TheAnt Napisano Marzec 8, 2010 Zgłoś Share Napisano Marzec 8, 2010 Witam. Mam problem, a mianowicie podczas startu systemu proces ten kończy działanie z błędem treści- program Eksplorator Windows przestał działać. Problem ten pojawia się już od 3 tygodni, ale wytrzymałem. W końcu moja cierpliwość się skończyła, dlatego proszę Was o pomoc. Z góry dziękuję. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 8, 2010 Zgłoś Share Napisano Marzec 8, 2010 Jakiego masz antywirusa? Czy system poza tym działa normalnie? Daj logi z Malwarebytes' Anti-Malware oraz RSITa. Link do komentarza Udostępnij na innych stronach More sharing options...
TheAnt Napisano Marzec 8, 2010 Autor Zgłoś Share Napisano Marzec 8, 2010 Mój antywirus to avast. A oto logi: RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by TheAnt at 2010-03-08 19:43:35 Microsoft? Windows Vista? Business Total RAM: 1023 MB (45% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:43:57, on 2010-03-08 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16982) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Taskmgr.exe C:\Users\Marcin Ordon\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\RegGenie\RegGenieScheduler.exe C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe C:\Windows\System32\rundll32.exe D:\Program Files\Nowe Gadu-Gadu\gg.exe D:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\Windows\Explorer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Users\Marcin Ordon\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marcin Ordon\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\GamersFirst\LIVE!\Live.exe C:\Program Files\DNA\btdna.exe C:\Users\Marcin Ordon\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marcin Ordon\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Marcin Ordon\Documents\Downloads\RSIT.exe C:\Program Files\trend micro\Marcin Ordon.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...FYOwZdnSl5t_qtg R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL F2 - REG:system.ini: UserInit=Userinit.exe, O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (file missing) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - D:\PROGRA~1\IDA\idaiehlp.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.3.3.2.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Marcin Ordon\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing) O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (file missing) O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RAM Idle Professional] D:\RAM Idle\RAM_XP.exe O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [TrustKeybd] C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Diagnostic] C:\Windows\diagnostic.exe O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PoRlBEe] "C:\Users\Marcin Ordon\AppData\Roaming\lrBJSSRb1.bat" O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ALLUpdate] "D:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" O4 - HKCU\..\Run: [CamSpace] "D:\Program Files\CamSpace\CamSpaceAgent.exe" O4 - HKCU\..\Run: [360desktop] "C:\Program Files\360desktop\360desktop.exe" O4 - HKCU\..\Run: [Multi File Downloader] C:\Program Files\Multi File Downloader\MultiFileDownloader.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Google Update] "C:\Users\Marcin Ordon\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [yjkPkuE] "C:\Users\Marcin Ordon\AppData\Roaming\lrBJSSRb1.bat" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA') O4 - Startup: b-Link.lnk = Marcin Ordon\b-Link\bLink.exe O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe O4 - Global Startup: Network Server.lnk = D:\Program Files\WIBUKEY\Server\WkSvMgr.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZUman000 O8 - Extra context menu item: Download ALL with IDA - D:\Program Files\IDA\idaieall.htm O8 - Extra context menu item: Download with IDA - D:\Program Files\IDA\idaie.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz używając Download &Express'a - D:\Program Files\Download Express\Add_Url.htm O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Pobierz za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{714F5936-D978-474D-9CD4-57C63B6425AE}: NameServer = 212.87.224.2,212.87.224.66 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Gry\ZHLT\cFosSpeed\spd.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: Google Update Service (gupdate1c9df9be5341fee) (gupdate1c9df9be5341fee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: S3D Service (Win32) - iZ3D LLC. - D:\Program Files\iZ3D Driver\Win32\S3DCService.exe O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 12743 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachine.