Skocz do zawartości

Blokujący sie komputer


Rekomendowane odpowiedzi

Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.

oki juz wiem wklejam wszystko

 

ComboFix 11-02-19.01 - Romek I Anna 2011-02-19 22:20:05.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.2047.1197 [GMT 1:00]

Uruchomiony z: c:\users\Romek I Anna\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\QUAD Utilities

c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log

c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.exe

c:\program files\QUAD Utilities\QUAD RegistryCleaner\Scheduler.dll

c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles

c:\users\Romek I Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities

c:\users\Romek I Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.lnk

c:\users\Romek I Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\Uninstall QUAD RegistryCleaner.lnk

 

.

((((((((((((((((((((((((( Pliki utworzone od 2011-01-19 do 2011-02-19 )))))))))))))))))))))))))))))))

.

 

2011-02-19 21:34 . 2011-02-19 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-19 06:03 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AD1B5C8-7EC3-41BB-91F1-A2AE22404852}\mpengine.dll

2011-02-13 23:05 . 2011-02-13 23:12 -------- d-----w- c:\program files\HyCam2

2011-02-13 18:13 . 2011-02-13 18:24 -------- d-----w- c:\program files\Odkurzacz

2011-02-09 17:58 . 2011-02-09 17:58 -------- d-----w- c:\users\Romek I Anna\.IBot 2.76

2011-02-03 19:15 . 2011-02-03 19:15 -------- d-----w- c:\users\Romek I Anna\.IBot 2.75

2011-01-30 15:04 . 2011-01-30 15:04 -------- d-----w- c:\users\Romek I Anna\AppData\Roaming\TomTom

2011-01-30 15:04 . 2011-01-30 15:04 -------- d-----w- c:\users\Romek I Anna\AppData\Local\TomTom

2011-01-26 20:42 . 2011-01-26 20:42 -------- d-----w- c:\users\Romek I Anna\.IBot 2.74

2011-01-22 23:17 . 2011-01-22 23:17 -------- d-----w- c:\users\Romek I Anna\.IBot 2.73

2011-01-21 00:02 . 2011-01-21 00:02 -------- d-----w- c:\users\Romek I Anna\.IBot 2.72

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-13 08:47 . 2010-11-07 23:20 38848 ----a-w- c:\windows\avastSS.scr

2011-01-13 08:47 . 2010-11-07 23:20 188216 ----a-w- c:\windows\system32\aswBoot.exe

2011-01-13 08:41 . 2010-11-07 23:20 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-01-13 08:40 . 2010-11-07 23:20 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-01-13 08:37 . 2010-11-07 23:20 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-01-13 08:37 . 2010-11-07 23:20 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-01-13 08:37 . 2010-11-07 23:20 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-12-28 15:55 . 2011-01-12 04:20 413696 ----a-w- c:\windows\system32\odbc32.dll

2010-12-14 14:49 . 2011-01-12 04:20 1169408 ----a-w- c:\windows\system32\sdclt.exe

.

 

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2010-11-07 251184]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]

"MGSysCtrl"="c:\program files\LG Software\System Control Manager\MGSysCtrl.exe" [2007-11-21 565248]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]

"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 NishService;Evil Driver Daemon;c:\program files\LG Software\System Control Manager\edd.exe [2007-08-23 61440]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]

S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]

S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

.

------- Skan uzupełniający -------

.

FF - ProfilePath - c:\users\Romek I Anna\AppData\Roaming\Mozilla\Firefox\Profiles\657hp6n8.default\

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-19 22:35

Windows 6.0.6002 Service Pack 2 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Czas ukończenia: 2011-02-19 22:46:32

ComboFix-quarantined-files.txt 2011-02-19 21:46

 

Przed: 55 694 221 312 bajtów wolnych

Po: 56 029 753 344 bajtów wolnych

 

Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11

- - End Of File - - 10AF761E7F0F6EDD885A5EBB418D9745

 

co do opisania problemu nie wiemjak to wyjasnic poprostu klatka stop i nic nie mozna zrobic

OTL logfile created on: 2011-02-19 23:57:31 - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Romek I Anna\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19019)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 92,00 Gb Total Space | 52,24 Gb Free Space | 56,79% Space Free | Partition Type: NTFS

Drive D: | 139,88 Gb Total Space | 139,34 Gb Free Space | 99,61% Space Free | Partition Type: NTFS

 

Computer Name: ROMEKIANNA-PC | User Name: Romek I Anna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011-02-19 23:54:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Romek I Anna\Downloads\OTL.com

PRC - [2011-02-09 15:38:00 | 000,878,592 | ---- | M] () -- C:\Program Files\Profibot\IBot 2.76\IBot.exe

