xandi Napisano Listopad 20, 2009 Zgłoś Share Napisano Listopad 20, 2009 Kolega ma taki problem na laptopie: gry włącza laptopa to po uruchomieniu na pulpicie nie ma żadnych ikon i przez chwilę jest widoczne okienko CMD i znika. A jak kliknie się na pulpicie i wybierze pokaż ikony pulpitu to ikony wracają. Dzieje się tak tylko gdy komp się włącza. Laptop został przeskanowany programem Malwarebytes' Anti-Malware i nic nie znalazł. Model lapka to Asus K50 procesor: Pentium Dual Core T4200, pamięć: DDR2 800MHz 4 GB, karta graficzna: NVIDIA GeForce G102M z 512 MB DDR2 VRAM system to Windows Vista Home Basic Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Listopad 20, 2009 Zgłoś Share Napisano Listopad 20, 2009 Daj log z RSIT-a oraz GMER-a, może to pozwoli ustalić przyczynę, aczkolwiek wygląda mi to niestety raczej na humory Visty. Link do komentarza Udostępnij na innych stronach More sharing options...
xandi Napisano Listopad 23, 2009 Autor Zgłoś Share Napisano Listopad 23, 2009 Logfile of random's system information tool 1.06 (written by random/random) Run by Borki at 2009-11-23 20:01:03 Microsoft? Windows Vista? Home Basic Service Pack 1 System drive C: has 92 GB (77%) free of 119 GB Total RAM: 3036 MB (54% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:01:26, on 2009-11-23 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe C:\Windows\system32\taskeng.exe C:\Program files\P4G\BatteryLife.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Windows\AsScrPro.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\Windows\system32\werfault.exe C:\Users\Borki\Desktop\RSIT.exe C:\Program Files\trend micro\Borki.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2417076 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: gry Toolbar - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgr0.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: gry Toolbar - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgr0.dll O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Borki\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll O3 - Toolbar: gry Toolbar - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgr0.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\ASUSTek\ASUSDVD 8\Language\Language.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA') O4 - Global Startup: FancyStart daemon.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://cached.gamedesire.com/g_bin/pl/navy_2_0_0_31.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Usługa Google Update (gupdate1ca2ee53e4e2e60) (gupdate1ca2ee53e4e2e60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- End of file - 10084 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{6E8B3821-AE5F-43F0-83C0-E5AEED639F98}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll [2009-10-29 392560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL [2009-10-01 79224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}] gry Toolbar - C:\Program Files\gry\tbgr0.dll [2009-10-01 2166296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Pomocnik rejestracji usługi Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-01 256112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-05 762864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-01 458736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Users\Borki\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-07-13 42088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-01 256112] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll [2009-10-29 392560] {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - gry Toolbar - C:\Program Files\gry\tbgr0.dll [2009-10-01 2166296] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "RemoteControl8"=C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe [2008-10-17 91432] "PDVD8LanguageShortcut"=C:\Program Files\ASUSTek\ASUSDVD 8\Language\Language.exe [2007-12-14 50472] "CLMLServer"=C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe [2008-07-19 104936] "P2Go_Menu"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-14 210216] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-03-05 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-03-05 173592] "Persistence"=C:\Windows\system32\igfxpers.exe [2009-03-05 150552] "HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-03-23 17149952] "AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2008-09-30 237568] "HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2008-08-18 98304] "ATKOSD2"=C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2009-03-04 8392704] "ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2008-12-29 159744] "ADSMTray"=C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [2008-04-01 266240] "ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2008-10-01 851968] "Wireless Console 3"=C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [2009-02-07 1593344] "ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2009-06-06 3054136] "ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2009-06-06 47672] "ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-03-06 424352] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920] "WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter [] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392] "Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-08-31 11391592] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-01 39408] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup FancyStart daemon.lnk - C:\Windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-02-26 210432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=149 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb8eb0bc-6fe8-11de-9f40-0026182ec3fc}] shell\AutoRun\command - H:\t2hjo0.exe shell\open\command - H:\t2hjo0.