x-kom hosting

Problem z G Data Internet Security

Mbroziak
utworzono
utworzono

Witam. Mam taki problem. Otóż kiedy skończył mi się okres testowania programu G Data Internet Security 2009 postanowiłem go odinstalować. Miałem pełną wersję programu Ashampoo UnInstaller Platinum 2.9 Pomyślałem że przetestuje program i odinstaluje nim G Datę. Wszystko szło dobrze dopóki nie zawiesił mi się komputer. Musiałem go zrestartować. Potem włączam kompa jeszcze raz a tam G Data dalej jest w trayu tyle że wszystkie opcje ma powyłączane. Próbowałem to odinstalować w trybie awaryjnym ale w "dodaj i usuń programy" nie mam już programu. I mam problem. Nic teraz nie chroni mojego kompa i nie mogę zainstalować innego antyvira. Czy znacie może sposób/program/cokolwiek aby to odinstalować/usunąć??

kubassksiezpol
komentarz
komentarz

Zainstaluj revo uninstaler. Powinien Ci znaleźć G-data jeśli jest. Nie ma już na dysku żadnych plików G-data? Jeżeli są, to nie możesz uruchomić pliku uninstal?

Mbroziak
komentarz
komentarz
Jeżeli są, to nie możesz uruchomić pliku uninstal?

Nie zostały tylko dwa jakieś DLL. A z nich żadnego pożytku nie mam :(

kubassksiezpol
komentarz
komentarz

A czy nie możesz ich usunąć?

Mbroziak
komentarz
komentarz
A czy nie możesz ich usunąć?

Nie bo system mówi że są one używane. Nawet procesów Antyvira nie można zakończyć. W trybie awaryjnym kiedy nie była włączona G Data też nie mogłem ich usunąć bo mówiło że są uzywane.

