x-kom hosting

Zablokowana Możliwość Instalacji,

Aki
utworzono
utworzono (edytowane)

Złapałem wirusa jakiś rodzaj trojana niestety nie moge sprawdzić. Polega to na tym, że wirus zablokoał możliwość instalacji wszelkich plików, jak z dysku to wyświetla

Setup Selfextract:

An error 1006 (000003EE) has occured

Last performed operation was:

Opening the self-extract archive

Try to download strup file again.

If you use Internet Explorer, clear it's cach before downloading:

Start-Controp Panel-Internet Options and Delete Temporary Internet Files

A gdy coś chce zainstalować z płyty komp strasznie zaczyna mulić i albo zacina się cały CD/DVD-RAM albo jeśli już odpali jakiś setup to nastękuje restart komputera.

Zrobiłem skany SpyWare Doctor on nic nie wykrył ale po skanowaniu avastem4.7 wykrył Trojana na pliku System Volum (jeśli dobrze pamiętam to te pliki odpowiadają za uruchamianie takich rzeczy jak CD czy setup). I teraz bije się w głowe czemu go odrazu nie wywaliłem tylko dałem Move to chest. Problem jest taki, że jak chce otworzyć srzynke z wirusami avasta to dostaje informacje

Initialization of Chest filec

Action was completed with errors!

Program cannot use Chest client: (null)

--->Description: Nieprawidlowe dane

Initialization of Chest files

------------------------------------------------------------------------------------------

Program will try to load all Chest files from the following server: (null)

------------------------------------------------------------------------------------------

Action was completed with errors!

I jestem jedną ręką w nocniku nie moge ani wywalić lub naprawić zainfekowanego pliku ze skrzynki, ani wywalic avasta i zainstlować go ponownie by zrobił to jescze raz (chyba blokada brakiem pliku Volume), ani zainstlować WinXP by dodał brakujący plik. Nie da się tego zrobić w trybie awaryjnym.

Gdy chce zacząć formatowanie, ustawiłem wszystko w boot. W momęcie gdy komputer uruchamia boot CD WinXP i powinien pojawic się instalator lub coś innego, ekran jest czarny przez 5min i pokazuje sie tekst:

"Plik INF txtsetup.sit jest uszkodzony lub nie ma go, stan 32768. Naciśnij dowolny klawisz, aby zakończyć."

Co ma teraz zrobić?

luq
komentarz
komentarz

Jak dasz radę to pobierz HiJackThis i wklej logi.

Aki
komentarz
komentarz

ehh a możesz to jaśniej napisać, jestem słaby z komputera i nie wiem o co chodzi z wklejaniem jakiś logów. I co ma pobrać z tej stronki http://hijackthis.com/ a następnie co z tym zrobić. Prosze opisz to krok po kroku. I przypominam, że nie moge nic zainstalować w systemie

Aki
komentarz
komentarz

nie moge otworzyć tego pliku jest ta sama blokada co z innymi instalacjami. Wyświetla Run-time error '326': Resource with identifier 'VERSION' not found

andrzej2442
komentarz
komentarz

Przecież tego nie trzeba instalować.

  • 2 lata później...
shotaro
komentarz
komentarz (edytowane)

Mam ten sam problem co kolega, prosze o pomoc!
[log]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:17, on 2010-04-12
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\SEBAST~1\USTAWI~1\Temp\tfmy.exe
C:\DOCUME~1\SEBAST~1\USTAWI~1\Temp\winbmigaj.exe
C:\DOCUME~1\SEBAST~1\USTAWI~1\Temp\w3e41dd.exe
C:\DOCUME~1\SEBAST~1\USTAWI~1\Temp\winyifj.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

--
End of file - 5598 bytes[/log]

Mateusz J.
komentarz
komentarz

Czasy się zmieniły, teraz wstawiamy loga z: http://www.forumpc.pl/index.php?showtopic=104338

W takim przypadku pokaż log z ComboFix.

