Grupy dyskusyjne

Problem z restartami

	Data: 2009-03-24 08:05:02
Autor: Negatyw
Problem z restartami
Witam Mój komp ma tendencję do zwiechów i samorestartów. Sytuacja ma miejsce równiez po wymianie obudowy i zasilacza na 520w. Temperatury chipsetu i proca są ok - zatem nie jest to wynikiem przegrzania. Posiadam 2 dyski z feralnej serii Seagate - st3500320as. Jeden z nich, wymaga upg firmare'u: http://img257.imageshack.us/img257/9374/seag2www.jpg Zapewne jednym se składników moich problemów są trojany i wirusy, które się przedostały na twardziele (nod32 v.4). Moja patowa sytuacja polega na tym, że podczas prób skanowania twardzieli różnymi skanerami on-line, następuje restart albo zwiech. Nie mogę więc tej operacji zakończyć. Korzystałem z różnych samoróbek pod linuchem: http://www.searchengines.pl/Bootowalne-antywirusowe-CD-t112329.html ale nie bardzo zdało to u mnie egzamin. Odpaliłem live cd Ubuntu - problem w tym, że te skanery chodzą pod IE a nie pod Firefoxem. Czy macie jakieś pomysły? Pozdro -- -- -- -- -- -- -- -- -- -- -- -- Negatyw negatyw001(małpa)o2.pl -- -- -- -- -- -- -- -- -- -- --

	Data: 2009-03-24 00:54:43
Autor: staszek
Problem z restartami
On 24 Mar, 08:05, "Negatyw" <negatyw...@USUNTO.o2.pl.invalid> wrote: Witam Mój komp ma tendencję do zwiechów i samorestartów. Sytuacja ma miejsce równiez po wymianie obudowy i zasilacza na 520w. Temperatury chipsetu i proca są ok - zatem nie jest to wynikiem przegrzania. Posiadam 2 dyski z feralnej serii Seagate - st3500320as. Jeden z nich, wymaga upg firmare'u:http://img257.imageshack.us/img257/9374/seag2www.jpg Zapewne jednym se składników moich problemów są trojany i wirusy, które się przedostały na twardziele (nod32 v.4). Moja patowa sytuacja polega na tym, że podczas prób skanowania twardzieli różnymi skanerami on-line, następuje restart albo zwiech. Nie mogę więc tej operacji zakończyć. Korzystałem z różnych samoróbek pod linuchem:http://www.searchengines.pl/Bootowalne-antywirusowe-CD-t112329.html ale nie bardzo zdało to u mnie egzamin. Odpaliłem live cd Ubuntu - problem w tym, że te skanery chodzą pod IE a nie pod Firefoxem. Czy macie jakieś pomysły? Pozdro -- -- -- -- -- -- -- -- -- -- -- -- Negatyw negatyw001(małpa)o2.pl -- -- -- -- -- -- -- -- -- -- -- 1.Tryb awaryjny 2. HiJack -odznacz wszystkie swiństwa (które niepotrzebnie się uruchamiają w systemem) i z fix-uj 3. Restart dalej tryb awaryjny 4. COMBOFIX najnowszy zawsze na instalki.pl 5. Restart 6. Tryb normalny 7. Skan ANTYVIREM

	Data: 2009-03-24 10:08:58
Autor: Negatyw
Problem z restartami
Użytkownik "staszek" <staszek666@gmail.com> napisał w wiadomości news:9f918ff9-e232-4889-806b-5a82306ec94b33g2000yqm.googlegroups.com... 2. HiJack -odznacz wszystkie swiństwa (które niepotrzebnie się uruchamiają w systemem) i z fix-uj Nie bardzo mówiąc szczerze jarzę, co jest OK a co NIE... No i nie mam zainstalowanej kontroli odzyskiwania - czym by to nie było. Tu masz loga z tego: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:47:22, on 2009-03-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\totalcmd\TOTALCMD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE" O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://edownload.grisoft.cz/ewidoOnlineScan.