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1484649667-2791494758-2787122881-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1484649667-2791494758-2787122881-1000UA.job C:\Windows\tasks\Norton Security Scan for Marcin Ordon.job C:\Windows\tasks\PCConfidential.job C:\Windows\tasks\RegPowerClean.job C:\Windows\tasks\RPCReminder.job C:\Windows\tasks\User_Feed_Synchronization-{662BA154-3A92-431F-85D6-9AA33F181855}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}] MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL [2009-12-06 54608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}] SnagIt Toolbar Loader - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}] mwsBar BHO - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [2009-12-06 452016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}] PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A646672-9C3A-4C28-9A7A-1FB0F63F28B6}] IE 4.x-6.x BHO for Internet Download Accelerator - D:\PROGRA~1\IDA\idaiehlp.dll [2009-02-13 158720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - D:\BitComet\tools\BitCometBHO_1.3.3.2.dll [2009-03-02 636216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-27 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Users\Marcin Ordon\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-05-26 42088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [] {07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL [2009-12-06 452016] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2009-01-28 1006264] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [] "SoundMan"=C:\Windows\SOUNDMAN.EXE [2004-06-18 67584] "V0420Mon.exe"=C:\Windows\V0420Mon.exe [2007-04-30 32768] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000] "RAM Idle Professional"=D:\RAM Idle\RAM_XP.exe [] "CloneCDTray"=D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344] "TrustKeybd"=C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe [] "iKeyWorks"=C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe [] "SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-10-27 149280] "QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2009-09-16 282624] "Diagnostic"=C:\Windows\diagnostic.exe [2009-10-30 500224] "XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-27 734264] "MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF [] "MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [2009-12-06 32838] "My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [2009-12-06 24688] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "PoRlBEe"=C:\Users\Marcin Ordon\AppData\Roaming\lrBJSSRb1.bat [] "DAEMON Tools-1033"=D:\Program Files\D-Tools\daemon.exe [2004-08-22 81920] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336] "ALLUpdate"=D:\Program Files\ALLPlayer\ALLUpdate.exe [2009-06-04 869888] "CamSpace"=D:\Program Files\CamSpace\CamSpaceAgent.exe [2009-11-15 1404928] "360desktop"=C:\Program Files\360desktop\360desktop.exe [] "Multi File Downloader"=C:\Program Files\Multi File Downloader\MultiFileDownloader.exe [] "MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [2009-12-06 32838] "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-12-30 323392] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-01-28 1232896] "Google Update"=C:\Users\Marcin Ordon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 135664] "yjkPkuE"=C:\Users\Marcin Ordon\AppData\Roaming\lrBJSSRb1.bat [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup GamersFirst LIVE!.lnk - C:\Program Files\GamersFirst\LIVE!\Live.exe Network Server.lnk - D:\Program Files\WIBUKEY\Server\WkSvMgr.exe C:\Users\Marcin Ordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup b-Link.lnk - C:\Users\Marcin Ordon\b-Link\bLink.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoSetActiveDesktop"=1 "NoActiveDesktopChanges"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoSetActiveDesktop"= "NoActiveDesktopChanges"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "D:\Program Files\BitTorrent\bittorrent.exe"="D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e10eab-4a0d-11de-a17b-0011d862fbab}] shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f8d4961-5376-11de-b17c-0011d862fbab}] shell\AutoRun\command - G:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75e09b31-f380-11dd-bc61-0011d862fbab}] shell\AutoRun\command - F:\autorun.exe ======List of files/folders created in the last 1 months====== 2010-03-08 19:43:37 ----D---- C:\Program Files\trend micro 2010-03-08 19:43:35 ----D---- C:\rsit 2010-03-08 16:33:30 ----D---- C:\Windows\LastGood.Tmp 2010-03-08 16:32:53 ----SHD---- C:\Config.Msi 2010-03-07 16:00:52 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\Sony 2010-03-07 15:47:20 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\NetMedia Providers 2010-03-07 15:47:19 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\Publish Providers 2010-02-24 10:16:10 ----A---- C:\Windows\system32\tzres.dll 2010-02-24 10:05:38 ----A---- C:\Windows\system32\secproc.dll 2010-02-24 10:05:37 ----A---- C:\Windows\system32\secproc_isv.dll 2010-02-24 10:05:34 ----A---- C:\Windows\system32\RMActivate_ssp.exe 2010-02-24 10:05:34 ----A---- C:\Windows\system32\RMActivate_isv.exe 2010-02-24 10:05:33 ----A---- C:\Windows\system32\RMActivate.exe 2010-02-24 10:05:32 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe 2010-02-24 10:05:31 ----A---- C:\Windows\system32\secproc_ssp_isv.dll 2010-02-24 10:05:31 ----A---- C:\Windows\system32\secproc_ssp.dll 2010-02-24 10:05:30 ----A---- C:\Windows\system32\msdrm.dll 2010-02-23 16:54:56 ----D---- C:\Program Files\SystemRequirementsLab 2010-02-22 11:29:47 ----N---- C:\Windows\system32\NxExtensions.dll 2010-02-22 11:29:47 ----N---- C:\Windows\system32\NxCooking.dll 2010-02-22 11:29:47 ----N---- C:\Windows\system32\NxCharacter.dll 2010-02-21 20:54:14 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\Unity 2010-02-19 11:19:58 ----A---- C:\Windows\RegGenie.ini 2010-02-19 11:16:32 ----A---- C:\Windows\RegGenieOnUninstall.exe 2010-02-19 11:16:29 ----D---- C:\Program Files\RegGenie 2010-02-18 18:34:18 ----D---- C:\ProgramData\2DBoy 2010-02-10 16:31:39 