x-kom hosting

Blad DLL

emarti
utworzono
utworzono

Hej, od jakiegos czasu po odpaleniu komputera wyskakuje mi taki komunikat:

Wystapil blad podczas ladowania C:/windows/system32/nnnliGwU.dll i potem jeszcze jakas informacja na temat modulu. Czy jest cos aby sie tego pozbyc i jaka jest przyczyna pojawiania sie takiego komunikatu? Pozdrawiam i dzieki za odpowiedz!

Mateusz J.
komentarz
komentarz

Przypuszczam, że to to wirus.

Puki co przenoszę temat do działu: Bezpieczeństwo.

A Ciebie proszę o wklejenie loga z programu HijackThis.

Instrukcja: http://www.forumpc.pl/index.php?showtopic=11017

emarti
komentarz
komentarz

Przeskanowalem komputer Antivirusem NOD32 i znalazl 1 obiekt zainfekowany/wyleczony. Myslalem ze pomoglo ale po ponownym uruchomieniu komputera nadal pojawia sie to okno.

Mateusz J.
komentarz
komentarz

Pokaż log z Hiajckthis: http://www.forumpc.pl/index.php?showtopic=11017

A na pewno Ci pomogę :) Zapewne masz ustawiony plik w autorstarcie.

emarti
komentarz
komentarz

Sciagnalem Hiajckthis ale nie wiem jak skopiowac logi. Postepuje wg. instrukcji, pojawia mi sie tak jak jest opisane w instrukcji ale po nacisnieciu ctrl i a nic sie nie kopiuje. Moze cos zle robie, naciskam ctrl i literke "a" na klawiaturze. Ja naprawde za wiele sie nie znam na takich sprawach wiec prosze o wybaczenie.

OK, Boze troche pomyslec i wiadomo jak to zrobic... Juz wiem i wklejam loga.

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:53:48, on 2008-12-16Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\ASUS\ASUS Live Update\ALU.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\ASUS\ATK Media\DMedia.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\ASUSTPE.exeC:\Windows\ASScrPro.exeC:\Program Files\PowerForPhone\PowerForPhone.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\DAP\DAP.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXEO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exeO4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exeO4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exeO4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exeO4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnliGwU.dll,#1O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUPO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{81B3D090-AEC5-45F7-922B-96774EA9AF19}: NameServer = 85.255.114.68;85.255.112.150O17 - HKLM\System\CCS\Services\Tcpip\..\{84F153A7-F553-4F5F-BF20-C0855B02DF77}: NameServer = 85.255.114.68;85.255.112.150O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.68;85.255.112.150O17 - HKLM\System\CS1\Services\Tcpip\..\{81B3D090-AEC5-45F7-922B-96774EA9AF19}: NameServer = 85.255.114.68;85.255.112.150O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.68;85.255.112.150O17 - HKLM\System\CS2\Services\Tcpip\..\{81B3D090-AEC5-45F7-922B-96774EA9AF19}: NameServer = 85.255.114.68;85.255.112.150O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.68;85.255.112.150O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeO23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe--End of file - 7940 bytes

Chyba nie wkleilem loga do odpowiedniego dzialu. Przepraszam. Moj log jest tez w dziale "logi".

Mateusz J.
komentarz
komentarz

Użyj tego programu: http://cybertrash.pl/images/tata/FixwareOut.html

Zaznacz poniższe wpisy w HijackThis:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnliGwU.dll,#1

Następnie kliknij Fix checked.

Problem powinien w tym moemencie zniknąć, ale proszę pokazać jeszcze loga z ComboFix ponieważ masz zainfekowany komputer.

sower
komentarz
komentarz

Według mnie powinieneś usunąć:

************

//Nie sprawdzaj logów jeśli tego nie potrafisz.

No chyba, że chcesz wyrządzić komuś krzywdę oraz otrzymać warna

//jesiona

emarti
komentarz
komentarz
Użyj tego programu: http://cybertrash.pl/images/tata/FixwareOut.html

Zaznacz poniższe wpisy w HijackThis:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnliGwU.dll,#1

Następnie kliknij Fix checked.

Problem powinien w tym moemencie zniknąć, ale proszę pokazać jeszcze loga z ComboFix ponieważ masz zainfekowany komputer.

Hej, usunalem O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnliGwU.dll,#1[/code]

oraz

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

pozostale dwa nie daly sie usunac. Uzylem Hiajckthis poniewaz Combofix nie dalo sie uruchomic po sciagnieciu.