MarekM25
komentarz
komentarz

Użyj programu Unlocker

Mbroziak
komentarz
komentarz

Log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)Run by Filip at 2009-06-25 17:47:04Microsoft Windows XP Professional Dodatek Service Pack 3System drive C: has 11 GB (22%) free of 50 GBTotal RAM: 3071 MB (63% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:47:15, on 2009-06-25Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\PROGRA~1\NEOSTR~1\NeostradaTP.exeC:\PROGRA~1\NEOSTR~1\ComComp.exeC:\PROGRA~1\NEOSTR~1\Watch.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Ubisoft\Heroes of Might and Magic V - Dzikie Hordy\bin\H5_Game.exeC:\WINDOWS\system32\cmd.exeC:\PROGRA~1\FREEDO~1\fdm.exeC:\Documents and Settings\Filip\Pulpit\RSIT.exeC:\Program Files\trend micro\Filip.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.plR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllO3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exeO4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17HelperO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silentO4 - HKCU\..\Run: [uIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Registration Heroes of Might & Magic 5 - Tribes of the East.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V - Dzikie Hordy\registration\RegistrationReminder.exeO8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{0792F1EE-A419-4040-B8F6-91376FAF2E9C}: NameServer = 194.204.159.1 217.98.63.164O17 - HKLM\System\CS1\Services\Tcpip\..\{0792F1EE-A419-4040-B8F6-91376FAF2E9C}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: G DATA Scheduler (AVKService) - Unknown owner - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe (file missing)O23 - Service: Strażnik AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe (file missing)O23 - Service: Usługa Google Update (gupdate1c9e1d1286c5e98) (gupdate1c9e1d1286c5e98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 7357 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\Google Software Updater.jobC:\WINDOWS\tasks\GoogleUpdateTaskMachine.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-31 668656][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll [][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]"WooCnxMon"=C:\PROGRA~1\NEOSTR~1\CnxMon.exe [2003-10-16 24576]"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]"WOOWATCH"=C:\PROGRA~1\NEOSTR~1\Watch.exe [2003-10-16 20480]"WOOTASKBARICON"=C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe [2003-10-16 53248]"nwiz"=nwiz.exe /install []"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]"GDFirewallTray"=C:\Program Files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe []"G DATA AntiVirus Trayapplication"=C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exe []"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]"P17Helper"=Rundll32 P17.dll,P17Helper []"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-05-17 306088]"UIWatcher"=C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe [2008-12-01 1743728]C:\Documents and Settings\Filip\Menu Start\Programy\AutostartRegistration Heroes of Might & Magic 5 - Tribes of the East.LNK - C:\Program Files\Ubisoft\Heroes of Might and Magic V - Dzikie Hordy\registration\RegistrationReminder.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club""C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV""C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype""C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"======List of files/folders created in the last 1 months======2009-06-25 17:47:04 ----D---- C:\rsit2009-06-25 17:47:04 ----D---- C:\Program Files\trend micro2009-06-24 21:23:04 ----A---- C:\WINDOWS\ntbtlog.txt2009-06-24 18:37:16 ----D---- C:\Program Files\Ubisoft2009-06-24 12:35:08 ----SHD---- C:\Config.Msi2009-06-13 01:41:35 ----RASH---- C:\BOOTSECT.BAK2009-06-13 01:41:34 ----SHD---- C:\Boot2009-06-13 01:41:34 ----H---- C:\Boot.BAK2009-06-12 16:22:52 ----SHD---- C:\$RECYCLE.BIN2009-06-11 21:46:09 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Innovative Solutions2009-06-11 11:03:31 ----D---- C:\Program Files\OCCT2009-06-09 18:00:46 ----D---- C:\Program Files\Innovative Solutions2009-06-09 17:38:02 ----D---- C:\Program Files\Spybot - Search & Destroy2009-06-09 17:38:02 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-06-09 17:14:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ashampoo2009-06-09 17:14:04 ----D---- C:\Program Files\Ashampoo2009-06-03 18:58:46 ----RD---- C:\Gry2009-06-03 18:32:35 ----A---- C:\WINDOWS\BricoPackUninst.cmd2009-06-03 18:31:28 ----A---- C:\WINDOWS\BricoPackUninst.txt2009-06-03 18:31:28 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd2009-06-03 18:31:13 ----D---- C:\WINDOWS\BricoPacks2009-06-03 18:20:59 ----RD---- C:\Pulpit2009-06-03 17:39:40 ----A---- C:\WINDOWS\system32\unrar.dll2009-06-03 17:39:39 ----A---- C:\WINDOWS\avisplitter.ini2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\yv12vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\xvidvfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\xvidcore.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\vp7vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\vp6vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\huffyuv.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\qt-dx331.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\dpl100.