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-02-10 16:31:34 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-02-10 16:31:12 ----A---- C:\Windows\system32\IKEEXT.DLL 2010-02-10 16:31:11 ----A---- C:\Windows\system32\BFE.DLL 2010-02-10 16:31:10 ----A---- C:\Windows\system32\tcpipcfg.dll 2010-02-10 16:31:10 ----A---- C:\Windows\system32\netiougc.exe 2010-02-10 16:31:10 ----A---- C:\Windows\system32\FWPUCLNT.DLL 2010-02-10 16:30:58 ----A---- C:\Windows\system32\quartz.dll 2010-02-10 16:30:58 ----A---- C:\Windows\system32\msvidc32.dll 2010-02-10 16:30:57 ----A---- C:\Windows\system32\msyuv.dll 2010-02-10 16:30:57 ----A---- C:\Windows\system32\msrle32.dll 2010-02-10 16:30:56 ----A---- C:\Windows\system32\tsbyuv.dll 2010-02-10 16:30:56 ----A---- C:\Windows\system32\iyuv_32.dll 2010-02-10 16:30:55 ----A---- C:\Windows\system32\mciavi32.dll 2010-02-10 16:30:54 ----A---- C:\Windows\system32\avifil32.dll 2010-02-10 16:30:53 ----A---- C:\Windows\system32\msvfw32.dll 2010-02-10 16:30:53 ----A---- C:\Windows\system32\avicap32.dll ======List of files/folders modified in the last 1 months====== 2010-03-08 19:43:56 ----D---- C:\Windows\Temp 2010-03-08 19:43:37 ----RD---- C:\Program Files 2010-03-08 19:36:31 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\DNA 2010-03-08 18:36:58 ----D---- C:\Windows\System32 2010-03-08 18:06:21 ----D---- C:\Program Files\DNA 2010-03-08 16:59:13 ----SHD---- C:\System Volume Information 2010-03-08 16:58:05 ----D---- C:\Windows\inf 2010-03-08 16:47:20 ----AD---- C:\Windows 2010-03-08 16:32:58 ----D---- C:\Windows\system32\drivers 2010-03-08 16:32:57 ----SHD---- C:\Windows\Installer 2010-03-08 16:20:02 ----D---- C:\Windows\Downloaded Installations 2010-03-07 21:31:55 ----D---- C:\ProgramData\Microsoft Help 2010-03-07 16:44:21 ----HD---- C:\ProgramData 2010-03-07 15:06:02 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\GetRightToGo 2010-03-07 12:34:13 ----RSD---- C:\Windows\assembly 2010-03-07 12:29:33 ----RSD---- C:\Windows\Fonts 2010-03-07 12:29:22 ----D---- C:\Program Files\Common Files\microsoft shared 2010-03-07 12:28:07 ----D---- C:\Program Files\Microsoft Works 2010-03-05 23:23:16 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\Skype 2010-03-05 21:26:53 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-03-05 17:02:15 ----D---- C:\Downloads 2010-03-05 16:05:08 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\skypePM 2010-03-02 18:48:23 ----HD---- C:\Program Files\InstallShield Installation Information 2010-02-28 10:04:33 ----D---- C:\Windows\winsxs 2010-02-28 10:03:43 ----D---- C:\Windows\system32\catroot 2010-02-27 23:37:04 ----A---- C:\Users\Marcin Ordon\AppData\Roaming\kernel33.dll 2010-02-27 20:30:36 ----D---- C:\Windows\system 2010-02-26 13:17:41 ----D---- C:\Windows\system32\pl-PL 2010-02-25 14:26:58 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\ScanSpyware 2010-02-24 22:08:42 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\WinRAR 2010-02-24 10:01:46 ----D---- C:\Windows\system32\catroot2 2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe 2010-02-22 18:19:57 ----D---- C:\Windows\Microsoft.NET 2010-02-19 11:26:32 ----D---- C:\Program Files\AGEIA Technologies 2010-02-19 11:24:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2010-02-19 11:19:47 ----D---- C:\Windows\system32\Tasks 2010-02-17 22:19:45 ----D---- C:\Program Files\Common Files 2010-02-16 09:45:30 ----D---- C:\Windows\system32\AGEIA 2010-02-14 10:29:26 ----A---- C:\Windows\system32\fltrkl11.dll 2010-02-14 10:23:09 ----D---- C:\Windows\system32\migration 2010-02-14 10:23:09 ----D---- C:\Program Files\Windows Mail ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560] R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-01-28 320000] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328] R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\Windows\SYSTEM32\DRIVERS\WibuKey.sys [2006-11-22 72704] R2 windrvNT;windrvNT; \??\C:\Windows\system32\windrvNT.sys [2010-01-02 35363] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\Windows\system32\drivers\ALCXSENS.SYS [2004-02-24 400384] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\ALCXWDM.SYS [2004-06-21 626204] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-01-10 3483648] R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704] R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792] R3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver; C:\Windows\system32\drivers\CamSpaceBus.sys [2008-08-24 14848] R3 CamSpaceJoy;CamSpace Virtual Joystick device driver; C:\Windows\system32\drivers\CamSpaceJoy.sys [2008-08-24 30464] R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176] R3 NVENETFD;Sterownik kontrolera sieci NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056] R3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\Windows\system32\drivers\PPJoyBus.sys [2004-10-24 13952] R3 PPortJoystick;Parallel Port Joystick device driver; C:\Windows\system32\drivers\PPortJoy.sys [2004-10-24 28800] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2006-11-02 8192] R3 usbaudio;Sterownik audio USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552] R3 V0420VID;Live! Cam Vista IM (VF0420); C:\Windows\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648] R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448] R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304] R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-02-27 61984] S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers; \??