Zatem po uruchomieniu komputera nie pojawia sie juz okno o bledzie DLL ale zastanawia mnie czy problem zostal definitywnie rozwiazany?

Dziekuje Ci bardzo za pomoc mimo wszystko. Nie poradzilbym sobie.

Mateusz J.
komentarz
komentarz

Z panelu sterownia odinstaluj: free-downloads.net

Skoro nie działa ComboFix pokaż log z RSIT.

Instrukcja: http://www.forumpc.pl/index.php?showtopic=72102

czy problem zostal definitywnie rozwiazany?
Tego nie mogę powiedzieć, dlatego proszę o loga z RSIT, aby to dokładniej sprawdzić.

Ale najprawdopodobniej coś jeszcze siedzi w Twoim komputerze.

Aha i moje pytanie czy wykonałeś:

JEst to bardzo ważne, ponieważ masz szkodliwe DNS.
emarti
komentarz
komentarz
Z panelu sterownia odinstaluj: free-downloads.net

Skoro nie działa ComboFix pokaż log z RSIT.

Instrukcja: http://www.forumpc.pl/index.php?showtopic=72102

Tego nie mogę powiedzieć, dlatego proszę o loga z RSIT, aby to dokładniej sprawdzić.

Ale najprawdopodobniej coś jeszcze siedzi w Twoim komputerze.

Aha i moje pytanie czy wykonałeś:JEst to bardzo ważne, ponieważ masz szkodliwe DNS.

