Mbroziak utworzono 24 czerwca 2009 utworzono 24 czerwca 2009 Witam. Mam taki problem. Otóż kiedy skończył mi się okres testowania programu G Data Internet Security 2009 postanowiłem go odinstalować. Miałem pełną wersję programu Ashampoo UnInstaller Platinum 2.9 Pomyślałem że przetestuje program i odinstaluje nim G Datę. Wszystko szło dobrze dopóki nie zawiesił mi się komputer. Musiałem go zrestartować. Potem włączam kompa jeszcze raz a tam G Data dalej jest w trayu tyle że wszystkie opcje ma powyłączane. Próbowałem to odinstalować w trybie awaryjnym ale w "dodaj i usuń programy" nie mam już programu. I mam problem. Nic teraz nie chroni mojego kompa i nie mogę zainstalować innego antyvira. Czy znacie może sposób/program/cokolwiek aby to odinstalować/usunąć??
MarekM25 komentarz 24 czerwca 2009 komentarz 24 czerwca 2009 Spójrz tu: http://www.gdata.pl/portal/PL/content/view/144/148/ Spróbuj tym programem: http://www.pazera-software.pl/products/free-uninstaller/
kubassksiezpol komentarz 24 czerwca 2009 komentarz 24 czerwca 2009 Zainstaluj revo uninstaler. Powinien Ci znaleźć G-data jeśli jest. Nie ma już na dysku żadnych plików G-data? Jeżeli są, to nie możesz uruchomić pliku uninstal?
Mbroziak komentarz 24 czerwca 2009 Autor komentarz 24 czerwca 2009 Jeżeli są, to nie możesz uruchomić pliku uninstal? Nie zostały tylko dwa jakieś DLL. A z nich żadnego pożytku nie mam
Mbroziak komentarz 24 czerwca 2009 Autor komentarz 24 czerwca 2009 A czy nie możesz ich usunąć? Nie bo system mówi że są one używane. Nawet procesów Antyvira nie można zakończyć. W trybie awaryjnym kiedy nie była włączona G Data też nie mogłem ich usunąć bo mówiło że są uzywane.
Gość komentarz 24 czerwca 2009 komentarz 24 czerwca 2009 Pokaż log z RSITa: http://www.forumpc.pl/index.php?showtopic=72102&hl= .
Mbroziak komentarz 25 czerwca 2009 Autor komentarz 25 czerwca 2009 Log z RSIT: Logfile of random's system information tool 1.06 (written by random/random)Run by Filip at 2009-06-25 17:47:04Microsoft Windows XP Professional Dodatek Service Pack 3System drive C: has 11 GB (22%) free of 50 GBTotal RAM: 3071 MB (63% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:47:15, on 2009-06-25Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\PROGRA~1\NEOSTR~1\NeostradaTP.exeC:\PROGRA~1\NEOSTR~1\ComComp.exeC:\PROGRA~1\NEOSTR~1\Watch.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Ubisoft\Heroes of Might and Magic V - Dzikie Hordy\bin\H5_Game.exeC:\WINDOWS\system32\cmd.exeC:\PROGRA~1\FREEDO~1\fdm.exeC:\Documents and Settings\Filip\Pulpit\RSIT.exeC:\Program Files\trend micro\Filip.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.plR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllO3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exeO4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17HelperO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silentO4 - HKCU\..\Run: [uIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Registration Heroes of Might & Magic 5 - Tribes of the East.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V - Dzikie Hordy\registration\RegistrationReminder.exeO8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{0792F1EE-A419-4040-B8F6-91376FAF2E9C}: NameServer = 194.204.159.1 217.98.63.164O17 - HKLM\System\CS1\Services\Tcpip\..\{0792F1EE-A419-4040-B8F6-91376FAF2E9C}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: G DATA Scheduler (AVKService) - Unknown owner - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe (file missing)O23 - Service: Strażnik AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe (file missing)O23 - Service: Usługa Google Update (gupdate1c9e1d1286c5e98) (gupdate1c9e1d1286c5e98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 7357 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\Google Software Updater.jobC:\WINDOWS\tasks\GoogleUpdateTaskMachine.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-31 668656][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll [][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]"WooCnxMon"=C:\PROGRA~1\NEOSTR~1\CnxMon.exe [2003-10-16 24576]"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]"WOOWATCH"=C:\PROGRA~1\NEOSTR~1\Watch.exe [2003-10-16 20480]"WOOTASKBARICON"=C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe [2003-10-16 53248]"nwiz"=nwiz.exe /install []"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]"GDFirewallTray"=C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe []"G DATA AntiVirus Trayapplication"=C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe []"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]"P17Helper"=Rundll32 P17.dll,P17Helper []"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-05-17 306088]"UIWatcher"=C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe [2008-12-01 1743728]C:\Documents and Settings\Filip\Menu Start\Programy\AutostartRegistration Heroes of Might & Magic 5 - Tribes of the East.LNK - C:\Program Files\Ubisoft\Heroes of Might and Magic V - Dzikie Hordy\registration\RegistrationReminder.