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\divx.dll2009-06-03 17:39:36 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest2009-06-03 17:39:36 ----A---- C:\WINDOWS\system32\ff_vfw.dll2009-06-03 17:39:35 ----D---- C:\Program Files\K-Lite Codec Pack2009-06-03 17:18:16 ----D---- C:\Antywirusy2009-06-03 17:16:07 ----D---- C:\Program Files\NAPI-PROJEKT2009-06-03 17:16:05 ----D---- C:\Program Files\ALLPlayer2009-06-03 16:58:49 ----D---- C:\Program Files\NVIDIA Corporation2009-06-03 16:58:12 ----D---- C:\Program Files\NVIDIA nTune Performance Application2009-06-03 16:07:21 ----D---- C:\Program Files\SpeedFan2009-05-31 18:51:39 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sony2009-05-31 18:44:19 ----D---- C:\Program Files\Common Files\Sony Shared2009-05-31 18:44:08 ----D---- C:\Program Files\Sony2009-05-31 18:44:07 ----D---- C:\Program Files\Sony Ericsson2009-05-31 18:42:23 ----D---- C:\Program Files\QuickTime2009-05-31 18:42:22 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2009-05-31 18:42:14 ----D---- C:\Program Files\Apple Software Update2009-05-31 18:42:14 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple2009-05-31 11:18:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater2009-05-31 11:18:40 ----D---- C:\Program Files\Google2009-05-30 18:37:31 ----N---- C:\WINDOWS\Ctregrun.exe2009-05-30 18:36:11 ----N---- C:\WINDOWS\Updreg.EXE2009-05-30 18:35:44 ----RA---- C:\WINDOWS\system32\CtDvInst.dll2009-05-30 18:35:31 ----RA---- C:\WINDOWS\system32\Ludap17.ini2009-05-30 18:35:31 ----RA---- C:\WINDOWS\system32\ctzapxx.ini2009-05-30 18:35:31 ----D---- C:\WINDOWS\system32\Data2009-05-30 18:35:31 ----A---- C:\WINDOWS\INRES.DLL2009-05-30 18:34:04 ----D---- C:\Program Files\Creative2009-05-30 13:16:52 ----D---- C:\Program Files\Common Files\Skype2009-05-30 13:16:49 ----RD---- C:\Program Files\Skype2009-05-30 13:16:45 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype2009-05-28 14:41:47 ----D---- C:\Program Files\Lavalys2009-05-28 14:12:44 ----A---- C:\WINDOWS\system32\wrap_oal.dll2009-05-28 14:12:44 ----A---- C:\WINDOWS\system32\OpenAL32.dll2009-05-28 14:12:25 ----D---- C:\WINDOWS\system32\Futuremark2009-05-28 14:11:29 ----D---- C:\Program Files\Futuremark2009-05-28 13:50:07 ----D---- C:\Program Files\RivaTuner v2.242009-05-28 13:41:34 ----D---- C:\CDA2009-05-28 13:41:14 ----SHD---- C:\WINDOWS\ftpcache======List of files/folders modified in the last 1 months======2009-06-25 17:47:04 ----RD---- C:\Program Files2009-06-25 16:56:36 ----D---- C:\Program Files\Mozilla Firefox2009-06-25 16:46:23 ----D---- C:\Program Files\Neostrada TP2009-06-25 16:46:16 ----D---- C:\WINDOWS\Temp2009-06-25 16:45:27 ----SD---- C:\WINDOWS\Tasks2009-06-24 21:24:35 ----SHD---- C:\RECYCLER2009-06-24 21:24:07 ----D---- C:\WINDOWS\system322009-06-24 21:23:30 ----D---- C:\Documents and Settings2009-06-24 21:23:04 ----D---- C:\WINDOWS2009-06-24 21:18:29 ----A---- C:\WINDOWS\SchedLgU.Txt2009-06-24 18:44:36 ----SHD---- C:\WINDOWS\Installer2009-06-24 18:44:22 ----D---- C:\Program Files\Adobe2009-06-24 12:42:16 ----D---- C:\WINDOWS\system32\CatRoot22009-06-20 17:38:19 ----D---- C:\WINDOWS\Prefetch2009-06-18 19:04:35 ----A---- C:\WINDOWS\NeroDigital.ini2009-06-13 01:58:40 ----RSH---- C:\boot.ini2009-06-13 01:58:40 ----RASH---- C:\Boot.ini.saved2009-06-11 18:52:55 ----D---- C:\Downloads2009-06-06 17:37:13 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-06-06 17:37:08 ----D---- C:\WINDOWS\system32\drivers2009-06-04 20:43:24 ----SD---- C:\Documents and Settings\Filip\Dane aplikacji\Microsoft2009-06-04 20:33:05 ----D---- C:\Documents and Settings\Filip\Dane aplikacji\Free Download Manager2009-06-03 18:33:57 ----D---- C:\Program Files\Outlook Express2009-06-03 18:33:57 ----D---- C:\Program Files\Movie Maker2009-06-03 18:33:57 ----D---- C:\Program Files\Internet Explorer2009-06-03 18:33:55 ----D---- C:\WINDOWS\system32\usmt2009-06-03 18:32:34 ----A---- C:\WINDOWS\system32\uxtheme.dll2009-06-03 18:32:00 ----D---- C:\WINDOWS\Cursors2009-06-03 18:31:57 ----D---- C:\WINDOWS\Media2009-06-03 18:31:55 ----RSD---- C:\WINDOWS\Fonts2009-06-03 16:59:03 ----HD---- C:\Program Files\InstallShield Installation Information2009-06-03 16:58:26 ----D---- C:\Program Files\Common Files\InstallShield2009-05-31 18:50:27 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft2009-05-31 18:50:21 ----HD---- C:\WINDOWS\inf2009-05-31 18:45:04 ----RSD---- C:\WINDOWS\assembly2009-05-31 18:44:19 ----D---- C:\Program Files\Common Files2009-05-31 18:44:07 ----D---- C:\WINDOWS\WinSxS2009-05-31 18:42:25 ----D---- C:\WINDOWS\system32\CatRoot======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 GRD;G DATA Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]S3 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []S3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]S3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]S3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys []S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]S2 AVKService;G DATA Scheduler; C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe []S2 AVKWCtl;Strażnik AntiVirus; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe []S2 gupdate1c9e1d1286c5e98;Usługa Google Update (gupdate1c9e1d1286c5e98); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-31 133104]S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-31 183280]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]-----------------EOF-----------------