shotaro
komentarz
komentarz (edytowane)

[log]OTL logfile created on: 2010-04-12 23:31:42 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\SebastianB\Moje dokumenty
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

1 015,00 Mb Total Physical Memory | 601,00 Mb Available Physical Memory | 59,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72,06 Gb Total Space | 65,26 Gb Free Space | 90,57% Space Free | Partition Type: NTFS
Drive D: | 72,05 Gb Total Space | 55,04 Gb Free Space | 76,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEBASTIAN
Current User Name: SebastianB
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 60 Days
Output = Standard

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2010-04-12 23:29:16 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SebastianB\Moje dokumenty\OTL.exe
PRC - [2010-04-12 21:54:01 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\winyifj.exe
PRC - [2010-04-12 21:24:49 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\w3e41dd.exe
PRC - [2010-04-12 21:18:47 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\winbmigaj.exe
PRC - [2010-04-12 21:18:42 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\tfmy.exe
PRC - [2010-03-18 01:43:38 | 000,909,680 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009-08-06 19:24:06 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
PRC - [2009-05-08 10:42:54 | 000,395,776 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
PRC - [2009-04-27 11:08:42 | 017,881,088 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009-04-16 19:46:30 | 000,630,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009-04-16 18:58:54 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2009-03-25 10:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2009-03-13 16:15:02 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2009-03-06 10:57:54 | 001,434,920 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009-02-09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\services.exe
PRC - [2009-01-14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008-04-15 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-15 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spoolsv.exe
PRC - [2008-04-15 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
PRC - [2008-04-15 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ctfmon.exe
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [RPCSS]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETWORKSERVICE]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [NETSVCS]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [LOCALSERVICE]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [IMGSVC]
PRC - [2008-04-15 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe [DCOMLAUNCH]
PRC - [2008-04-15 14:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008-04-15 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
PRC - [2008-04-15 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csrss.exe
PRC - [2007-12-19 17:08:12 | 000,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007-12-19 17:08:08 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2007-12-19 17:07:40 | 000,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007-12-19 17:07:30 | 000,249,856 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2010-04-12 23:29:16 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SebastianB\Moje dokumenty\OTL.exe
MOD - [2009-03-21 16:08:59 | 001,018,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kernel32.dll
MOD - [2009-02-27 06:58:02 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfime.ime
MOD - [2009-02-09 12:53:44 | 000,686,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advapi32.dll
MOD - [2009-02-09 12:53:43 | 000,722,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntdll.dll
MOD - [2009-02-03 21:58:45 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\secur32.dll
MOD - [2008-10-23 14:42:41 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\gdi32.dll
MOD - [2008-06-17 21:03:15 | 008,489,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shell32.dll
MOD - [2008-04-15 14:00:00 | 001,287,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ole32.dll
MOD - [2008-04-15 14:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008-04-15 14:00:00 | 000,997,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\setupapi.dll
MOD - [2008-04-15 14:00:00 | 000,732,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userenv.dll
MOD - [2008-04-15 14:00:00 | 000,584,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rpcrt4.dll
MOD - [2008-04-15 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\user32.dll
MOD - [2008-04-15 14:00:00 | 000,551,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oleaut32.dll
MOD - [2008-04-15 14:00:00 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shlwapi.dll
MOD - [2008-04-15 14:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcrt.dll
MOD - [2008-04-15 14:00:00 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSCTF.dll
MOD - [2008-04-15 14:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\comdlg32.dll
MOD - [2008-04-15 14:00:00 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\uxtheme.dll
MOD - [2008-04-15 14:00:00 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2008-04-15 14:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winspool.drv
MOD - [2008-04-15 14:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imm32.dll
MOD - [2008-04-15 14:00:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\olepro32.dll
MOD - [2008-04-15 14:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\srclient.dll
MOD - [2008-04-15 14:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\psapi.dll
MOD - [2008-04-15 14:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\version.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009-02-06 18:08:58 | 000,615,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009-01-14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)
DRV - [2009-04-27 13:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-03-24 01:25:24 | 000,966,912 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2009-03-13 23:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009-03-06 10:58:44 | 000,208,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009-03-02 07:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009-02-06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008-11-19 10:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008-09-12 07:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008-08-05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008-04-15 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008-04-08 15:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2007-12-19 17:32:12 | 005,854,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006-01-04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-398136758-1731338498-3964357464-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eeepc.asus.com/global
IE - HKU\S-1-5-21-398136758-1731338498-3964357464-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-04-12 21:15:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010-04-12 21:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SebastianB\Dane aplikacji\Mozilla\Extensions
[2010-04-12 21:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SebastianB\Dane aplikacji\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