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club""C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV""C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype""C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"======List of files/folders created in the last 1 months======2009-06-25 17:47:04 ----D---- C:\rsit2009-06-25 17:47:04 ----D---- C:\Program Files\trend micro2009-06-24 21:23:04 ----A---- C:\WINDOWS\ntbtlog.txt2009-06-24 18:37:16 ----D---- C:\Program Files\Ubisoft2009-06-24 12:35:08 ----SHD---- C:\Config.Msi2009-06-13 01:41:35 ----RASH---- C:\BOOTSECT.BAK2009-06-13 01:41:34 ----SHD---- C:\Boot2009-06-13 01:41:34 ----H---- C:\Boot.BAK2009-06-12 16:22:52 ----SHD---- C:\$RECYCLE.BIN2009-06-11 21:46:09 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Innovative Solutions2009-06-11 11:03:31 ----D---- C:\Program Files\OCCT2009-06-09 18:00:46 ----D---- C:\Program Files\Innovative Solutions2009-06-09 17:38:02 ----D---- C:\Program Files\Spybot - Search & Destroy2009-06-09 17:38:02 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-06-09 17:14:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ashampoo2009-06-09 17:14:04 ----D---- C:\Program Files\Ashampoo2009-06-03 18:58:46 ----RD---- C:\Gry2009-06-03 18:32:35 ----A---- C:\WINDOWS\BricoPackUninst.cmd2009-06-03 18:31:28 ----A---- C:\WINDOWS\BricoPackUninst.txt2009-06-03 18:31:28 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd2009-06-03 18:31:13 ----D---- C:\WINDOWS\BricoPacks2009-06-03 18:20:59 ----RD---- C:\Pulpit2009-06-03 17:39:40 ----A---- C:\WINDOWS\system32\unrar.dll2009-06-03 17:39:39 ----A---- C:\WINDOWS\avisplitter.ini2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\yv12vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\xvidvfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\xvidcore.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\vp7vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\vp6vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\huffyuv.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\qt-dx331.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\dpl100.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\divx.dll2009-06-03 17:39:36 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest2009-06-03 17:39:36 ----A---- C:\WINDOWS\system32\ff_vfw.dll2009-06-03 17:39:35 ----D---- C:\Program Files\K-Lite Codec Pack2009-06-03 17:18:16 ----D---- C:\Antywirusy2009-06-03 17:16:07 ----D---- C:\Program Files\NAPI-PROJEKT2009-06-03 17:16:05 ----D---- C:\Program Files\ALLPlayer2009-06-03 16:58:49 ----D---- C:\Program Files\NVIDIA Corporation2009-06-03 16:58:12 ----D---- C:\Program Files\NVIDIA nTune Performance Application2009-06-03 16:07:21 ----D---- C:\Program Files\SpeedFan2009-05-31 18:51:39 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sony2009-05-31 18:44:19 ----D---- C:\Program Files\Common Files\Sony Shared2009-05-31 18:44:08 ----D---- C:\Program Files\Sony2009-05-31 18:44:07 ----D---- C:\Program Files\Sony Ericsson2009-05-31 18:42:23 ----D---- C:\Program Files\QuickTime2009-05-31 18:42:22 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2009-05-31 18:42:14 ----D---- C:\Program Files\Apple Software Update2009-05-31 18:42:14 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple2009-05-31 11:18:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater2009-05-31 11:18:40 ----D---- C:\Program Files\Google2009-05-30 18:37:31 ----N---- C:\WINDOWS\Ctregrun.exe2009-05-30 18:36:11 ----N---- C:\WINDOWS\Updreg.EXE2009-05-30 18:35:44 ----RA---- C:\WINDOWS\system32\CtDvInst.dll2009-05-30 18:35:31 ----RA---- C:\WINDOWS\system32\Ludap17.ini2009-05-30 18:35:31 ----RA---- C:\WINDOWS\system32\ctzapxx.ini2009-05-30 18:35:31 ----D---- C:\WINDOWS\system32\Data2009-05-30 18:35:31 ----A---- C:\WINDOWS\INRES.DLL2009-05-30 18:34:04 ----D---- C:\Program Files\Creative2009-05-30 13:16:52 ----D---- C:\Program Files\Common Files\Skype2009-05-30 13:16:49 ----RD---- C:\Program Files\Skype2009-05-30 13:16:45 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype2009-05-28 14:41:47 ----D---- C:\Program Files\Lavalys2009-05-28 14:12:44 ----A---- C:\WINDOWS\system32\wrap_oal.dll2009-05-28 14:12:44 ----A---- C:\WINDOWS\system32\OpenAL32.dll2009-05-28 14:12:25 ----D---- C:\WINDOWS\system32\Futuremark2009-05-28 14:11:29 ----D---- C:\Program Files\Futuremark2009-05-28 13:50:07 ----D---- C:\Program Files\RivaTuner v2.242009-05-28 13:41:34 ----D---- C:\CDA2009-05-28 13:41:14 ----SHD---- C:\WINDOWS\ftpcache======List of files/folders modified in the last 1 months======2009-06-25 17:47:04 ----RD---- C:\Program Files2009-06-25 