x-kom hosting

Problem z wirusami key loggerami

nerdinek
utworzono
utworzono

Witam. Mam problem ze swoim komputerem postaram sie opisać go jak najkrócej.

Wiec tak uzywam internetu '' telefon jako modem '' podlaczam telefon do komputera i mam internet

Od jakiegos roku mam karte pamieci jak i telefon zarazony wirusami - nazwal bym to keyloggerami, ktore nic nie robia z moimi haslami do gier itd

Lecz jest jeden problem te '' wirusy , keyloggery '' obracaja moj komputer do gory nogami - programy dlugo sie wlaczaly, jakies bledy przy wlaczaniu gier itd

Zawsze w takich momentach formatowalem komputer bylo dobrze przez 2 tygodnie pozniej to samo... Wszystko jest skutkiem zarazonego telefonu... to jest jak syzyfowa praca podlacze telefon po formacie i znow te wirusy sa

pytam sie czy jest jakies rozwiazanie na ten fant?? Jestem gotowy na wszystko na kolejny format wszystkich dysków itd...

Macie moze jakis pomysl? Myslalem o czyms w stylu zformatowac komputer i zainstalowac jakis antywirus i dopiero korzystac z telefonu jako internet


[b] AKTUALNIE, moim problemem jest to, ze nie chcialo mi sie formatowac komputera takze sciagalem antywirusy takie jak avast, avg, avira , comodo instalowałem je a gdy otwieralem to sie odpalały na 3 sec i wylaczaly tka jak by te wirusy mi je wszystkie wylaczaly[/b]

takze pozostaje zformatowac komputer, ale co dalej? Zformatuje i chcialbym jakies wsazowki od razu najlepiej cały plan


ja bym poczekał 2-3 dni na dobrą pomoc




Moj komputer:

procesor 2,8GHZ

RAM - 3 GB

karta graficzna GEFORCE 9500 512 ram

dysk 500 gb

Proszę o pomoc bo nie wiem co mam zrobić!

podbijam wątek proszę mnie pokierować co mam zrobić bo admin napisał coś takiego w moim poście

[b][url="http://www.forumpc.pl/index.php?showuser=76294"][color=#008000][b]bub[/b][/color][/url] (dziś, 11:44): [/b]
Przenoszę do Bezpieczeństwa. Zapoznaj się z zasadami obowiązującymi w dziale i wrzuć odpowiednie logi!

Gość
komentarz
komentarz

http://www.forumpc.pl/index.php?showtopic=104338

Masz wykonać logi z otl

nerdinek
komentarz
komentarz (edytowane)

WITAM

to są logi z OTL wklejam oby dwa

[log]
info.txt logfile of random's system information tool 1.09 2012-08-04 19:17:17

