nerdinek utworzono 4 sierpnia 2012 utworzono 4 sierpnia 2012 Witam. Mam problem ze swoim komputerem postaram sie opisać go jak najkrócej. Wiec tak uzywam internetu '' telefon jako modem '' podlaczam telefon do komputera i mam internet Od jakiegos roku mam karte pamieci jak i telefon zarazony wirusami - nazwal bym to keyloggerami, ktore nic nie robia z moimi haslami do gier itd Lecz jest jeden problem te '' wirusy , keyloggery '' obracaja moj komputer do gory nogami - programy dlugo sie wlaczaly, jakies bledy przy wlaczaniu gier itd Zawsze w takich momentach formatowalem komputer bylo dobrze przez 2 tygodnie pozniej to samo... Wszystko jest skutkiem zarazonego telefonu... to jest jak syzyfowa praca podlacze telefon po formacie i znow te wirusy sa pytam sie czy jest jakies rozwiazanie na ten fant?? Jestem gotowy na wszystko na kolejny format wszystkich dysków itd... Macie moze jakis pomysl? Myslalem o czyms w stylu zformatowac komputer i zainstalowac jakis antywirus i dopiero korzystac z telefonu jako internet [b] AKTUALNIE, moim problemem jest to, ze nie chcialo mi sie formatowac komputera takze sciagalem antywirusy takie jak avast, avg, avira , comodo instalowałem je a gdy otwieralem to sie odpalały na 3 sec i wylaczaly tka jak by te wirusy mi je wszystkie wylaczaly[/b] takze pozostaje zformatowac komputer, ale co dalej? Zformatuje i chcialbym jakies wsazowki od razu najlepiej cały plan ja bym poczekał 2-3 dni na dobrą pomoc Moj komputer: procesor 2,8GHZ RAM - 3 GB karta graficzna GEFORCE 9500 512 ram dysk 500 gb Proszę o pomoc bo nie wiem co mam zrobić!podbijam wątek proszę mnie pokierować co mam zrobić bo admin napisał coś takiego w moim poście [b][url="http://www.forumpc.pl/index.php?showuser=76294"][color=#008000][b]bub[/b][/color][/url] (dziś, 11:44): [/b] Przenoszę do Bezpieczeństwa. Zapoznaj się z zasadami obowiązującymi w dziale i wrzuć odpowiednie logi!
Gość komentarz 4 sierpnia 2012 komentarz 4 sierpnia 2012 http://www.forumpc.pl/index.php?showtopic=104338 Masz wykonać logi z otl
nerdinek komentarz 4 sierpnia 2012 Autor komentarz 4 sierpnia 2012 (edytowane) WITAM to są logi z OTL wklejam oby dwa [log] info.txt logfile of random's system information tool 1.09 2012-08-04 19:17:17 ======Uninstall list====== -->MsiExec /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware Browsing Protection-->C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection\uninstall.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -maintain activex Adobe Reader X (10.1.0) - Polish-->MsiExec.exe /I{AC76BA86-7AD7-1045-7B44-AA1000000001} Age of Pirates: Opowieści z Karaibów-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48A7DB60-86F0-49BE-99F9-9A41C229CB63}\Setup.exe" -l0x15 Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE} Assassin's Creed Brotherhood-->"C:\Program Files\InstallShield Installation Information\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}\setup.exe" -runfromtemp -l0x0015 -removeonly Avira Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE AxCrypt 1.7.2687.0-->MsiExec.exe /I{9ED9D728-9D4A-46D8-AF73-264CB0090AEA} Battlefield 2™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x15 -removeonly Budzik 1.04-->"C:\Program Files\Budzik\unins000.exe" CCleaner-->"C:\Program Files\CCleaner\uninst.exe" COMODO GeekBuddy-->C:\Program Files\COMODO\COMODO GeekBuddy\uninstall.exe Dawn of War - Dark Crusade-->C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly DawnOfWar-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B} Dzielenie i łączenie plików v1.2.2-->"C:\Program Files\Dzielenie i laczenie plikow\unins000.exe" ElfBot NG 4.5.9-->"C:\Documents and Settings\Czarne\Pulpit\elf\ElfBot NG\unins000.exe" FIFA 12-->"D:\FIFA 12\unins002.exe" Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe GIMP 2.6.11-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly Hattrick Organizer (remove only)-->C:\HattrickOrganizer\Uninstall.exe Java™ 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF} Java™ 7 Update 5-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217005FF} JavaFX 2.1.1-->MsiExec.exe /X{1111706F-666A-4037-7777-211328764D10} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft SMS Sender-->MsiExec.exe /I{02A850EA-B803-4D44-A709-90C14221075B} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall Mozilla Firefox 14.0.1 (x86 pl)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe" NVIDIA nView 136.27-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.4\NVI2.DLL",UninstallPackage Display.NView NVIDIA Oprogramowanie systemu PhysX 9.12.0213-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9} NVIDIA Sterownik graficzny 