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 3 months====== 2009-11-23 19:58:20 ----D---- C:\Program Files\trend micro 2009-11-23 19:58:18 ----D---- C:\rsit 2009-11-21 21:10:37 ----D---- C:\Program Files\Nokia 2009-11-21 20:54:53 ----D---- C:\ProgramData\Installations 2009-11-20 18:33:25 ----D---- C:\Users\Borki\AppData\Roaming\Malwarebytes 2009-11-20 18:33:19 ----D---- C:\ProgramData\Malwarebytes 2009-11-20 18:33:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-20 18:02:14 ----A---- C:\Windows\ntbtlog.txt 2009-11-12 19:42:33 ----D---- C:\Users\Borki\AppData\Roaming\ASUSTek 2009-11-12 19:42:30 ----D---- C:\Users\Borki\AppData\Roaming\CyberLink 2009-11-12 19:42:30 ----D---- C:\ProgramData\ASUSTek 2009-11-12 14:24:40 ----D---- C:\ProgramData\VirtualFarm 2009-11-12 14:24:38 ----D---- C:\ProgramData\AlawarWrapper 2009-11-12 14:24:38 ----D---- C:\Program Files\Conduit 2009-11-12 14:24:37 ----D---- C:\Program Files\gry 2009-11-12 14:24:28 ----D---- C:\Program Files\Gry.Pl 2009-11-11 12:30:56 ----A---- C:\Windows\system32\WSDApi.dll 2009-11-10 19:51:26 ----D---- C:\Program Files\Norton Security Scan 2009-11-10 16:44:48 ----D---- C:\Windows\system32\Adobe 2009-11-08 12:12:23 ----D---- C:\Program Files\Symantec 2009-11-08 12:12:23 ----D---- C:\Program Files\Common Files\Symantec Shared 2009-11-08 12:11:58 ----D---- C:\Program Files\Norton Internet Security 2009-11-08 12:08:09 ----D---- C:\Program Files\NortonInstaller 2009-11-08 10:00:25 ----D---- C:\Users\Borki\AppData\Roaming\Tific 2009-11-04 15:25:02 ----A---- C:\Windows\system32\wups2.dll 2009-11-04 15:25:02 ----A---- C:\Windows\system32\wucltux.dll 2009-11-04 15:25:02 ----A---- C:\Windows\system32\wuauclt.exe 2009-11-04 15:25:01 ----A---- C:\Windows\system32\wuaueng.dll 2009-11-04 15:24:55 ----A---- C:\Windows\system32\wups.dll 2009-11-04 15:24:55 ----A---- C:\Windows\system32\wudriver.dll 2009-11-04 15:24:55 ----A---- C:\Windows\system32\wuapi.dll 2009-11-04 15:24:54 ----A---- C:\Windows\system32\wuwebv.dll 2009-11-04 15:24:54 ----A---- C:\Windows\system32\wuapp.exe 2009-11-03 15:47:09 ----A---- C:\Windows\system32\mshtml.dll 2009-10-28 21:33:52 ----D---- C:\Users\Borki\AppData\Roaming\PSpad 2009-10-28 21:33:42 ----D---- C:\Program Files\PSPad editor 2009-10-27 19:55:58 ----A---- C:\Windows\system32\wmp.dll 2009-10-27 19:55:57 ----A---- C:\Windows\system32\unregmp2.exe 2009-10-27 19:55:55 ----A---- C:\Windows\system32\wmploc.DLL 2009-10-14 09:25:58 ----A---- C:\Windows\system32\msv1_0.dll 2009-10-14 09:25:56 ----A---- C:\Windows\system32\ntoskrnl.exe 2009-10-14 09:25:56 ----A---- C:\Windows\system32\ntkrnlpa.exe 2009-10-14 09:25:28 ----A---- C:\Windows\system32\ieframe.dll 2009-10-14 09:25:27 ----A---- C:\Windows\system32\wininet.dll 2009-10-14 09:25:27 ----A---- C:\Windows\system32\urlmon.dll 2009-10-14 09:25:27 ----A---- C:\Windows\system32\occache.dll 2009-10-14 09:25:27 ----A---- C:\Windows\system32\msfeeds.dll 2009-10-14 09:25:27 ----A---- C:\Windows\system32\iertutil.dll 2009-10-14 09:25:27 ----A---- C:\Windows\system32\iedkcs32.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\msfeedssync.exe 2009-10-14 09:25:26 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\jsproxy.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\ieUnatt.exe 2009-10-14 09:25:26 ----A---- C:\Windows\system32\ieui.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\iesysprep.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\iesetup.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\iernonce.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\iepeers.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\ie4uinit.exe 2009-10-14 09:24:40 ----A---- C:\Windows\system32\msasn1.dll 2009-10-14 09:24:38 ----A---- C:\Windows\system32\WMSPDMOD.DLL 2009-10-13 13:55:55 ----N---- C:\Windows\system32\MpSigStub.exe 2009-10-06 11:55:50 ----A---- C:\Windows\system32\wdfcoinstaller01007.dll 2009-10-06 11:52:46 ----A---- C:\Windows\system32\nmwcdcocls.dll 2009-09-30 16:45:36 ----D---- C:\Users\Borki\AppData\Roaming\Talkback 2009-09-30 16:45:08 ----D---- C:\Users\Borki\AppData\Roaming\Mozilla 2009-09-30 16:44:43 ----D---- C:\Program Files\mozilla.org 2009-09-27 10:40:27 ----D---- C:\Program Files\Microsoft Visual Studio 8 2009-09-27 10:29:41 ----A---- C:\Windows\system32\msonpmon.dll 2009-09-16 15:09:11 ----A---- C:\Windows\system32\jscript.dll 2009-09-15 19:05:13 ----A---- C:\Windows\system32\mshtmled.dll 2009-09-15 19:05:13 ----A---- C:\Windows\system32\icardie.