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237832290093 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://asp.photoprintit.de/microsite/1289/defaults/activex/ips/IPSUploader4.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{12090D13-3BD7-40E3-8257-8A5C676B4824}: NameServer = 78.152.23.66,78.152.23.67 O17 - HKLM\System\CS1\Services\Tcpip\..\{12090D13-3BD7-40E3-8257-8A5C676B4824}: NameServer = 78.152.23.66,78.152.23.67 O17 - HKLM\System\CS2\Services\Tcpip\..\{12090D13-3BD7-40E3-8257-8A5C676B4824}: NameServer = 78.152.23.66,78.152.23.67 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: efcbCSkj - efcbCSkj.dll (file missing) O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - I:\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - I:\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe 4. COMBOFIX najnowszy zawsze na instalki.pl 5. Restart 6. Tryb normalny ComboFix 09-03-22.01 - Administrator 2009-03-24 9:56:32.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3327.3060 [GMT 1:00] Uruchomiony z: c:\10\ComboFix.exe AV: Doctor Web Anti-Virus On-access scanning disabled (Updated) FW: Look 'n' Stop 2.06 (Soft4Ever) enabled UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! .. ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) .. c:\documents and settings\Darek\Dane aplikacji\inst.exe c:\windows\system32\micr0st.dll .. ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) .. -- -- -- -\Legacy_ISODRIVE -- -- -- -\Service_ISODrive ((((((((((((((((((((((((( Pliki utworzone od 2009-02-24 do 009-03-24 ))))))))))))))))))))))))))))))) .. 2009-03-24 09:47 . 2009-03-24 09:47 <DIR> d-- -- -- -- c:\program files\Trend Micro 2009-03-24 09:36 . 2009-03-24 09:36 <DIR> d-- -- -- -- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software 2009-03-24 09:36 . 2006-05-25 15:52 162,304 -- a-- -- -- c:\windows\system32\ztvunrar36.dll 2009-03-24 09:36 . 2003-02-02 20:06 153,088 -- a-- -- -- c:\windows\system32\UNRAR3.dll 2009-03-24 09:36 . 2005-08-26 01:50 77,312 -- a-- -- -- c:\windows\system32\ztvunace26.dll 2009-03-24 09:36 . 2002-03-06 01:00 75,264 -- a-- -- -- c:\windows\system32\unacev2.dll 2009-03-24 09:36 . 2006-06-19 13:01 69,632 -- a-- -- -- c:\windows\system32\ztvcabinet.dll 2009-03-24 09:28 . 2009-03-24 09:33 <DIR> d-- -- -- -- C:\10 2009-03-24 09:01 . 2009-03-24 09:01 <DIR> d-- -- -- -- c:\program files\MCS Studios 2009-03-24 09:01 . 2005-12-14 22:16 237,568 -- a-- -- -- c:\windows\system32\mcstabs.ocx 2009-03-24 09:01 . 1998-06-18 00:00 89,360 -- a-- -- -- c:\windows\system32\VB5DB.DLL 2009-03-24 07:45 . 2009-03-24 09:25 <DIR> d-- -- -- -- c:\program files\DrWeb 2009-03-24 07:45 . 2009-03-24 07:46 77,824 -- a-- -- t- c:\windows\system32\DRWEBSP.DLL 2009-03-23 18:44 . 2009-03-24 10:00 4,958,588 -- a-- -- -- c:\windows\{00000005-00000000-00000001-00001102-00000004-10071102}.BAK 2009-03-23 18:44 . 2009-03-24 09:44 31,056 -- a-- -- -- c:\windows\system32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000004-10071102}.rfx 2009-03-23 18:44 . 2009-03-24 09:44 31,056 -- a-- -- -- c:\windows\system32\BMXState-{00000005-00000000-00000001-00001102-00000004-10071102}.rfx 2009-03-23 18:44 . 2009-03-24 09:44 30,528 -- a-- -- -- c:\windows\system32\BMXCtrlState-{00000005-00000000-00000001-00001102-00000004-10071102}.rfx 2009-03-23 18:44 . 