cronoseek utworzono 16 sierpnia 2009 utworzono 16 sierpnia 2009 (edytowane) Przy próbie uruchomienia menadżera zadań lub edytora rejestru otrzymuję komunikat że został wyłączony przez administratora, oprócz tego położyło mi antywirus. system XP Home SP2 Log do sprawdzenia Logfile of random's system information tool 1.06 (written by random/random) Run by Właściciel at 2009-08-16 09:43:32 Microsoft Windows XP Home Edition Dodatek Service Pack 2 System drive C: has 24 GB (47%) free of 51 GB Total RAM: 2047 MB (69% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:43:33, on 2009-08-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\F-Secure\Common\FSM32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\qttask.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Belkin\F5D7000v8\Belkinwcui.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\F-Secure\FSAUA\program\fsaua.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Belkin\F5D7000v8\jswpsapi.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winyqvcm.exe C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winyxtfxa.exe C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\w3c593.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Właściciel\Pulpit\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Właściciel.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - Global Startup: Belkin Wireless G PCI Adapter Utility.lnk = C:\Program Files\Belkin\F5D7000v8\Belkinwcui.exe O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233325856062 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Usługa F-Secure Network Request Broker (F-Secure Network Request Broker) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Belkin\F5D7000v8\jswpsapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- End of file - 7498 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-30 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-30 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-30 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-05-06 1262888] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2009-03-02 260760] "F-Secure TNB"=C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [2009-03-02 1182304] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 143360] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-30 210328] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 131072] "QuickTime Task"=C:\WINDOWS\system32\qttask.exe [2009-03-08 180224] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-06-16 245760] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 225280] "Launch LGDCore"=C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [2006-07-23 1196032] "JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 106496] "36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-03-21 2035712] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 111616] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1366824] "EdHTML"=C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe [2003-03-24 1443328] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 217088] "Gadu-Gadu"=C:\Program Files\Gadu-Gadu\gg.exe [2007-04-17 2113536] "uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-08-14 288048] "Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart Belkin Wireless G PCI Adapter Utility.lnk - C:\Program Files\Belkin\F5D7000v8\Belkinwcui.exe BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2009-01-14 155648] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=1 "DisableRegistryTools"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Gry\Mirror's edge\Binaries\MirrorsEdge.exe"="D:\Gry\Mirror's edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™" "D:\Gry\fc\Far Cry 2\bin\FarCry2.exe"="D:\Gry\fc\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2" "D:\Gry\fc\Far Cry 2\bin\FC2Launcher.exe"="D:\Gry\fc\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater" "D:\Gry\fc\Far Cry 2\bin\FC2Editor.exe"="D:\Gry\fc\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout Paradise The Ultimate Box" "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout Paradise The Ultimate Box" "C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe"="C:\Program Files\Electronic Arts\Burnout Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout Paradise The Ultimate Box" "D:\Gry\quake3arena\quake3.exe"="D:\Gry\quake3arena\quake3.exe:*:Enabled:ipsec" "C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec" "C:\Program Files\F-Secure\Common\FSM32.EXE"="C:\Program Files\F-Secure\Common\FSM32.EXE:*:Enabled:ipsec" "C:\Program Files\SubEdit-Player\subedit.exe"="C:\Program Files\SubEdit-Player\subedit.exe:*:Enabled:ipsec" "C:\Program Files\foobar2000\foobar2000.exe"="C:\Program Files\foobar2000\foobar2000.exe:*:Enabled:ipsec" "C:\Program Files\F-Secure\FSAUA\program\fsaua.exe"="C:\Program Files\F-Secure\FSAUA\program\fsaua.exe:*:Enabled:ipsec" "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"="C:\Program Files\Common Files\LightScribe\LSSrvc.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\winkklq.exe"="C:\WINDOWS\TEMP\winkklq.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\w25cfde.exe"="C:\WINDOWS\TEMP\w25cfde.exe:*:Enabled:ipsec" "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"="C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winatigup.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winatigup.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winnynyb.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winnynyb.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\w23d3ef.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\w23d3ef.