301.42-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.4\NVI2.DLL",UninstallPackage Display.Driver OpenOffice.org 3.3-->MsiExec.exe /I{EB87675F-5281-4767-A54B-31931794C23D} Painkiller Czarna Edycja-->"C:\Program Files\InstallShield Installation Information\{785DB544-E757-44F8-8930-B10A7465407A}\setup.exe" -runfromtemp -l0x0015 -removeonly Pro Evolution Soccer 2011-->MsiExec.exe /X{9773450C-E2F3-46C3-9464-1D7EDE5EFB63} PunkBuster Services-->C:\Documents and Settings\Skarpety\Dane aplikacji\PunkBuster\pbsetup\pbsvc.exe -u Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x15 -removeonly Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A} Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype™ 5.10-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} Sony Ericsson PC Suite 6.011.00-->"C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly The Sims 2-->D:\The Sims 2\EAUninstall.exe Tibia MULTI-ip changer-->C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe Tibia-->"C:\Program Files\Tibia\unins000.exe" TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe" Ubisoft Game Launcher-->"C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} VirtualDJ Home FREE-->MsiExec.exe /I{19192A84-6172-4312-A661-D8F9A34585AB} WinRAR 4.20 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe Worms Armageddon-->C:\WINDOWS\IsUn0415.exe -f"d:\worms armagedon\Uninst.isu" Xfire (remove only)-->"D:\Xfire\uninst.exe" XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe ======System event log====== Computer Name: BLACK-88D9F0F7A Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 8662 Source Name: Cdrom Time Written: 20120725190045.000000+270 Event Type: błąd User: Computer Name: BLACK-88D9F0F7A Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 8661 Source Name: Cdrom Time Written: 20120725190036.000000+270 Event Type: błąd User: Computer Name: BLACK-88D9F0F7A Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 8660 Source Name: Cdrom Time Written: 20120725190020.000000+270 Event Type: błąd User: Computer Name: BLACK-88D9F0F7A Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 8659 Source Name: Cdrom Time Written: 20120725185757.000000+270 Event Type: błąd User: Computer Name: BLACK-88D9F0F7A Event Code: 7 Message: W urządzeniu \Device\CdRom0 wystąpił zły blok. Record Number: 8658 Source Name: Cdrom Time Written: 20120725185747.000000+270 Event Type: błąd User: =====Application event log===== Computer Name: BLACK-88D9F0F7A Event Code: 1000 Message: Aplikacja powodująca błąd wmplayer.exe, wersja 11.0.5721.5145, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x033ca8a0. Record Number: 1839 Source Name: Application Error Time Written: 20120719195447.000000+270 Event Type: błąd User: Computer Name: BLACK-88D9F0F7A Event Code: 4097 Message: Aplikacja C:\Program Files\Windows Media Player\wmplayer.exe wygenerowała błąd aplikacji. Błąd wystąpił na 07/19/2012 @ 19:54:29.421. Wygenerowany wyjątek to c0000005 pod adresem 033CA8A0 (<nosymbols>). Record Number: 1838 Source Name: DrWatson Time Written: 20120719195429.000000+270 Event Type: informacje User: Computer Name: BLACK-88D9F0F7A Event Code: 1000 Message: Aplikacja powodująca błąd wmplayer.exe, wersja 11.0.5721.5145, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x033ca8a0. Record Number: 1837 Source Name: Application Error Time Written: 20120719195417.000000+270 Event Type: błąd User: Computer Name: BLACK-88D9F0F7A Event Code: 1000 Message: Aplikacja powodująca błąd drwtsn32.exe, wersja 5.1.2600.0, moduł powodujący błąd dbghelp.dll, wersja 5.1.2600.5512, adres błędu 0x0001295d. Record Number: 1836 Source Name: Application Error Time Written: 20120719195400.000000+270 Event Type: błąd User: Computer Name: BLACK-88D9F0F7A Event Code: 1000 Message: Aplikacja powodująca błąd wmplayer.exe, wersja 11.0.5721.5145, moduł powodujący błąd unknown, wersja 0.0.0.0, adres błędu 0x033ca8a0. Record Number: 1835 Source Name: Application Error Time Written: 20120719195356.000000+270 Event Type: błąd User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=16 "PROCESSOR_IDENTIFIER"=x86 Family 16 Model 6 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0602 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- [/log] [log]Logfile of random's system information tool 1.09 (written by random/random) Run by Czarne at 2012-08-04 19:16:33 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 15 GB (51%) free of 30 GB Total RAM: 3071 MB (74% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Czarne\Dane aplikacji\Mozilla\Firefox\Profiles\paiurvy2.default prefs.js - "browser.startup.homepage" - "http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_PL" prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_PL&apn_uid=e1a660cf-29e0-49f2-83cb-b5792b33c297&apn_ptnrs=%5EABZ&apn_sauid=92701190-ECC5-45EF-9FAB-609D52C0F1ED&apn_dtid=%5EYYYYYY%5EYY%5EPL&&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 10 "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1] "Description"= "Path"=C:\WINDOWS\system32\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll C:\Program Files\Mozilla Firefox\extensions\ {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} {972ce4c6-7e08-4474-a285-3208198ce6fd} {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll C:\Program Files\Mozilla Firefox\searchplugins\ allegro-pl.xml avg-secure-search.xml fbc-pl.xml google.xml merlin-pl.xml pwn-pl.xml wikipedia-pl.xml wp-pl.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}] AVG Do Not Track - C:\Program Files\AVG\AVG2012\avgdtiex.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-06-19 4014280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Avira SearchFree Toolbar plus Web Protection - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-20 1519824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Avira SearchFree Toolbar plus Web Protection - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-20 1519824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2012-04-24 20065896] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 321928] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-05-15 15504192] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2012-05-15 108352] "nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-05-15 1634112] "COMODO"=C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [2011-11-23 208184] "CPA"=C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [2011-11-23 182584] "Ad-Aware Browsing Protection"=C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection\adawarebp.exe [2011-10-21 198032] ""= [] "ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-06-20 1568976] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-07-18 348664] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 97280] "Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 503808] "AudioMenager"=C:\Documents and Settings\Czarne\Dane aplikacji\mgr.exe [2012-06-13 1663488] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-15 1764864] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-06-07 17499312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-07-01 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe" "G:\jrksf.exe"="G:\jrksf.exe:*:Enabled:ipsec" "D:\Tibia\Tibia.exe"="D:\Tibia\Tibia.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\mbif.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\mbif.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winsionpc.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winsionpc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\tuqy.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\tuqy.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winolbi.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winolbi.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\ucfy.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\ucfy.exe:*:Enabled:ipsec" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:ipsec" "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe:*:Enabled:ipsec" "C:\WINDOWS\system32\RUNDLL32.EXE"="C:\WINDOWS\system32\RUNDLL32.EXE:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\rgmkrt.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\rgmkrt.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winyowo.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winyowo.exe:*:Enabled:ipsec" "C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec" "F:\iakr.pif"="F:\iakr.pif:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\ikdw.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\ikdw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\cvfd.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\cvfd.exe:*:Enabled:ipsec" "D:\gtasa\GTA San Andreas\samp.exe"="D:\gtasa\GTA San Andreas\samp.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\rxjbc.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\rxjbc.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\easn.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\easn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\gfxt.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\gfxt.exe:*:Enabled:ipsec" "C:\Documents and Settings\Czarne\Dane aplikacji\mgr.exe"="C:\Documents and Settings\Czarne\Dane aplikacji\mgr.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbdyhb.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbdyhb.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\wintedxg.