Logfile of random's system information tool 1.04 (written by random/random)Run by Marcin at 2008-12-16 23:24:59Microsoft® Windows Vista™ Home Basic  Service Pack 1System drive C: has 37 GB (31%) free of 119 GBTotal RAM: 1919 MB (56% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:25:07, on 2008-12-16Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\ASUS\ASUS Live Update\ALU.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\ASUS\ATK Media\DMedia.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\ASUSTPE.exeC:\Windows\ASScrPro.exeC:\Program Files\PowerForPhone\PowerForPhone.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\DAP\DAP.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Windows\System32\mobsync.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\SearchFilterHost.exec:\Users\Marcin Kuźmiak\Documents\My Completed Downloads\RSIT.exeC:\Program Files\Trend Micro\HijackThis\Marcin Kuźmiak.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeO4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXEO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exeO4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exeO4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exeO4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exeO4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osbootO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUPO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exeO23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe--End of file - 6764 bytes======Scheduled tasks folder======C:\Windows\tasks\NeroLiveEpgUpdate-MARCINKUZMIA-PC_Marcin-Kuźmiak.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-07 304736][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-04 320920][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-04 34816][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912]"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-09-03 630784]"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]"ASUSTPE"=C:\Windows\system32\ASUSTPE.exe [2006-12-13 106496]"ASUS Camera ScreenSaver"=C:\Windows\ASScrProlog.exe [2008-12-04 37232]"ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2008-12-04 33136]"PowerForPhone"=C:\Program Files\PowerForPhone\PowerForPhone.exe [2007-06-26 778240]"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-04 136600]"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-12-07 185872][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]""= []"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2008-12-04 3114496]"Gadu-Gadu"=C:\Program Files\Gadu-Gadu\gg.exe [2008-03-20 2127296]"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21750568][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"EnableLUA"=0"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1"EnableUIADesktopToggle"=0[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list][HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]======List of files/folders created in the last 1 months======2008-12-16 21:39:27 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\Malwarebytes2008-12-16 21:39:19 ----D---- C:\ProgramData\Malwarebytes2008-12-16 21:39:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2008-12-16 21:14:19 ----D---- C:\rsit2008-12-16 20:05:44 ----D---- C:\32788R22FWJFW2008-12-16 19:56:25 ----A---- C:\Windows\system32\swsc.exe2008-12-16 19:56:20 ----A---- C:\Bug.txt2008-12-16 19:56:19 ----A---- C:\Windows\system32\cmd.execf2008-12-16 18:38:29 ----D---- C:\Program Files\Trend Micro2008-12-14 14:02:57 ----A---- C:\Windows\eowero.vbs2008-12-14 14:02:57 ----A---- C:\Windows\cks.bat2008-12-14 14:02:47 ----D---- C:\Windows\HDTVXviD Codec2008-12-12 20:54:44 ----A---- C:\Windows\system32\xvidvfw.dll2008-12-12 20:54:44 ----A---- C:\Windows\system32\xvidcore.dll2008-12-12 20:54:43 ----A---- C:\Windows\system32\qt-dx331.dll2008-12-12 20:54:43 ----A---- C:\Windows\system32\dpl100.dll2008-12-12 20:54:23 ----A---- C:\Windows\system32\divx.dll2008-12-11 23:41:30 ----A---- C:\Windows\NeroDigital.ini2008-12-11 22:57:00 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\Nero2008-12-11 22:38:19 ----A---- C:\Windows\Irremote.ini2008-12-11 20:08:47 ----D---- C:\Program Files\Microsoft Silverlight2008-12-10 23:11:29 ----D---- C:\Program Files\Alcohol Soft2008-12-10 21:52:03 ----D---- C:\Program