\D:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys [] S2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [] S2 Sntnlusb;Sntnlusb; C:\Windows\System32\Drivers\SNTNLUSB.SYS [1999-01-15 8128] S3 au6hv95p;au6hv95p; C:\Windows\system32\drivers\au6hv95p.sys [] S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-05-09 36496] S3 BthEnum;Sterownik Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-01-28 19456] S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-01-28 220160] S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-01-28 29184] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 EagleNT;EagleNT; \??\C:\Users\MARCIN~1\AppData\Local\Temp\EagleNT.sys [] S3 FGUARD32;FGUARD32; \??\D:\Program Files\Folder Guard\FGUARD32.SYS [] S3 gsplittm;gsplittm; \??\C:\Users\MARCIN~1\AppData\Local\Temp\gsplittm.sys [2009-05-29 15872] S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216] S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] S3 VHidMinidrv;Bluetooth HID Device Service; C:\Windows\system32\drivers\VHIDMini.sys [2007-03-05 19472] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-01-10 643072] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 cFosSpeedS;cFosSpeed System Service; D:\Gry\ZHLT\cFosSpeed\spd.exe [2009-02-13 385240] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-20 132096] R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-20 132096] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-12-19 66872] R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-12-19 107832] R2 S3D Service (Win32);S3D Service (Win32); D:\Program Files\iZ3D Driver\Win32\S3DCService.exe [2008-10-24 233472] R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992] R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2007-04-27 206400] R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2006-11-02 22016] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920] R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2006-11-02 22016] S2 gupdate1c9df9be5341fee;Google Update Service (gupdate1c9df9be5341fee); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-28 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -s [] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-30 72704] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-12-22 104944] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176] S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-20 132096] -----------------EOF----------------- A jak stworzyć log z MAM? EDIT: Już mam oto on: Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3838 Windows 6.0.6000 Internet Explorer 7.0.6000.16982 2010-03-08 20:12:58 mbam-log-2010-03-08 (20-12-53).txt Typ skanowania: Szybkie skanowanie Przeskanowane obiekty: 116059 Upłynęło: 17 minute(s), 2 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 2 Zainfekowane klucze rejestru: 139 Zainfekowane wartości rejestru: 11 Zainfekowane pliki rejestru: 5 Zainfekowane foldery: 4 Zainfekowane pliki: 15 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken. Zainfekowane klucze rejestru: HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken. Zainfekowane wartości rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> No action taken. Zainfekowane pliki rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Zainfekowane foldery: C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> No action taken. C:\Program Files\ThunMail (Trojan.Agent) -> No action taken. Zainfekowane pliki: C:\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken. C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken. C:\Windows\System32\memman.vxd (Rogue.sysCleaner) -> No action taken. C:\Users\Marcin Ordon\AppData\Local\Temp\~~0mong355~http.tmp (Password.Tool) -> No action taken. C:\Windows\RegGenieOnUninstall.exe (Spyware.Passwords) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken. C:\Program Files\ThunMail\testabd.exe (Trojan.Agent) -> No action taken. C:\Users\Marcin Ordon\AppData\Roaming\kernel33.dll (Trojan.Agent) -> No action taken. C:\Windows\System32\critical_warning.html (Trojan.FakeAlert) -> No action taken. C:\Windows\diagnostic.exe (Trojan.Agent) -> No action taken. C:\Windows\System32\41.exe (Trojan.FakeAlert) -> No action taken. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 8, 2010 Zgłoś Share Napisano Marzec 8, 2010 Sam się stworzy, gdy program skończy skanować system. Później sprawdzę oba logi, jak będzie jeszcze ten drugi. Pozwól Malwarebytes' ponaprawiać to co znalazł. Następnie zrób nowy log za pomocą RSITa i wklej go na forum. Na przyszłość lepiej pisz nowe posty, jeśli masz coś istotnego do dodania, a nie edytujesz stare, bo forum nie oznacza jako zmienione tematów, w których posty były tylko modyfikowane. Link do komentarza Udostępnij na innych stronach More sharing options...
Cyrec Napisano Marzec 8, 2010 Zgłoś Share Napisano Marzec 8, 2010 Ale wtedy miałby double posta, za co jest ostrzeżenie, co nie? Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 8, 2010 Zgłoś Share Napisano Marzec 8, 2010 Tu by nie było double posta, a ostrzeżenie jest dopiero, jakbyś to robił nachalnie, choć to jeszcze zależy od moderatora. Czasem lepiej jest napisać posta pod postem, to i ktoś zauważy, że coś w temacie się zmieniło. Link do komentarza Udostępnij na innych stronach More sharing options...