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wintedxg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\fcvgds.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\fcvgds.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbgmjuf.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbgmjuf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\ntgf.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\ntgf.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhnvhk.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhnvhk.exe:*:Enabled:ipsec" "C:\Program Files\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe"="C:\Program Files\Asprate\Tibia Multi IP Changer\Tibia MULTI-ip changer.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\evilg.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\evilg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winqwde.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winqwde.exe:*:Enabled:ipsec" "C:\Program Files\Budzik\budzik.exe"="C:\Program Files\Budzik\budzik.exe:*:Enabled:ipsec" "C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winuksx.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winuksx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winvxuvwq.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winvxuvwq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\yctdmo.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\yctdmo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winxuloo.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winxuloo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\csrj.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\csrj.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\wingmhp.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wingmhp.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winwtve.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winwtve.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\pmott.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\pmott.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\kifsiw.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\kifsiw.exe:*:Enabled:ipsec" "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winsjwtq.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winsjwtq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\nvvgo.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\nvvgo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winxntfj.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winxntfj.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winogex.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winogex.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\dibn.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\dibn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\vtveso.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\vtveso.exe:*:Enabled:ipsec" "C:\Program Files\Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe"="C:\Program Files\Asprate\Tibia Multi IP Changer\Ip Changer Updater.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\wintbsmfn.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wintbsmfn.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhbxcl.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhbxcl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winouyfvv.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winouyfvv.exe:*:Enabled:ipsec" "C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\wingrlh.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wingrlh.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winsryegx.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winsryegx.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhkxt.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhkxt.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winfqomfp.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winfqomfp.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhyrrtl.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winhyrrtl.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\vkyaj.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\vkyaj.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winfowcy.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winfowcy.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\usbd.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\usbd.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winugltxp.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winugltxp.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winoxhwj.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winoxhwj.