16:56:36 ----D---- C:\Program Files\Mozilla Firefox2009-06-25 16:46:23 ----D---- C:\Program Files\Neostrada TP2009-06-25 16:46:16 ----D---- C:\WINDOWS\Temp2009-06-25 16:45:27 ----SD---- C:\WINDOWS\Tasks2009-06-24 21:24:35 ----SHD---- C:\RECYCLER2009-06-24 21:24:07 ----D---- C:\WINDOWS\system322009-06-24 21:23:30 ----D---- C:\Documents and Settings2009-06-24 21:23:04 ----D---- C:\WINDOWS2009-06-24 21:18:29 ----A---- C:\WINDOWS\SchedLgU.Txt2009-06-24 18:44:36 ----SHD---- C:\WINDOWS\Installer2009-06-24 18:44:22 ----D---- C:\Program Files\Adobe2009-06-24 12:42:16 ----D---- C:\WINDOWS\system32\CatRoot22009-06-20 17:38:19 ----D---- C:\WINDOWS\Prefetch2009-06-18 19:04:35 ----A---- C:\WINDOWS\NeroDigital.ini2009-06-13 01:58:40 ----RSH---- C:\boot.ini2009-06-13 01:58:40 ----RASH---- C:\Boot.ini.saved2009-06-11 18:52:55 ----D---- C:\Downloads2009-06-06 17:37:13 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-06-06 17:37:08 ----D---- C:\WINDOWS\system32\drivers2009-06-04 20:43:24 ----SD---- C:\Documents and Settings\Filip\Dane aplikacji\Microsoft2009-06-04 20:33:05 ----D---- C:\Documents and Settings\Filip\Dane aplikacji\Free Download Manager2009-06-03 18:33:57 ----D---- C:\Program Files\Outlook Express2009-06-03 18:33:57 ----D---- C:\Program Files\Movie Maker2009-06-03 18:33:57 ----D---- C:\Program Files\Internet Explorer2009-06-03 18:33:55 ----D---- C:\WINDOWS\system32\usmt2009-06-03 18:32:34 ----A---- C:\WINDOWS\system32\uxtheme.dll2009-06-03 18:32:00 ----D---- C:\WINDOWS\Cursors2009-06-03 18:31:57 ----D---- C:\WINDOWS\Media2009-06-03 18:31:55 ----RSD---- C:\WINDOWS\Fonts2009-06-03 16:59:03 ----HD---- C:\Program Files\InstallShield Installation Information2009-06-03 16:58:26 ----D---- C:\Program Files\Common Files\InstallShield2009-05-31 18:50:27 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft2009-05-31 18:50:21 ----HD---- C:\WINDOWS\inf2009-05-31 18:45:04 ----RSD---- C:\WINDOWS\assembly2009-05-31 18:44:19 ----D---- C:\Program Files\Common Files2009-05-31 18:44:07 ----D---- C:\WINDOWS\WinSxS2009-05-31 18:42:25 ----D---- C:\WINDOWS\system32\CatRoot======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 GRD;G DATA Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]S3 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []S3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]S3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]S3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys []S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]S2 AVKService;G DATA Scheduler; C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe []S2 AVKWCtl;Strażnik AntiVirus; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe []S2 gupdate1c9e1d1286c5e98;Usługa Google Update (gupdate1c9e1d1286c5e98); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-31 133104]S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-31 183280]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]-----------------EOF----------------- Spójrz tu: http://www.gdata.pl/portal/PL/content/view/144/148/ Nie działa u mnie ten sposób
MarekM25 komentarz 25 czerwca 2009 komentarz 25 czerwca 2009 (edytowane) Uruchom HiJackThis i kliknij Do a system scan only. Potem zaznacz wpis: O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\FirewallO4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exeO23 - Service: G DATA Scheduler (AVKService) - Unknown owner - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe (file missing)O23 - Service: Strażnik AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe (file missing) i kliknij fix chcecked Pobierz Avenger. W polu Input script here wklej taki tekst: (bez frazy kod): Kod: Files to delete:C:\WINDOWS\system32\drivers\GRD.sysC:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe Kliknij Execute. Komputer uruchomi się ponownie. I daj nowy log z RSIT i raport z avengera, czyli C:\avenger.txt w celu zobaczenia czy wszystko zniknęło:P Jeżeli zostaną jakieś pliki od G data to wywal je programem Unlocker
Gość komentarz 25 czerwca 2009 komentarz 25 czerwca 2009 @MarekM25 - tak będzie o wieele lepiej: Pobierz ---> The Avenger Wklej do niego ten tekst: Files to delete:C:\WINDOWS\system32\drivers\GRD.sysC:\WINDOWS\system32\drivers\HookCentre.sysFolders to delete:C:\Program Files\G DATARegistry values to delete:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | GDFirewallTrayHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | G DATA AntiVirus TrayapplicationHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] | {0124123D-61B4-456f-AF86-78C53A0790C5}Registry keys to delete:HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}Drivers to delete:GRDHookCentreAVKServiceAVKWCtlgupdate1c9e1d1286c5e98gusvc Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK. Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt. ? .