Nie działa u mnie ten sposób :(

MarekM25
komentarz
komentarz (edytowane)

Uruchom HiJackThis i kliknij Do a system scan only. Potem zaznacz wpis:

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\InternetSecurity\FirewallO4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\InternetSecurity\AVKTray\AVKTray.exeO23 - Service: G DATA Scheduler (AVKService) - Unknown owner - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe (file missing)O23 - Service: Strażnik AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe (file missing)

i kliknij fix chcecked

Pobierz Avenger. W polu Input script here wklej taki tekst: (bez frazy kod):

Kod:

Files to delete:C:\WINDOWS\system32\drivers\GRD.sysC:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe

Kliknij Execute. Komputer uruchomi się ponownie.

I daj nowy log z RSIT i raport z avengera, czyli C:\avenger.txt w celu zobaczenia czy wszystko zniknęło:P Jeżeli zostaną jakieś pliki od G data to wywal je programem Unlocker

Gość
komentarz
komentarz

@MarekM25 - tak będzie o wieele lepiej: :)

Pobierz ---> The Avenger

Wklej do niego ten tekst:

Files to delete:C:\WINDOWS\system32\drivers\GRD.sysC:\WINDOWS\system32\drivers\HookCentre.sysFolders to delete:C:\Program Files\G DATARegistry values to delete:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | GDFirewallTrayHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | G DATA AntiVirus TrayapplicationHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] | {0124123D-61B4-456f-AF86-78C53A0790C5}Registry keys to delete:HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}Drivers to delete:GRDHookCentreAVKServiceAVKWCtlgupdate1c9e1d1286c5e98gusvc

Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.

Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt.

? :)

.

MarekM25
komentarz
komentarz

Wpisy w hjt mogą i tak pozostać jako no file lub file missing, a więc niech autor zrobi najpierw Twoją metodą, a jak coś zostanie to dobije HJT i unlockerem:P

Mbroziak
komentarz
komentarz

Teraz mam taki problem. Zrobiłem loga z RSITa. I o dziwo po tym udało mi się wywalić foldery G Daty (dziwne nie?). Poczyściłem rejestr z wszelkich fraz kojarzących mi się z G Datą. Tyle że jak biorę instalacje Eseta to wykrywa mi on G Datę. No to kurde gdzie to jeszcze siedzi??