TheAnt Napisano Marzec 9, 2010 Autor Zgłoś Share Napisano Marzec 9, 2010 Oto nowy log z RSIT-a: Logfile of random's system information tool 1.06 (written by random/random) Run by TheAnt at 2010-03-09 21:31:03 Microsoft? Windows Vista? Business Total RAM: 1023 MB (36% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:31:13, on 2010-03-09 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16982) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\SOUNDMAN.EXE C:\Windows\V0420Mon.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe D:\Program Files\Java\jre6\bin\jusched.exe D:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Taskmgr.exe C:\Users\Marcin Ordon\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marcin Ordon\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marcin Ordon\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marcin Ordon\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Marcin Ordon\Documents\Downloads\RSIT.exe C:\Program Files\trend micro\Marcin Ordon.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...FYOwZdnSl5t_qtg R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - D:\PROGRA~1\IDA\idaiehlp.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.3.3.2.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Marcin Ordon\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing) O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RAM Idle Professional] D:\RAM Idle\RAM_XP.exe O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [TrustKeybd] C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [PoRlBEe] "C:\Users\Marcin Ordon\AppData\Roaming\lrBJSSRb1.bat" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ALLUpdate] "D:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" O4 - HKCU\..\Run: [CamSpace] "D:\Program Files\CamSpace\CamSpaceAgent.exe" O4 - HKCU\..\Run: [360desktop] "C:\Program Files\360desktop\360desktop.exe" O4 - HKCU\..\Run: [Multi File Downloader] C:\Program Files\Multi File Downloader\MultiFileDownloader.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Google Update] "C:\Users\Marcin Ordon\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [yjkPkuE] "C:\Users\Marcin Ordon\AppData\Roaming\lrBJSSRb1.bat" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA') O4 - Startup: b-Link.lnk = Marcin Ordon\b-Link\bLink.exe O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe O4 - Global Startup: Network Server.lnk = D:\Program Files\WIBUKEY\Server\WkSvMgr.exe O8 - Extra context menu item: Download ALL with IDA - D:\Program Files\IDA\idaieall.htm O8 - Extra context menu item: Download with IDA - D:\Program Files\IDA\idaie.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz używając Download &Express'a - D:\Program Files\Download Express\Add_Url.htm O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Pobierz za pomocą BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{714F5936-D978-474D-9CD4-57C63B6425AE}: NameServer = 212.87.224.2,212.87.224.66 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Gry\ZHLT\cFosSpeed\spd.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing) O23 - Service: Google Update Service (gupdate1c9df9be5341fee) (gupdate1c9df9be5341fee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: S3D Service (Win32) - iZ3D LLC. - D:\Program Files\iZ3D Driver\Win32\S3DCService.exe O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 11464 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachine.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1484649667-2791494758-2787122881-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1484649667-2791494758-2787122881-1000UA.job C:\Windows\tasks\Norton Security Scan for Marcin Ordon.job C:\Windows\tasks\PCConfidential.job C:\Windows\tasks\RegPowerClean.job C:\Windows\tasks\RPCReminder.job C:\Windows\tasks\User_Feed_Synchronization-{662BA154-3A92-431F-85D6-9AA33F181855}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}] SnagIt Toolbar Loader - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}] PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A646672-9C3A-4C28-9A7A-1FB0F63F28B6}] IE 4.x-6.x BHO for Internet Download Accelerator - D:\PROGRA~1\IDA\idaiehlp.dll [2009-02-13 158720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - D:\BitComet\tools\BitCometBHO_1.3.3.2.dll [2009-03-02 636216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-27 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Users\Marcin Ordon\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-05-26 42088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2009-01-28 1006264] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [] "SoundMan"=C:\Windows\SOUNDMAN.EXE [2004-06-18 67584] "V0420Mon.exe"=C:\Windows\V0420Mon.exe [2007-04-30 32768] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000] "RAM Idle Professional"=D:\RAM Idle\RAM_XP.exe [] "CloneCDTray"=D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344] "TrustKeybd"=C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe [] "iKeyWorks"=C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe [] "SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-10-27 149280] "QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2009-09-16 282624] "XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-27 734264] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "PoRlBEe"=C:\Users\Marcin Ordon\AppData\Roaming\lrBJSSRb1.bat [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2009-10-09 25623336] "ALLUpdate"=D:\Program Files\ALLPlayer\ALLUpdate.exe [2009-06-04 869888] "CamSpace"=D:\Program Files\CamSpace\CamSpaceAgent.exe [2009-11-15 1404928] "360desktop"=C:\Program Files\360desktop\360desktop.exe [] "Multi File Downloader"=C:\Program Files\Multi File Downloader\MultiFileDownloader.exe [] "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-12-30 323392] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-01-28 1232896] "Google Update"=C:\Users\Marcin Ordon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-05 135664] "yjkPkuE"=C:\Users\Marcin Ordon\AppData\Roaming\lrBJSSRb1.bat [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup GamersFirst LIVE!.lnk - C:\Program Files\GamersFirst\LIVE!