MarekM25 komentarz 25 czerwca 2009 komentarz 25 czerwca 2009 Wpisy w hjt mogą i tak pozostać jako no file lub file missing, a więc niech autor zrobi najpierw Twoją metodą, a jak coś zostanie to dobije HJT i unlockerem:P
Mbroziak komentarz 25 czerwca 2009 Autor komentarz 25 czerwca 2009 Teraz mam taki problem. Zrobiłem loga z RSITa. I o dziwo po tym udało mi się wywalić foldery G Daty (dziwne nie?). Poczyściłem rejestr z wszelkich fraz kojarzących mi się z G Datą. Tyle że jak biorę instalacje Eseta to wykrywa mi on G Datę. No to kurde gdzie to jeszcze siedzi?? Daje jeszcze jednego loga z RSITa. Napiszcie co teraz zrobić, co usunąć? Logfile of random's system information tool 1.06 (written by random/random)Run by Mbroziak at 2009-06-25 18:22:49Microsoft Windows XP Professional Dodatek Service Pack 3System drive C: has 11 GB (22%) free of 50 GBTotal RAM: 3071 MB (80% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:22:54, on 2009-06-25Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\msiexec.exeC:\PROGRA~1\NEOSTR~1\NeostradaTP.exeC:\PROGRA~1\NEOSTR~1\ComComp.exeC:\PROGRA~1\NEOSTR~1\Watch.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Filip\Pulpit\RSIT.exeC:\Program Files\trend micro\Mbroziak.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.plR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllO3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17HelperO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"O4 - HKCU\..\Run: [uIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\185.85\is\PhysX_9.09.0408_SystemSoftware.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeO4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeO8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{0792F1EE-A419-4040-B8F6-91376FAF2E9C}: NameServer = 194.204.159.1 217.98.63.164O17 - HKLM\System\CS1\Services\Tcpip\..\{0792F1EE-A419-4040-B8F6-91376FAF2E9C}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: G DATA Scheduler (AVKService) - Unknown owner - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe (file missing)O23 - Service: Strażnik AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe (file missing)O23 - Service: Usługa Google Update (gupdate1c9e1d1286c5e98) (gupdate1c9e1d1286c5e98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 8066 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\Google Software Updater.jobC:\WINDOWS\tasks\GoogleUpdateTaskMachine.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-31 668656][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll [][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]"WooCnxMon"=C:\PROGRA~1\NEOSTR~1\CnxMon.exe [2003-10-16 24576]"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]"WOOWATCH"=C:\PROGRA~1\NEOSTR~1\Watch.exe [2003-10-16 20480]"WOOTASKBARICON"=C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe [2003-10-16 53248]"nwiz"=nwiz.exe /install []"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]"P17Helper"=Rundll32 P17.dll,P17Helper []"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-31 39408]"RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]"UIWatcher"=C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe [2008-12-01 1743728]"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MST WISE_SETUP_EXE_PATH=c:\nvidia\winxp\185.85\is\PhysX_9.09.0408_SystemSoftware.exe []C:\Documents and Settings\Mbroziak\Menu Start\Programy\AutostartRocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeTransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeUberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeY'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club""C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV""C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype""C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"======List of files/folders created in the last 1 months======2009-06-25 18:05:05 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2009-06-25 17:52:43 ----D---- C:\Program Files\RegCleaner2009-06-25 17:47:04 ----D---- C:\rsit2009-06-25 17:47:04 ----D---- C:\Program Files\trend micro2009-06-24 21:23:04 ----A---- C:\WINDOWS\ntbtlog.txt2009-06-24 18:37:16 ----D---- C:\Program Files\Ubisoft2009-06-24 12:35:08 ----SHD---- C:\Config.Msi2009-06-13 01:41:35 ----RASH---- C:\BOOTSECT.BAK2009-06-13 01:41:34 ----SHD---- C:\Boot2009-06-13 01:41:34 ----H---- C:\Boot.BAK2009-06-12 16:22:52 ----SHD---- C:\$RECYCLE.BIN2009-06-11 21:46:09 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Innovative Solutions2009-06-11 11:03:31 ----D---- C:\Program Files\OCCT2009-06-09 18:00:46 ----D---- C:\Program Files\Innovative Solutions2009-06-09 17:38:02 ----D---- C:\Program Files\Spybot - Search & Destroy2009-06-09 17:38:02 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-06-09 17:14:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ashampoo2009-06-09 17:14:04 ----D---- C:\Program Files\Ashampoo2009-06-03 18:58:46 ----RD---- C:\Gry2009-06-03 18:32:35 ----A---- C:\WINDOWS\BricoPackUninst.cmd2009-06-03 18:31:28 ----A---- C:\WINDOWS\BricoPackUninst.txt2009-06-03 18:31:28 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd2009-06-03 18:31:13 ----D---- C:\WINDOWS\BricoPacks2009-06-03 18:22:09 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Apple Computer2009-06-03 18:20:59 ----RD---- C:\Pulpit2009-06-03 17:40:22 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Media Player Classic2009-06-03 17:39:40 ----A---- C:\WINDOWS\system32\unrar.dll2009-06-03 17:39:39 ----A---- C:\WINDOWS\avisplitter.ini2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\yv12vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\xvidvfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\xvidcore.