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\wingjcd.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\wingjcd.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\gktaf.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\gktaf.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\kxcvvc.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\kxcvvc.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ndjmw.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ndjmw.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\hvgybn.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\hvgybn.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\dqgfp.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\dqgfp.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winnuul.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winnuul.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\vphc.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\vphc.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winogsn.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winogsn.exe:*:Enabled:ipsec" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winveccj.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winveccj.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\vmiquy.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\vmiquy.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\vintnp.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\vintnp.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winebrmu.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winebrmu.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\cqcw.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\cqcw.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\qmhb.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\qmhb.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winjquri.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winjquri.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winnaln.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winnaln.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winjhckx.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winjhckx.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winuhsyfy.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winuhsyfy.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winmleo.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winmleo.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winpcwgd.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winpcwgd.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winmrul.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winmrul.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winmywpuo.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winmywpuo.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\rrbgu.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\rrbgu.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winoltatj.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winoltatj.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\wskt.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\wskt.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winyuibyo.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winyuibyo.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ckueb.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ckueb.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winhxhpn.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winhxhpn.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winhsrywp.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winhsrywp.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winagaqp.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winagaqp.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\acyt.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\acyt.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winxobog.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winxobog.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winqxxwp.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winqxxwp.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winhkbw.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winhkbw.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winihyt.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winihyt.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\xoxaar.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\xoxaar.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winbuwl.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winbuwl.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\eqhl.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\eqhl.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winoaguif.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winoaguif.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\rnmrdm.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\rnmrdm.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winjmmh.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winjmmh.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\nlqos.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\nlqos.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\wyhxqp.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\wyhxqp.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\fdwsm.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\fdwsm.exe:*:Enabled:ipsec" "C:\PowerOFF v5.0\Poweroff.exe"="C:\PowerOFF v5.0\Poweroff.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\rxmudq.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\rxmudq.