\Live.exe Network Server.lnk - D:\Program Files\WIBUKEY\Server\WkSvMgr.exe C:\Users\Marcin Ordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup b-Link.lnk - C:\Users\Marcin Ordon\b-Link\bLink.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktopChanges"=0 "NoSetActiveDesktop"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktopChanges"= "NoSetActiveDesktop"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "D:\Program Files\BitTorrent\bittorrent.exe"="D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e10eab-4a0d-11de-a17b-0011d862fbab}] shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f8d4961-5376-11de-b17c-0011d862fbab}] shell\AutoRun\command - G:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75e09b31-f380-11dd-bc61-0011d862fbab}] shell\AutoRun\command - F:\autorun.exe ======List of files/folders created in the last 1 months====== 2010-03-08 22:27:10 ----A---- C:\Windows\FSaver.ini 2010-03-08 22:27:08 ----D---- C:\Program Files\2M-Underwater-1 2010-03-08 22:27:08 ----A---- C:\Windows\2MSYSTEM-UnderWater-Vol1.ini 2010-03-08 19:47:38 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\Malwarebytes 2010-03-08 19:47:11 ----D---- C:\ProgramData\Malwarebytes 2010-03-08 19:43:37 ----D---- C:\Program Files\trend micro 2010-03-08 19:43:35 ----D---- C:\rsit 2010-03-07 16:00:52 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\Sony 2010-03-07 15:47:20 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\NetMedia Providers 2010-03-07 15:47:19 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\Publish Providers 2010-02-24 10:16:10 ----A---- C:\Windows\system32\tzres.dll 2010-02-24 10:05:38 ----A---- C:\Windows\system32\secproc.dll 2010-02-24 10:05:37 ----A---- C:\Windows\system32\secproc_isv.dll 2010-02-24 10:05:34 ----A---- C:\Windows\system32\RMActivate_ssp.exe 2010-02-24 10:05:34 ----A---- C:\Windows\system32\RMActivate_isv.exe 2010-02-24 10:05:33 ----A---- C:\Windows\system32\RMActivate.exe 2010-02-24 10:05:32 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe 2010-02-24 10:05:31 ----A---- C:\Windows\system32\secproc_ssp_isv.dll 2010-02-24 10:05:31 ----A---- C:\Windows\system32\secproc_ssp.dll 2010-02-24 10:05:30 ----A---- C:\Windows\system32\msdrm.dll 2010-02-23 16:54:56 ----D---- C:\Program Files\SystemRequirementsLab 2010-02-22 11:29:47 ----N---- C:\Windows\system32\NxExtensions.dll 2010-02-22 11:29:47 ----N---- C:\Windows\system32\NxCooking.dll 2010-02-22 11:29:47 ----N---- C:\Windows\system32\NxCharacter.dll 2010-02-21 20:54:14 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\Unity 2010-02-19 11:19:58 ----A---- C:\Windows\RegGenie.ini 2010-02-19 11:16:29 ----D---- C:\Program Files\RegGenie 2010-02-18 18:34:18 ----D---- C:\ProgramData\2DBoy 2010-02-10 16:31:39 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-02-10 16:31:34 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-02-10 16:31:12 ----A---- C:\Windows\system32\IKEEXT.DLL 2010-02-10 16:31:11 ----A---- C:\Windows\system32\BFE.DLL 2010-02-10 16:31:10 ----A---- C:\Windows\system32\tcpipcfg.dll 2010-02-10 16:31:10 ----A---- C:\Windows\system32\netiougc.exe 2010-02-10 16:31:10 ----A---- C:\Windows\system32\FWPUCLNT.DLL 2010-02-10 16:30:58 ----A---- C:\Windows\system32\quartz.dll 2010-02-10 16:30:58 ----A---- C:\Windows\system32\msvidc32.dll 2010-02-10 16:30:57 ----A---- C:\Windows\system32\msyuv.dll 2010-02-10 16:30:57 ----A---- C:\Windows\system32\msrle32.dll 2010-02-10 16:30:56 ----A---- C:\Windows\system32\tsbyuv.dll 2010-02-10 16:30:56 ----A---- C:\Windows\system32\iyuv_32.dll 2010-02-10 16:30:55 ----A---- C:\Windows\system32\mciavi32.dll 2010-02-10 16:30:54 ----A---- C:\Windows\system32\avifil32.dll 2010-02-10 16:30:53 ----A---- C:\Windows\system32\msvfw32.dll 2010-02-10 16:30:53 ----A---- C:\Windows\system32\avicap32.dll ======List of files/folders modified in the last 1 months====== 2010-03-09 21:31:01 ----D---- C:\Windows\Temp 2010-03-09 21:26:03 ----RD---- C:\Program Files 2010-03-09 21:26:03 ----D---- C:\Windows\system32\drivers 2010-03-09 21:26:03 ----D---- C:\Windows\en-US 2010-03-09 21:21:54 ----D---- C:\Windows\System32 2010-03-09 21:21:54 ----AD---- C:\Windows 2010-03-09 21:17:30 ----D---- C:\Windows\system32\catroot 2010-03-09 21:17:21 ----D---- C:\Windows\winsxs 2010-03-09 20:54:13 ----D---- C:\Windows\system32\catroot2 2010-03-08 22:27:21 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\DNA 2010-03-08 22:27:10 ----D---- C:\Windows\inf 2010-03-08 20:06:11 ----SHD---- C:\System Volume Information 2010-03-08 19:51:02 ----SHD---- C:\Windows\Installer 2010-03-08 19:47:11 ----HD---- C:\ProgramData 2010-03-08 18:06:21 ----D---- C:\Program Files\DNA 2010-03-08 16:20:02 ----D---- C:\Windows\Downloaded Installations 2010-03-07 21:31:55 ----D---- C:\ProgramData\Microsoft Help 2010-03-07 15:06:02 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\GetRightToGo 2010-03-07 12:34:13 ----RSD---- C:\Windows\assembly 2010-03-07 12:29:33 ----RSD---- C:\Windows\Fonts 2010-03-07 12:29:22 ----D---- C:\Program Files\Common Files\microsoft shared 2010-03-07 12:28:07 ----D---- C:\Program Files\Microsoft Works 2010-03-05 23:23:16 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\Skype 2010-03-05 21:26:53 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-03-05 17:02:15 ----D---- C:\Downloads 2010-03-05 16:05:08 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\skypePM 2010-03-02 18:48:23 ----HD---- C:\Program Files\InstallShield Installation Information 2010-02-27 20:30:36 ----D---- C:\Windows\system 2010-02-26 13:17:41 ----D---- C:\Windows\system32\pl-PL 2010-02-25 14:26:58 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\ScanSpyware 