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\msls31.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\mshtmler.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\imgutil.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\ieakeng.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\dxtmsft.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\corpol.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\admparse.dll 2009-09-15 19:05:11 ----A---- C:\Windows\system32\msrating.dll 2009-09-15 19:05:11 ----A---- C:\Windows\system32\licmgr10.dll 2009-09-15 19:05:11 ----A---- C:\Windows\system32\inseng.dll 2009-09-15 19:05:11 ----A---- C:\Windows\system32\ieaksie.dll 2009-09-15 19:05:11 ----A---- C:\Windows\system32\dxtrans.dll 2009-09-15 19:05:10 ----A---- C:\Windows\system32\WinFXDocObj.exe 2009-09-15 19:05:10 ----A---- C:\Windows\system32\wextract.exe 2009-09-15 19:05:10 ----A---- C:\Windows\system32\webcheck.dll 2009-09-15 19:05:10 ----A---- C:\Windows\system32\mstime.dll 2009-09-15 19:05:10 ----A---- C:\Windows\system32\ieakui.dll 2009-09-15 19:05:09 ----A---- C:\Windows\system32\vbscript.dll 2009-09-15 19:05:09 ----A---- C:\Windows\system32\url.dll 2009-09-15 19:05:09 ----A---- C:\Windows\system32\pngfilt.dll 2009-09-15 19:05:09 ----A---- C:\Windows\system32\ieapfltr.dll 2009-09-15 19:05:09 ----A---- C:\Windows\system32\advpack.dll 2009-09-15 19:05:07 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2009-09-15 19:05:07 ----A---- C:\Windows\system32\SetDepNx.exe 2009-09-15 19:05:07 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2009-09-15 19:05:07 ----A---- C:\Windows\system32\PDMSetup.exe 2009-09-15 19:05:07 ----A---- C:\Windows\system32\mshta.exe 2009-09-15 19:05:07 ----A---- C:\Windows\system32\iexpress.exe 2009-09-12 08:49:32 ----D---- C:\Program Files\Adobe 2009-09-09 14:59:53 ----A---- C:\Windows\system32\NETSTAT.EXE 2009-09-09 14:59:53 ----A---- C:\Windows\system32\netiohlp.dll 2009-09-09 14:59:53 ----A---- C:\Windows\system32\ARP.EXE 2009-09-09 14:59:52 ----A---- C:\Windows\system32\TCPSVCS.EXE 2009-09-09 14:59:52 ----A---- C:\Windows\system32\ROUTE.EXE 2009-09-09 14:59:52 ----A---- C:\Windows\system32\MRINFO.EXE 2009-09-09 14:59:52 ----A---- C:\Windows\system32\HOSTNAME.EXE 2009-09-09 14:59:52 ----A---- C:\Windows\system32\finger.exe 2009-09-09 14:59:51 ----A---- C:\Windows\system32\netevent.dll 2009-09-09 14:54:33 ----A---- C:\Windows\system32\wlansvc.dll 2009-09-09 14:54:33 ----A---- C:\Windows\system32\wlansec.dll 2009-09-09 14:54:33 ----A---- C:\Windows\system32\wlanmsm.dll 2009-09-09 14:54:33 ----A---- C:\Windows\system32\L2SecHC.dll 2009-09-09 14:54:26 ----A---- C:\Windows\system32\WMVCORE.DLL 2009-09-09 14:54:26 ----A---- C:\Windows\system32\mf.dll 2009-09-06 12:26:21 ----D---- C:\ProgramData\Google Updater 2009-09-02 19:47:58 ----A---- C:\Windows\system32\Apphlpdm.dll 2009-09-02 19:47:56 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2009-09-01 10:19:28 ----D---- C:\Users\Borki\AppData\Roaming\Google 2009-09-01 10:18:18 ----D---- C:\ProgramData\Google 2009-09-01 10:18:05 ----D---- C:\Program Files\PhotoScape 2009-08-28 18:18:17 ----D---- C:\ProgramData\OpenFM 2009-08-28 18:18:14 ----D---- C:\Users\Borki\AppData\Roaming\OpenFM 2009-08-27 11:04:31 ----A---- C:\Windows\system32\tzres.dll ======List of files/folders modified in the last 3 months====== 2009-11-23 20:01:07 ----D---- C:\Windows\Temp 2009-11-23 19:58:20 ----D---- C:\Program Files 2009-11-23 19:58:16 ----D---- C:\Windows\Prefetch 2009-11-23 19:42:07 ----D---- C:\Windows\Tasks 2009-11-23 19:40:20 ----A---- C:\Windows\system32\acovcnt.exe 2009-11-23 19:40:01 ----SHD---- C:\System Volume Information 2009-11-22 22:57:33 ----D---- C:\Windows\System32 2009-11-22 22:57:33 ----D---- C:\Windows\inf 2009-11-22 22:57:33 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-11-22 22:55:16 ----D---- C:\Windows\system32\drivers 2009-11-21 22:08:10 ----D---- C:\Windows 2009-11-21 21:11:43 ----SHD---- C:\Windows\Installer 2009-11-21 21:11:42 ----D---- C:\Windows\system32\catroot 2009-11-21 21:11:35 ----D---- C:\Windows\system32\catroot2 2009-11-21 20:54:53 ----HD---- C:\ProgramData 2009-11-20 19:57:33 ----D---- C:\Users\Borki\AppData\Roaming\Winamp 2009-11-20 18:12:49 ----SD---- C:\Users\Borki\AppData\Roaming\Microsoft 2009-11-13 16:44:36 ----D---- C:\Windows\system32\Tasks 2009-11-12 19:42:39 ----D---- C:\ProgramData\CyberLink 2009-11-12 03:32:53 ----D---- C:\Windows\winsxs 2009-11-12 03:20:44 ----D---- C:\Program Files\Windows Mail 2009-11-12 03:05:39 ----D---- C:\ProgramData\Microsoft Help 2009-11-10 19:51:26 ----D---- C:\ProgramData\Symantec 2009-11-10 19:51:26 ----D---- C:\ProgramData\Norton 2009-11-10 16:44:49 ----SD---- C:\Windows\Downloaded Program Files 2009-11-09 03:07:06 ----RSD---- C:\Windows\assembly 2009-11-08 12:12:23 ----D---- C:\Program Files\Common Files 2009-11-05 