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winpaox.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winpaox.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winxdnn.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winxdnn.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\w3c545.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\w3c545.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winrwlhwq.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winrwlhwq.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ejmj.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ejmj.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winlbrva.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winlbrva.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\uosp.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\uosp.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\jkwaw.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\jkwaw.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winxorct.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winxorct.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\vfogmm.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\vfogmm.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winlphhex.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winlphhex.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winehiob.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winehiob.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winesjlt.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winesjlt.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\bewm.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\bewm.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\wlei.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\wlei.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\windgjogu.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\windgjogu.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winfuel.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winfuel.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\mrpc.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\mrpc.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winopxr.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winopxr.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\wintcpd.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\wintcpd.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winivwyhx.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winivwyhx.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\pwua.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\pwua.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winirvqtf.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winirvqtf.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winxudoq.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winxudoq.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winteki.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winteki.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winasrw.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\winasrw.exe:*:Enabled:ipsec" "C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\pire.exe"="C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\pire.exe:*:Enabled:ipsec" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{124c35e2-eed9-11dd-9fbb-c47ce107a32c}] shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{124c35e3-eed9-11dd-9fbb-c47ce107a32c}] shell\AutOPlAy\command - L:\urapvj.exe shell\AutoRun\command - L:\urapvj.exe shell\explOrE\command - L:\urapvj.exe shell\oPen\command - L:\urapvj.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37a4a82d-8774-11de-a3b7-0011676433af}] shell\autoPLay\command - H:\ngifgc.pif shell\AutoRun\command - H:\ngifgc.pif shell\exPLORE\command - H:\ngifgc.pif shell\oPen\command - H:\ngifgc.pif [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c3f0458-4941-11de-a0cf-0011676433af}] shell\AutOpLAY\command - G:\rslwlt.exe shell\AutoRun\command - G:\rslwlt.exe shell\ExplORE\command - G:\rslwlt.exe shell\Open\command - G:\rslwlt.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{638a311c-0e8b-11de-a01b-001d608b3739}] shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{638a311d-0e8b-11de-a01b-001d608b3739}] shell\AutoRun\command - wx8o0bt1.com shell\open\command - wx8o0bt1.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75c382c8-6cbb-11de-93eb-0011676433af}] shell\AUtOpLaY\command - H:\agdo.exe shell\AutoRun\command - H:\agdo.exe shell\eXpLorE\command - H:\agdo.exe shell\oPeN\command - H:\agdo.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79028f40-242e-11de-a076-0011676433af}] shell\AutoRun\command - G:\il0byu3h.com shell\open\command - G:\il0byu3h.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e1996a6-f2dd-11dd-9fcd-001d608b3739}] shell\Autoplay\command - H:\adagk.exe shell\AutoRun\command - H:\adagk.exe shell\eXPLoRe\command - H:\adagk.exe shell\opEn\command - H:\adagk.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbfa9e30-1ad3-11de-a04d-0011676433af}] shell\AutoRun\command - H:\w3dn9f.bat shell\explore\command - H:\w3dn9f.bat shell\open\command - H:\w3dn9f.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{efbfeed2-5ced-11de-a0f4-0011676433af}] shell\autOplay\command - kjfqu.cmd shell\AutoRun\command - kjfqu.cmd shell\EXPlorE\command - kjfqu.cmd shell\open\command - kjfqu.