======Uninstall list======

-->MsiExec /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware Browsing Protection-->C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection\uninstall.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -maintain activex
Adobe Reader X (10.1.0) - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-AA1000000001}
Age of Pirates: Opowieści z Karaibów-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48A7DB60-86F0-49BE-99F9-9A41C229CB63}\Setup.exe" -l0x15
Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Assassin's Creed Brotherhood-->"C:\Program Files\InstallShield Installation Information\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}\setup.exe" -runfromtemp -l0x0015 -removeonly
Avira Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AxCrypt 1.7.2687.0-->MsiExec.exe /I{9ED9D728-9D4A-46D8-AF73-264CB0090AEA}
Battlefield 2™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x15 -removeonly
Budzik 1.04-->"C:\Program Files\Budzik\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
COMODO GeekBuddy-->C:\Program Files\COMODO\COMODO GeekBuddy\uninstall.exe
Dawn of War - Dark Crusade-->C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
DawnOfWar-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}
Dzielenie i łączenie plików v1.2.2-->"C:\Program Files\Dzielenie i laczenie plikow\unins000.exe"
ElfBot NG 4.5.9-->"C:\Documents and Settings\Czarne\Pulpit\elf\ElfBot NG\unins000.exe"
FIFA 12-->"D:\FIFA 12\unins002.exe"
Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe
GIMP 2.6.11-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Hattrick Organizer (remove only)-->C:\HattrickOrganizer\Uninstall.exe
Java™ 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Java™ 7 Update 5-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217005FF}
JavaFX 2.1.1-->MsiExec.exe /X{1111706F-666A-4037-7777-211328764D10}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft SMS Sender-->MsiExec.exe /I{02A850EA-B803-4D44-A709-90C14221075B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Mozilla Firefox 14.0.1 (x86 pl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
NVIDIA nView 136.27-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.4\NVI2.DLL",UninstallPackage Display.NView
NVIDIA Oprogramowanie systemu PhysX 9.12.0213-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
NVIDIA Sterownik graficzny 301.42-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.4\NVI2.DLL",UninstallPackage Display.Driver
OpenOffice.org 3.3-->MsiExec.exe /I{EB87675F-5281-4767-A54B-31931794C23D}
Painkiller Czarna Edycja-->"C:\Program Files\InstallShield Installation Information\{785DB544-E757-44F8-8930-B10A7465407A}\setup.exe" -runfromtemp -l0x0015 -removeonly
Pro Evolution Soccer 2011-->MsiExec.exe /X{9773450C-E2F3-46C3-9464-1D7EDE5EFB63}
PunkBuster Services-->C:\Documents and Settings\Skarpety\Dane aplikacji\PunkBuster\pbsetup\pbsvc.exe -u
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.10-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
Sony Ericsson PC Suite 6.011.00-->"C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
The Sims 2-->D:\The Sims 2\EAUninstall.exe
Tibia MULTI-ip changer-->C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe
Tibia-->"C:\Program Files\Tibia\unins000.exe"
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
Ubisoft Game Launcher-->"C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VirtualDJ Home FREE-->MsiExec.exe /I{19192A84-6172-4312-A661-D8F9A34585AB}
WinRAR 4.20 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
Worms Armageddon-->C:\WINDOWS\IsUn0415.exe -f"d:\worms armagedon\Uninst.isu"
Xfire (remove only)-->"D:\Xfire\uninst.exe"
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe

======System event log======

Computer Name: BLACK-88D9F0F7A
Event Code: 7
Message: W urządzeniu \Device\CdRom0 wystąpił zły blok.

Record Number: 8662
Source Name: Cdrom
Time Written: 20120725190045.000000+270
Event Type: błąd
User:

Computer Name: BLACK-88D9F0F7A
Event Code: 7
Message: W urządzeniu \Device\CdRom0 wystąpił zły blok.

Record Number: 8661
Source Name: Cdrom
Time Written: 20120725190036.000000+270
Event Type: błąd
User:

Computer Name: BLACK-88D9F0F7A
Event Code: 7
Message: W urządzeniu \Device\CdRom0 wystąpił zły blok.

Record Number: 8660
Source Name: Cdrom
Time Written: 20120725190020.000000+270
Event Type: błąd
User:

Computer Name: BLACK-88D9F0F7A
Event Code: 7
Message: W urządzeniu \Device\CdRom0 wystąpił zły blok.

Record Number: 8659
Source Name: Cdrom
Time Written: 20120725185757.000000+270
Event Type: błąd
User:

Computer Name: BLACK-88D9F0F7A
Event Code: 7
Message: W urządzeniu \Device\CdRom0 wystąpił zły blok.

Record Number: 8658
Source Name: Cdrom
Time Written: 20120725185747.000000+270
Event Type: błąd
User:

=====Application event log=====

Computer Name: BLACK-88D9F0F7A
Event Code: 1000
Message: Aplikacja powodująca błąd wmplayer.exe, wersja 11.0.5721.5145, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x033ca8a0.

Record Number: 1839
Source Name: Application Error
Time Written: 20120719195447.000000+270
Event Type: błąd
User:

Computer Name: BLACK-88D9F0F7A
Event Code: 4097
Message: Aplikacja C:\Program Files\Windows Media Player\wmplayer.exe wygenerowała błąd aplikacji.
Błąd wystąpił na 07/19/2012 @ 19:54:29.421.
Wygenerowany wyjątek to c0000005 pod adresem 033CA8A0 (<nosymbols>).

Record Number: 1838
Source Name: DrWatson
Time Written: 20120719195429.000000+270
Event Type: informacje
User:

Computer Name: BLACK-88D9F0F7A
Event Code: 1000
Message: Aplikacja powodująca błąd wmplayer.exe, wersja 11.0.5721.5145, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x033ca8a0.