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\vp7vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\vp6vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\huffyuv.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\qt-dx331.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\dpl100.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\divx.dll2009-06-03 17:39:36 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest2009-06-03 17:39:36 ----A---- C:\WINDOWS\system32\ff_vfw.dll2009-06-03 17:39:35 ----D---- C:\Program Files\K-Lite Codec Pack2009-06-03 17:18:16 ----D---- C:\Antywirusy2009-06-03 17:16:07 ----D---- C:\Program Files\NAPI-PROJEKT2009-06-03 17:16:05 ----D---- C:\Program Files\ALLPlayer2009-06-03 16:58:49 ----D---- C:\Program Files\NVIDIA Corporation2009-06-03 16:58:12 ----D---- C:\Program Files\NVIDIA nTune Performance Application2009-06-03 16:07:21 ----D---- C:\Program Files\SpeedFan2009-05-31 18:51:39 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Sony2009-05-31 18:51:39 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sony2009-05-31 18:44:19 ----D---- C:\Program Files\Common Files\Sony Shared2009-05-31 18:44:08 ----D---- C:\Program Files\Sony2009-05-31 18:44:07 ----D---- C:\Program Files\Sony Ericsson2009-05-31 18:42:23 ----D---- C:\Program Files\QuickTime2009-05-31 18:42:22 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2009-05-31 18:42:14 ----D---- C:\Program Files\Apple Software Update2009-05-31 18:42:14 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple2009-05-31 11:22:16 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Google2009-05-31 11:18:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater2009-05-31 11:18:40 ----D---- C:\Program Files\Google2009-05-30 18:37:31 ----N---- C:\WINDOWS\Ctregrun.exe2009-05-30 18:36:11 ----N---- C:\WINDOWS\Updreg.EXE2009-05-30 18:35:44 ----RA---- C:\WINDOWS\system32\CtDvInst.dll2009-05-30 18:35:31 ----RA---- C:\WINDOWS\system32\Ludap17.ini2009-05-30 18:35:31 ----RA---- C:\WINDOWS\system32\ctzapxx.ini2009-05-30 18:35:31 ----D---- C:\WINDOWS\system32\Data2009-05-30 18:35:31 ----A---- C:\WINDOWS\INRES.DLL2009-05-30 18:34:04 ----D---- C:\Program Files\Creative2009-05-30 16:07:56 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\skypePM2009-05-30 16:05:10 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Skype2009-05-30 13:16:52 ----D---- C:\Program Files\Common Files\Skype2009-05-30 13:16:49 ----RD---- C:\Program Files\Skype2009-05-30 13:16:45 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype2009-05-28 14:41:47 ----D---- C:\Program Files\Lavalys2009-05-28 14:12:44 ----A---- C:\WINDOWS\system32\wrap_oal.dll2009-05-28 14:12:44 ----A---- C:\WINDOWS\system32\OpenAL32.dll2009-05-28 14:12:25 ----D---- C:\WINDOWS\system32\Futuremark2009-05-28 14:11:29 ----D---- C:\Program Files\Futuremark2009-05-28 13:50:07 ----D---- C:\Program Files\RivaTuner v2.242009-05-28 13:41:34 ----D---- C:\CDA2009-05-28 13:41:14 ----SHD---- C:\WINDOWS\ftpcache======List of files/folders modified in the last 1 months======2009-06-25 18:19:31 ----D---- C:\Program Files\Mozilla Firefox2009-06-25 18:19:24 ----D---- C:\Program Files\Neostrada TP2009-06-25 18:18:30 ----D---- C:\WINDOWS\Temp2009-06-25 18:18:04 ----SD---- C:\WINDOWS\Tasks2009-06-25 18:17:05 ----A---- C:\WINDOWS\SchedLgU.Txt2009-06-25 18:00:15 ----D---- C:\Program Files\Common Files2009-06-25 17:52:43 ----RD---- C:\Program Files2009-06-24 21:24:35 ----SHD---- C:\RECYCLER2009-06-24 21:24:07 ----D---- C:\WINDOWS\system322009-06-24 21:23:30 ----D---- C:\Documents and Settings2009-06-24 21:23:04 ----D---- C:\WINDOWS2009-06-24 18:44:36 ----SHD---- C:\WINDOWS\Installer2009-06-24 18:44:22 ----D---- C:\Program Files\Adobe2009-06-24 12:42:16 ----D---- C:\WINDOWS\system32\CatRoot22009-06-20 18:04:09 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Free Download Manager2009-06-20 17:38:19 ----D---- C:\WINDOWS\Prefetch2009-06-18 19:04:35 ----A---- C:\WINDOWS\NeroDigital.ini2009-06-13 01:58:40 ----SH---- C:\boot.ini2009-06-13 01:58:40 ----RASH---- C:\Boot.ini.saved2009-06-11 18:52:55 ----D---- C:\Downloads2009-06-09 17:44:42 ----SD---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Microsoft2009-06-06 17:37:13 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-06-06 17:37:08 ----D---- C:\WINDOWS\system32\drivers2009-06-03 18:33:57 ----D---- C:\Program Files\Outlook Express2009-06-03 18:33:57 ----D---- C:\Program Files\Movie