O1 HOSTS File: ([2008-04-15 14:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-398136758-1731338498-3964357464-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-398136758-1731338498-3964357464-1006..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-398136758-1731338498-3964357464-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-398136758-1731338498-3964357464-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-398136758-1731338498-3964357464-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.76.39.205 212.76.39.211
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-05-27 03:30:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-12-17 12:31:14 | 000,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{c400a8b1-465b-11df-8114-806d6172696f}\Shell\AutoRun\command - "" = g12g.exe
O33 - MountPoints2\{c400a8b1-465b-11df-8114-806d6172696f}\Shell\open\Command - "" = g12g.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-05-27 03:30:11 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: [b]MsnMsgr[/b] - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)



[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2010-04-12 23:29:16 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\SebastianB\Moje dokumenty\OTL.exe
[2010-04-12 21:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010-04-12 21:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-04-12 21:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Dane aplikacji\Thunderbird
[2010-04-12 21:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Dane aplikacji\Thunderbird
[2010-04-12 21:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Dane aplikacji\Mozilla
[2010-04-12 21:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010-04-12 21:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Dane aplikacji\skypePM
[2010-04-12 20:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Dane aplikacji\Skype
[2010-04-12 20:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Dane aplikacji\Opera
[2010-04-12 20:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Dane aplikacji\Opera
[2010-04-12 20:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010-04-12 20:13:28 | 013,061,480 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\SebastianB\Moje dokumenty\Opera_1051_int_Setup.exe
[2010-04-12 20:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Dane aplikacji\Macromedia
[2010-04-12 20:01:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010-04-12 19:56:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\SebastianB\Dane aplikacji\Microsoft
[2010-04-12 19:56:02 | 000,000,000 | --SD | C] -- C:\Documents and Settings\SebastianB\Cookies
[2010-04-12 19:56:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SebastianB\SendTo
[2010-04-12 19:56:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SebastianB\Recent
[2010-04-12 19:56:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\SebastianB\Dane aplikacji
[2010-04-12 19:56:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SebastianB\Ulubione
[2010-04-12 19:56:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SebastianB\Moje dokumenty\Moje obrazy
[2010-04-12 19:56:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SebastianB\Moje dokumenty
[2010-04-12 19:56:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SebastianB\Moje dokumenty\Moja muzyka
[2010-04-12 19:56:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SebastianB\Menu Start
[2010-04-12 19:56:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SebastianB\Ustawienia lokalne
[2010-04-12 19:56:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SebastianB\Szablony
[2010-04-12 19:56:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SebastianB\PrintHood
[2010-04-12 19:56:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\SebastianB\NetHood
[2010-04-12 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Pulpit
[2010-04-12 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Moje dokumenty\My Videos
[2010-04-12 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Moje dokumenty\My Pictures
[2010-04-12 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Moje dokumenty\My Office
[2010-04-12 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Moje dokumenty\My Music
[2010-04-12 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Moje dokumenty\My Ebooks
[2010-04-12 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Dane aplikacji\Microsoft Help
[2010-04-12 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Dane aplikacji\Microsoft
[2010-04-12 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Dane aplikacji\InstallShield
[2010-04-12 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Dane aplikacji\Identities
[2010-04-12 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Dane aplikacji\ApplicationHistory
[2010-04-12 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Dane aplikacji\Adobe