Files\Nero2008-12-10 21:50:20 ----D---- C:\ProgramData\Nero2008-12-10 21:50:16 ----D---- C:\Program Files\Common Files\Nero2008-12-10 21:48:37 ----A---- C:\Windows\system32\d3dx9_30.dll2008-12-10 19:53:33 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\BESTplayer2008-12-09 22:43:11 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\Media Player Classic2008-12-09 20:51:20 ----D---- C:\Program Files\Yahoo!2008-12-09 20:51:10 ----D---- C:\Program Files\CCleaner2008-12-07 17:19:00 ----D---- C:\Program Files\SubEdit-Player2008-12-07 16:30:52 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\vlc2008-12-07 16:30:13 ----D---- C:\Program Files\VideoLAN2008-12-07 16:02:08 ----A---- C:\Windows\system32\unrar.dll2008-12-07 16:02:08 ----A---- C:\Windows\avisplitter.ini2008-12-07 16:01:59 ----A---- C:\Windows\system32\yv12vfw.dll2008-12-07 16:01:47 ----A---- C:\Windows\system32\ff_vfw.dll.manifest2008-12-07 16:01:47 ----A---- C:\Windows\system32\ff_vfw.dll2008-12-07 16:01:45 ----D---- C:\Program Files\K-Lite Codec Pack2008-12-07 14:28:13 ----D---- C:\Program Files\Common Files\xing shared2008-12-07 14:28:06 ----A---- C:\Windows\system32\rmoc3260.dll2008-12-07 14:27:58 ----D---- C:\Program Files\Real2008-12-07 14:27:58 ----A---- C:\Windows\system32\pndx5032.dll2008-12-07 14:27:58 ----A---- C:\Windows\system32\pndx5016.dll2008-12-07 14:27:58 ----A---- C:\Windows\system32\pncrt.dll2008-12-07 14:27:54 ----D---- C:\Program Files\Common Files\Real2008-12-07 14:27:53 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\Real2008-12-07 14:11:09 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\skypePM2008-12-07 14:09:55 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\Skype2008-12-07 14:09:13 ----D---- C:\Program Files\Skype2008-12-07 14:09:12 ----D---- C:\Program Files\Common Files\Skype2008-12-07 14:09:01 ----D---- C:\ProgramData\Skype2008-12-06 23:28:23 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\Google2008-12-06 23:27:32 ----D---- C:\Program Files\Google2008-12-06 20:58:39 ----D---- C:\Program Files\NAPI-PROJEKT2008-12-06 20:24:57 ----D---- C:\ProgramData\eMule2008-12-06 20:24:31 ----D---- C:\Program Files\eMule2008-12-06 17:24:54 ----D---- C:\Windows\Sun2008-12-05 23:29:18 ----D---- C:\Program Files\Adobe2008-12-05 15:24:00 ----A---- C:\Windows\system32\winresume.exe2008-12-05 15:24:00 ----A---- C:\Windows\system32\winload.exe2008-12-05 15:24:00 ----A---- C:\Windows\system32\kd1394.dll2008-12-05 15:24:00 ----A---- C:\Windows\system32\ci.dll2008-12-05 15:23:59 ----A---- C:\Windows\system32\srdelayed.exe2008-12-05 15:23:59 ----A---- C:\Windows\system32\srcore.dll2008-12-05 15:23:59 ----A---- C:\Windows\system32\srclient.dll2008-12-05 15:23:59 ----A---- C:\Windows\system32\setbcdlocale.dll2008-12-05 15:23:59 ----A---- C:\Windows\system32\rstrui.exe2008-12-05 15:23:59 ----A---- C:\Windows\system32\kbd106n.dll2008-12-05 02:01:09 ----A---- C:\Windows\PGMONITOR.EXE2008-12-05 02:00:26 ----A---- C:\Windows\system32\Oemdspif.dll2008-12-05 02:00:26 ----A---- C:\Windows\system32\atiumdva.dll2008-12-05 02:00:25 ----A---- C:\Windows\system32\atiumdag.dll2008-12-05 02:00:25 ----A---- C:\Windows\system32\atipdlxx.dll2008-12-05 02:00:25 ----A---- C:\Windows\system32\atioglxx.dll2008-12-05 02:00:24 ----A---- C:\Windows\system32\ATIDEMGX.dll2008-12-05 02:00:24 ----A---- C:\Windows\system32\Ati2evxx.exe2008-12-05 02:00:24 ----A---- C:\Windows\system32\Ati2evxx.dll2008-12-05 02:00:24 ----A---- C:\Windows\system32\ati2edxx.dll2008-12-05 02:00:02 ----A---- C:\Windows\system32\WdfCoInstaller01000.dll2008-12-05 02:00:01 ----A---- C:\Windows\system32\SynTPCo4.dll2008-12-05 02:00:01 ----A---- C:\Windows\system32\SynTPAPI.dll2008-12-05 02:00:00 ----A---- C:\Windows\system32\SynCtrl.dll2008-12-05 02:00:00 ----A---- C:\Windows\system32\SynCOM.dll2008-12-05 01:58:50 ----A---- C:\Windows\system32\sm56co6a.dll2008-12-05 01:58:32 ----A---- C:\Windows\snuninst.exe2008-12-05 01:06:06 ----D---- C:\Windows\SoftwareDistribution2008-12-05 01:02:02 ----SHD---- C:\System Volume Information2008-12-04 21:47:00 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\Gadu-Gadu2008-12-04 21:44:32 ----D---- C:\Program Files\Gadu-Gadu2008-12-04 20:42:17 ----D---- C:\ProgramData\ESET2008-12-04 20:42:17 ----D---- C:\Program Files\ESET2008-12-04 20:15:10 ----D---- C:\ProgramData\Kaspersky Lab Setup Files2008-12-04 