2010-02-24 22:08:42 ----D---- C:\Users\Marcin Ordon\AppData\Roaming\WinRAR 2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe 2010-02-22 18:19:57 ----D---- C:\Windows\Microsoft.NET 2010-02-19 11:26:32 ----D---- C:\Program Files\AGEIA Technologies 2010-02-19 11:24:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2010-02-19 11:19:47 ----D---- C:\Windows\system32\Tasks 2010-02-17 22:19:45 ----D---- C:\Program Files\Common Files 2010-02-16 09:45:30 ----D---- C:\Windows\system32\AGEIA 2010-02-14 10:29:26 ----A---- C:\Windows\system32\fltrkl11.dll 2010-02-14 10:23:09 ----D---- C:\Windows\system32\migration 2010-02-14 10:23:09 ----D---- C:\Program Files\Windows Mail ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560] R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2009-01-28 320000] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328] R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\Windows\SYSTEM32\DRIVERS\WibuKey.sys [2006-11-22 72704] R2 windrvNT;windrvNT; \??\C:\Windows\system32\windrvNT.sys [2010-01-02 35363] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\Windows\system32\drivers\ALCXSENS.SYS [2004-02-24 400384] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\ALCXWDM.SYS [2004-06-21 626204] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-01-10 3483648] R3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704] R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792] R3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver; C:\Windows\system32\drivers\CamSpaceBus.sys [2008-08-24 14848] R3 CamSpaceJoy;CamSpace Virtual Joystick device driver; C:\Windows\system32\drivers\CamSpaceJoy.sys [2008-08-24 30464] R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176] R3 NVENETFD;Sterownik kontrolera sieci NVIDIA nForce; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056] R3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\Windows\system32\drivers\PPJoyBus.sys [2004-10-24 13952] R3 PPortJoystick;Parallel Port Joystick device driver; C:\Windows\system32\drivers\PPortJoy.sys [2004-10-24 28800] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2006-11-02 8192] R3 usbaudio;Sterownik audio USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552] R3 V0420VID;Live! Cam Vista IM (VF0420); C:\Windows\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648] R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448] R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304] R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-02-27 61984] S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers; \??\D:\Program Files\iZ3D Driver\Win32\S3DInjectionDriver.sys [] S2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [] S2 Sntnlusb;Sntnlusb; C:\Windows\System32\Drivers\SNTNLUSB.SYS [1999-01-15 8128] S3 asgtbi6b;asgtbi6b; C:\Windows\system32\drivers\asgtbi6b.sys [] S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-05-09 36496] S3 BthEnum;Sterownik Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-01-28 19456] S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] S3 BTHPORT;Sterownik portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-01-28 220160] S3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-01-28 29184] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 EagleNT;EagleNT; \??\C:\Users\MARCIN~1\AppData\Local\Temp\EagleNT.sys [] S3 FGUARD32;FGUARD32; \??\D:\Program Files\Folder Guard\FGUARD32.SYS [] S3 gsplittm;gsplittm; \??\C:\Users\MARCIN~1\AppData\Local\Temp\gsplittm.sys [2009-05-29 15872] S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216] S3 MSKSSRV;Serwer proxy usługi Microsoft Streaming; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Serwer proxy zegara Microsoft Streaming; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Serwer proxy menedżera jakości Microsoft Streaming; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] S3 VHidMinidrv;Bluetooth HID Device Service; C:\Windows\system32\drivers\VHIDMini.sys [2007-03-05 19472] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-01-10 643072] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 cFosSpeedS;cFosSpeed System Service; D:\Gry\ZHLT\cFosSpeed\spd.exe [2009-02-13 385240] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-20 132096] R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-20 132096] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-12-19 66872] R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-12-19 107832] R2 S3D Service (Win32);S3D Service (Win32); D:\Program Files\iZ3D Driver\Win32\S3DCService.exe [2008-10-24 233472] R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992] R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2007-04-27 206400] R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2006-11-02 22016] R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2006-11-02 22016] S2 gupdate1c9df9be5341fee;Google Update Service (gupdate1c9df9be5341fee); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-28 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -s [] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-05-30 72704] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-12-22 104944] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176] S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-06-20 132096] -----------------EOF----------------- PS: Na drugi raz będę pamiętać Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 10, 2010 Zgłoś Share Napisano Marzec 10, 2010 O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com Ostrzeżenie za piractwo. Wrzuć na forum zawartość pliku C:\Users\Marcin Ordon\AppData\Roaming\lrBJSSRb1.bat. Plik C:\Windows\system32\drivers\asgtbi6b.sys (o ile nadal istnieje) sprawdź na VirusTotal. To samo dotyczy się pliku C:\Users\MARCIN~1\AppData\Local\Temp\gsplittm.sys. Więcej dziwnych rzeczy nie widzę. Link do komentarza Udostępnij na innych stronach More sharing options...