[2010-04-12 19:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SebastianB\Dane aplikacji\Adobe
[2009-05-27 03:33:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-05-27 03:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-05-27 03:33:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-05-27 03:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2010-04-12 23:29:16 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SebastianB\Moje dokumenty\OTL.exe
[2010-04-12 22:58:54 | 000,002,259 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Skype.lnk
[2010-04-12 21:49:00 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\SebastianB\NTUSER.DAT
[2010-04-12 21:48:00 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\SebastianB\Pulpit\HijackThis.lnk
[2010-04-12 21:41:31 | 043,915,532 | ---- | M] () -- C:\Documents and Settings\SebastianB\Moje dokumenty\setup_av_free_pol.exe
[2010-04-12 21:15:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010-04-12 21:15:33 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Thunderbird.lnk
[2010-04-12 21:14:26 | 000,000,267 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-04-12 21:03:03 | 000,000,032 | ---- | M] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
[2010-04-12 20:21:55 | 001,012,492 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-12 20:21:55 | 000,458,592 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat
[2010-04-12 20:21:55 | 000,401,712 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-04-12 20:21:55 | 000,079,954 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat
[2010-04-12 20:21:55 | 000,062,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-04-12 20:17:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-04-12 20:17:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-04-12 20:16:37 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\SebastianB\ntuser.ini
[2010-04-12 20:16:12 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010-04-12 20:14:22 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-04-12 20:13:40 | 013,061,480 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\SebastianB\Moje dokumenty\Opera_1051_int_Setup.exe
[2010-04-12 19:58:40 | 007,800,996 | -H-- | M] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-04-12 19:56:09 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\SebastianB\Pulpit\Windows Media Player.lnk
[2010-04-12 19:56:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-04-12 19:55:23 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010-04-12 19:55:22 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010-04-12 19:53:54 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010-04-12 19:51:47 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010-04-12 21:48:00 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\SebastianB\Pulpit\HijackThis.lnk
[2010-04-12 21:38:39 | 043,915,532 | ---- | C] () -- C:\Documents and Settings\SebastianB\Moje dokumenty\setup_av_free_pol.exe
[2010-04-12 21:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-04-12 21:15:33 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Thunderbird.lnk
[2010-04-12 21:03:03 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
[2010-04-12 20:16:12 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010-04-12 20:14:22 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-04-12 19:56:09 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\SebastianB\Pulpit\Windows Media Player.lnk
[2010-04-12 19:56:03 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\SebastianB\Pulpit\Install Norton Internet Security.lnk
[2010-04-12 19:56:02 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\SebastianB\NTUSER.DAT
[2010-04-12 19:56:02 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\SebastianB\ntuser.dat.LOG
[2010-04-12 19:56:02 | 000,000,188 | -HS- | C] () -- C:\Documents and Settings\SebastianB\ntuser.ini
[2010-04-12 19:56:02 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[2010-04-12 19:55:22 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010-04-12 19:55:22 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2009-05-27 07:56:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009-05-27 05:18:26 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009-05-27 05:08:23 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009-05-27 05:08:23 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009-05-27 05:01:54 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll

[color=#E56717]========== LOP Check ==========[/color]

[2009-05-27 05:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Wireless LAN Card
[2010-04-12 20:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SebastianB\Dane aplikacji\Opera
[2010-04-12 21:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SebastianB\Dane aplikacji\Thunderbird