PRC - [2011-01-13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011-01-13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010-12-11 00:37:22 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010-12-11 00:37:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010-12-10 13:29:00 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2010-11-07 23:31:22 | 000,251,184 | ---- | M] (BIT LEADER) -- C:\Program Files\lg_swupdate\GiljabiStart.exe

PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009-04-11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2008-01-19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007-12-17 11:02:28 | 004,718,592 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007-02-12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe

PRC - [2006-10-05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011-02-19 23:54:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Romek I Anna\Downloads\OTL.com

MOD - [2011-01-13 09:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll

MOD - [2010-08-31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011-01-20 14:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2011-01-13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010-12-10 13:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2008-09-08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008-01-19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007-08-23 14:37:18 | 000,061,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files\LG Software\System Control Manager\edd.exe -- (NishService)

SRV - [2007-02-12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)

SRV - [2006-10-05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011-01-13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011-01-13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011-01-13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011-01-13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011-01-13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010-06-23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2009-01-13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008-02-25 16:53:22 | 003,520,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2007-12-20 18:02:06 | 002,032,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007-05-02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)

DRV - [2007-05-02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)

DRV - [2007-05-02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV - [2007-04-03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR)

DRV - [2007-04-02 16:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR)

DRV - [2006-12-22 05:21:52 | 000,019,456 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl)

DRV - [2006-11-28 07:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006-11-22 13:20:00 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2006-11-02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006-11-02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006-11-02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006-11-02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006-11-02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006-11-02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006-11-02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006-11-02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006-11-02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006-11-02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006-11-02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006-11-02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006-11-02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2006-11-02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006-11-02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006-11-02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006-11-02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006-11-02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006-11-02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006-11-02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006-11-02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006-11-02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006-11-02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006-11-02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006-11-02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006-11-02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006-11-02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006-11-02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006-11-02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006-11-02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006-11-02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006-11-02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006-11-02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006-11-02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006-11-02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006-11-02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006-11-02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006-11-02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006-11-02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006-11-02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006-11-02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®

DRV - [2006-11-02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006-10-19 03:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3567780947-1930185920-1234115515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3567780947-1930185920-1234115515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-11 00:37:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-11 00:37:25 | 000,000,000 | ---D | M]

 

[2011-01-30 16:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romek I Anna\AppData\Roaming\mozilla\Extensions

[2011-01-30 16:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romek I Anna\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2011-02-19 20:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romek I Anna\AppData\Roaming\mozilla\Firefox\Profiles\657hp6n8.default\extensions

[2010-11-09 21:05:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Romek I Anna\AppData\Roaming\mozilla\Firefox\Profiles\657hp6n8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-11-08 06:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010-10-27 06:37:26 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2010-10-27 06:37:26 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2010-10-27 06:37:26 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2010-10-27 06:37:26 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2010-10-27 06:37:26 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2010-10-27 06:37:26 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

 

O1 HOSTS File: ([2011-02-19 22:34:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER)

O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe (MSI)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-3567780947-1930185920-1234115515-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3567780947-1930185920-1234115515-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3567780947-1930185920-1234115515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011-02-19 22:47:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011-02-19 22:34:25 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011-02-19 22:17:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011-02-19 22:17:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011-02-19 22:17:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011-02-19 22:16:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011-02-19 22:15:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011-02-19 22:13:50 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011-02-14 00:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 2

[2011-02-14 00:05:07 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2

[2011-02-14 00:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2

[2011-02-13 19:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Odkurzacz

[2011-02-13 19:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz

[2011-02-09 18:58:20 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.76

[2011-02-09 00:36:50 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011-02-09 00:36:41 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2011-02-09 00:36:41 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011-02-09 00:36:41 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll

[2011-02-09 00:36:39 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll

[2011-02-09 00:36:39 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2011-02-09 00:36:38 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

[2011-02-09 00:36:38 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2011-02-09 00:36:38 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2011-02-09 00:36:38 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2011-02-09 00:36:37 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll

[2011-02-09 00:36:37 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll

[2011-02-09 00:36:37 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2011-02-09 00:36:36 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll

[2011-02-09 00:36:36 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2011-02-09 00:36:35 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2011-02-09 00:36:35 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2011-02-09 00:36:34 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2011-02-09 00:36:34 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2011-02-09 00:36:34 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2011-02-09 00:36:33 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2011-02-09 00:36:33 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll

[2011-02-09 00:36:33 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2011-02-09 00:36:31 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2011-02-09 00:36:30 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2011-02-09 00:36:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2011-02-09 00:36:13 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2011-02-09 00:36:12 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2011-02-09 00:35:50 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011-02-09 00:35:50 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011-02-09 00:35:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2011-02-09 00:35:49 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011-02-09 00:35:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011-02-09 00:35:48 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011-02-09 00:35:48 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011-02-09 00:35:48 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011-02-09 00:35:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011-02-09 00:35:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011-02-09 00:35:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011-02-09 00:35:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011-02-09 00:35:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011-02-09 00:35:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011-02-09 00:35:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011-02-09 00:35:43 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011-02-09 00:35:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011-02-09 00:35:29 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011-02-09 00:35:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011-02-03 20:15:29 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.75