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\nilvfo.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\nilvfo.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\windqan.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\windqan.exe:*:Enabled:ipsec" "C:\Program Files\Java\jre7\bin\java.exe"="C:\Program Files\Java\jre7\bin\java.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\gsjk.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\gsjk.exe:*:Enabled:ipsec" "C:\Program Files\Mozilla Firefox\plugin-container.exe"="C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbplr.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbplr.exe:*:Enabled:ipsec" "C:\Program Files\Windows NT\Accessories\WORDPAD.EXE"="C:\Program Files\Windows NT\Accessories\WORDPAD.EXE:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\psur.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\psur.exe:*:Enabled:ipsec" "C:\WINDOWS\system32\notepad.exe"="C:\WINDOWS\system32\notepad.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbjrq.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winbjrq.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\wkfmh.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wkfmh.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winacoa.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winacoa.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winvpknw.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winvpknw.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\wineolwow.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wineolwow.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\winvnbv.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\winvnbv.exe:*:Enabled:ipsec" "D:\gtasa\GTA San Andreas\gta_sa.exe"="D:\gtasa\GTA San Andreas\gta_sa.exe:*:Enabled:ipsec" "C:\DOCUME~1\Czarne\USTAWI~1\Temp\wintdmjsl.exe"="C:\DOCUME~1\Czarne\USTAWI~1\Temp\wintdmjsl.exe:*:Enabled:ipsec" "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\dfyffi.exe"="C:\WINDOWS\TEMP\dfyffi.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\windahmec.exe"="C:\WINDOWS\TEMP\windahmec.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\tyxd.exe"="C:\WINDOWS\TEMP\tyxd.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\windikijw.exe"="C:\WINDOWS\TEMP\windikijw.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\winjxofqv.exe"="C:\WINDOWS\TEMP\winjxofqv.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\viai.exe"="C:\WINDOWS\TEMP\viai.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\winsrtvy.exe"="C:\WINDOWS\TEMP\winsrtvy.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\winysrah.exe"="C:\WINDOWS\TEMP\winysrah.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\winoupkgg.exe"="C:\WINDOWS\TEMP\winoupkgg.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\xaef.exe"="C:\WINDOWS\TEMP\xaef.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\kysvwh.exe"="C:\WINDOWS\TEMP\kysvwh.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\jtlpm.exe"="C:\WINDOWS\TEMP\jtlpm.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\winolmrj.exe"="C:\WINDOWS\TEMP\winolmrj.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\winwjwcx.exe"="C:\WINDOWS\TEMP\winwjwcx.exe:*:Enabled:ipsec" "C:\WINDOWS\TEMP\winbgvh.exe"="C:\WINDOWS\TEMP\winbgvh.exe:*:Enabled:ipsec" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "vidc.I420"=msh263.drv "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "vidc.iyuv"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvu9"=tsbyuv.dll "vidc.yvyu"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "vidc.ffds"=ffdshow.ax "msacm.ac3filter"=ac3filter.acm "VIDC.WMV3"=wmv9vcm.dll ======List of files/folders created in the last 1 month====== 2012-08-04 19:16:34 ----D---- C:\Program Files\trend micro 2012-08-04 19:16:33 ----D---- C:\rsit 2012-08-04 01:53:55 ----D---- C:\Program Files\Ask.com 2012-08-04 01:52:22 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys 2012-08-04 01:52:20 ----D---- C:\Program Files\Avira 2012-08-04 01:52:20 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Avira 2012-08-04 01:52:20 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys 2012-08-04 01:52:20 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys 2012-08-04 01:52:20 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys 2012-08-04 01:50:50 ----SHD---- C:\Config.Msi 2012-08-04 01:32:36 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\GFI Software 2012-08-04 01:29:35 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Ad-Aware Browsing Protection 2012-08-04 01:29:30 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2012-08-04 01:29:29 ----D---- C:\Program Files\Ad-Aware Antivirus 2012-08-04 01:05:21 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\CPA_VA 2012-08-03 20:57:32 ----A---- C:\WINDOWS\system32\drivers\sfi.dat 2012-08-03 20:53:19 ----D---- C:\Program Files\COMODO 2012-08-03 20:53:19 ----A---- C:\WINDOWS\system32\mfc71.dll 2012-08-03 20:53:19 ----A---- C:\WINDOWS\system32\gdiplus.dll 2012-08-01 14:33:54 ----D---- C:\Program Files\AVG 2012-08-01 00:44:34 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\AVG2012 2012-08-01 00:38:12 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\AVG2012 2012-08-01 00:36:32 ----HD---- C:\Documents and Settings\All Users\Dane aplikacji\Common Files 2012-08-01 00:36:32 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\MFAData 2012-07-31 21:29:44 ----D---- C:\Program Files\WMV9_VCM 2012-07-29 16:22:52 ----D---- C:\Program Files\CCleaner 2012-07-29 16:17:17 ----D---- C:\WINDOWS\Minidump 2012-07-29 16:16:01 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Agnitum 2012-07-27 20:32:44 ----D---- C:\Program Files\GIMP-2.0 2012-07-27 20:32:12 ----D---- C:\Program Files\PhotoFiltre 2012-07-27 01:36:47 ----D---- C:\Program Files\Ventrilo 2012-07-27 01:36:43 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini 2012-07-26 15:55:29 ----D---- C:\Program Files\Tibia 2012-07-24 19:36:54 ----D---- C:\Program Files\XP Codec Pack 2012-07-23 18:04:35 ----D---- C:\Program Files\OpenOffice.org 3 2012-07-22 13:44:34 ----D---- C:\Program Files\VirtualDJ 2012-07-21 17:36:24 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2012-07-21 17:36:24 ----A---- C:\WINDOWS\system32\OpenAL32.dll 2012-07-21 16:55:27 ----D---- C:\WINDOWS\95FC26FB19FD4A96BBB1B1062E8648F5.TMP 2012-07-21 15:15:47 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\EA Core 2012-07-21 15:15:45 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Electronic Arts 2012-07-20 19:34:19 ----A---- C:\WINDOWS\system32\XAudio2_7.dll 2012-07-20 19:34:19 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll 2012-07-20 19:34:19 ----A---- C:\WINDOWS\system32\xactengine3_7.dll 2012-07-20 19:34:19 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll 2012-07-20 19:34:19 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll 2012-07-20 19:34:18 ----A---- C:\WINDOWS\system32\XAudio2_6.dll 2012-07-20 19:34:18 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll 2012-07-20 19:34:18 ----A---- C:\WINDOWS\system32\xactengine3_6.dll 2012-07-20 19:34:18 ----A---- C:\WINDOWS\system32\D3DX9_43.dll 2012-07-20 19:34:18 ----A---- C:\WINDOWS\system32\d3dx11_43.dll 2012-07-20 19:34:18 ----A---- C:\WINDOWS\system32\d3dx10_43.dll 2012-07-20 19:34:17 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll 2012-07-19 18:56:42 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\Ubisoft 2012-07-18 00:25:39 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2012-07-15 21:22:27 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\TrackMania 2012-07-15 21:20:54 ----D---- C:\Program Files\TmNationsForever 2012-07-15 21:06:09 ----D---- C:\Program Files\Axantum 2012-07-15 14:56:38 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\SMSSender 2012-07-15 14:56:26 ----D---- C:\Program Files\Microsoft SMS Sender 2012-07-12 21:32:36 ----D---- C:\WINDOWS\system32\ReinstallBackups 2012-07-07 16:48:32 ----D---- C:\HattrickOrganizer 2012-07-05 00:31:38 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\Skype 2012-07-05 00:31:33 ----RD---- C:\Program Files\Skype 2012-07-05 00:31:33 ----D---- C:\Program Files\Common Files\Skype 2012-07-05 00:31:25 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype ======List of files/folders modified in the last 1 month====== 2012-08-04 19:17:03 ----AD---- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2012-08-04 19:16:34 ----RD---- C:\Program Files 2012-08-04 19:16:29 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 0017 USB WMC Data Modem.txt 2012-08-04 19:15:53 ----D---- C:\WINDOWS\Temp 2012-08-04 15:32:48 ----D---- C:\WINDOWS\system32\drivers 2012-08-04 14:37:45 ----D---- C:\WINDOWS\system32\CatRoot2 2012-08-04 14:37:45 ----A---- C:\WINDOWS\SchedLgU.Txt 2012-08-04 01:54:38 ----D---- C:\WINDOWS\system32\CatRoot 2012-08-04 01:54:31 ----SHD---- C:\WINDOWS\Installer 2012-08-04 01:54:30 ----SD---- C:\WINDOWS\Tasks 2012-08-04 01:51:23 ----D---- C:\WINDOWS\system32 2012-08-04 01:51:20 ----D---- C:\WINDOWS\Prefetch 2012-08-04 01:29:29 ----D---- C:\Program Files\Common Files\Microsoft Shared 2012-08-04 01:05:00 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\Tibia 2012-08-03 21:30:41 ----D---- C:\WINDOWS 2012-08-03 04:24:34 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 0017 USB WMC Modem.txt 2012-08-01 