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-05-27 03:30:42 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010-04-12 19:53:54 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008-04-15 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-05-27 03:30:42 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009-05-27 03:30:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-05-27 03:30:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-15 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-15 14:00:00 | 000,251,152 | RHS- | M] () -- C:\ntldr
[2010-04-12 20:17:01 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:agp440.sys
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:agp440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-15 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2008-04-15 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008-04-15 14:00:00 | 020,110,420 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:cdrom.sys
[2008-04-15 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008-04-15 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=35FCCFD093582FA9098762E6F84EE119 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008-04-15 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation)
MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008-04-15 14:00:00 | 000,510,464 | ---- | M] (Microsoft Corporation) MD5=51FD2E13D723857B9CA239AE77150F48 -- C:\WINDOWS\system32\winlogon.exe
< End of report >[/log]

combofix

Mateusz J.
komentarz
komentarz

Uruchom OTL i w oknie Custom Scans/Fixes wklej[code]
:Processes
explorer.exe

:OTL
PRC - [2010-04-12 21:54:01 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\winyifj.exe
PRC - [2010-04-12 21:24:49 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\w3e41dd.exe
PRC - [2010-04-12 21:18:47 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\winbmigaj.exe
PRC - [2010-04-12 21:18:42 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\tfmy.exe
O32 - AutoRun File - [2009-12-17 12:31:14 | 000,000,055 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{c400a8b1-465b-11df-8114-806d6172696f}\Shell\AutoRun\command - "" = g12g.exe
O33 - MountPoints2\{c400a8b1-465b-11df-8114-806d6172696f}\Shell\open\Command - "" = g12g.exe

:Files
C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\winyifj.exe
C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\w3e41dd.exe
C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\winbmigaj.exe
C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\tfmy.exe

:Commands
[emptytemp]
[Reboot][/code]Kliknij Run Fix. Zatwierdź restart komputera.
Po ponownym uruchomieniu komputera tworzysz nowy log i pokazujesz do kontroli.


Wykonaj: http://www.forumpc.pl/index.php?showtopic=107753
Usuwasz wszystko co znajdzie program, a raport pokazuje na forum.

Użyj CCleaner, wyczyść nim pliki Temp oraz Temporary.

Wyłącz chwilowo przywracanie systemu.

shotaro
komentarz
komentarz (edytowane)

[log]
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== OTL ==========
No active process named winyifj.exe was found!
No active process named w3e41dd.exe was found!
No active process named winbmigaj.exe was found!
No active process named tfmy.exe was found!
File D:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c400a8b1-465b-11df-8114-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c400a8b1-465b-11df-8114-806d6172696f}\ not found.
File g12g.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c400a8b1-465b-11df-8114-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c400a8b1-465b-11df-8114-806d6172696f}\ not found.
File g12g.exe not found.
========== FILES ==========
File\Folder C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\winyifj.exe not found.
File\Folder C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\w3e41dd.exe not found.
File\Folder C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\winbmigaj.exe not found.
File\Folder C:\Documents and Settings\SebastianB\Ustawienia lokalne\Temp\tfmy.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33098 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: SebastianB
->Temp folder emptied: 85214922 bytes
->Temporary Internet Files folder emptied: 3135805 bytes
->Flash cache emptied: 1651 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2596 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2847778 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 87,00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04142010_195446

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_db4.dat moved successfully.

Registry entries deleted on Reboot...
[/log]

Mateusz J.
komentarz
komentarz

Gdzie:
1)Nowy log z OTL
2)Raport Malwarebytes

shotaro
komentarz
komentarz

raport

Mateusz J.
komentarz
komentarz

Nowy log z OTL.

Czy problem ustąpił?

shotaro
komentarz
komentarz

[quote name='jesiona' date='14 kwiecień 2010 - 20:19' timestamp='1271272887' post='1011414']
Nowy log z OTL.

Czy problem ustąpił?
[/quote]

Niestety, dalej to samo.
Nowy log

Mateusz J.
komentarz
komentarz

Masz Sality.