Record Number: 1837
Source Name: Application Error
Time Written: 20120719195417.000000+270
Event Type: błąd
User:

Computer Name: BLACK-88D9F0F7A
Event Code: 1000
Message: Aplikacja powodująca błąd drwtsn32.exe, wersja 5.1.2600.0, moduł powodujący błąd dbghelp.dll, wersja 5.1.2600.5512, adres błędu 0x0001295d.

Record Number: 1836
Source Name: Application Error
Time Written: 20120719195400.000000+270
Event Type: błąd
User:

Computer Name: BLACK-88D9F0F7A
Event Code: 1000
Message: Aplikacja powodująca błąd wmplayer.exe, wersja 11.0.5721.5145, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x033ca8a0.

Record Number: 1835
Source Name: Application Error
Time Written: 20120719195356.000000+270
Event Type: błąd
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF----------------- [/log]


[log]Logfile of random's system information tool 1.09 (written by random/random)
Run by Czarne at 2012-08-04 19:16:33
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 15 GB (51%) free of 30 GB
Total RAM: 3071 MB (74% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Czarne\Dane aplikacji\Mozilla\Firefox\Profiles\paiurvy2.default

prefs.js - "browser.startup.homepage" - "http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_PL"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_PL&apn_uid=e1a660cf-29e0-49f2-83cb-b5792b33c297&apn_ptnrs=%5EABZ&apn_sauid=92701190-ECC5-45EF-9FAB-609D52C0F1ED&apn_dtid=%5EYYYYYY%5EYY%5EPL&&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
allegro-pl.xml
avg-secure-search.xml
fbc-pl.xml
google.xml
merlin-pl.xml
pwn-pl.xml
wikipedia-pl.xml
wp-pl.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - C:\Program Files\AVG\AVG2012\avgdtiex.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-06-19 4014280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Avira SearchFree Toolbar plus Web Protection - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-20 1519824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Avira SearchFree Toolbar plus Web Protection - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-20 1519824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-04-24 20065896]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 321928]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-05-15 15504192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2012-05-15 108352]
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-05-15 1634112]
"COMODO"=C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [2011-11-23 208184]
"CPA"=C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [2011-11-23 182584]
"Ad-Aware Browsing Protection"=C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection\adawarebp.exe [2011-10-21 198032]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-06-20 1568976]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-07-18 348664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 97280]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 503808]
"AudioMenager"=C:\Documents and Settings\Czarne\Dane aplikacji\mgr.exe [2012-06-13 1663488]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-15 1764864]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-06-07 17499312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-07-01 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"G:\jrksf.exe"="G:\jrksf.exe:*:Enabled:ipsec"
"D:\Tibia\Tibia.exe"="D:\Tibia\Tibia.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\mbif.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\mbif.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winsionpc.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winsionpc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\tuqy.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\tuqy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winolbi.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winolbi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\ucfy.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\ucfy.exe:*:Enabled:ipsec"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\RUNDLL32.EXE"="C:\WINDOWS\system32\RUNDLL32.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\rgmkrt.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\rgmkrt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winyowo.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winyowo.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"F:\iakr.pif"="F:\iakr.pif:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\ikdw.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\ikdw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\cvfd.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\cvfd.exe:*:Enabled:ipsec"
"D:\gtasa\GTA San Andreas\samp.exe"="D:\gtasa\GTA San Andreas\samp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\rxjbc.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\rxjbc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\easn.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\easn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\gfxt.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\gfxt.exe:*:Enabled:ipsec"
"C:\Documents and Settings\Czarne\Dane aplikacji\mgr.exe"="C:\Documents and Settings\Czarne\Dane aplikacji\mgr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbdyhb.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbdyhb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\wintedxg.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wintedxg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\fcvgds.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\fcvgds.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbgmjuf.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbgmjuf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\ntgf.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\ntgf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhnvhk.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhnvhk.exe:*:Enabled:ipsec"
"C:\Program Files\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe"="C:\Program Files\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\evilg.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\evilg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winqwde.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winqwde.exe:*:Enabled:ipsec"
"C:\Program Files\Budzik\budzik.exe"="C:\Program Files\Budzik\budzik.exe:*:Enabled:ipsec"