19:17:35 ----A---- C:\Windows\system32\javaws.exe2008-12-04 19:17:35 ----A---- C:\Windows\system32\javaw.exe2008-12-04 19:17:35 ----A---- C:\Windows\system32\deploytk.dll2008-12-04 19:17:34 ----A---- C:\Windows\system32\java.exe2008-12-04 19:17:20 ----D---- C:\Program Files\Java2008-12-04 19:12:28 ----AD---- C:\ProgramData\TEMP2008-12-04 19:12:21 ----D---- C:\ProgramData\SpeedBit2008-12-04 19:12:13 ----A---- C:\Windows\system32\wbhelp2.dll2008-12-04 19:12:10 ----D---- C:\Program Files\DAP2008-12-04 19:01:04 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\Mozilla2008-12-04 19:00:57 ----D---- C:\Program Files\Mozilla Firefox2008-12-04 18:20:20 ----HD---- C:\Windows\PIF2008-12-04 18:07:52 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\ATI2008-12-04 18:07:21 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\Adobe2008-12-04 18:07:16 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\Macromedia2008-12-04 18:06:12 ----D---- C:\Users\Marcin Kuźmiak\AppData\Roaming\Identities2008-12-04 18:05:04 ----SD---- C:\Users\Marcin Kuźmiak\AppData\Roaming\Microsoft2008-12-04 18:00:04 ----A---- C:\Windows\system32\wups2.dll2008-12-04 18:00:04 ----A---- C:\Windows\system32\wucltux.dll2008-12-04 18:00:04 ----A---- C:\Windows\system32\wuaueng.dll2008-12-04 18:00:04 ----A---- C:\Windows\system32\wuauclt.exe2008-12-04 17:59:26 ----A---- C:\Windows\system32\wups.dll2008-12-04 17:59:26 ----A---- C:\Windows\system32\wudriver.dll2008-12-04 17:59:26 ----A---- C:\Windows\system32\wuapi.dll2008-12-04 17:59:08 ----A---- C:\Windows\system32\wuwebv.dll2008-12-04 17:59:08 ----A---- C:\Windows\system32\wuapp.exe2008-12-04 17:47:53 ----D---- C:\ProgramData\Adobe2008-12-04 17:47:48 ----D---- C:\Program Files\Common Files\Adobe2008-12-04 17:43:41 ----A---- C:\Windows\system32\acovcnt.exe2008-12-04 17:32:49 ----A---- C:\Windows\system32\capicom.dll2008-12-04 17:32:45 ----D---- C:\ProgramData\Symantec2008-12-04 17:32:32 ----D---- C:\Program Files\Common Files\Symantec Shared2008-12-04 17:31:54 ----A---- C:\Windows\system32\ACEngSvr.exe2008-12-04 17:31:31 ----D---- C:\Program Files\PowerForPhone2008-12-04 17:31:08 ----D---- C:\ProgramData\P4G2008-12-04 17:31:08 ----D---- C:\Program Files\Power4Gear eXtreme2008-12-04 17:31:08 ----D---- C:\Program Files\P4G2008-12-04 17:30:48 ----A---- C:\Windows\ASScrPro.exe2008-12-04 17:30:38 ----A---- C:\Windows\ASUS Camera ScreenSaver.exe2008-12-04 17:30:38 ----A---- C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe2008-12-04 17:30:38 ----A---- C:\Windows\ASScrProlog.exe2008-12-04 17:30:36 ----D---- C:\Windows\system32\Macromed2008-12-04 17:30:36 ----D---- C:\Windows\Asus_Camera_ScreenSaver dir2008-12-04 17:30:36 ----A---- C:\Windows\impborl.dll2008-12-04 17:30:36 ----A---- C:\Windows\flashax.exe2008-12-04 17:29:07 ----A---- C:\Windows\system32\TPESetting.dll2008-12-04 17:29:07 ----A---- C:\Windows\system32\ASUSTPE.exe2008-12-04 17:28:39 ----D---- C:\Program Files\Synaptics2008-12-04 17:26:01 ----D---- C:\ProgramData\ASUS2008-12-04 17:26:01 ----D---- C:\Program Files\ASUS2008-12-04 17:24:35 ----D---- C:\Program Files\Wireless Console 22008-12-04 17:23:06 ----D---- C:\Windows\system32\nn-NO2008-12-04 17:23:06 ----A---- C:\Windows\system32\S64CPA.exe2008-12-04 17:23:06 ----A---- C:\Windows\system32\athihvui.dll2008-12-04 17:23:06 ----A---- C:\Windows\system32\athihvs.dll2008-12-04 17:22:59 ----D---- C:\Program Files\Atheros2008-12-04 17:22:58 ----D---- C:\Program Files\Cisco2008-12-04 17:21:46 ----D---- C:\ProgramData\Atheros2008-12-04 17:17:44 ----D---- C:\Program Files\Motorola2008-12-04 17:16:18 ----D---- C:\Windows\system32\RTCOM2008-12-04 17:16:00 ----A---- C:\Windows\DIFxAPI.dll2008-12-04 17:15:59 ----A---- C:\Windows\system32\SRSWOW.dll2008-12-04 17:15:59 ----A---- C:\Windows\system32\SRSTSXT.dll2008-12-04 17:15:58 ----A---- C:\Windows\system32\RtkPgExt.dll2008-12-04 17:15:58 ----A---- C:\Windows\system32\RtkCoInst.dll2008-12-04 17:15:58 ----A---- C:\Windows\system32\RtkAPO.dll2008-12-04 17:15:58 ----A---- C:\Windows\RtlUpd.exe2008-12-04 17:15:57 ----D---- C:\Program Files\Realtek2008-12-04 17:15:57 ----A---- C:\Windows\RtHDVCpl.exe2008-12-04 17:15:47 ----A---- C:\Windows\RtlExUpd.dll2008-12-04 17:15:47 ----A---- C:\Windows\HideWin.exe2008-12-04 17:15:45 ----D---- C:\Program Files\Common Files\InstallShield2008-12-04 17:15:30 ----D---- C:\Program