Daje jeszcze jednego loga z RSITa. Napiszcie co teraz zrobić, co usunąć?

Logfile of random's system information tool 1.06 (written by random/random)Run by Mbroziak at 2009-06-25 18:22:49Microsoft Windows XP Professional Dodatek Service Pack 3System drive C: has 11 GB (22%) free of 50 GBTotal RAM: 3071 MB (80% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:22:54, on 2009-06-25Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\msiexec.exeC:\PROGRA~1\NEOSTR~1\NeostradaTP.exeC:\PROGRA~1\NEOSTR~1\ComComp.exeC:\PROGRA~1\NEOSTR~1\Watch.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Filip\Pulpit\RSIT.exeC:\Program Files\trend micro\Mbroziak.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.plR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllO3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17HelperO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"O4 - HKCU\..\Run: [uIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\185.85\is\PhysX_9.09.0408_SystemSoftware.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeO4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeO8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{0792F1EE-A419-4040-B8F6-91376FAF2E9C}: NameServer = 194.204.159.1 217.98.63.164O17 - HKLM\System\CS1\Services\Tcpip\..\{0792F1EE-A419-4040-B8F6-91376FAF2E9C}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: G DATA Scheduler (AVKService) - Unknown owner - C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe (file missing)O23 - Service: Strażnik AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe (file missing)O23 - Service: Usługa Google Update (gupdate1c9e1d1286c5e98) (gupdate1c9e1d1286c5e98) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 8066 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\Google Software Updater.jobC:\WINDOWS\tasks\GoogleUpdateTaskMachine.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-31 668656][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll [][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]"WooCnxMon"=C:\PROGRA~1\NEOSTR~1\CnxMon.exe [2003-10-16 24576]"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]"WOOWATCH"=C:\PROGRA~1\NEOSTR~1\Watch.exe [2003-10-16 20480]"WOOTASKBARICON"=C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe [2003-10-16 53248]"nwiz"=nwiz.exe /install []"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]"P17Helper"=Rundll32 P17.dll,P17Helper []"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-31 39408]"RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]"UIWatcher"=C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe [2008-12-01 1743728]"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MST WISE_SETUP_EXE_PATH=c:\nvidia\winxp\185.85\is\PhysX_9.09.0408_SystemSoftware.exe []C:\Documents and Settings\Mbroziak\Menu Start\Programy\AutostartRocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeTransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeUberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeY'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club""C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV""C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype""C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"======List of files/folders created in the last 1 months======2009-06-25 18:05:05 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2009-06-25 17:52:43 ----D---- C:\Program Files\RegCleaner2009-06-25 17:47:04 ----D---- C:\rsit2009-06-25 17:47:04 ----D---- C:\Program Files\trend micro2009-06-24 21:23:04 ----A---- C:\WINDOWS\ntbtlog.txt2009-06-24 18:37:16 ----D---- C:\Program Files\Ubisoft2009-06-24 12:35:08 ----SHD---- C:\Config.Msi2009-06-13 01:41:35 ----RASH---- C:\BOOTSECT.BAK2009-06-13 01:41:34 ----SHD---- C:\Boot2009-06-13 01:41:34 ----H---- C:\Boot.BAK2009-06-12 16:22:52 ----SHD---- C:\$RECYCLE.BIN2009-06-11 21:46:09 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Innovative Solutions2009-06-11 11:03:31 ----D---- C:\Program Files\OCCT2009-06-09 18:00:46 ----D---- C:\Program Files\Innovative Solutions2009-06-09 17:38:02 ----D---- C:\Program Files\Spybot - Search & Destroy2009-06-09 17:38:02 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-06-09 17:14:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ashampoo2009-06-09 17:14:04 ----D---- C:\Program Files\Ashampoo2009-06-03 18:58:46 ----RD---- C:\Gry2009-06-03 18:32:35 ----A---- C:\WINDOWS\BricoPackUninst.cmd2009-06-03 18:31:28 ----A---- C:\WINDOWS\BricoPackUninst.txt2009-06-03 18:31:28 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd2009-06-03 18:31:13 ----D---- C:\WINDOWS\BricoPacks2009-06-03 18:22:09 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Apple Computer2009-06-03 18:20:59 ----RD---- C:\Pulpit2009-06-03 17:40:22 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Media Player Classic2009-06-03 17:39:40 ----A---- C:\WINDOWS\system32\unrar.dll2009-06-03 17:39:39 ----A---- C:\WINDOWS\avisplitter.ini2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\yv12vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\xvidvfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\xvidcore.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\vp7vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\vp6vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\huffyuv.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\qt-dx331.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\dpl100.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\divx.dll2009-06-03 17:39:36 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest2009-06-03 17:39:36 ----A---- C:\WINDOWS\system32\ff_vfw.dll2009-06-03 17:39:35 ----D---- C:\Program Files\K-Lite Codec Pack2009-06-03 17:18:16 ----D---- C:\Antywirusy2009-06-03 17:16:07 ----D---- C:\Program Files\NAPI-PROJEKT2009-06-03 17:16:05 ----D---- C:\Program Files\ALLPlayer2009-06-03 16:58:49 ----D---- C:\Program Files\NVIDIA Corporation2009-06-03 16:58:12 ----D---- C:\Program Files\NVIDIA nTune Performance Application2009-06-03 16:07:21 ----D---- C:\Program Files\SpeedFan2009-05-31 18:51:39 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Sony2009-05-31 18:51:39 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sony2009-05-31 18:44:19 ----D---- C:\Program Files\Common Files\Sony Shared2009-05-31 18:44:08 ----D---- C:\Program Files\Sony2009-05-31 18:44:07 ----D---- C:\Program Files\Sony Ericsson2009-05-31 18:42:23 ----D---- C:\Program Files\QuickTime2009-05-31 18:42:22 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2009-05-31 18:42:14 ----D---- C:\Program Files\Apple Software Update2009-05-31 18:42:14 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple2009-05-31 11:22:16 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Google2009-05-31 11:18:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater2009-05-31 11:18:40 ----D---- C:\Program Files\Google2009-05-30 18:37:31 ----N---- C:\WINDOWS\Ctregrun.exe2009-05-30 18:36:11 ----N---- C:\WINDOWS\Updreg.EXE2009-05-30 18:35:44 ----RA---- C:\WINDOWS\system32\CtDvInst.dll2009-05-30 18:35:31 ----RA---- C:\WINDOWS\system32\Ludap17.ini2009-05-30 18:35:31 ----RA---- C:\WINDOWS\system32\ctzapxx.ini2009-05-30 18:35:31 ----D---- C:\WINDOWS\system32\Data2009-05-30 18:35:31 ----A---- C:\WINDOWS\INRES.DLL2009-05-30 18:34:04 ----D---- C:\Program Files\Creative2009-05-30 16:07:56 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\skypePM2009-05-30 16:05:10 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Skype2009-05-30 13:16:52 ----D---- C:\Program Files\Common Files\Skype2009-05-30 13:16:49 ----RD---- C:\Program Files\Skype2009-05-30 13:16:45 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype2009-05-28 14:41:47 ----D---- C:\Program Files\Lavalys2009-05-28 14:12:44 ----A---- C:\WINDOWS\system32\wrap_oal.dll2009-05-28 14:12:44 ----A---- C:\WINDOWS\system32\OpenAL32.dll2009-05-28 14:12:25 ----D---- C:\WINDOWS\system32\Futuremark2009-05-28 14:11:29 ----D---- C:\Program Files\Futuremark2009-05-28 13:50:07 ----D---- C:\Program Files\RivaTuner v2.242009-05-28 13:41:34 ----D---- C:\CDA2009-05-28 13:41:14 ----SHD---- C:\WINDOWS\ftpcache======List of files/folders modified in the last 1 months======2009-06-25 18:19:31 ----D---- C:\Program Files\Mozilla Firefox2009-06-25 18:19:24 ----D---- C:\Program Files\Neostrada TP2009-06-25 18:18:30 ----D---- C:\WINDOWS\Temp2009-06-25 18:18:04 ----SD---- C:\WINDOWS\Tasks2009-06-25 18:17:05 ----A---- C:\WINDOWS\SchedLgU.Txt2009-06-25 18:00:15 ----D---- C:\Program Files\Common Files2009-06-25 17:52:43 ----RD---- C:\Program Files2009-06-24 21:24:35 ----SHD---- C:\RECYCLER2009-06-24 21:24:07 ----D---- C:\WINDOWS\system322009-06-24 21:23:30 ----D---- C:\Documents and Settings2009-06-24 21:23:04 ----D---- C:\WINDOWS2009-06-24 18:44:36 ----SHD---- C:\WINDOWS\Installer2009-06-24 18:44:22 ----D---- C:\Program Files\Adobe2009-06-24 12:42:16 ----D---- C:\WINDOWS\system32\CatRoot22009-06-20 18:04:09 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Free Download Manager2009-06-20 17:38:19 ----D---- C:\WINDOWS\Prefetch2009-06-18 19:04:35 ----A---- C:\WINDOWS\NeroDigital.ini2009-06-13 01:58:40 ----SH---- C:\boot.ini2009-06-13 01:58:40 ----RASH---- C:\Boot.ini.saved2009-06-11 18:52:55 ----D---- C:\Downloads2009-06-09 17:44:42 ----SD---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Microsoft2009-06-06 17:37:13 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-06-06 17:37:08 ----D---- C:\WINDOWS\system32\drivers2009-06-03 18:33:57 ----D---- C:\Program Files\Outlook Express2009-06-03 18:33:57 ----D---- C:\Program Files\Movie Maker2009-06-03 18:33:57 ----D---- C:\Program Files\Internet Explorer2009-06-03 18:33:55 ----D---- C:\WINDOWS\system32\usmt2009-06-03 18:32:34 ----A---- C:\WINDOWS\system32\uxtheme.dll2009-06-03 18:32:00 ----D---- C:\WINDOWS\Cursors2009-06-03 18:31:57 ----D---- C:\WINDOWS\Media2009-06-03 18:31:55 ----RSD---- C:\WINDOWS\Fonts2009-06-03 16:59:03 ----HD---- C:\Program Files\InstallShield Installation Information2009-06-03 16:58:26 ----D---- C:\Program Files\Common Files\InstallShield2009-05-31 18:50:27 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft2009-05-31 18:50:21 ----HD---- C:\WINDOWS\inf2009-05-31 18:45:04 ----RSD---- C:\WINDOWS\assembly2009-05-31 18:44:07 ----D---- C:\WINDOWS\WinSxS2009-05-31 18:42:25 ----D---- C:\WINDOWS\system32\CatRoot======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 GRD;G DATA Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]S3 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []S3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]S3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]S3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys []S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]S2 AVKService;G DATA Scheduler; C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe []S2 AVKWCtl;Strażnik AntiVirus; C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe []S2 gupdate1c9e1d1286c5e98;Usługa Google Update (gupdate1c9e1d1286c5e98); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-31 133104]S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-31 183280]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]-----------------EOF-----------------
Gość
komentarz
komentarz