Wykonaj:
Uruchom OTL i w oknie Custom Scans/Fixes wklej[code]
:Processes
explorer.exe

:OTL
PRC - [2010-04-14 21:32:20 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\temp\w91263.exe
PRC - [2010-04-14 21:26:43 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\temp\peus.exe
PRC - [2010-04-14 21:26:39 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\temp\wingahqot.exe
PRC - [2010-04-14 21:26:29 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\SebastianB\Ustawienia lokalne\temp\whuy.exe
O33 - MountPoints2\{50cf719b-47ab-11df-8122-0025d37283bb}\Shell\AUToplAY\coMmAnd - "" = F:\rxykt.exe -- File not found
O33 - MountPoints2\{50cf719b-47ab-11df-8122-0025d37283bb}\Shell\AutoRun\command - "" = F:\rxykt.exe -- File not found
O33 - MountPoints2\{50cf719b-47ab-11df-8122-0025d37283bb}\Shell\eXploRE\COmmAnD - "" = F:\rxykt.exe -- File not found
O33 - MountPoints2\{50cf719b-47ab-11df-8122-0025d37283bb}\Shell\open\comManD - "" = F:\rxykt.exe -- File not found
O33 - MountPoints2\{dfdd6c5c-46fc-11df-811b-0025d37283bb}\Shell - "" = AutoRun
O33 - MountPoints2\{dfdd6c5c-46fc-11df-811b-0025d37283bb}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)

:Files
C:\Documents and Settings\SebastianB\Ustawienia lokalne\temp\w91263.exe
C:\Documents and Settings\SebastianB\Ustawienia lokalne\temp\peus.exe
C:\Documents and Settings\SebastianB\Ustawienia lokalne\temp\wingahqot.exe
C:\Documents and Settings\SebastianB\Ustawienia lokalne\temp\whuy.exe

:Commands
[emptytemp]
[Reboot][/code]Kliknij Run Fix. Zatwierdź restart komputera.
Po ponownym uruchomieniu komputera tworzysz nowy log i pokazujesz do kontroli.

Następnie konieczny skan: http://www.freedrweb.com/cureit/
Sality infekuje pliki .exe ciężko zwalczyć tego wirusa.

shotaro
komentarz
komentarz

[log]All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== OTL ==========
No active process named w91263.exe was found!
No active process named peus.exe was found!
No active process named wingahqot.exe was found!
No active process named whuy.exe was found!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50cf719b-47ab-11df-8122-0025d37283bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50cf719b-47ab-11df-8122-0025d37283bb}\ not found.
File F:\rxykt.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50cf719b-47ab-11df-8122-0025d37283bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50cf719b-47ab-11df-8122-0025d37283bb}\ not found.
File F:\rxykt.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50cf719b-47ab-11df-8122-0025d37283bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50cf719b-47ab-11df-8122-0025d37283bb}\ not found.
File F:\rxykt.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50cf719b-47ab-11df-8122-0025d37283bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50cf719b-47ab-11df-8122-0025d37283bb}\ not found.
File F:\rxykt.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfdd6c5c-46fc-11df-811b-0025d37283bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfdd6c5c-46fc-11df-811b-0025d37283bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfdd6c5c-46fc-11df-811b-0025d37283bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfdd6c5c-46fc-11df-811b-0025d37283bb}\ not found.
File E:\AutoRun.exe not found.
Error: Unable to stop service abp470n5!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\abp470n5 deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\SebastianB\Ustawienia lokalne\temp\w91263.exe not found.
File\Folder C:\Documents and Settings\SebastianB\Ustawienia lokalne\temp\peus.exe not found.
File\Folder C:\Documents and Settings\SebastianB\Ustawienia lokalne\temp\wingahqot.exe not found.
File\Folder C:\Documents and Settings\SebastianB\Ustawienia lokalne\temp\whuy.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33232 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: SebastianB
->Temp folder emptied: 642942 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 463 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04142010_224913

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_2cc.dat moved successfully.

Registry entries deleted on Reboot...
[/log]

Mateusz J.
komentarz
komentarz

Użyj: http://support.kaspersky.com/pl/faq/?qid=208279886
Następnie Dr.web.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.