18:36:21 ----A---- C:\Windows\system32\mrt.exe 2009-11-04 19:13:36 ----D---- C:\Windows\rescache 2009-11-04 18:57:13 ----D---- C:\Windows\system32\pl-PL 2009-10-28 03:05:39 ----D---- C:\Program Files\Windows Media Player 2009-10-28 03:05:39 ----D---- C:\Program Files\Internet Explorer 2009-10-19 19:06:51 ----D---- C:\ProgramData\ipla 2009-10-19 18:57:58 ----D---- C:\Users\Borki\AppData\Roaming\ipla 2009-10-15 02:20:34 ----D---- C:\Windows\Microsoft.NET 2009-10-15 02:10:27 ----D---- C:\Windows\system32\migration 2009-10-06 11:52:36 ----A---- C:\Windows\system32\nmwcdcls.dll 2009-09-30 16:45:14 ----A---- C:\Windows\win.ini 2009-09-29 22:10:18 ----D---- C:\Program Files\Mozilla Firefox 2009-09-27 10:44:19 ----D---- C:\Program Files\Common Files\microsoft shared 2009-09-27 10:44:18 ----D---- C:\Program Files\MSBuild 2009-09-27 10:43:52 ----SD---- C:\ProgramData\Microsoft 2009-09-26 14:42:44 ----D---- C:\Program Files\ASUS 2009-09-20 11:39:54 ----D---- C:\Users\Borki\AppData\Roaming\Nowe Gadu-Gadu 2009-09-15 19:19:09 ----D---- C:\Windows\system32\en-US 2009-09-15 19:19:09 ----D---- C:\Windows\PolicyDefinitions 2009-09-15 19:07:58 ----D---- C:\Windows\Debug 2009-09-15 18:29:26 ----RSD---- C:\Windows\Fonts 2009-09-15 18:29:02 ----D---- C:\Program Files\Microsoft Works 2009-09-12 08:49:37 ----D---- C:\ProgramData\Adobe 2009-09-12 08:49:33 ----D---- C:\Program Files\Common Files\Adobe 2009-09-08 18:05:53 ----D---- C:\Program Files\Nowe Gadu-Gadu 2009-09-06 12:29:26 ----D---- C:\Program Files\Google 2009-09-03 14:10:22 ----D---- C:\Windows\AppPatch 2009-08-29 00:13:16 ----A---- C:\Windows\ATKPF.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091104.001\BHDrvx86.sys [2009-11-05 524848] R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NIS\1101000.013\ccHPx86.sys [2009-10-20 501888] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-29 371248] R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091111.001\IDSvix86.sys [2009-10-28 343088] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1101000.013\SRTSPX.SYS [2009-10-09 43696] R1 SymIRON;Symantec Iron Driver; C:\Windows\System32\Drivers\NIS\1101000.013\Ironx86.SYS [2009-10-09 114736] R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1101000.013\SYMTDIV.SYS [2009-10-15 339504] R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-20 1093120] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448] R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-03-13 140800] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088] R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-11-03 13880] R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-12-16 48128] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2008-12-24 14392] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091122.020\NAVENG.SYS [2009-08-29 84912] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091122.020\NAVEX15.SYS [2009-08-29 1323568] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-08-11 1752704] R3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\Windows\system32\drivers\srs_PremiumSound_i386.sys [2009-01-14 230952] R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1101000.013\SRTSP.SYS [2009-10-09 325168] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-11-08 124976] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-03-20 984064] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2008-06-18 49904] S3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-10-06 17664] S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-10-06 22016] S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936] S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-21 28160] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936] S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 131000] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280] R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2008-08-14 100920] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728] R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [2009-10-20 126392] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-05-14 272024] S2 gupdate1ca2ee53e4e2e60;Usługa Google Update (gupdate1ca2ee53e4e2e60); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-06 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-06 194032] S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- log z Rsita ;] Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Listopad 23, 2009 Zgłoś Share Napisano Listopad 23, 2009 Cosik niestety widać. Przeskanuj kompa za pomocą Malwarebytes' Anti-Malware (pełny skan), pozwól mu naprawić to co znajdzie i wklej loga, którego wygeneruje na forum. Nie zaszkodzi też zrobienie pełnego skanu programem Dr.Web CureIt! Potem wygeneruj śwież log z RSIT-a oraz log z GMER-a i wklej je na forum. Link do komentarza Udostępnij na innych stronach More sharing options...