21:38:13 ----SHD---- C:\System Volume Information 2012-08-01 15:00:30 ----D---- C:\Program Files\Common Files 2012-08-01 00:45:18 ----HD---- C:\WINDOWS\inf 2012-07-31 21:21:07 ----HD---- C:\Program Files\InstallShield Installation Information 2012-07-29 22:57:23 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\Gadu-Gadu 10 2012-07-29 16:23:57 ----D---- C:\Documents and Settings\Czarne\Dane aplikacji\Ventrilo 2012-07-29 16:23:46 ----D---- C:\WINDOWS\Logs 2012-07-29 16:23:46 ----D---- C:\WINDOWS\Debug 2012-07-23 18:04:48 ----RSD---- C:\WINDOWS\Fonts 2012-07-23 18:04:18 ----D---- C:\Program Files\Java 2012-07-23 18:04:06 ----D---- C:\WINDOWS\WinSxS 2012-07-21 17:59:58 ----A---- C:\WINDOWS\system32\CmdLineExt.dll 2012-07-21 17:36:25 ----D---- C:\WINDOWS\system32\DirectX 2012-07-20 19:00:33 ----D---- C:\Program Files\Mozilla Maintenance Service 2012-07-20 17:51:02 ----D---- C:\Program Files\Mozilla Firefox 2012-07-15 14:56:27 ----SD---- C:\Documents and Settings\Czarne\Dane aplikacji\Microsoft 2012-07-12 22:15:00 ----D---- C:\Program Files\NVIDIA Corporation 2012-07-12 14:01:10 ----A---- C:\WINDOWS\wa.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 sfdrv02;FrontLine Environment Driver (v2); C:\WINDOWS\system32\drivers\sfdrv02.sys [2006-09-11 67960] R0 sfsync05;FrontLine Synchronization Driver (v5); C:\WINDOWS\system32\drivers\sfsync05.sys [2006-11-03 61312] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-01 77568] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-07-18 137928] R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-07-18 36000] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-07-18 83392] R3 amsint32;amsint32; \??\C:\WINDOWS\system32\drivers\lvnljn.sys [] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384] R3 hidusb;Sterownik Microsoft klasy HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-05-31 6126736] R3 mouhid;Sterownik myszy HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-07-01 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-05-15 14014656] R3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-10-21 86824] R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016] R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600] R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328] R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024] R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-10-21 104616] R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-10-21 109736] R3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-07-01 38528] R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-01 82944] S1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [] S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480] S3 jswmidin;jswmidin; \??\C:\DOCUME~1\Skarpety\USTAWI~1\Temp\jswmidin.sys [] S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800] S3 USBSTOR;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224] R2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-07-18 465360] R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-05-04 161664] R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-05-15 164160] R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 163840] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2012-07-01 75136] R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336] S2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-07-18 110032] S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [] S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [] S2 sfrem02;FrontLine Drivers Auto Removal (v2); C:\WINDOWS\system32\sfrem02.exe [2006-05-11 358008] S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-07 160944] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] -----------------EOF----------------- [/log]Dodam iż np nie mogę zainstalować adobe flash playera nie chce sie wlaczyc instalka tak jak mowilem mam tka zawirusowany komputer, ze nie moge odpalic zadnego antywira Dlatego chcialem sie dowiedziec co zrobic po formacie? Jak wyczyscic moj telefon z wirusow { ja sie moge laczyc tylko przez ten telefon ]
Gość komentarz 4 sierpnia 2012 komentarz 4 sierpnia 2012 Nie dałes otl-a tylko rsit ale i tak widzę sality R3 amsint32;amsint32; \??\C:\WINDOWS\system32\drivers\lvnljn.sys [] Na innym nie zainfekowanym komputerze wypal płytę dr.web live cd i przeskanuj z niej komputer Jak wyczyscić ? Pytanie jaki masz telefon. NA telefonie masz autoruny które musisz usunąć Przed skanowaniem livecd dr.weba podłącz wszystkie urżądzenia pamięci masowej w tym także telefon i zaznacz je do skanowania. Pliki zarażone mają być leczone a co się nie da usuwane.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.