2009-03-24 09:44 30,528 -- a-- -- -- c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000004-10071102}.rfx 2009-03-23 18:44 . 2009-03-24 09:44 11,564 -- a-- -- -- c:\windows\system32\DVCState-{00000005-00000000-00000001-00001102-00000004-10071102}.rfx 2009-03-23 18:44 . 2009-03-23 18:44 1,080 -- a-- -- -- c:\windows\system32\settingsbkup.sfm 2009-03-23 18:44 . 2009-03-23 18:44 1,080 -- a-- -- -- c:\windows\system32\settings.sfm 2009-03-23 18:41 . 2009-03-24 10:00 4,958,588 -- a-- -- -- c:\windows\{00000005-00000000-00000001-00001102-00000004-10071102}.CDF 2009-03-23 18:37 . 1998-01-08 01:00 1,048,576 -- -- -- -- - c:\windows\system32\SFMAN.DAT 2009-03-23 18:37 . 1995-01-13 14:10 149,504 -- -- -- -- - c:\windows\system32\MFCANS32.DLL 2009-03-23 18:37 . 1995-01-13 14:10 108,032 -- -- -- -- - c:\windows\system32\MFCUIA32.DLL 2009-03-23 18:37 . 2000-05-11 01:00 90,112 -- -- -- -- - c:\windows\Updreg.EXE 2009-03-23 18:37 . 1998-06-05 02:00 84,992 -- -- -- -- - c:\windows\system32\SFCVRT32.DLL 2009-03-23 18:37 . 1995-08-30 02:02 82,432 -- -- -- -- - c:\windows\system32\CTWFLT32.DLL 2009-03-23 18:37 . 1998-10-20 16:05 54,784 -- -- -- -- - c:\windows\system32\INETWH32.DLL 2009-03-23 18:37 . 1994-12-05 03:11 53,552 -- -- -- -- - c:\windows\CTCCW.DLL 2009-03-23 18:37 . 1995-07-13 02:01 26,768 -- -- -- -- - c:\windows\system32\CTL3D.DLL 2009-03-23 18:37 . 1996-05-23 02:24 24,976 -- -- -- -- - c:\windows\CTRES.DLL 2009-03-23 18:37 . 1999-01-14 14:04 231 -- -- -- -- - c:\windows\AC3API.INI 2009-03-23 18:34 . 2002-02-20 03:00 331,776 -- -- -- -- - c:\windows\system32\CTMEDENG.DLL 2009-03-23 18:34 . 2001-09-18 03:00 139,264 -- a-- -- -- c:\windows\system32\Video.skn 2009-03-23 18:34 . 2001-03-30 02:00 62,976 -- a-- -- -- c:\windows\system32\CTDetres.dll 2009-03-23 18:34 . 2000-04-20 01:00 24,576 -- a-- -- -- c:\windows\system32\CTMERes.DLL 2009-03-23 18:34 . 1998-09-17 01:52 17,350 -- a-- -- -- c:\windows\system32\CTDetect.hlp 2009-03-23 18:34 . 1998-09-17 01:52 641 -- a-- -- -- c:\windows\system32\CTDetect.cnt 2009-03-23 18:34 . 2009-03-23 18:37 136 -- a-- -- -- c:\windows\SBWIN.INI 2009-03-23 18:32 . 2003-03-05 12:19 15,840 -- -- -- -- - c:\windows\system32\pfmodnt.sys 2009-03-23 18:25 . 2009-03-24 09:43 2,145,386,496 -- a-- -- -- c:\windows\MEMORY.DMP 2009-03-23 17:53 . 2005-04-20 20:31 1,712,128 -- -- -c-- - c:\windows\system32\dllcache\netshell.dll 2009-03-23 17:53 . 2005-04-20 20:31 474,624 -- -- -c-- - c:\windows\system32\dllcache\wzcsvc.dll 2009-03-23 17:53 . 2005-04-20 20:31 381,952 -- -- -c-- - c:\windows\system32\dllcache\wzcdlg.dll 2009-03-23 17:53 . 2005-04-20 20:31 52,736 -- -- -c-- - c:\windows\system32\dllcache\wzcsapi.dll 2009-03-23 17:53 . 2005-04-20 00:54 14,592 -- -- -c-- - c:\windows\system32\dllcache\ndisuio.sys 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-- -- - c:\windows\WindowsShell.Manifest 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-- -- - c:\windows\system32\wuaucpl.cpl.manifest 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-- -- - c:\windows\system32\sapi.cpl.manifest 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-- -- - c:\windows\system32\nwc.cpl.manifest 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-- -- - c:\windows\system32\ncpa.cpl.manifest 2009-03-23 17:51 . 