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffa1f7c2-09bc-11de-a009-001d608b3739}] shell\AutoRun\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe shell\open\command - L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe ======List of files/folders created in the last 3 months====== 2009-08-16 09:43:32 ----D---- C:\rsit 2009-08-16 09:34:55 ----D---- C:\Program Files\Trend Micro 2009-08-16 09:28:50 ----D---- C:\Program Files\CCleaner 2009-08-16 09:25:10 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Uniblue 2009-08-16 09:25:04 ----D---- C:\Program Files\Uniblue 2009-08-16 09:24:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ 2009-08-16 09:23:53 ----D---- C:\WINDOWS\LastGood 2009-08-16 09:23:15 ----HDC---- C:\Documents and Settings\All Users\Dane aplikacji\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1} 2009-08-15 15:23:00 ----D---- C:\Program Files\Ventrilo 2009-08-15 13:41:53 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\skypePM 2009-08-15 13:41:20 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Skype 2009-08-15 13:39:58 ----D---- C:\Program Files\Common Files\Skype 2009-08-15 13:39:57 ----RD---- C:\Program Files\Skype 2009-08-15 13:39:54 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype 2009-08-15 13:10:20 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Ventrilo 2009-08-15 00:11:49 ----D---- C:\PowerOFF v5.0 2009-08-14 20:08:21 ----D---- C:\Program Files\uTorrent 2009-08-14 20:07:27 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\uTorrent 2009-08-14 19:28:17 ----D---- C:\Program Files\Common Files\NSV 2009-08-14 18:24:40 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu 2009-08-14 18:22:57 ----D---- C:\Program Files\Winamp Toolbar 2009-08-14 18:22:57 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar 2009-08-14 18:22:36 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-08-14 18:22:36 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-08-14 18:22:36 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-08-14 18:22:36 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-08-14 18:22:36 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-08-14 18:22:36 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-08-14 18:22:36 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-08-14 18:22:36 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-08-14 18:22:36 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-08-14 18:22:36 ----N---- C:\WINDOWS\system32\px.dll 2009-08-14 18:22:34 ----D---- C:\Program Files\Winamp 2009-08-14 18:22:34 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Winamp 2009-08-14 18:08:41 ----D---- C:\WINDOWS\Sun 2009-08-14 18:05:11 ----D---- C:\Program Files\Gadu-Gadu 2009-08-12 21:28:42 ----D---- C:\Program Files\MOJOSOFT 2009-08-12 21:28:42 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\mojosoft 2009-08-04 21:23:16 ----D---- C:\Program Files\OpenOffice.ux.pl 2.0.2 2009-07-11 00:13:03 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Fallout3 2009-07-11 00:13:01 ----D---- C:\Program Files\Bethesda Softworks 2009-07-11 00:12:10 ----RSD---- C:\WINDOWS\assembly 2009-07-11 00:11:58 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-07-11 00:11:45 ----HDC---- C:\WINDOWS\$NtUninstallWIC$ 2009-07-11 00:11:12 ----D---- C:\WINDOWS\system32\xlive 2009-06-21 17:00:45 ----D---- C:\Program Files\Belkin 2009-06-21 17:00:16 ----D---- C:\WINDOWS\{02FBD98A-A5EA-489E-903B-22CB7479FBEF} 2009-06-21 11:52:48 ----D---- C:\WINDOWS\Prefetch 2009-06-21 11:49:35 ----A---- C:\WINDOWS\system32\wmpns.dll 2009-06-21 11:48:56 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-06-21 11:32:01 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-06-21 11:32:01 ----A---- C:\WINDOWS\system32\irclass.dll 2009-06-21 11:31:32 ----RA---- C:\WINDOWS\SET61.tmp 2009-06-21 11:31:24 ----RA---- C:\WINDOWS\SET55.tmp 2009-06-21 11:31:21 ----RA---- C:\WINDOWS\SET52.tmp 2009-06-19 18:28:37 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\XnView 2009-06-19 18:26:53 ----D---- C:\Program Files\XnView 2009-06-16 22:21:00 ----A---- C:\WINDOWS\UnGins.exe 2009-06-03 14:33:23 ----D---- C:\Program Files\PowerISO 2009-05-29 19:02:52 ----A---- C:\WINDOWS\Swish.INI 2009-05-28 22:38:17 ----D---- C:\Program Files\My Company Name 2009-05-28 22:36:54 ----D---- C:\Program Files\Common Files\ATI Technologies 2009-05-26 21:26:27 ----SHD---- C:\WINDOWS\ftpcache 2009-05-26 21:26:19 ----A---- C:\WINDOWS\unvise32.exe 2009-05-26 21:24:15 ----D---- C:\Program Files\Binboy 2009-05-21 16:46:39 ----A---- C:\WINDOWS\system32\MRT.exe ======List of files/folders modified in the last 3 months====== 2009-08-16 09:39:28 ----SHD---- C:\WINDOWS\Installer 2009-08-16 09:34:55 ----RD---- C:\Program Files 2009-08-16 09:29:50 ----D---- C:\Program Files\Mozilla Firefox 2009-08-16 09:29:21 ----D---- C:\WINDOWS\Temp 2009-08-16 09:29:21 ----D---- C:\WINDOWS\Minidump 2009-08-16 09:29:21 ----D---- C:\WINDOWS\Debug 2009-08-16 09:29:21 ----D---- C:\WINDOWS 2009-08-16 09:24:25 ----HD---- C:\WINDOWS\inf 2009-08-16 09:24:23 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-08-16 09:24:23 ----D---- C:\WINDOWS\system32 2009-08-16 09:23:53 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-16 09:12:17 ----D---- C:\WINDOWS\system32\drivers 2009-08-16 01:17:04 ----N---- C:\WINDOWS\SchedLgU.Txt 2009-08-15 17:04:37 ----D---- C:\Program Files\NAPI-PROJEKT 2009-08-15 15:22:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-08-15 13:39:58 ----D---- C:\Program Files\Common Files 2009-08-15 00:12:20 ----A---- C:\WINDOWS\wincmd.ini 2009-08-14 20:37:01 ----A---- C:\WINDOWS\NeroDigital.ini 2009-08-14 12:01:23 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\foobar2000 2009-08-13 22:19:18 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\Adobe 2009-08-13 22:19:18 