Files\ATKOSD22008-12-04 17:15:08 ----D---- C:\Program Files\ATK Hotkey2008-12-04 17:15:07 ----HD---- C:\Program Files\InstallShield Installation Information2008-12-04 17:10:51 ----D---- C:\Program Files\ATI Technologies2008-12-04 17:10:48 ----D---- C:\Program Files\ATI2008-12-04 17:10:08 ----SHD---- C:\Windows\Installer======List of files/folders modified in the last 1 months======2008-12-16 23:25:00 ----D---- C:\Windows\Temp2008-12-16 23:13:30 ----D---- C:\Windows\System322008-12-16 23:13:29 ----D---- C:\Windows\inf2008-12-16 23:13:29 ----A---- C:\Windows\system32\PerfStringBackup.INI2008-12-16 23:06:21 ----RD---- C:\Program Files2008-12-16 23:06:21 ----D---- C:\Windows2008-12-16 23:06:13 ----D---- C:\Windows\system32\drivers2008-12-16 21:39:19 ----HD---- C:\ProgramData2008-12-16 21:14:15 ----D---- C:\Windows\Prefetch2008-12-16 20:05:41 ----D---- C:\Windows\system32\WDI2008-12-11 23:33:54 ----RD---- C:\Users2008-12-11 23:31:27 ----D---- C:\Windows\system32\Tasks2008-12-11 23:31:25 ----D---- C:\Windows\Tasks2008-12-11 22:37:43 ----D---- C:\Windows\system32\catroot22008-12-10 23:19:26 ----SD---- C:\ProgramData\Microsoft2008-12-10 21:50:16 ----D---- C:\Program Files\Common Files2008-12-10 21:49:44 ----D---- C:\Windows\winsxs2008-12-09 20:55:21 ----D---- C:\Windows\Debug2008-12-07 14:27:14 ----D---- C:\Program Files\Internet Explorer2008-12-05 21:27:43 ----D---- C:\Windows\rescache2008-12-05 21:25:02 ----D---- C:\Windows\system32\catroot2008-12-05 21:21:10 ----D---- C:\Windows\system32\pl-PL2008-12-05 21:21:06 ----D---- C:\Windows\AppPatch2008-12-05 21:21:01 ----D---- C:\Program Files\Windows Mail2008-12-05 21:20:50 ----D---- C:\Windows\system32\en2008-12-05 21:20:50 ----D---- C:\Windows\en-US2008-12-05 21:20:46 ----D---- C:\Windows\system32\en-US2008-12-05 16:21:27 ----D---- C:\Windows\system32\migration2008-12-05 16:11:16 ----D---- C:\Windows\system32\LogFiles2008-12-05 15:45:47 ----D---- C:\Windows\PolicyDefinitions2008-12-05 15:45:43 ----D---- C:\Windows\system32\Boot2008-12-05 15:16:32 ----D---- C:\Windows\Logs2008-12-05 01:08:06 ----D---- C:\Windows\system32\restore2008-12-04 18:09:17 ----SD---- C:\Windows\Downloaded Program Files2008-12-04 18:07:15 ----SHD---- C:\$Recycle.Bin2008-12-04 17:53:41 ----D---- C:\Windows\system32\sysprep2008-12-04 17:53:41 ----D---- C:\Windows\Panther2008-12-04 17:50:39 ----D---- C:\Windows\system2008-12-04 17:31:33 ----D---- C:\Windows\ModemLogs2008-12-04 17:23:06 ----D---- C:\Windows\system32\zh-TW2008-12-04 17:23:06 ----D---- C:\Windows\system32\zh-CN2008-12-04 17:23:06 ----D---- C:\Windows\system32\tr-TR2008-12-04 17:23:06 ----D---- C:\Windows\system32\sv-SE2008-12-04 17:23:06 ----D---- C:\Windows\system32\ru-RU2008-12-04 17:23:06 ----D---- C:\Windows\system32\pt-PT2008-12-04 17:23:06 ----D---- C:\Windows\system32\nl-NL2008-12-04 17:23:06 ----D---- C:\Windows\system32\ko-KR2008-12-04 17:23:06 ----D---- C:\Windows\system32\ja-JP2008-12-04 17:23:06 ----D---- C:\Windows\system32\it-IT2008-12-04 17:23:06 ----D---- C:\Windows\system32\hu-HU2008-12-04 17:23:06 ----D---- C:\Windows\system32\fr-FR2008-12-04 17:23:06 ----D---- C:\Windows\system32\fi-FI2008-12-04 17:23:06 ----D---- C:\Windows\system32\es-ES2008-12-04 17:23:06 ----D---- C:\Windows\system32\el-GR2008-12-04 17:23:06 ----D---- C:\Windows\system32\de-DE2008-12-04 17:23:06 ----D---- C:\Windows\system32\da-DK2008-12-04 17:23:06 ----D---- C:\Windows\system32\cs-CZ2008-12-04 17:22:39 ----D---- C:\Program Files\Common Files\microsoft shared2008-12-04 17:13:15 ----RSD---- C:\Windows\assembly======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-07-01 53256]R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-07-01 39944]R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\Windows\system32\DRIVERS\l260x86.sys [2007-08-17 28672]R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-06 908800]R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904]R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2008-12-03 38496]R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-15 7680]R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 2385920]R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-11-10 57856]R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-02-02 565248]R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]-----------------EOF----------------