Maker2009-06-03 18:33:57 ----D---- C:\Program Files\Internet Explorer2009-06-03 18:33:55 ----D---- C:\WINDOWS\system32\usmt2009-06-03 18:32:34 ----A---- C:\WINDOWS\system32\uxtheme.dll2009-06-03 18:32:00 ----D---- C:\WINDOWS\Cursors2009-06-03 18:31:57 ----D---- C:\WINDOWS\Media2009-06-03 18:31:55 ----RSD---- C:\WINDOWS\Fonts2009-06-03 16:59:03 ----HD---- C:\Program Files\InstallShield Installation Information2009-06-03 16:58:26 ----D---- C:\Program Files\Common Files\InstallShield2009-05-31 18:50:27 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft2009-05-31 18:50:21 ----HD---- C:\WINDOWS\inf2009-05-31 18:45:04 ----RSD---- C:\WINDOWS\assembly2009-05-31 18:44:07 ----D---- C:\WINDOWS\WinSxS2009-05-31 18:42:25 ----D---- C:\WINDOWS\system32\CatRoot======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 GRD;G DATA Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]S3 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []S3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]S3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]S3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys []S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]S2 AVKService;G DATA Scheduler; C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe []S2 AVKWCtl;Strażnik AntiVirus; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe []S2 gupdate1c9e1d1286c5e98;Usługa Google Update (gupdate1c9e1d1286c5e98); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-31 133104]S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-31 183280]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]-----------------EOF-----------------
Gość komentarz 25 czerwca 2009 komentarz 25 czerwca 2009 Wykonaj moje polecenie! Po wykonaniu pokazujesz log z RSITa + raport z Avengera. .
Mbroziak komentarz 25 czerwca 2009 Autor komentarz 25 czerwca 2009 (edytowane) Przy okazji mam jeszcze ikonkę Gdata shredder. zainstalowałem unlockera i nawet nim tej ikonki nie moge usunąć. Jak klikam na nią PPM to nie mam ani usuń ani Unlocker. Do kosza też jej nie wrzuce Zaraz zrobie to co mówiłeś. Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt. Ale w folderze C:\Avenger mam tylko dwa inne pliki. Backup mam poprostu na C: <-- o to chodzi?? LOG: Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform: Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!File "C:\WINDOWS\system32\drivers\GRD.sys" deleted successfully.File "C:\WINDOWS\system32\drivers\HookCentre.sys" deleted successfully.Error: folder "C:\Program Files\G DATA" not found!Deletion of folder "C:\Program Files\G DATA" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existDriver "GRD" deleted successfully.Driver "HookCentre" deleted successfully.Driver "AVKService" deleted successfully.Driver "AVKWCtl" deleted successfully.Driver "gupdate1c9e1d1286c5e98" deleted successfully.Driver "gusvc" deleted successfully.Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GDFirewallTray"Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GDFirewallTray" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|G DATA AntiVirus Trayapplication"Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|G DATA AntiVirus Trayapplication" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: could not delete registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]|{0124123D-61B4-456f-AF86-78C53A0790C5}"Deletion of registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]|{0124123D-61B4-456f-AF86-78C53A0790C5}" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existRegistry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}" deleted successfully.Completed script processing.*******************Finished! Terminate. LOG z RSITa: Logfile of random's system information tool 1.06 (written by random/random)Run by Mbroziak at 2009-06-25 18:36:42Microsoft Windows XP Professional Dodatek Service Pack 3System drive C: has 11 GB (22%) free of 50 GBTotal RAM: 3071 MB (81% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:36:46, on 2009-06-25Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeC:\PROGRA~1\NEOSTR~1\NeostradaTP.exeC:\PROGRA~1\NEOSTR~1\ComComp.exeC:\PROGRA~1\NEOSTR~1\Watch.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Mbroziak\Pulpit\RSIT.exeC:\Program Files\trend micro\Mbroziak.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.plR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllO3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17HelperO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"O4 - HKCU\..\Run: [uIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\185.85\is\PhysX_9.09.0408_SystemSoftware.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeO4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeO8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{0792F1EE-A419-4040-B8F6-91376FAF2E9C}: NameServer = 194.204.159.1 217.98.63.164O17 - HKLM\System\CS1\Services\Tcpip\..\{0792F1EE-A419-4040-B8F6-91376FAF2E9C}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 7475 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\Google Software Updater.jobC:\WINDOWS\tasks\GoogleUpdateTaskMachine.