xandi Napisano Listopad 24, 2009 Autor Zgłoś Share Napisano Listopad 24, 2009 Log z Malwarebytes' Malwarebytes' Anti-Malware 1.41 Wersja bazy definicji: 2775 Windows 6.0.6001 Service Pack 1 2009-11-24 20:29:12 mbam-log-2009-11-24 (20-29-12).txt Typ skanowania: Pełne skanowanie (C:\|D:\|) Przeskanowane obiekty: 233279 Upłynęło: 1 hour(s), 40 minute(s), 45 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 0 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Log z RSITa Logfile of random's system information tool 1.06 (written by random/random) Run by Borki at 2009-11-24 20:57:03 Microsoft? Windows Vista? Home Basic Service Pack 1 System drive C: has 92 GB (77%) free of 119 GB Total RAM: 3036 MB (35% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:57:13, on 2009-11-24 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe C:\Windows\system32\taskeng.exe C:\Program files\P4G\BatteryLife.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe C:\Windows\AsScrPro.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\Users\Borki\Desktop\RSIT.exe C:\Program Files\trend micro\Borki.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2417076 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: gry Toolbar - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgr0.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: gry Toolbar - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgr0.dll O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Borki\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll O3 - Toolbar: gry Toolbar - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\tbgr0.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\ASUSTek\ASUSDVD 8\Language\Language.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA') O4 - Global Startup: FancyStart daemon.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wpis w blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Wpis w blogu w Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://cached.gamedesire.com/g_bin/pl/navy_2_0_0_31.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Usługa Google Update (gupdate1ca2ee53e4e2e60) (gupdate1ca2ee53e4e2e60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- End of file - 10186 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\User_Feed_Synchronization-{6E8B3821-AE5F-43F0-83C0-E5AEED639F98}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll [2009-10-29 392560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL [2009-10-01 79224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}] gry Toolbar - C:\Program Files\gry\tbgr0.dll [2009-10-01 2166296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Pomocnik rejestracji usługi Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-01 256112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-05 762864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-01 458736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Users\Borki\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-07-13 42088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-01 256112] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll [2009-10-29 392560] {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - gry Toolbar - C:\Program Files\gry\tbgr0.dll [2009-10-01 2166296] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "RemoteControl8"=C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe [2008-10-17 91432] "PDVD8LanguageShortcut"=C:\Program Files\ASUSTek\ASUSDVD 8\Language\Language.exe [2007-12-14 50472] "CLMLServer"=C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe [2008-07-19 104936] "P2Go_Menu"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-14 210216] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-03-05 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-03-05 173592] "Persistence"=C:\Windows\system32\igfxpers.exe [2009-03-05 150552] "HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-03-23 17149952] "AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2008-09-30 237568] "HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2008-08-18 98304] "ATKOSD2"=C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2009-03-04 8392704] "ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2008-12-29 159744] "ADSMTray"=C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe [2008-04-01 266240] "ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2008-10-01 851968] "Wireless Console 3"=C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [2009-02-07 1593344] "ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2009-06-06 3054136] "ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2009-06-06 47672] "ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-03-06 424352] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-07-01 37888] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920] "WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter [] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392] "Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-08-31 11391592] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-01 39408] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup FancyStart daemon.lnk - C:\Windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2009-02-26 210432] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=149 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb8eb0bc-6fe8-11de-9f40-0026182ec3fc}] shell\AutoRun\command - H:\t2hjo0.exe shell\open\command - H:\t2hjo0.