[2011-01-30 16:04:30 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\Documents\TomTom

[2011-01-30 16:04:05 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\AppData\Roaming\TomTom

[2011-01-30 16:04:05 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\AppData\Local\TomTom

[2011-01-26 21:42:57 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.74

[2011-01-23 00:17:53 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.73

[2011-01-21 01:02:21 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.72

 

========== Files - Modified Within 30 Days ==========

 

[2011-02-19 23:54:54 | 001,048,576 | -HS- | M] () -- C:\Users\Romek I Anna\NTUSER.DAT

[2011-02-19 23:37:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011-02-19 23:37:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011-02-19 22:35:19 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2011-02-19 22:34:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011-02-19 21:36:27 | 001,495,264 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2011-02-19 21:36:27 | 000,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2011-02-19 21:36:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011-02-19 21:36:27 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2011-02-19 21:36:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011-02-19 21:31:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2011-02-19 21:31:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011-02-19 21:31:34 | 2146,820,096 | -HS- | M] () -- C:\hiberfil.sys

[2011-02-15 22:49:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011-02-15 22:49:27 | 000,524,288 | -HS- | M] () -- C:\Users\Romek I Anna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2011-02-15 22:49:27 | 000,065,536 | -HS- | M] () -- C:\Users\Romek I Anna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2011-02-15 22:49:25 | 001,928,301 | -H-- | M] () -- C:\Users\Romek I Anna\AppData\Local\IconCache.db

[2011-02-14 20:20:04 | 000,006,144 | ---- | M] () -- C:\Users\Romek I Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-02-13 19:13:47 | 000,000,984 | ---- | M] () -- C:\Users\Romek I Anna\Desktop\Szybkie Czyszczenie Dysku.lnk

[2011-02-13 19:13:47 | 000,000,888 | ---- | M] () -- C:\Users\Romek I Anna\Desktop\Odkurzacz.lnk

[2011-02-13 00:33:17 | 000,218,536 | ---- | M] () -- C:\Users\Romek I Anna\Documents\ts3_clientui-win32-12815-2011-02-13 00_33_16.320191.dmp

[2011-02-10 18:14:30 | 141,589,455 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011-02-09 18:58:05 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\IBot.lnk

[2011-02-09 03:25:15 | 000,228,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011-02-06 23:51:17 | 000,000,064 | ---- | M] () -- C:\Users\Romek I Anna\Desktop\Browsergames - Bigpoint bietet das Weltraumabenteuer DarkOrbit.URL

 

========== Files Created - No Company Name ==========

 

[2011-02-19 22:17:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011-02-19 22:17:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011-02-19 22:17:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011-02-19 22:17:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011-02-19 22:17:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011-02-13 19:13:47 | 000,000,984 | ---- | C] () -- C:\Users\Romek I Anna\Desktop\Szybkie Czyszczenie Dysku.lnk

[2011-02-13 19:13:47 | 000,000,888 | ---- | C] () -- C:\Users\Romek I Anna\Desktop\Odkurzacz.lnk

[2011-02-13 00:33:16 | 000,218,536 | ---- | C] () -- C:\Users\Romek I Anna\Documents\ts3_clientui-win32-12815-2011-02-13 00_33_16.320191.dmp

[2011-02-09 18:58:05 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\IBot.lnk

[2011-02-06 23:51:17 | 000,000,064 | ---- | C] () -- C:\Users\Romek I Anna\Desktop\Browsergames - Bigpoint bietet das Weltraumabenteuer DarkOrbit.URL

[2011-01-09 20:58:38 | 000,000,040 | ---- | C] () -- C:\Windows\System32\Sx5363.ini

[2010-11-28 19:22:30 | 000,006,144 | ---- | C] () -- C:\Users\Romek I Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-11-11 23:01:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010-11-11 23:00:25 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll

[2010-11-09 06:51:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini

[2010-11-08 00:06:16 | 001,928,301 | -H-- | C] () -- C:\Users\Romek I Anna\AppData\Local\IconCache.db

[2010-11-07 23:49:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll

[2010-11-07 23:49:31 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll

[2010-11-07 23:49:31 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll

[2010-11-07 23:44:04 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2010-11-07 23:30:42 | 000,008,825 | ---- | C] () -- C:\Windows\lg_up.ini

