rudydraka Opublikowano 19 Lutego 2011 Zgłoś Udostępnij Opublikowano 19 Lutego 2011 Z góry sorki za to co pisze ,ale jestem kompletnym lajikiem co do komputerów.mam problem z moim laptopem,a mianowicie zdaza sie ze calkowicie wszystko staje w miejscu i nic nie moge z tym zrobic nie dziala kompletnie nic,nawed kursor.Bede wdzieczny jesli ktos mógl by mi udzielic kilku wskazuwek co dalej mam z tym zrobic. Odnośnik do komentarza
picasso Opublikowano 19 Lutego 2011 Zgłoś Udostępnij Opublikowano 19 Lutego 2011 Po pierwsze: zakładasz tematy w złych miejscach, sekcja Tutoriale w ogóle nie służy do rozwiązywania problemów, to sfera dla pisarzy artykułów = temat wylatuje do Kosza. Po drugie: zakładasz kolejny temat-dubel w Malware, a temat nie spełnia warunków do prowadzenia jakiejkolwiek pomocy (brak logów): KLIK. Odnośnik do komentarza
rudydraka Opublikowano 19 Lutego 2011 Autor Zgłoś Udostępnij Opublikowano 19 Lutego 2011 oki juz wiem wklejam wszystko ComboFix 11-02-19.01 - Romek I Anna 2011-02-19 22:20:05.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.2047.1197 [GMT 1:00] Uruchomiony z: c:\users\Romek I Anna\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\QUAD Utilities c:\program files\QUAD Utilities\QUAD RegistryCleaner\program.log c:\program files\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.exe c:\program files\QUAD Utilities\QUAD RegistryCleaner\Scheduler.dll c:\program files\QUAD Utilities\QUAD RegistryCleaner\Styles\Vista.cjstyles c:\users\Romek I Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities c:\users\Romek I Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\QUAD RegistryCleaner.lnk c:\users\Romek I Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QUAD Utilities\QUAD RegistryCleaner\Uninstall QUAD RegistryCleaner.lnk . ((((((((((((((((((((((((( Pliki utworzone od 2011-01-19 do 2011-02-19 ))))))))))))))))))))))))))))))) . 2011-02-19 21:34 . 2011-02-19 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-02-19 06:03 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AD1B5C8-7EC3-41BB-91F1-A2AE22404852}\mpengine.dll 2011-02-13 23:05 . 2011-02-13 23:12 -------- d-----w- c:\program files\HyCam2 2011-02-13 18:13 . 2011-02-13 18:24 -------- d-----w- c:\program files\Odkurzacz 2011-02-09 17:58 . 2011-02-09 17:58 -------- d-----w- c:\users\Romek I Anna\.IBot 2.76 2011-02-03 19:15 . 2011-02-03 19:15 -------- d-----w- c:\users\Romek I Anna\.IBot 2.75 2011-01-30 15:04 . 2011-01-30 15:04 -------- d-----w- c:\users\Romek I Anna\AppData\Roaming\TomTom 2011-01-30 15:04 . 2011-01-30 15:04 -------- d-----w- c:\users\Romek I Anna\AppData\Local\TomTom 2011-01-26 20:42 . 2011-01-26 20:42 -------- d-----w- c:\users\Romek I Anna\.IBot 2.74 2011-01-22 23:17 . 2011-01-22 23:17 -------- d-----w- c:\users\Romek I Anna\.IBot 2.73 2011-01-21 00:02 . 2011-01-21 00:02 -------- d-----w- c:\users\Romek I Anna\.IBot 2.72 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-13 08:47 . 2010-11-07 23:20 38848 ----a-w- c:\windows\avastSS.scr 2011-01-13 08:47 . 2010-11-07 23:20 188216 ----a-w- c:\windows\system32\aswBoot.exe 2011-01-13 08:41 . 2010-11-07 23:20 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-01-13 08:40 . 2010-11-07 23:20 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-01-13 08:37 . 2010-11-07 23:20 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-01-13 08:37 . 2010-11-07 23:20 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-01-13 08:37 . 2010-11-07 23:20 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-12-28 15:55 . 2011-01-12 04:20 413696 ----a-w- c:\windows\system32\odbc32.dll 2010-12-14 14:49 . 2011-01-12 04:20 1169408 ----a-w- c:\windows\system32\sdclt.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2010-11-07 251184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104] "MGSysCtrl"="c:\program files\LG Software\System Control Manager\MGSysCtrl.exe" [2007-11-21 565248] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624] "RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592] "Skytel"="Skytel.exe" [2007-11-20 1826816] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 NishService;Evil Driver Daemon;c:\program files\LG Software\System Control Manager\edd.exe [2007-08-23 61440] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680] S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008] S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . . ------- Skan uzupełniający ------- . FF - ProfilePath - c:\users\Romek I Anna\AppData\Roaming\Mozilla\Firefox\Profiles\657hp6n8.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-19 22:35 Windows 6.0.6002 Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Czas ukończenia: 2011-02-19 22:46:32 ComboFix-quarantined-files.txt 2011-02-19 21:46 Przed: 55Â 694Â 221Â 312 bajtów wolnych Po: 56Â 029Â 753Â 344 bajtów wolnych Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11 - - End Of File - - 10AF761E7F0F6EDD885A5EBB418D9745 co do opisania problemu nie wiemjak to wyjasnic poprostu klatka stop i nic nie mozna zrobic OTL logfile created on: 2011-02-19 23:57:31 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Romek I Anna\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,00 Gb Total Space | 52,24 Gb Free Space | 56,79% Space Free | Partition Type: NTFS Drive D: | 139,88 Gb Total Space | 139,34 Gb Free Space | 99,61% Space Free | Partition Type: NTFS Computer Name: ROMEKIANNA-PC | User Name: Romek I Anna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011-02-19 