TheAnt Napisano Marzec 10, 2010 Autor Zgłoś Share Napisano Marzec 10, 2010 Tylko jest jeden problem a mianowicie: Wrzuć na forum zawartość pliku C:\Users\Marcin Ordon\AppData\Roaming\lrBJSSRb1.bat. Tego pliku nie posiadam. Reszta, czyli plik asgtbi6b.sys nie istnieje, a gsplittm.sys jest czysty. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 10, 2010 Zgłoś Share Napisano Marzec 10, 2010 No to komp wygląda na czysty. Problem po skanie Malwarebytes' nadal zachowuje się tak jak wcześniej, czy już jest ok? Link do komentarza Udostępnij na innych stronach More sharing options...
TheAnt Napisano Marzec 10, 2010 Autor Zgłoś Share Napisano Marzec 10, 2010 Nic się nie zmieniło tylko tyle, że nie mam wirusów Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 10, 2010 Zgłoś Share Napisano Marzec 10, 2010 Skoro to nie wirus, to albo coś się gryzie z eksploratorem Windows (najczęstsza przyczyna), albo plik explorer.exe jest uszkodzony (mało prawdopodobne, bo jednak wszystko inne działa), albo problem sprzętowy. Czy instalowałeś coś tuż przed pojawieniem się problemu? Daj screena z zakładką Health z programu HD Tune. Start, w polu wyszukiwania wpisz eventvwr.msc w sekcji aplikacja odszukaj wszystkie błędy związane z explorer.exe i wrzuć na forum ich zawartość. Link do komentarza Udostępnij na innych stronach More sharing options...
TheAnt Napisano Marzec 10, 2010 Autor Zgłoś Share Napisano Marzec 10, 2010 Nic nie instalowałem. Screen w załączniku, a w związku z błędem znalazłem to: Aplikacja powodująca błąd Explorer.EXE, wersja 6.0.6000.16771, sygnatura czasowa 0x4907deda, moduł powodujący błąd SHLWAPI.dll, wersja 6.0.6000.16386, sygnatura czasowa 0x4549bdb9, kod wyjątku 0xc0000005, przesunięcie błędu 0x0001e0e5, identyfikator procesu 0xc78, godzina rozpoczęcia aplikacji 0x01cac076248df019. To jest z dziennika, a mam jeszcze takie coś: Nazwa zdarzenia problemu: APPCRASH Nazwa aplikacji: explorer.exe Wersja aplikacji: 6.0.6000.16771 Sygnatura czasowa aplikacji: 4907deda Nazwa modułu z błędem: SHLWAPI.dll Wersja modułu z błędem: 6.0.6000.16386 Sygnatura czasowa modułu z błędem: 4549bdb9 Kod wyjątku: c0000005 Przesunięcie wyjątku: 0001e0e5 Wersja systemu operacyjnego: 6.0.6000.2.0.0.256.6 Identyfikator ustawień regionalnych: 1045 Dodatkowe informacje 1: 8d13 Dodatkowe informacje 2: cdca9b1d21d12b77d84f02df48e34311 Dodatkowe informacje 3: 8d13 Dodatkowe informacje 4: cdca9b1d21d12b77d84f02df48e34311 To było w oknie z błędem po kliknięciu WIĘCEJ INFORMACJI. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 10, 2010 Zgłoś Share Napisano Marzec 10, 2010 Zaktualizuj Internet Explorera. Najprawdopodobniej pomoże, jeśli nie, to pisz, to naprawimy jeden plik ręcznie. Dysk wygląda ok. Link do komentarza Udostępnij na innych stronach More sharing options...
TheAnt Napisano Marzec 11, 2010 Autor Zgłoś Share Napisano Marzec 11, 2010 Nic nie pomaga, błąd nadal występuje, lecz nie wyłącza się od razu, a po jakiś 5 sekundach. Link do komentarza Udostępnij na innych stronach More sharing options...
TheAnt Napisano Marzec 15, 2010 Autor Zgłoś Share Napisano Marzec 15, 2010 Odświeżam, pomoże mi ktoś? Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 15, 2010 Zgłoś Share Napisano Marzec 15, 2010 A przepraszam, byłem przekonany, że odpowiedziałem. Uruchom wiersz poleceń z uprawnieniami administratora, wrzuć płytę z Windowsem do napędu i wpisz komendę sfc /scannow To sprawdzi poprawność plików systemowych i w razie problemów je naprawi. Link do komentarza Udostępnij na innych stronach More sharing options...
TheAnt Napisano Marzec 15, 2010 Autor Zgłoś Share Napisano Marzec 15, 2010 OK, dzięki Ci za pomoc. Link do komentarza Udostępnij na innych stronach More sharing options...