[2010-11-07 23:29:52 | 000,000,983 | ---- | C] () -- C:\Windows\lgcenter.ini

[2010-11-07 23:21:49 | 000,049,168 | ---- | C] () -- C:\Users\Romek I Anna\AppData\Local\GDIPFONTCACHEV1.DAT

[2010-11-07 23:21:20 | 000,000,680 | ---- | C] () -- C:\Users\Romek I Anna\AppData\Local\d3d9caps.dat

[2009-12-03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2008-02-25 14:10:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006-11-02 13:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini

[2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006-11-02 11:33:01 | 001,495,264 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI

[2006-11-02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006-11-02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini

[2006-11-02 11:23:31 | 000,000,215 | ---- | C] () -- C:\Windows\system.ini

[2006-11-02 11:23:31 | 000,000,164 | ---- | C] () -- C:\Windows\win.ini

[2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006-11-02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys

[2006-11-02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS

[2006-11-02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS

[2006-11-02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS

[2006-11-02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS

[2006-11-02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS

[2006-11-02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS

[2006-11-02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS

[2006-11-02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS

[2006-11-02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS

[2006-11-02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS

[2006-11-02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS

[2006-11-02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS

[2006-11-02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS

[2006-11-02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS

[2006-11-02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll

 

========== LOP Check ==========

 

[2011-01-30 16:04:05 | 000,000,000 | ---D | M] -- C:\Users\Romek I Anna\AppData\Roaming\TomTom

[2010-11-08 20:14:42 | 000,000,000 | ---D | M] -- C:\Users\Romek I Anna\AppData\Roaming\TS3Client

[2011-02-15 22:49:30 | 000,026,388 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

< End of report > profi bot jest czysty wczoraj nie wrzucilem ci tego drugego laga bo kompzawisl teraz sprubuje to jeszcze raz wystartowac

Odnośnik do komentarza

Co Ty wyprawiasz! Kto kazał uruchamić ComboFix! Ty masz podać logi z OTL + GMER.

 

Następnie: jeśli nikt jeszcze nie odpisał, nie tworzy się nowych własnych postów jeden pod drugim, tylko stosuje opcję Edytuj. Dopiero jeśli ktoś odpisał można tworzyć nowy post... Posty łączę.

 

 

 

EDIT:

 

1. Widzę, że już zrobiłeś log z OTL i wstawiłeś w poprzednim poście, ale: nie zaznaczyłeś opcji "Rejestr - skan dodatkowy" na "Użyj filtrowania", toteż nie powstała druga część loga OTL Extras. Zabrakło jeszcze raportu GMER pod kątem rootkitów. Proszę uzupełnij.

 

2. W na razie dostarczonych raportach nie widzę znaków infekcji w postaci czynnej. Zaś omyłkowo uruchomiony ComboFix usunął katalog wątpliwego reputacją czyściciela rejestru QUAD Registry Cleaner. Opis tego śmiecia w tutorialu na stronie Spybot Search & Destroy: KLIK.

 

3. Zastanawiają mnie za to te obiekty:

 

PRC - [2011-02-09 15:38:00 | 000,878,592 | ---- | M] () -- C:\Program Files\Profibot\IBot 2.76\IBot.exe

[2011-02-09 18:58:20 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.76

[2011-02-03 20:15:29 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.75

[2011-01-26 21:42:57 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.74

[2011-01-23 00:17:53 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.73

[2011-01-21 01:02:21 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.72

[2011-02-09 18:58:05 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\IBot.lnk

Czy ten Profibot IBot jest z pewnego źródła a nie na lewo? Krakowane "aplikacje" mogą spełniać funkcje trojanów...

 

 

mam problem z moim laptopem,a mianowicie zdaza sie ze calkowicie wszystko staje w miejscu i nic nie moge z tym zrobic nie dziala kompletnie nic,nawed kursor.Bede wdzieczny jesli ktos mógl by mi udzielic kilku wskazuwek co dalej mam z tym zrobic.

 

Jest to mało danych, przyczyną może być zarówno oprogramowanie, jak i sprzęt. W jakich okolicznościach następuje to zamrożenie / jaka jest jego częstotliwość? Czy nie zaczęło się od instalacji jakiegoś konkretnego programu? Czy w Dzienniku zdarzeń są jakieś błędy? Wstępnie: na wszelki wypadek sprawdź czy problem występuje także wtedy, gdy całkowicie wyłączysz wszystkie osłony Avast, dla porównania temat: KLIK.

 

 

EDIT2: Teraz już odpisuj pod moim postem ....

 

EDIT3: Grubo ponad miesiąc i brak odpowiedzi. Temat zamykam.

 

 

.

Edytowane przez picasso
3.04.2011 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso
Odnośnik do komentarza
Gość
Ten temat został zamknięty. Brak możliwości dodania odpowiedzi.
  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...