23:54:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Romek I Anna\Downloads\OTL.com PRC - [2011-02-09 15:38:00 | 000,878,592 | ---- | M] () -- C:\Program Files\Profibot\IBot 2.76\IBot.exe PRC - [2011-01-13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011-01-13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010-12-11 00:37:22 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010-12-11 00:37:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010-12-10 13:29:00 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010-11-07 23:31:22 | 000,251,184 | ---- | M] (BIT LEADER) -- C:\Program Files\lg_swupdate\GiljabiStart.exe PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-04-11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008-01-19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007-12-17 11:02:28 | 004,718,592 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007-02-12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe PRC - [2006-10-05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe ========== Modules (SafeList) ========== MOD - [2011-02-19 23:54:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Romek I Anna\Downloads\OTL.com MOD - [2011-01-13 09:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll MOD - [2010-08-31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011-01-20 14:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2011-01-13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010-12-10 13:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010-03-18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2008-09-08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008-01-19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-08-23 14:37:18 | 000,061,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files\LG Software\System Control Manager\edd.exe -- (NishService) SRV - [2007-02-12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash) SRV - [2006-10-05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - [2011-01-13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-01-13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-01-13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-01-13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011-01-13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010-06-23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009-01-13 09:45:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-02-25 16:53:22 | 003,520,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007-12-20 18:02:06 | 002,032,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007-05-02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007-05-02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007-05-02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2007-04-03 10:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2media.sys -- (O2MDRDR) DRV - [2007-04-02 16:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\o2sd.sys -- (O2SDRDR) DRV - [2006-12-22 05:21:52 | 000,019,456 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl) DRV - [2006-11-28 07:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006-11-22 13:20:00 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2006-11-02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006-11-02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006-11-02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006-11-02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006-11-02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006-11-02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006-11-02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006-11-02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006-11-02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006-11-02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006-11-02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006-11-02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006-11-02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006-11-02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006-11-02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006-11-02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006-11-02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006-11-02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006-11-02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006-11-02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006-11-02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006-11-02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006-11-02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006-11-02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006-11-02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006-11-02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006-11-02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006-11-02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006-11-02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006-11-02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006-11-02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006-11-02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006-11-02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006-11-02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006-11-02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006-11-02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006-11-02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006-11-02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006-11-02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006-11-02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006-11-02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006-11-02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel® DRV - [2006-11-02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel® DRV - [2006-10-19 03:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3567780947-1930185920-1234115515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3567780947-1930185920-1234115515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-12-11 00:37:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-12-11 00:37:25 | 000,000,000 | ---D | M] [2011-01-30 16:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romek I Anna\AppData\Roaming\mozilla\Extensions [2011-01-30 16:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romek I Anna\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011-02-19 20:38:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romek I Anna\AppData\Roaming\mozilla\Firefox\Profiles\657hp6n8.default\extensions [2010-11-09 21:05:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Romek I Anna\AppData\Roaming\mozilla\Firefox\Profiles\657hp6n8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-11-08 06:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-10-27 06:37:26 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml [2010-10-27 06:37:26 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml [2010-10-27 06:37:26 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml [2010-10-27 06:37:26 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml [2010-10-27 06:37:26 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml [2010-10-27 06:37:26 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2011-02-19 22:34:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3567780947-1930185920-1234115515-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3567780947-1930185920-1234115515-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3567780947-1930185920-1234115515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011-02-19 22:47:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011-02-19 22:34:25 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011-02-19 22:17:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011-02-19 22:17:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011-02-19 22:17:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011-02-19 22:16:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011-02-19 22:15:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011-02-19 22:13:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2011-02-14 00:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 2 [2011-02-14 00:05:07 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2 [2011-02-14 00:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\HyCam2 [2011-02-13 19:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Odkurzacz [2011-02-13 19:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Odkurzacz [2011-02-09 18:58:20 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.76 [2011-02-09 00:36:50 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011-02-09 00:36:41 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011-02-09 00:36:41 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011-02-09 00:36:41 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011-02-09 00:36:39 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011-02-09 00:36:39 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011-02-09 00:36:38 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011-02-09 00:36:38 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011-02-09 00:36:38 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011-02-09 00:36:38 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011-02-09 00:36:37 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011-02-09 00:36:37 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011-02-09 00:36:37 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011-02-09 00:36:36 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011-02-09 00:36:36 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011-02-09 00:36:35 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011-02-09 00:36:35 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011-02-09 00:36:34 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011-02-09 00:36:34 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011-02-09 00:36:34 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011-02-09 00:36:33 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011-02-09 00:36:33 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011-02-09 00:36:33 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011-02-09 00:36:31 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011-02-09 00:36:30 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011-02-09 00:36:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011-02-09 00:36:13 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011-02-09 00:36:12 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011-02-09 00:35:50 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011-02-09 00:35:50 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011-02-09 