"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winuksx.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winuksx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winvxuvwq.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winvxuvwq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\yctdmo.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\yctdmo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winxuloo.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winxuloo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\csrj.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\csrj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\wingmhp.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wingmhp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winwtve.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winwtve.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\pmott.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\pmott.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\kifsiw.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\kifsiw.exe:*:Enabled:ipsec"
"C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winsjwtq.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winsjwtq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\nvvgo.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\nvvgo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winxntfj.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winxntfj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winogex.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winogex.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\dibn.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\dibn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\vtveso.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\vtveso.exe:*:Enabled:ipsec"
"C:\Program Files\Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe"="C:\Program Files\Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\wintbsmfn.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wintbsmfn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhbxcl.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhbxcl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winouyfvv.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winouyfvv.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\wingrlh.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wingrlh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winsryegx.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winsryegx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhkxt.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhkxt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winfqomfp.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winfqomfp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhyrrtl.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhyrrtl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\vkyaj.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\vkyaj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winfowcy.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winfowcy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\usbd.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\usbd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winugltxp.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winugltxp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winoxhwj.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winoxhwj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\nilvfo.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\nilvfo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\windqan.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\windqan.exe:*:Enabled:ipsec"
"C:\Program Files\Java\jre7\bin\java.exe"="C:\Program Files\Java\jre7\bin\java.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\gsjk.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\gsjk.exe:*:Enabled:ipsec"
"C:\Program Files\Mozilla Firefox\plugin-container.exe"="C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbplr.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbplr.exe:*:Enabled:ipsec"
"C:\Program Files\Windows NT\Accessories\WORDPAD.EXE"="C:\Program Files\Windows NT\Accessories\WORDPAD.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\psur.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\psur.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\notepad.exe"="C:\WINDOWS\system32\notepad.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbjrq.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbjrq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\wkfmh.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wkfmh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winacoa.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winacoa.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winvpknw.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winvpknw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\wineolwow.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wineolwow.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\winvnbv.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winvnbv.exe:*:Enabled:ipsec"
"D:\gtasa\GTA San Andreas\gta_sa.exe"="D:\gtasa\GTA San Andreas\gta_sa.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Czarne\USTAWI~1\Temp\wintdmjsl.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wintdmjsl.exe:*:Enabled:ipsec"
"C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\dfyffi.exe"="C:\WINDOWS\TEMP\dfyffi.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\windahmec.exe"="C:\WINDOWS\TEMP\windahmec.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\tyxd.exe"="C:\WINDOWS\TEMP\tyxd.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\windikijw.exe"="C:\WINDOWS\TEMP\windikijw.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\winjxofqv.exe"="C:\WINDOWS\TEMP\winjxofqv.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\viai.exe"="C:\WINDOWS\TEMP\viai.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\winsrtvy.exe"="C:\WINDOWS\TEMP\winsrtvy.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\winysrah.exe"="C:\WINDOWS\TEMP\winysrah.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\winoupkgg.exe"="C:\WINDOWS\TEMP\winoupkgg.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\xaef.exe"="C:\WINDOWS\TEMP\xaef.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\kysvwh.exe"="C:\WINDOWS\TEMP\kysvwh.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\jtlpm.exe"="C:\WINDOWS\TEMP\jtlpm.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\winolmrj.exe"="C:\WINDOWS\TEMP\winolmrj.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\winwjwcx.exe"="C:\WINDOWS\TEMP\winwjwcx.exe:*:Enabled:ipsec"
"C:\WINDOWS\TEMP\winbgvh.exe"="C:\WINDOWS\TEMP\winbgvh.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.ffds"=ffdshow.ax
"msacm.ac3filter"=ac3filter.acm
"VIDC.WMV3"=wmv9vcm.dll

