose USB Driver (e4ldr.sys) z powodu następującego błędu: 

%%1058


Event Record #/Type3971 / Warning

Event Submitted/Written: 06/13/2008 07:20:52 PM

Event ID/Source: 4226 / Tcpip

Event Description:

Protokół TCP/IP osiągnął limit zabezpieczeń ustalony dla liczby równoczesnych prób połączeń TCP.




-- End of Deckard's System Scanner: finished at 2008-06-13 21:46:03 ------------

(huber2t) #10

Pobierz The Avenger

wklej do niego ten tekst:

Files to delete:

C:\qa8sywva.cmd

C:\tfk8.exe

C:\jfvkcsy.bat

C:\oq.cmd

C:\0n.bat

C:\1dg.exe

C:\lkxcqdb.bat


Registry keys to delete:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Po tym daj nowy log z pliku main.txt


(Agatonster) #11

Norsun ,

Jesteś nowym userem, ale to nie znaczy, że możesz ignorować zalecenia dostosowania tematu do obowiązujących zasad. Albo niezwłocznie poprawisz tytuł na konkretny, poprawisz pisownię - albo Kosz !