00:35:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011-02-09 00:35:49 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011-02-09 00:35:48 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011-02-09 00:35:48 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011-02-09 00:35:48 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011-02-09 00:35:48 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011-02-09 00:35:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011-02-09 00:35:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011-02-09 00:35:47 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011-02-09 00:35:47 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011-02-09 00:35:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011-02-09 00:35:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011-02-09 00:35:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011-02-09 00:35:43 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011-02-09 00:35:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011-02-09 00:35:29 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011-02-09 00:35:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011-02-03 20:15:29 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.75 [2011-01-30 16:04:30 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\Documents\TomTom [2011-01-30 16:04:05 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\AppData\Roaming\TomTom [2011-01-30 16:04:05 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\AppData\Local\TomTom [2011-01-26 21:42:57 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.74 [2011-01-23 00:17:53 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.73 [2011-01-21 01:02:21 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.72 ========== Files - Modified Within 30 Days ========== [2011-02-19 23:54:54 | 001,048,576 | -HS- | M] () -- C:\Users\Romek I Anna\NTUSER.DAT [2011-02-19 23:37:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011-02-19 23:37:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011-02-19 22:35:19 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2011-02-19 22:34:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011-02-19 21:36:27 | 001,495,264 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011-02-19 21:36:27 | 000,672,140 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2011-02-19 21:36:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011-02-19 21:36:27 | 000,130,516 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2011-02-19 21:36:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011-02-19 21:31:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011-02-19 21:31:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011-02-19 21:31:34 | 2146,820,096 | -HS- | M] () -- C:\hiberfil.sys [2011-02-15 22:49:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011-02-15 22:49:27 | 000,524,288 | -HS- | M] () -- C:\Users\Romek I Anna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2011-02-15 22:49:27 | 000,065,536 | -HS- | M] () -- C:\Users\Romek I Anna\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011-02-15 22:49:25 | 001,928,301 | -H-- | M] () -- C:\Users\Romek I Anna\AppData\Local\IconCache.db [2011-02-14 20:20:04 | 000,006,144 | ---- | M] () -- C:\Users\Romek I Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-13 19:13:47 | 000,000,984 | ---- | M] () -- C:\Users\Romek I Anna\Desktop\Szybkie Czyszczenie Dysku.lnk [2011-02-13 19:13:47 | 000,000,888 | ---- | M] () -- C:\Users\Romek I Anna\Desktop\Odkurzacz.lnk [2011-02-13 00:33:17 | 000,218,536 | ---- | M] () -- C:\Users\Romek I Anna\Documents\ts3_clientui-win32-12815-2011-02-13 00_33_16.320191.dmp [2011-02-10 18:14:30 | 141,589,455 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011-02-09 18:58:05 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\IBot.lnk [2011-02-09 03:25:15 | 000,228,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011-02-06 23:51:17 | 000,000,064 | ---- | M] () -- C:\Users\Romek I Anna\Desktop\Browsergames - Bigpoint bietet das Weltraumabenteuer DarkOrbit.URL ========== Files Created - No Company Name ========== [2011-02-19 22:17:47 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011-02-19 22:17:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011-02-19 22:17:47 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011-02-19 22:17:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011-02-19 22:17:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011-02-13 19:13:47 | 000,000,984 | ---- | C] () -- C:\Users\Romek I Anna\Desktop\Szybkie Czyszczenie Dysku.lnk [2011-02-13 19:13:47 | 000,000,888 | ---- | C] () -- C:\Users\Romek I Anna\Desktop\Odkurzacz.lnk [2011-02-13 00:33:16 | 000,218,536 | ---- | C] () -- C:\Users\Romek I Anna\Documents\ts3_clientui-win32-12815-2011-02-13 00_33_16.320191.dmp [2011-02-09 18:58:05 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\IBot.lnk [2011-02-06 23:51:17 | 000,000,064 | ---- | C] () -- C:\Users\Romek I Anna\Desktop\Browsergames - Bigpoint bietet das Weltraumabenteuer DarkOrbit.URL [2011-01-09 20:58:38 | 000,000,040 | ---- | C] () -- C:\Windows\System32\Sx5363.ini [2010-11-28 19:22:30 | 000,006,144 | ---- | C] () -- C:\Users\Romek I Anna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-11-11 23:01:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010-11-11 23:00:25 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2010-11-09 06:51:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2010-11-08 