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 3 months====== 2009-11-23 19:58:20 ----D---- C:\Program Files\trend micro 2009-11-23 19:58:18 ----D---- C:\rsit 2009-11-21 21:10:37 ----D---- C:\Program Files\Nokia 2009-11-21 20:54:53 ----D---- C:\ProgramData\Installations 2009-11-20 18:33:25 ----D---- C:\Users\Borki\AppData\Roaming\Malwarebytes 2009-11-20 18:33:19 ----D---- C:\ProgramData\Malwarebytes 2009-11-20 18:33:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-20 18:02:14 ----A---- C:\Windows\ntbtlog.txt 2009-11-12 19:42:33 ----D---- C:\Users\Borki\AppData\Roaming\ASUSTek 2009-11-12 19:42:30 ----D---- C:\Users\Borki\AppData\Roaming\CyberLink 2009-11-12 19:42:30 ----D---- C:\ProgramData\ASUSTek 2009-11-12 14:24:40 ----D---- C:\ProgramData\VirtualFarm 2009-11-12 14:24:38 ----D---- C:\ProgramData\AlawarWrapper 2009-11-12 14:24:38 ----D---- C:\Program Files\Conduit 2009-11-12 14:24:37 ----D---- C:\Program Files\gry 2009-11-12 14:24:28 ----D---- C:\Program Files\Gry.Pl 2009-11-11 12:30:56 ----A---- C:\Windows\system32\WSDApi.dll 2009-11-10 19:51:26 ----D---- C:\Program Files\Norton Security Scan 2009-11-10 16:44:48 ----D---- C:\Windows\system32\Adobe 2009-11-08 12:12:23 ----D---- C:\Program Files\Symantec 2009-11-08 12:12:23 ----D---- C:\Program Files\Common Files\Symantec Shared 2009-11-08 12:11:58 ----D---- C:\Program Files\Norton Internet Security 2009-11-08 12:08:09 ----D---- C:\Program Files\NortonInstaller 2009-11-08 10:00:25 ----D---- C:\Users\Borki\AppData\Roaming\Tific 2009-11-04 15:25:02 ----A---- C:\Windows\system32\wups2.dll 2009-11-04 15:25:02 ----A---- C:\Windows\system32\wucltux.dll 2009-11-04 15:25:02 ----A---- C:\Windows\system32\wuauclt.exe 2009-11-04 15:25:01 ----A---- C:\Windows\system32\wuaueng.dll 2009-11-04 15:24:55 ----A---- C:\Windows\system32\wups.dll 2009-11-04 15:24:55 ----A---- C:\Windows\system32\wudriver.dll 2009-11-04 15:24:55 ----A---- C:\Windows\system32\wuapi.dll 2009-11-04 15:24:54 ----A---- C:\Windows\system32\wuwebv.dll 2009-11-04 15:24:54 ----A---- C:\Windows\system32\wuapp.exe 2009-11-03 15:47:09 ----A---- C:\Windows\system32\mshtml.dll 2009-10-28 21:33:52 ----D---- C:\Users\Borki\AppData\Roaming\PSpad 2009-10-28 21:33:42 ----D---- C:\Program Files\PSPad editor 2009-10-27 19:55:58 ----A---- C:\Windows\system32\wmp.dll 2009-10-27 19:55:57 ----A---- C:\Windows\system32\unregmp2.exe 2009-10-27 19:55:55 ----A---- C:\Windows\system32\wmploc.DLL 2009-10-14 09:25:58 ----A---- C:\Windows\system32\msv1_0.dll 2009-10-14 09:25:56 ----A---- C:\Windows\system32\ntoskrnl.exe 2009-10-14 09:25:56 ----A---- C:\Windows\system32\ntkrnlpa.exe 2009-10-14 09:25:28 ----A---- C:\Windows\system32\ieframe.dll 2009-10-14 09:25:27 ----A---- C:\Windows\system32\wininet.dll 2009-10-14 09:25:27 ----A---- C:\Windows\system32\urlmon.dll 2009-10-14 09:25:27 ----A---- C:\Windows\system32\occache.dll 2009-10-14 09:25:27 ----A---- C:\Windows\system32\msfeeds.dll 2009-10-14 09:25:27 ----A---- C:\Windows\system32\iertutil.dll 2009-10-14 09:25:27 ----A---- C:\Windows\system32\iedkcs32.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\msfeedssync.exe 2009-10-14 09:25:26 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\jsproxy.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\ieUnatt.exe 2009-10-14 09:25:26 ----A---- C:\Windows\system32\ieui.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\iesysprep.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\iesetup.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\iernonce.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\iepeers.dll 2009-10-14 09:25:26 ----A---- C:\Windows\system32\ie4uinit.exe 2009-10-14 09:24:40 ----A---- C:\Windows\system32\msasn1.dll 2009-10-14 09:24:38 ----A---- C:\Windows\system32\WMSPDMOD.DLL 2009-10-13 13:55:55 ----N---- C:\Windows\system32\MpSigStub.exe 2009-10-06 11:55:50 ----A---- C:\Windows\system32\wdfcoinstaller01007.dll 2009-10-06 11:52:46 ----A---- C:\Windows\system32\nmwcdcocls.dll 2009-09-30 16:45:36 ----D---- C:\Users\Borki\AppData\Roaming\Talkback 2009-09-30 16:45:08 ----D---- C:\Users\Borki\AppData\Roaming\Mozilla 2009-09-30 16:44:43 ----D---- C:\Program Files\mozilla.org 2009-09-27 10:40:27 ----D---- C:\Program Files\Microsoft Visual Studio 8 2009-09-27 10:29:41 ----A---- C:\Windows\system32\msonpmon.dll 2009-09-16 15:09:11 ----A---- C:\Windows\system32\jscript.dll 2009-09-15 19:05:13 ----A---- C:\Windows\system32\mshtmled.dll 2009-09-15 19:05:13 ----A---- C:\Windows\system32\icardie.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\msls31.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\mshtmler.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\imgutil.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\ieakeng.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\dxtmsft.