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Adobe 2009-08-13 22:18:31 ----HD---- C:\Program Files\InstallShield Installation Information 2009-08-12 21:41:49 ----D---- C:\Documents and Settings\Właściciel\Dane aplikacji\U3 2009-08-04 21:23:36 ----RSD---- C:\WINDOWS\Fonts 2009-07-11 00:13:01 ----D---- C:\WINDOWS\system32\DirectX 2009-07-11 00:12:02 ----D---- C:\WINDOWS\system32\spool 2009-07-11 00:11:12 ----SD---- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft 2009-06-21 13:28:43 ----D---- C:\WINDOWS\system 2009-06-21 13:28:42 ----D---- C:\WINDOWS\system32\Setup 2009-06-21 13:28:41 ----D---- C:\WINDOWS\Help 2009-06-21 13:28:37 ----D---- C:\WINDOWS\system32\usmt 2009-06-21 13:28:31 ----D---- C:\WINDOWS\AppPatch 2009-06-21 13:28:29 ----D---- C:\WINDOWS\ime 2009-06-21 13:28:28 ----D---- C:\WINDOWS\Media 2009-06-21 13:28:26 ----D---- C:\WINDOWS\system32\wbem 2009-06-21 13:28:21 ----D---- C:\WINDOWS\PeerNet 2009-06-21 13:28:14 ----D---- C:\WINDOWS\system32\npp 2009-06-21 13:28:10 ----D---- C:\WINDOWS\msagent 2009-06-21 13:26:06 ----D---- C:\WINDOWS\system32\1045 2009-06-21 13:25:53 ----D---- C:\WINDOWS\twain_32 2009-06-21 13:25:11 ----D---- C:\WINDOWS\system32\icsxml 2009-06-21 13:24:54 ----D---- C:\WINDOWS\system32\ias 2009-06-21 13:24:51 ----D---- C:\WINDOWS\system32\1033 2009-06-21 13:24:03 ----D---- C:\WINDOWS\WinSxS 2009-06-21 13:24:03 ----D---- C:\WINDOWS\Driver Cache 2009-06-21 12:15:50 ----D---- C:\WINDOWS\system32\config 2009-06-21 12:12:52 ----SH---- C:\boot.ini 2009-06-21 12:12:52 ----A---- C:\WINDOWS\win.ini 2009-06-21 12:12:52 ----A---- C:\WINDOWS\system.ini 2009-06-21 12:12:51 ----D---- C:\WINDOWS\pss 2009-06-21 12:07:37 ----D---- C:\WINDOWS\security 2009-06-21 11:54:22 ----D---- C:\WINDOWS\Registration 2009-06-21 11:53:26 ----SHD---- C:\System Volume Information 2009-06-21 11:53:26 ----D---- C:\WINDOWS\system32\Restore 2009-06-21 11:53:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-06-21 11:49:26 ----A---- C:\WINDOWS\ODBCINST.INI 2009-06-21 11:48:58 ----RD---- C:\WINDOWS\Web 2009-06-21 11:48:52 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-06-21 11:48:41 ----D---- C:\WINDOWS\system32\oobe 2009-06-21 11:48:33 ----D---- C:\WINDOWS\system32\Com 2009-06-21 11:47:55 ----D---- C:\Program Files\Messenger 2009-06-21 11:32:40 ----D---- C:\WINDOWS\system32\CatRoot 2009-06-21 11:31:52 ----ASH---- C:\Documents and Settings\All Users\Dane aplikacji\desktop.ini 2009-06-20 22:27:10 ----D---- C:\Program Files\Ricochet Lost Worlds 2009-05-28 22:36:56 ----SD---- C:\Documents and Settings\Właściciel\Dane aplikacji\Microsoft 2009-05-28 22:34:07 ----D---- C:\Program Files\Common Files\InstallShield ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys [] R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320] R1 kbdhid;Sterownik klawiatury HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-06-12 56108] R2 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-11-28 27072] R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\ernpon.sys [] R3 AR5211;Belkin Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-10-26 549184] R3 Arp1394;Protokół klienta 1394 ARP; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-20 93696] R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704] R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792] R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320] R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 HidUsb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008] R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-08-28 57344] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 NIC1394;Sterownik sieci 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] R3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Standardowy sterownik koncentratora USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448] R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304] S3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [] S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2004-08-03 12672] S3 usbscan;Sterownik skanera USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-08-04 31872] S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-14 598016] R2 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\F-Secure\FSAUA\program\fsaua.exe [2009-03-02 563808] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-30 152984] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 135168] R3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\Belkin\F5D7000v8\jswpsapi.exe [2007-10-29 352338] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 339968] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 F-Secure Network Request Broker;Usługa F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [2009-03-02 236184] S3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\F-Secure\ORSP Client\fsorsp.exe [2009-03-02 129632] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 151552] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 843776] S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] -----------------EOF-----------------
MarekM25 komentarz 16 sierpnia 2009 komentarz 16 sierpnia 2009 Jest tu dość poważna infekcja. W wypadku sality jest kilka możliwości: 1. Format wszystkich partycji i urządzeń przenośnych bez kopiowania plików exe, scr, dll 2. Leczenie plików poprzez bootowalnego antywirusa np Dr Web LiveCD (płytkę najlepiej wykonać na nie zarażonym komputerze). 3. Ewentualnie (choć moim zdaniem nie jest to najlepszy sposób) przeskanować komputer tym: http://www.softpedia.com/get/Antivirus/Win32-Sality-Remover.shtml a następnie dać loga z combofixa
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.