Dodam, ze Antivirus NOD32 nie wykryl zadnych infekcji tak jak to bylo przed usunieciem plikow (tak?) ktore wskazales.

Aha i moje pytanie czy wykonałeś:

Użyj tego programu: http://cybertrash.pl/images/tata/FixwareOut.html

JEst to bardzo ważne, ponieważ masz szkodliwe DNS.

Gdy laczy mnie z ta strona i probuje sciagnac "Fixware" dostaje informacje ze "wyszukiwanie zostalo przerwane poniewaz zadany plik nie istnieje".

Z panelu sterownia odinstaluj: free-downloads.net ODINSTALOWEALEM

Zrobilem skan programem Malwarebytes' Anti-Malware 1.31. Oto log z wynikami. Wykasowalem wszystko.

Przepraszam ze zamieszczam informacje w tym dziale ale jezeli pomagasz mi od poczatku tutaj to zalezy mi zeby ten temat nie zginal. Pozniej oczywiscie mozna go usunac. Prosze o informacje czy jeszcze cos nalezy zrobic. Dziekuje serdecznie za pomoc.

Malwarebytes' Anti-Malware 1.31Wersja bazy definicji: 1508Windows 6.0.6001 Service Pack 12008-12-16 23:03:12mbam-log-2008-12-16 (23-03-12).txtTyp skanowania: Szybkie skanowaniePrzeskanowane obiekty: 43330Upłynęło: 5 minute(s), 29 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 1Zainfekowane klucze rejestru: 4Zainfekowane wartości rejestru: 1Zainfekowane pliki rejestru: 12Zainfekowane foldery: 4Zainfekowane pliki: 6Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> Delete on reboot.Zainfekowane klucze rejestru:HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.Zainfekowane wartości rejestru:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.Zainfekowane pliki rejestru:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.68;85.255.112.150 -> Delete on reboot.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{81b3d090-aec5-45f7-922b-96774ea9af19}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.68;85.255.112.150 -> Delete on reboot.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{84f153a7-f553-4f5f-bf20-c0855b02df77}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.68;85.255.112.150 -> Delete on reboot.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{84f153a7-f553-4f5f-bf20-c0855b02df77}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.68;85.255.112.150 -> Delete on reboot.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.68;85.255.112.150 -> Delete on reboot.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{81b3d090-aec5-45f7-922b-96774ea9af19}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.68;85.255.112.150 -> Delete on reboot.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{84f153a7-f553-4f5f-bf20-c0855b02df77}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.68;85.255.112.150 -> Delete on reboot.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{84f153a7-f553-4f5f-bf20-c0855b02df77}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.68;85.255.112.150 -> Delete on reboot.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.68;85.255.112.150 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{81b3d090-aec5-45f7-922b-96774ea9af19}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.68;85.255.112.150 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{84f153a7-f553-4f5f-bf20-c0855b02df77}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.68;85.255.112.150 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{84f153a7-f553-4f5f-bf20-c0855b02df77}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.68;85.255.112.150 -> Quarantined and deleted successfully.Zainfekowane foldery:C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\Program Files\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\Users\Marcin Kuźmiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.Zainfekowane pliki:C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Spyware.Passwords) -> Quarantined and deleted successfully.C:\Windows\System32\msqpdxqdpameei.dll (Trojan.Agent) -> Delete on reboot.C:\Program Files\extravideo\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\extravideo\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\Windows\System32\drivers\msqpdxwgdyifrl.sys (Trojan.Agent) -> Quarantined and deleted successfully.C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Mateusz J.
komentarz
komentarz

Wygląda na to, że Malwarebytes się wszystkiego pozbył.

Logi czyste.

Wygląda na to, że Malwarebytes się wszystkiego pozbył.

Logi czyste.

emarti
komentarz
komentarz

To swietnie, dziekuje Ci bardzo za pomoc. Naprawde sam bym sobie nie poradzil. Pozdrawiam!

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.