:wtf:

Wykonaj moje polecenie!

Po wykonaniu pokazujesz log z RSITa + raport z Avengera.

.

Mbroziak
komentarz
komentarz (edytowane)

Przy okazji mam jeszcze ikonkę Gdata shredder. zainstalowałem unlockera i nawet nim tej ikonki nie moge usunąć. Jak klikam na nią PPM to nie mam ani usuń ani Unlocker. Do kosza też jej nie wrzuce :(

Zaraz zrobie to co mówiłeś.

Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt.

Ale w folderze C:\Avenger mam tylko dwa inne pliki. Backup mam poprostu na C: <-- o to chodzi??

LOG:

Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform:  Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!File "C:\WINDOWS\system32\drivers\GRD.sys" deleted successfully.File "C:\WINDOWS\system32\drivers\HookCentre.sys" deleted successfully.Error:  folder "C:\Program Files\G DATA" not found!Deletion of folder "C:\Program Files\G DATA" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)  --> the object does not existDriver "GRD" deleted successfully.Driver "HookCentre" deleted successfully.Driver "AVKService" deleted successfully.Driver "AVKWCtl" deleted successfully.Driver "gupdate1c9e1d1286c5e98" deleted successfully.Driver "gusvc" deleted successfully.Error:  could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GDFirewallTray"Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GDFirewallTray" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)  --> the object does not existError:  could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|G DATA AntiVirus Trayapplication"Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|G DATA AntiVirus Trayapplication" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)  --> the object does not existError:  could not delete registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]|{0124123D-61B4-456f-AF86-78C53A0790C5}"Deletion of registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]|{0124123D-61B4-456f-AF86-78C53A0790C5}" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)  --> the object does not existRegistry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}" deleted successfully.Completed script processing.*******************Finished!  Terminate.

LOG z RSITa:

Logfile of random's system information tool 1.06 (written by random/random)Run by Mbroziak at 2009-06-25 18:36:42Microsoft Windows XP Professional Dodatek Service Pack 3System drive C: has 11 GB (22%) free of 50 GBTotal RAM: 3071 MB (81% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:36:46, on 2009-06-25Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeC:\PROGRA~1\NEOSTR~1\NeostradaTP.exeC:\PROGRA~1\NEOSTR~1\ComComp.exeC:\PROGRA~1\NEOSTR~1\Watch.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Mbroziak\Pulpit\RSIT.exeC:\Program Files\trend micro\Mbroziak.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.plR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllO3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17HelperO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"O4 - HKCU\..\Run: [uIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MST" WISE_SETUP_EXE_PATH="c:\nvidia\winxp\185.85\is\PhysX_9.09.0408_SystemSoftware.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeO4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeO4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeO4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exeO8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{0792F1EE-A419-4040-B8F6-91376FAF2E9C}: NameServer = 194.204.159.1 217.98.63.164O17 - HKLM\System\CS1\Services\Tcpip\..\{0792F1EE-A419-4040-B8F6-91376FAF2E9C}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe--End of file - 7475 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\Google Software Updater.jobC:\WINDOWS\tasks\GoogleUpdateTaskMachine.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll [][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-31 668656][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll [][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]"WooCnxMon"=C:\PROGRA~1\NEOSTR~1\CnxMon.exe [2003-10-16 24576]"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]"WOOWATCH"=C:\PROGRA~1\NEOSTR~1\Watch.exe [2003-10-16 20480]"WOOTASKBARICON"=C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe [2003-10-16 53248]"nwiz"=nwiz.exe /install []"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]"P17Helper"=Rundll32 P17.dll,P17Helper []"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-31 39408]"RocketDock"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 630784]"UIWatcher"=C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe [2008-12-01 1743728]"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WIS1C4551A64743409391E41477CD655043_9_09_0203.MST WISE_SETUP_EXE_PATH=c:\nvidia\winxp\185.85\is\PhysX_9.09.0408_SystemSoftware.exe []C:\Documents and Settings\Mbroziak\Menu Start\Programy\AutostartRocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exeTransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exeUberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exeY'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club""C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV""C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype""C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"======List of files/folders created in the last 1 months======2009-06-25 18:32:23 ----D---- C:\Avenger2009-06-25 18:32:23 ----A---- C:\avenger.txt2009-06-25 18:25:27 ----D---- C:\Program Files\Unlocker2009-06-25 18:05:05 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2009-06-25 17:52:43 ----D---- C:\Program Files\RegCleaner2009-06-25 17:47:04 ----D---- C:\rsit2009-06-25 17:47:04 ----D---- C:\Program Files\trend micro2009-06-24 21:23:04 ----A---- C:\WINDOWS\ntbtlog.txt2009-06-24 18:37:16 ----D---- C:\Program Files\Ubisoft2009-06-24 12:35:08 ----SHD---- C:\Config.Msi2009-06-13 01:41:35 ----RASH---- C:\BOOTSECT.BAK2009-06-13 01:41:34 ----SHD---- C:\Boot2009-06-13 01:41:34 ----H---- C:\Boot.BAK2009-06-12 16:22:52 ----SHD---- C:\$RECYCLE.BIN2009-06-11 21:46:09 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Innovative Solutions2009-06-11 11:03:31 ----D---- C:\Program Files\OCCT2009-06-09 18:00:46 ----D---- C:\Program Files\Innovative Solutions2009-06-09 17:38:02 ----D---- C:\Program Files\Spybot - Search & Destroy2009-06-09 17:38:02 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-06-09 17:14:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ashampoo2009-06-09 17:14:04 ----D---- C:\Program Files\Ashampoo2009-06-03 18:58:46 ----RD---- C:\Gry2009-06-03 18:32:35 ----A---- C:\WINDOWS\BricoPackUninst.cmd2009-06-03 18:31:28 ----A---- C:\WINDOWS\BricoPackUninst.txt2009-06-03 18:31:28 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd2009-06-03 18:31:13 ----D---- C:\WINDOWS\BricoPacks2009-06-03 18:22:09 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Apple Computer2009-06-03 18:20:59 ----RD---- C:\Pulpit2009-06-03 17:40:22 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Media Player Classic2009-06-03 17:39:40 ----A---- C:\WINDOWS\system32\unrar.dll2009-06-03 17:39:39 ----A---- C:\WINDOWS\avisplitter.ini2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\yv12vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\xvidvfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\xvidcore.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\vp7vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\vp6vfw.dll2009-06-03 17:39:38 ----A---- C:\WINDOWS\system32\huffyuv.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\qt-dx331.