======List of files/folders created in the last 1 month======

2012-08-04 19:16:34 ----D---- C:\Program Files\trend micro
2012-08-04 19:16:33 ----D---- C:\rsit
2012-08-04 01:53:55 ----D---- C:\Program Files\Ask.com
2012-08-04 01:52:22 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys
2012-08-04 01:52:20 ----D---- C:\Program Files\Avira
2012-08-04 01:52:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2012-08-04 01:52:20 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2012-08-04 01:52:20 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys
2012-08-04 01:52:20 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys
2012-08-04 01:50:50 ----SHD---- C:\Config.Msi
2012-08-04 01:32:36 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\GFI Software
2012-08-04 01:29:35 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection
2012-08-04 01:29:30 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2012-08-04 01:29:29 ----D---- C:\Program Files\Ad-Aware Antivirus
2012-08-04 01:05:21 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\CPA_VA
2012-08-03 20:57:32 ----A---- C:\WINDOWS\system32\drivers\sfi.dat
2012-08-03 20:53:19 ----D---- C:\Program Files\COMODO
2012-08-03 20:53:19 ----A---- C:\WINDOWS\system32\mfc71.dll
2012-08-03 20:53:19 ----A---- C:\WINDOWS\system32\gdiplus.dll
2012-08-01 14:33:54 ----D---- C:\Program Files\AVG
2012-08-01 00:44:34 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\AVG2012
2012-08-01 00:38:12 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\AVG2012
2012-08-01 00:36:32 ----HD---- C:\Documents and Settings\All Users\Dane aplikacji\Common Files
2012-08-01 00:36:32 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\MFAData
2012-07-31 21:29:44 ----D---- C:\Program Files\WMV9_VCM
2012-07-29 16:22:52 ----D---- C:\Program Files\CCleaner
2012-07-29 16:17:17 ----D---- C:\WINDOWS\Minidump
2012-07-29 16:16:01 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Agnitum
2012-07-27 20:32:44 ----D---- C:\Program Files\GIMP-2.0
2012-07-27 20:32:12 ----D---- C:\Program Files\PhotoFiltre
2012-07-27 01:36:47 ----D---- C:\Program Files\Ventrilo
2012-07-27 01:36:43 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2012-07-26 15:55:29 ----D---- C:\Program Files\Tibia
2012-07-24 19:36:54 ----D---- C:\Program Files\XP Codec Pack
2012-07-23 18:04:35 ----D---- C:\Program Files\OpenOffice.org 3
2012-07-22 13:44:34 ----D---- C:\Program Files\VirtualDJ
2012-07-21 17:36:24 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2012-07-21 17:36:24 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2012-07-21 16:55:27 ----D---- C:\WINDOWS\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2012-07-21 15:15:47 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\EA Core
2012-07-21 15:15:45 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts
2012-07-20 19:34:19 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2012-07-20 19:34:19 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2012-07-20 19:34:19 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2012-07-20 19:34:19 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2012-07-20 19:34:19 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2012-07-20 19:34:18 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2012-07-20 19:34:18 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2012-07-20 19:34:18 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2012-07-20 19:34:18 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2012-07-20 19:34:18 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2012-07-20 19:34:18 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2012-07-20 19:34:17 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2012-07-19 18:56:42 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\Ubisoft
2012-07-18 00:25:39 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2012-07-15 21:22:27 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\TrackMania
2012-07-15 21:20:54 ----D---- C:\Program Files\TmNationsForever
2012-07-15 21:06:09 ----D---- C:\Program Files\Axantum
2012-07-15 14:56:38 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\SMSSender
2012-07-15 14:56:26 ----D---- C:\Program Files\Microsoft SMS Sender
2012-07-12 21:32:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-07-07 16:48:32 ----D---- C:\HattrickOrganizer
2012-07-05 00:31:38 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\Skype
2012-07-05 00:31:33 ----RD---- C:\Program Files\Skype
2012-07-05 00:31:33 ----D---- C:\Program Files\Common Files\Skype
2012-07-05 00:31:25 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype

======List of files/folders modified in the last 1 month======

2012-08-04 19:17:03 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2012-08-04 19:16:34 ----RD---- C:\Program Files
2012-08-04 19:16:29 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 0017 USB WMC Data Modem.txt
2012-08-04 19:15:53 ----D---- C:\WINDOWS\Temp
2012-08-04 15:32:48 ----D---- C:\WINDOWS\system32\drivers
2012-08-04 14:37:45 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-04 14:37:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-04 01:54:38 ----D---- C:\WINDOWS\system32\CatRoot
2012-08-04 01:54:31 ----SHD---- C:\WINDOWS\Installer
2012-08-04 01:54:30 ----SD---- C:\WINDOWS\Tasks
2012-08-04 01:51:23 ----D---- C:\WINDOWS\system32
2012-08-04 01:51:20 ----D---- C:\WINDOWS\Prefetch
2012-08-04 01:29:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-08-04 01:05:00 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\Tibia
2012-08-03 21:30:41 ----D---- C:\WINDOWS
2012-08-03 04:24:34 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 0017 USB WMC Modem.txt
2012-08-01 21:38:13 ----SHD---- C:\System Volume Information
2012-08-01 15:00:30 ----D---- C:\Program Files\Common Files
2012-08-01 00:45:18 ----HD---- C:\WINDOWS\inf
2012-07-31 21:21:07 ----HD---- C:\Program Files\InstallShield Installation Information
2012-07-29 22:57:23 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\Gadu-Gadu 10
2012-07-29 16:23:57 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\Ventrilo
2012-07-29 16:23:46 ----D---- C:\WINDOWS\Logs
2012-07-29 16:23:46 ----D---- C:\WINDOWS\Debug
2012-07-23 18:04:48 ----RSD---- C:\WINDOWS\Fonts
2012-07-23 18:04:18 ----D---- C:\Program Files\Java
2012-07-23 18:04:06 ----D---- C:\WINDOWS\WinSxS
2012-07-21 17:59:58 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2012-07-21 17:36:25 ----D---- C:\WINDOWS\system32\DirectX
2012-07-20 19:00:33 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-07-20 17:51:02 ----D---- C:\Program Files\Mozilla Firefox
2012-07-15 14:56:27 ----SD---- C:\Documents and Settings\Czarne\Dane aplikacji\Microsoft
2012-07-12 22:15:00 ----D---- C:\Program Files\NVIDIA Corporation
2012-07-12 14:01:10 ----A---- C:\WINDOWS\wa.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sfdrv02;FrontLine Environment Driver (v2); C:\WINDOWS\system32\drivers\sfdrv02.sys [2006-09-11 67960]
R0 sfsync05;FrontLine Synchronization Driver (v5); C:\WINDOWS\system32\drivers\sfsync05.sys [2006-11-03 61312]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-01 77568]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-07-18 137928]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-07-18 36000]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-07-18 83392]
R3 amsint32;amsint32; \??\C:\WINDOWS\system32\drivers\lvnljn.sys []
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-05-31 6126736]
R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-07-01 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-05-15 14014656]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-07-01 38528]
R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-01 82944]
S1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 jswmidin;jswmidin; \??\C:\DOCUME~1\Skarpety\USTAWI~1\Temp\jswmidin.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
R2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-07-18 465360]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-05-04 161664]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-05-15 164160]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 163840]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2012-07-01 75136]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-07-18 110032]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe []
S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe []
S2 sfrem02;FrontLine Drivers Auto Removal (v2); C:\WINDOWS\system32\sfrem02.exe [2006-05-11 358008]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]

-----------------EOF-----------------

[/log]

Dodam iż np nie mogę zainstalować adobe flash playera nie chce sie wlaczyc instalka tak jak mowilem mam tka zawirusowany komputer, ze nie moge odpalic zadnego antywira

Dlatego chcialem sie dowiedziec co zrobic po formacie? Jak wyczyscic moj telefon z wirusow { ja sie moge laczyc tylko przez ten telefon ]

Gość
komentarz
komentarz

Nie dałes otl-a tylko rsit ale i tak widzę sality

R3 amsint32;amsint32; \??\C:\WINDOWS\system32\drivers\lvnljn.sys []


Na innym nie zainfekowanym komputerze wypal płytę dr.web live cd i przeskanuj z niej komputer

Jak wyczyscić ?
Pytanie jaki masz telefon.
NA telefonie masz autoruny które musisz usunąć


Przed skanowaniem livecd dr.weba podłącz wszystkie urżądzenia pamięci masowej w tym także telefon i zaznacz je do skanowania.
Pliki zarażone mają być leczone a co się nie da usuwane.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.