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-31 668656][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll [][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]"WooCnxMon"=C:\PROGRA~1\NEOSTR~1\CnxMon.exe [2003-10-16 24576]"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]"WOOWATCH"=C:\PROGRA~1\NEOSTR~1\Watch.exe [2003-10-16 20480]"WOOTASKBARICON"=C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe [2003-10-16 53248]"nwiz"=nwiz.exe /install []"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]"P17Helper"=Rundll32 P17.dll,P17Helper []"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-31 39408]"RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]"UIWatcher"=C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe [2008-12-01 1743728]"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MST WISE_SETUP_EXE_PATH=c:\nvidia\winxp\185.85\is\PhysX_9.09.0408_SystemSoftware.exe []C:\Documents and Settings\Mbroziak\Menu Start\Programy\AutostartRocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeTransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeUberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeY'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club""C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV""C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype""C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"======List of files/folders created in the last 1 months======2009-06-25 18:32:23 ----D---- C:\Avenger2009-06-25 18:32:23 ----A---- C:\avenger.txt2009-06-25 18:25:27 ----D---- C:\Program Files\Unlocker2009-06-25 18:05:05 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2009-06-25 17:52:43 ----D---- C:\Program Files\RegCleaner2009-06-25 17:47:04 ----D---- C:\rsit2009-06-25 17:47:04 ----D---- C:\Program Files\trend micro2009-06-24 21:23:04 ----A---- C:\WINDOWS\ntbtlog.txt2009-06-24 18:37:16 ----D---- C:\Program Files\Ubisoft2009-06-24 12:35:08 ----SHD---- C:\Config.Msi2009-06-13 01:41:35 ----RASH---- C:\BOOTSECT.BAK2009-06-13 01:41:34 ----SHD---- C:\Boot2009-06-13 01:41:34 ----H---- C:\Boot.BAK2009-06-12 16:22:52 ----SHD---- C:\$RECYCLE.BIN2009-06-11 21:46:09 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Innovative Solutions2009-06-11 11:03:31 ----D---- C:\Program Files\OCCT2009-06-09 18:00:46 ----D---- C:\Program Files\Innovative Solutions2009-06-09 17:38:02 ----D---- C:\Program Files\Spybot - Search & Destroy2009-06-09 17:38:02 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-06-09 17:14:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ashampoo2009-06-09 17:14:04 ----D---- C:\Program Files\Ashampoo2009-06-03 18:58:46 ----RD---- C:\Gry2009-06-03 18:32:35 ----A---- C:\WINDOWS\BricoPackUninst.cmd2009-06-03 18:31:28 ----A---- C:\WINDOWS\BricoPackUninst.txt2009-06-03 18:31:28 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd2009-06-03 18:31:13 ----D---- C:\WINDOWS\BricoPacks2009-06-03 18:22:09 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Apple Computer2009-06-03 18:20:59 ----RD---- C:\Pulpit2009-06-03 17:40:22 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Media Player Classic2009-06-03 17:39:40 ----A---- C:\WINDOWS\system32\unrar.dll2009-06-03 17:39:39 ----A---- C:\WINDOWS\avisplitter.ini2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\yv12vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\xvidvfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\xvidcore.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\vp7vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\vp6vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\huffyuv.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\qt-dx331.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\dpl100.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\divx.dll2009-06-03 17:39:36 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest2009-06-03 17:39:36 ----A---- C:\WINDOWS\system32\ff_vfw.dll2009-06-03 17:39:35 ----D---- C:\Program Files\K-Lite Codec Pack2009-06-03 17:18:16 ----D---- C:\Antywirusy2009-06-03 17:16:07 ----D---- C:\Program Files\NAPI-PROJEKT2009-06-03 17:16:05 ----D---- C:\Program Files\ALLPlayer2009-06-03 16:58:49 ----D---- C:\Program Files\NVIDIA Corporation2009-06-03 16:58:12 ----D---- C:\Program Files\NVIDIA nTune Performance Application2009-06-03 16:07:21 ----D---- C:\Program Files\SpeedFan2009-05-31 18:51:39 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Sony2009-05-31 18:51:39 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sony2009-05-31 18:44:19 ----D---- C:\Program Files\Common Files\Sony Shared2009-05-31 18:44:08 ----D---- C:\Program Files\Sony2009-05-31 18:44:07 ----D---- C:\Program Files\Sony Ericsson2009-05-31 18:42:23 ----D---- C:\Program Files\QuickTime2009-05-31 18:42:22 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2009-05-31 18:42:14 ----D---- C:\Program Files\Apple Software Update2009-05-31 18:42:14 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple2009-05-31 11:22:16 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Google2009-05-31 