2009-03-23 17:51 488 -rah-- -- - c:\windows\system32\logonui.exe.manifest 2009-03-23 17:47 . 2006-09-13 18:18 153,088 -- a-- -- -- c:\windows\system32\irftp.exe 2009-03-23 17:47 . 2006-09-13 18:18 87,424 -- a-- -- -- c:\windows\system32\drivers\irda.sys 2009-03-23 17:47 . 2006-09-13 18:19 27,648 -- a-- -- -- c:\windows\system32\irmon.dll 2009-03-23 17:47 . 2006-09-13 18:18 8,192 -- a-- -- -- c:\windows\system32\wshirda.dll 2009-03-23 17:38 . 2008-10-07 13:33 201,157 -- a-- -- -- c:\windows\system32\nvapps.nvb 2009-03-23 17:33 . 2006-09-13 18:17 19,584 -- a-- -- -- c:\windows\system32\drivers\rasirda.sys 2009-03-23 17:32 . 2001-10-26 19:29 24,661 -- a-- -- -- c:\windows\system32\spxcoins.dll 2009-03-23 17:32 . 2001-10-26 19:29 13,312 -- a-- -- -- c:\windows\system32\irclass.dll 2009-03-23 17:31 . 2004-08-04 01:27 1,896,400 -- a-- c-- - c:\windows\system32\dllcache\NT5.CAT 2009-03-23 17:31 . 2004-08-04 01:27 1,086,058 -- a-- c-- - c:\windows\system32\dllcache\NTPRINT.CAT 2009-03-23 17:31 . 2004-08-04 01:27 1,086,058 -ra-- -- -- c:\windows\SET95.tmp 2009-03-23 17:31 . 2004-08-04 01:32 1,014,483 -ra-- -- -- c:\windows\SET92.tmp 2009-03-23 17:31 . 2004-08-04 01:27 620,500 -- a-- c-- - c:\windows\system32\dllcache\NT5INF.CAT 2009-03-23 17:31 . 2004-08-04 01:28 141,702 -- a-- c-- - c:\windows\system32\dllcache\netfx.cat 2009-03-23 17:31 . 2004-08-04 01:32 102,826 -- a-- c-- - c:\windows\system32\dllcache\tabletpc.cat 2009-03-23 17:31 . 2004-08-04 01:27 31,965 -- a-- c-- - c:\windows\system32\dllcache\mediactr.cat 2009-03-23 17:31 . 2004-08-04 01:27 30,983 -- a-- c-- - c:\windows\system32\dllcache\FP4.CAT 2009-03-23 17:31 . 2004-08-04 01:26 14,043 -- a-- c-- - c:\windows\system32\dllcache\IMS.CAT 2009-03-23 17:31 . 2004-08-04 01:26 14,043 -ra-- -- -- c:\windows\SETA1.tmp 2009-03-23 17:31 . 2004-08-04 01:27 7,245 -- a-- c-- - c:\windows\system32\dllcache\MSTSWEB.CAT 2009-03-23 16:38 . 2009-03-23 16:38 <DIR> d-- -- -- -- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-03-23 11:00 . 2009-03-23 11:00 <DIR> d-- -- -- -- c:\program files\Seagate 2009-03-23 08:18 . 2008-06-19 16:24 28,544 -- a-- -- -- c:\windows\system32\drivers\pavboot.sys 2009-03-23 08:17 . 2009-03-23 08:17 <DIR> d-- -- -- -- c:\program files\Panda Security 2009-03-22 11:35 . 2009-03-22 11:35 <DIR> d-- -- -- -- c:\program files\Common Files\Wise Installation Wizard 2009-03-20 17:29 . 2009-03-20 17:29 <DIR> d-- -- -- -- c:\windows\system32\HouseCall 6.6 2009-03-20 17:29 . 2009-03-20 17:29 <DIR> d-- -- -- -- c:\documents and settings\Darek\Dane aplikacji\HouseCall 6.6 2009-03-20 15:41 . 2009-03-20 15:41 13,137,952 -- a-- -- -- C:\cureit.exe 2009-03-19 08:18 . 2009-03-19 08:29 278 -- a-- -- -- c:\windows\HAFASWIN.INI 2009-03-19 08:18 . 2009-03-19 08:18 21 -- a-- -- -- c:\windows\progman.ini 2009-03-19 07:21 . 2009-03-19 07:23 31 -- a-- -- -- c:\windows\bluevoda.ini 2009-03-18 23:04 . 2009-03-18 23:03 737,280 -- a-- -- -- c:\windows\iun6002.exe 2009-03-18 22:59 . 2009-03-18 22:59 <DIR> d-- -- -- -- c:\documents and settings\Darek\Dane aplikacji\GibbHill Properties Ltd 2009-03-18 20:02 . 2009-03-09 20:06 15,688 -- a-- -- -- c:\windows\system32\lsdelete.exe 2009-03-18 19:37 . 2009-03-23 08:18 78,362 -- a-- -- -- c:\windows\setupapi.old 2009-03-18 19:37 . 