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\dpl100.dll2009-06-03 17:39:37 ----A---- C:\WINDOWS\system32\divx.dll2009-06-03 17:39:36 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest2009-06-03 17:39:36 ----A---- C:\WINDOWS\system32\ff_vfw.dll2009-06-03 17:39:35 ----D---- C:\Program Files\K-Lite Codec Pack2009-06-03 17:18:16 ----D---- C:\Antywirusy2009-06-03 17:16:07 ----D---- C:\Program Files\NAPI-PROJEKT2009-06-03 17:16:05 ----D---- C:\Program Files\ALLPlayer2009-06-03 16:58:49 ----D---- C:\Program Files\NVIDIA Corporation2009-06-03 16:58:12 ----D---- C:\Program Files\NVIDIA nTune Performance Application2009-06-03 16:07:21 ----D---- C:\Program Files\SpeedFan2009-05-31 18:51:39 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Sony2009-05-31 18:51:39 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Sony2009-05-31 18:44:19 ----D---- C:\Program Files\Common Files\Sony Shared2009-05-31 18:44:08 ----D---- C:\Program Files\Sony2009-05-31 18:44:07 ----D---- C:\Program Files\Sony Ericsson2009-05-31 18:42:23 ----D---- C:\Program Files\QuickTime2009-05-31 18:42:22 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2009-05-31 18:42:14 ----D---- C:\Program Files\Apple Software Update2009-05-31 18:42:14 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Apple2009-05-31 11:22:16 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Google2009-05-31 11:18:42 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Google Updater2009-05-31 11:18:40 ----D---- C:\Program Files\Google2009-05-30 18:37:31 ----N---- C:\WINDOWS\Ctregrun.exe2009-05-30 18:36:11 ----N---- C:\WINDOWS\Updreg.EXE2009-05-30 18:35:44 ----RA---- C:\WINDOWS\system32\CtDvInst.dll2009-05-30 18:35:31 ----RA---- C:\WINDOWS\system32\Ludap17.ini2009-05-30 18:35:31 ----RA---- C:\WINDOWS\system32\ctzapxx.ini2009-05-30 18:35:31 ----D---- C:\WINDOWS\system32\Data2009-05-30 18:35:31 ----A---- C:\WINDOWS\INRES.DLL2009-05-30 18:34:04 ----D---- C:\Program Files\Creative2009-05-30 16:07:56 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\skypePM2009-05-30 16:05:10 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Skype2009-05-30 13:16:52 ----D---- C:\Program Files\Common Files\Skype2009-05-30 13:16:49 ----RD---- C:\Program Files\Skype2009-05-30 13:16:45 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype2009-05-28 14:41:47 ----D---- C:\Program Files\Lavalys2009-05-28 14:12:44 ----A---- C:\WINDOWS\system32\wrap_oal.dll2009-05-28 14:12:44 ----A---- C:\WINDOWS\system32\OpenAL32.dll2009-05-28 14:12:25 ----D---- C:\WINDOWS\system32\Futuremark2009-05-28 14:11:29 ----D---- C:\Program Files\Futuremark2009-05-28 13:50:07 ----D---- C:\Program Files\RivaTuner v2.242009-05-28 13:41:34 ----D---- C:\CDA2009-05-28 13:41:14 ----SHD---- C:\WINDOWS\ftpcache======List of files/folders modified in the last 1 months======2009-06-25 18:33:26 ----D---- C:\Program Files\Mozilla Firefox2009-06-25 18:33:24 ----D---- C:\WINDOWS\Temp2009-06-25 18:33:14 ----D---- C:\Program Files\Neostrada TP2009-06-25 18:32:23 ----D---- C:\WINDOWS\system32\drivers2009-06-25 18:32:23 ----D---- C:\WINDOWS\system322009-06-25 18:30:46 ----A---- C:\WINDOWS\SchedLgU.Txt2009-06-25 18:30:36 ----D---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Free Download Manager2009-06-25 18:25:27 ----RD---- C:\Program Files2009-06-25 18:18:04 ----SD---- C:\WINDOWS\Tasks2009-06-25 18:00:15 ----D---- C:\Program Files\Common Files2009-06-24 21:24:35 ----SHD---- C:\RECYCLER2009-06-24 21:23:30 ----D---- C:\Documents and Settings2009-06-24 21:23:04 ----D---- C:\WINDOWS2009-06-24 18:44:36 ----SHD---- C:\WINDOWS\Installer2009-06-24 18:44:22 ----D---- C:\Program Files\Adobe2009-06-24 12:42:16 ----D---- C:\WINDOWS\system32\CatRoot22009-06-20 17:38:19 ----D---- C:\WINDOWS\Prefetch2009-06-18 19:04:35 ----A---- C:\WINDOWS\NeroDigital.ini2009-06-13 01:58:40 ----SH---- C:\boot.ini2009-06-13 01:58:40 ----RASH---- C:\Boot.ini.saved2009-06-11 18:52:55 ----D---- C:\Downloads2009-06-09 17:44:42 ----SD---- C:\Documents and Settings\Mbroziak\Dane aplikacji\Microsoft2009-06-06 17:37:13 ----RSHDC---- C:\WINDOWS\system32\dllcache2009-06-03 18:33:57 ----D---- C:\Program Files\Outlook Express2009-06-03 18:33:57 ----D---- C:\Program Files\Movie Maker2009-06-03 18:33:57 ----D---- C:\Program Files\Internet Explorer2009-06-03 18:33:55 ----D---- C:\WINDOWS\system32\usmt2009-06-03 18:32:34 ----A---- C:\WINDOWS\system32\uxtheme.dll2009-06-03 18:32:00 ----D---- C:\WINDOWS\Cursors2009-06-03 18:31:57 ----D---- C:\WINDOWS\Media2009-06-03 18:31:55 ----RSD---- C:\WINDOWS\Fonts2009-06-03 16:59:03 ----HD---- C:\Program Files\InstallShield Installation Information2009-06-03 16:58:26 ----D---- C:\Program Files\Common Files\InstallShield2009-05-31 18:50:27 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft2009-05-31 18:50:21 ----HD---- C:\WINDOWS\inf2009-05-31 18:45:04 ----RSD---- C:\WINDOWS\assembly2009-05-31 18:44:07 ----D---- C:\WINDOWS\WinSxS2009-05-31 18:42:25 ----D---- C:\WINDOWS\system32\CatRoot======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]R3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]R3 GearAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]S3 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []S3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []S3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]S3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.24\RivaTuner32.sys []S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]-----------------EOF-----------------
Gość
komentarz
komentarz

Pokaż teraz log z RSITa.

C:\Avenger - usuń. :)

.

Mbroziak
komentarz
komentarz

Wkleiłem w poprzednim poście log z RSITa.

Gość
komentarz
komentarz
O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\InternetSecurity\Webfilter\AvkWebIE.dll (file missing)

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.

Użyj narzędzi takich jak CCleaner, CleanGP, Eusing Free Registry Cleaner i NTREGOPT (NT Registry Optimizer), przeskanuj rejestr systemowy.

.

Mbroziak
komentarz
komentarz
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.

Już. Teraz zrobie restart i zobacze. Dałem ci już + za zaangażowanie.

przeskanuj rejestr systemowy.

CCleanerem to zrobię??

Gość
komentarz
komentarz

Zrobisz to CCleanerem. :)

.

Mbroziak
komentarz
komentarz

Dodam że przeskanowałem na razie kompa Spybotem i nic nie wykrył.

Dobra już działa. Zainstalowałem ESETa i już nic nie mówił że coś wykrywa. Wyczyściłem wszystko CCleanerem. Dzięki wielkie za pomoc. (+)

Temat do zamknięcia.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.