11:18:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater2009-05-31 11:18:40 ----D---- C:\Program Files\Google2009-05-30 18:37:31 ----N---- C:\WINDOWS\Ctregrun.exe2009-05-30 18:36:11 ----N---- C:\WINDOWS\Updreg.EXE2009-05-30 18:35:44 ----RA---- C:\WINDOWS\system32\CtDvInst.dll2009-05-30 18:35:31 ----RA---- C:\WINDOWS\system32\Ludap17.ini2009-05-30 18:35:31 ----RA---- C:\WINDOWS\system32\ctzapxx.ini2009-05-30 18:35:31 ----D---- C:\WINDOWS\system32\Data2009-05-30 18:35:31 ----A---- C:\WINDOWS\INRES.DLL2009-05-30 18:34:04 ----D---- C:\Program Files\Creative2009-05-30 16:07:56 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\skypePM2009-05-30 16:05:10 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Skype2009-05-30 13:16:52 ----D---- C:\Program Files\Common Files\Skype2009-05-30 13:16:49 ----RD---- C:\Program Files\Skype2009-05-30 13:16:45 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype2009-05-28 14:41:47 ----D---- C:\Program Files\Lavalys2009-05-28 14:12:44 ----A---- C:\WINDOWS\system32\wrap_oal.dll2009-05-28 14:12:44 ----A---- C:\WINDOWS\system32\OpenAL32.dll2009-05-28 14:12:25 ----D---- C:\WINDOWS\system32\Futuremark2009-05-28 14:11:29 ----D---- C:\Program Files\Futuremark2009-05-28 13:50:07 ----D---- C:\Program Files\RivaTuner v2.242009-05-28 13:41:34 ----D---- C:\CDA2009-05-28 13:41:14 ----SHD---- C:\WINDOWS\ftpcache======List of files/folders modified in the last 1 months======2009-06-25 18:33:26 ----D---- C:\Program Files\Mozilla Firefox2009-06-25 18:33:24 ----D---- C:\WINDOWS\Temp2009-06-25 18:33:14 ----D---- C:\Program Files\Neostrada TP2009-06-25 18:32:23 ----D---- C:\WINDOWS\system32\drivers2009-06-25 18:32:23 ----D---- C:\WINDOWS\system322009-06-25 18:30:46 ----A---- C:\WINDOWS\SchedLgU.Txt2009-06-25 18:30:36 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Free Download Manager2009-06-25 18:25:27 ----RD---- C:\Program Files2009-06-25 18:18:04 ----SD---- C:\WINDOWS\Tasks2009-06-25 18:00:15 ----D---- C:\Program Files\Common Files2009-06-24 21:24:35 ----SHD---- C:\RECYCLER2009-06-24 21:23:30 ----D---- C:\Documents and Settings2009-06-24 21:23:04 ----D---- C:\WINDOWS2009-06-24 18:44:36 ----SHD---- C:\WINDOWS\Installer2009-06-24 18:44:22 ----D---- C:\Program Files\Adobe2009-06-24 12:42:16 ----D---- C:\WINDOWS\system32\CatRoot22009-06-20 17:38:19 ----D---- C:\WINDOWS\Prefetch2009-06-18 19:04:35 ----A---- C:\WINDOWS\NeroDigital.ini2009-06-13 01:58:40 ----SH---- C:\boot.ini2009-06-13 01:58:40 ----RASH---- C:\Boot.ini.saved2009-06-11 18:52:55 ----D---- C:\Downloads2009-06-09 17:44:42 ----SD---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Microsoft2009-06-06 17:37:13 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-06-03 18:33:57 ----D---- C:\Program Files\Outlook Express2009-06-03 18:33:57 ----D---- C:\Program Files\Movie Maker2009-06-03 18:33:57 ----D---- C:\Program Files\Internet Explorer2009-06-03 18:33:55 ----D---- C:\WINDOWS\system32\usmt2009-06-03 18:32:34 ----A---- C:\WINDOWS\system32\uxtheme.dll2009-06-03 18:32:00 ----D---- C:\WINDOWS\Cursors2009-06-03 18:31:57 ----D---- C:\WINDOWS\Media2009-06-03 18:31:55 ----RSD---- C:\WINDOWS\Fonts2009-06-03 16:59:03 ----HD---- C:\Program Files\InstallShield Installation Information2009-06-03 16:58:26 ----D---- C:\Program Files\Common Files\InstallShield2009-05-31 18:50:27 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft2009-05-31 18:50:21 ----HD---- C:\WINDOWS\inf2009-05-31 18:45:04 ----RSD---- C:\WINDOWS\assembly2009-05-31 18:44:07 ----D---- C:\WINDOWS\WinSxS2009-05-31 18:42:25 ----D---- C:\WINDOWS\system32\CatRoot======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]S3 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []S3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]S3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys []S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]-----------------EOF-----------------
Gość komentarz 25 czerwca 2009 komentarz 25 czerwca 2009 Pokaż teraz log z RSITa. C:\Avenger - usuń. .
Mbroziak komentarz 25 czerwca 2009 Autor komentarz 25 czerwca 2009 Wkleiłem w poprzednim poście log z RSITa.
Gość komentarz 25 czerwca 2009 komentarz 25 czerwca 2009 O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing) Te w/w wpisy sfiksuj w Hijacku: >>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked. Użyj narzędzi takich jak CCleaner, CleanGP, Eusing Free Registry Cleaner i NTREGOPT (NT Registry Optimizer), przeskanuj rejestr systemowy. .
Mbroziak komentarz 25 czerwca 2009 Autor komentarz 25 czerwca 2009 >>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked. Już. Teraz zrobie restart i zobacze. Dałem ci już + za zaangażowanie. przeskanuj rejestr systemowy. CCleanerem to zrobię??
Mbroziak komentarz 25 czerwca 2009 Autor komentarz 25 czerwca 2009 Dodam że przeskanowałem na razie kompa Spybotem i nic nie wykrył. Dobra już działa. Zainstalowałem ESETa i już nic nie mówił że coś wykrywa. Wyczyściłem wszystko CCleanerem. Dzięki wielkie za pomoc. (+) Temat do zamknięcia.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.