00:06:16 | 001,928,301 | -H-- | C] () -- C:\Users\Romek I Anna\AppData\Local\IconCache.db [2010-11-07 23:49:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll [2010-11-07 23:49:31 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll [2010-11-07 23:49:31 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll [2010-11-07 23:44:04 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2010-11-07 23:30:42 | 000,008,825 | ---- | C] () -- C:\Windows\lg_up.ini [2010-11-07 23:29:52 | 000,000,983 | ---- | C] () -- C:\Windows\lgcenter.ini [2010-11-07 23:21:49 | 000,049,168 | ---- | C] () -- C:\Users\Romek I Anna\AppData\Local\GDIPFONTCACHEV1.DAT [2010-11-07 23:21:20 | 000,000,680 | ---- | C] () -- C:\Users\Romek I Anna\AppData\Local\d3d9caps.dat [2009-12-03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2008-02-25 14:10:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006-11-02 13:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini [2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006-11-02 11:33:01 | 001,495,264 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006-11-02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006-11-02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006-11-02 11:23:31 | 000,000,215 | ---- | C] () -- C:\Windows\system.ini [2006-11-02 11:23:31 | 000,000,164 | ---- | C] () -- C:\Windows\win.ini [2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006-11-02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006-11-02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006-11-02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006-11-02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006-11-02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006-11-02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006-11-02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006-11-02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006-11-02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006-11-02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006-11-02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006-11-02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006-11-02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006-11-02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006-11-02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006-11-02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll ========== LOP Check ========== [2011-01-30 16:04:05 | 000,000,000 | ---D | M] -- C:\Users\Romek I Anna\AppData\Roaming\TomTom [2010-11-08 20:14:42 | 000,000,000 | ---D | M] -- C:\Users\Romek I Anna\AppData\Roaming\TS3Client [2011-02-15 22:49:30 | 000,026,388 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > profi bot jest czysty wczoraj nie wrzucilem ci tego drugego laga bo kompzawisl teraz sprubuje to jeszcze raz wystartowac Odnośnik do komentarza
picasso Opublikowano 19 Lutego 2011 Zgłoś Udostępnij Opublikowano 19 Lutego 2011 (edytowane) Co Ty wyprawiasz! Kto kazał uruchamić ComboFix! Ty masz podać logi z OTL + GMER. Następnie: jeśli nikt jeszcze nie odpisał, nie tworzy się nowych własnych postów jeden pod drugim, tylko stosuje opcję Edytuj. Dopiero jeśli ktoś odpisał można tworzyć nowy post... Posty łączę. EDIT: 1. Widzę, że już zrobiłeś log z OTL i wstawiłeś w poprzednim poście, ale: nie zaznaczyłeś opcji "Rejestr - skan dodatkowy" na "Użyj filtrowania", toteż nie powstała druga część loga OTL Extras. Zabrakło jeszcze raportu GMER pod kątem rootkitów. Proszę uzupełnij. 2. W na razie dostarczonych raportach nie widzę znaków infekcji w postaci czynnej. Zaś omyłkowo uruchomiony ComboFix usunął katalog wątpliwego reputacją czyściciela rejestru QUAD Registry Cleaner. Opis tego śmiecia w tutorialu na stronie Spybot Search & Destroy: KLIK. 3. Zastanawiają mnie za to te obiekty: PRC - [2011-02-09 15:38:00 | 000,878,592 | ---- | M] () -- C:\Program Files\Profibot\IBot 2.76\IBot.exe[2011-02-09 18:58:20 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.76[2011-02-03 20:15:29 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.75[2011-01-26 21:42:57 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.74[2011-01-23 00:17:53 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.73[2011-01-21 01:02:21 | 000,000,000 | ---D | C] -- C:\Users\Romek I Anna\.IBot 2.72[2011-02-09 18:58:05 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\IBot.lnk Czy ten Profibot IBot jest z pewnego źródła a nie na lewo? Krakowane "aplikacje" mogą spełniać funkcje trojanów... mam problem z moim laptopem,a mianowicie zdaza sie ze calkowicie wszystko staje w miejscu i nic nie moge z tym zrobic nie dziala kompletnie nic,nawed kursor.Bede wdzieczny jesli ktos mógl by mi udzielic kilku wskazuwek co dalej mam z tym zrobic. Jest to mało danych, przyczyną może być zarówno oprogramowanie, jak i sprzęt. W jakich okolicznościach następuje to zamrożenie / jaka jest jego częstotliwość? Czy nie zaczęło się od instalacji jakiegoś konkretnego programu? Czy w Dzienniku zdarzeń są jakieś błędy? Wstępnie: na wszelki wypadek sprawdź czy problem występuje także wtedy, gdy całkowicie wyłączysz wszystkie osłony Avast, dla porównania temat: KLIK. EDIT2: Teraz już odpisuj pod moim postem .... EDIT3: Grubo ponad miesiąc i brak odpowiedzi. Temat zamykam. . Edytowane 3 Kwietnia 2011 przez picasso 3.04.2011 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso Odnośnik do komentarza
Rekomendowane odpowiedzi