2009-03-09 20:06 64,160 -- a-- -- -- c:\windows\system32\drivers\Lbd.sys 2009-03-18 19:36 . 2009-03-18 19:36 <DIR> d-- -- -- -- c:\program files\Lavasoft 2009-03-18 19:36 . 2009-03-18 19:36 <DIR> d-- h-c-- - c:\documents and settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-03-16 00:02 . 2007-04-11 21:52 185,344 -- a-- -- -- c:\windows\system32\iwpsetup.exe 2009-03-16 00:02 . 1997-01-16 00:00 29,696 -- a-- -- -- c:\windows\system32\VB5STKIT.DLL 2009-03-16 00:02 . 1997-01-16 13:42 6,114 -- a-- -- -- c:\windows\system32\SHELLLNK.TLB 2009-03-11 17:48 . 2009-03-19 10:13 <DIR> d-- -- -- -- C:\7 2009-03-11 17:39 . 2009-03-15 23:38 <DIR> d-- -- -- -- c:\program files\Blockstar 2009-03-11 16:58 . 2009-03-11 17:46 <DIR> d-- -- -- -- c:\documents and settings\Darek\Dane aplikacji\Cream Software 2009-02-26 09:16 . 2009-03-11 17:06 <DIR> d-- -- -- -- C:\6 2009-02-24 21:57 . 2009-02-24 21:57 <DIR> d-- -- -- -- c:\program files\Skype 2009-02-24 21:57 . 2009-02-24 21:57 <DIR> d-- -- -- -- c:\program files\Common Files\Skype 2009-02-24 08:50 . 2009-02-24 08:50 <DIR> d-- -- -- -- C:\5 .. (((((((((((((((((((((((((((((((((((((((( Sekcja nd3M )))))))))))))))))))))))))))))))))))))))))))))))))))) .. 2009-03-24 08:42 -- -- -- -- - d-- -a-w c:\documents and settings\All Users\Dane aplikacji\Temp 2009-03-24 08:42 -- -- -- -- - d-- -- -w c:\program files\Trojan Remover 2009-03-24 08:27 -- -- -- -- - d-- -- -w c:\program files\GetRight 2009-03-24 08:18 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\Spamihilator 2009-03-24 06:45 -- -- -- -- - d-- h-- w c:\program files\InstallShield Installation Information 2009-03-23 18:26 360,576 -- -- a-w c:\windows\system32\drivers\tcpip.sys 2009-03-23 18:24 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\ZoomBrowser EX 2009-03-23 18:24 -- -- -- -- - d-- -- -w c:\documents and settings\All Users\Dane aplikacji\ZoomBrowser 2009-03-23 17:53 -- -- -- -- - d-- -- -w c:\program files\Creative 2009-03-21 07:58 -- -- -- -- - d-- -- -w c:\program files\Create-Ringtone 2009-03-20 16:23 -- -- -- -- - d-- -- -w c:\program files\Spybot - Search & Destroy 2009-03-20 16:23 -- -- -- -- - d-- -- -w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-03-20 10:12 -- -- -- -- - d-- -- -w c:\program files\SkanerOnline 2009-03-19 19:10 -- -- -- -- - d-- -- -w c:\program files\Spyware Doctor 2009-03-19 09:14 -- -- -- -- - d-- -- -w c:\program files\emule 2009-03-19 06:44 -- -- -- -- - d-- -- -w c:\program files\PeerGuardian2 2009-03-19 06:44 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\uTorrent 2009-03-17 21:04 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\Skype 2009-03-17 21:01 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\skypePM 2009-03-17 06:31 -- -- -- -- - d-- -- -w c:\program files\Microsoft ActiveSync 2009-03-14 15:34 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\Vso 2009-03-08 10:22 -- -- -- -- - d-- -- -w c:\program files\Soulseek 2009-02-24 20:57 -- -- -- -- - d-- -- -w c:\documents and settings\All Users\Dane aplikacji\Skype 2009-02-22 23:55 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\foobar2000 2009-02-22 10:44 -- -- -- -- - d-- -- -w c:\program files\Magic Video Converter 2009-02-18 22:57 -- -- -- -- - d-- -- -w