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\corpol.dll 2009-09-15 19:05:12 ----A---- C:\Windows\system32\admparse.dll 2009-09-15 19:05:11 ----A---- C:\Windows\system32\msrating.dll 2009-09-15 19:05:11 ----A---- C:\Windows\system32\licmgr10.dll 2009-09-15 19:05:11 ----A---- C:\Windows\system32\inseng.dll 2009-09-15 19:05:11 ----A---- C:\Windows\system32\ieaksie.dll 2009-09-15 19:05:11 ----A---- C:\Windows\system32\dxtrans.dll 2009-09-15 19:05:10 ----A---- C:\Windows\system32\WinFXDocObj.exe 2009-09-15 19:05:10 ----A---- C:\Windows\system32\wextract.exe 2009-09-15 19:05:10 ----A---- C:\Windows\system32\webcheck.dll 2009-09-15 19:05:10 ----A---- C:\Windows\system32\mstime.dll 2009-09-15 19:05:10 ----A---- C:\Windows\system32\ieakui.dll 2009-09-15 19:05:09 ----A---- C:\Windows\system32\vbscript.dll 2009-09-15 19:05:09 ----A---- C:\Windows\system32\url.dll 2009-09-15 19:05:09 ----A---- C:\Windows\system32\pngfilt.dll 2009-09-15 19:05:09 ----A---- C:\Windows\system32\ieapfltr.dll 2009-09-15 19:05:09 ----A---- C:\Windows\system32\advpack.dll 2009-09-15 19:05:07 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2009-09-15 19:05:07 ----A---- C:\Windows\system32\SetDepNx.exe 2009-09-15 19:05:07 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2009-09-15 19:05:07 ----A---- C:\Windows\system32\PDMSetup.exe 2009-09-15 19:05:07 ----A---- C:\Windows\system32\mshta.exe 2009-09-15 19:05:07 ----A---- C:\Windows\system32\iexpress.exe 2009-09-12 08:49:32 ----D---- C:\Program Files\Adobe 2009-09-09 14:59:53 ----A---- C:\Windows\system32\NETSTAT.EXE 2009-09-09 14:59:53 ----A---- C:\Windows\system32\netiohlp.dll 2009-09-09 14:59:53 ----A---- C:\Windows\system32\ARP.EXE 2009-09-09 14:59:52 ----A---- C:\Windows\system32\TCPSVCS.EXE 2009-09-09 14:59:52 ----A---- C:\Windows\system32\ROUTE.EXE 2009-09-09 14:59:52 ----A---- C:\Windows\system32\MRINFO.EXE 2009-09-09 14:59:52 ----A---- C:\Windows\system32\HOSTNAME.EXE 2009-09-09 14:59:52 ----A---- C:\Windows\system32\finger.exe 2009-09-09 14:59:51 ----A---- C:\Windows\system32\netevent.dll 2009-09-09 14:54:33 ----A---- C:\Windows\system32\wlansvc.dll 2009-09-09 14:54:33 ----A---- C:\Windows\system32\wlansec.dll 2009-09-09 14:54:33 ----A---- C:\Windows\system32\wlanmsm.dll 2009-09-09 14:54:33 ----A---- C:\Windows\system32\L2SecHC.dll 2009-09-09 14:54:26 ----A---- C:\Windows\system32\WMVCORE.DLL 2009-09-09 14:54:26 ----A---- C:\Windows\system32\mf.dll 2009-09-06 12:26:21 ----D---- C:\ProgramData\Google Updater 2009-09-02 19:47:58 ----A---- C:\Windows\system32\Apphlpdm.dll 2009-09-02 19:47:56 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2009-09-01 10:19:28 ----D---- C:\Users\Borki\AppData\Roaming\Google 2009-09-01 10:18:18 ----D---- C:\ProgramData\Google 2009-09-01 10:18:05 ----D---- C:\Program Files\PhotoScape 2009-08-28 18:18:17 ----D---- C:\ProgramData\OpenFM 2009-08-28 18:18:14 ----D---- C:\Users\Borki\AppData\Roaming\OpenFM 2009-08-27 11:04:31 ----A---- C:\Windows\system32\tzres.dll ======List of files/folders modified in the last 3 months====== 2009-11-24 20:57:06 ----D---- C:\Windows\Temp 2009-11-24 14:44:55 ----D---- C:\Windows\Tasks 2009-11-23 19:58:20 ----D---- C:\Program Files 2009-11-23 19:58:16 ----D---- C:\Windows\Prefetch 2009-11-23 19:40:20 ----A---- C:\Windows\system32\acovcnt.exe 2009-11-23 19:40:01 ----SHD---- C:\System Volume Information 2009-11-22 22:57:33 ----D---- C:\Windows\System32 2009-11-22 22:57:33 ----D---- C:\Windows\inf 2009-11-22 22:57:33 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-11-22 22:55:16 ----D---- C:\Windows\system32\drivers 2009-11-21 22:08:10 ----D---- C:\Windows 2009-11-21 21:11:43 ----SHD---- C:\Windows\Installer 2009-11-21 21:11:42 ----D---- C:\Windows\system32\catroot 2009-11-21 21:11:35 ----D---- C:\Windows\system32\catroot2 2009-11-21 20:54:53 ----HD---- C:\ProgramData 2009-11-20 19:57:33 ----D---- C:\Users\Borki\AppData\Roaming\Winamp 2009-11-20 18:12:49 ----SD---- C:\Users\Borki\AppData\Roaming\Microsoft 2009-11-13 16:44:36 ----D---- C:\Windows\system32\Tasks 2009-11-12 19:42:39 ----D---- C:\ProgramData\CyberLink 2009-11-12 03:32:53 ----D---- C:\Windows\winsxs 2009-11-12 03:20:44 ----D---- C:\Program Files\Windows Mail 2009-11-12 03:05:39 ----D---- C:\ProgramData\Microsoft Help 2009-11-10 19:51:26 ----D---- C:\ProgramData\Symantec 2009-11-10 19:51:26 ----D---- C:\ProgramData\Norton 2009-11-10 16:44:49 ----SD---- C:\Windows\Downloaded Program Files 2009-11-09 03:07:06 ----RSD---- C:\Windows\assembly 2009-11-08 12:12:23 ----D---- C:\Program Files\Common Files 2009-11-05 18:36:21 ----A---- C:\Windows\system32\mrt.exe 2009-11-04 19:13:36 ----D---- C:\Windows\rescache 2009-11-04 18:57:13 ----D---- C:\Windows\system32\pl-PL 2009-10-28 03:05:39 ----D---- C:\Program Files\Windows Media Player 2009-10-28 03:05:39 ----D---- C:\Program Files\Internet Explorer 2009-10-19 19:06:51 ----D---- C:\ProgramData\ipla 2009-10-19 18:57:58 ----D---- C:\Users\Borki\AppData\Roaming\ipla 2009-10-15 02:20:34 ----D---- C:\Windows\Microsoft.NET 2009-10-15 02:10:27 ----D---- C:\Windows\system32\migration 2009-10-06 11:52:36 ----A---- C:\Windows\system32\nmwcdcls.dll 2009-09-30 16:45:14 ----A---- C:\Windows\win.ini 2009-09-29 22:10:18 ----D---- C:\Program Files\Mozilla Firefox 2009-09-27 10:44:19 ----D---- C:\Program Files\Common Files\microsoft shared 2009-09-27 10:44:18 ----D---- C:\Program Files\MSBuild 2009-09-27 10:43:52 ----SD---- C:\ProgramData\Microsoft 2009-09-26 14:42:44 ----D---- C:\Program Files\ASUS 2009-09-20 11:39:54 ----D---- C:\Users\Borki\AppData\Roaming\Nowe Gadu-Gadu 2009-09-15 19:19:09 ----D---- C:\Windows\system32\en-US 2009-09-15 19:19:09 ----D---- C:\Windows\PolicyDefinitions 2009-09-15 19:07:58 ----D---- C:\Windows\Debug 2009-09-15 18:29:26 ----RSD---- C:\Windows\Fonts 2009-09-15 18:29:02 ----D---- C:\Program Files\Microsoft Works 2009-09-12 08:49:37 ----D---- C:\ProgramData\Adobe 2009-09-12 08:49:33 ----D---- C:\Program Files\Common Files\Adobe 2009-09-08 18:05:53 ----D---- C:\Program Files\Nowe Gadu-Gadu 2009-09-06 12:29:26 ----D---- C:\Program Files\Google 2009-09-03 14:10:22 ----D---- C:\Windows\AppPatch 2009-08-29 00:13:16 ----A---- C:\Windows\ATKPF.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091104.001\BHDrvx86.sys [2009-11-05 524848] R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NIS\1101000.013\ccHPx86.sys [2009-10-20 501888] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-29 371248] R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091111.001\IDSvix86.sys [2009-10-28 343088] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1101000.013\SRTSPX.SYS [2009-10-09 43696] R1 SymIRON;Symantec Iron Driver; C:\Windows\System32\Drivers\NIS\1101000.013\Ironx86.SYS [2009-10-09 114736] R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1101000.013\SYMTDIV.SYS [2009-10-15 339504] R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-20 1093120] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-29 102448] R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-03-13 140800] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088] R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-11-03 13880] R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-12-16 48128] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-09-10 38224] R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2008-12-24 14392] R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091123.037\NAVENG.SYS [2009-08-29 84912] R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091123.037\NAVEX15.SYS [2009-08-29 1323568] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-08-11 1752704] R3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\Windows\system32\drivers\srs_PremiumSound_i386.sys [2009-01-14 230952] R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1101000.013\SRTSP.SYS [2009-10-09 325168] R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-11-08 124976] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-03-20 984064] S3 awlcqpoc;awlcqpoc; \??\C:\Users\Borki\AppData\Local\Temp\awlcqpoc.sys [] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2008-06-18 49904] S3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-10-06 17664] S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-10-06 22016] S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560] S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936] S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-21 28160] S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936] S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 131000] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280] R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2008-08-14 100920] R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728] R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [2009-10-20 126392] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-05-14 272024] S2 gupdate1ca2ee53e4e2e60;Usługa Google Update (gupdate1ca2ee53e4e2e60); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-06 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-06 194032] S3 fsssvc;Bezpieczeństwo rodzinne usługi Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- Loga z GMERa kolega mi wyśle jutro jak skanowanie zrobi. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Listopad 24, 2009 Zgłoś Share Napisano Listopad 24, 2009 Wygląda więc na to, że po infekcji zostały tylko ślady, ale to dokładnie będzie wiadome dopiero po sprawdzeniu logu z GMER-a. Problem w tym, że te ślady mogą wystarczyć, żeby utrudnić życie. Możesz pokombinować z programami a-squarred free, spybot s&d, lub Ad-Aware, może jeden z tych programów będzie umiał sobie poradzić. Otwórz notatnik, wklej do niego to co poniżej Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb8eb0bc-6fe8-11de-9f40-0026182ec3fc}] zapisz to jako fix.reg i uruchom. Ponadto pliki: C:\Program Files\gry\tbgr0.dll sprawdź na VirusTotal. Wypadałoby wgrać SP2. Problemem w tym przypadku może być norton, który jest dosyć ciężki. Link do komentarza Udostępnij na innych stronach More sharing options...