c:\program files\foobar2000 2009-02-18 21:13 -- -- -- -- - d-- -- -w c:\program files\MediaFACE II 2009-02-18 20:59 -- -- -- -- - d-- -- -w c:\program files\ALLPlayer 2009-02-18 20:22 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\Moyea 2009-02-18 20:18 -- -- -- -- - d-- -- -w c:\program files\Moyea 2009-02-18 20:08 -- -- -- -- - d-- -- -w c:\program files\FLVPlayer 2009-02-18 20:04 -- -- -- -- - d-- -- -w c:\program files\Smallvideosoft 2009-02-10 20:58 -- -- -- -- - d-- -- -w c:\program files\Yahoo! 2009-02-09 14:20 -- -- -- -- - d-- -- -w c:\program files\eSkiMoS R2 2009-02-06 20:23 -- -- -- -- - d-- -- -w c:\documents and settings\All Users\Dane aplikacji\DVD Shrink 2008-11-30 13:23 47,360 -- -- a-w c:\documents and settings\Darek\Dane aplikacji\pcouffin.sys 2007-04-04 20:40 221 -- -- a-w c:\program files\Common Files\max.kk 2006-06-24 06:48 32,768 -- -- a-r c:\windows\inf\UpdateUSB.exe .. -- -- -- - Sigcheck -- -- -- - 2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2009-03-23 19:26 360576 e7dfcffa380749b8626ad71e8f367dcb c:\windows\system32\drivers\tcpip.sys .. ((((((((((((((((((((((((((((((((((((( Wpisy startowe jestru )))))))))))))))))))))))))))))))))))))))))))))))))) .. .. Uwaga puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656] "Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23 1321984] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "Look 'n' Stop"="c:\program files\Soft4Ever\looknstop\looknstop.exe" [2008-12-28 512070] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152] "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056] "SpIDerNT"="c:\progra~1\DrWeb\spiderui.exe" [2008-10-23 197896] "DrWebScheduler"="c:\program files\DrWeb\DRWEBSCD.EXE" [2008-05-06 283888] "SpIDerMail"="c:\program files\DrWeb\spiderml.exe" [2008-06-10 501080] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Darek\Menu Start\Programy\Autostart\ Spyware Doctor Updater.exe [2008-10-30 29228] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Darek^Menu Start^Programy^Autostart^Express Assist Check.lnk] path=c:\documents and settings\Darek\Menu Start\Programy\Autostart\Express Assist Check.lnk backup=c:\windows\pss\Express Assist Check.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] -- a-- -- -- 2007-09-14 02:55 140568 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] -- a-- -- -- 2007-09-14 03:02 905056 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] -- a-- -- -- 2009-03-09 20:06 515416 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] -- a-- -- -- 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] -- a-- -- -- 2008-11-24 20:44 869888 c:\program files\ALLPlayer\ALLUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] -- a-- -- -- 2003-06-18 01:00 45056 c:\program files\Creative\DVDAudio\CTDVDDET.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series] -- a-- -- -- 2007-04-12 07:00 182272 c:\windows\system32\spool\drivers\w32x86\3\E_FATICDE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] -- a-- -- -- 2006-04-13 11:09 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] -- a-- -- -- 2006-01-12 16:40 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] -- a-- -- -- 2008-06-17 16:00 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] -- a-- -- -- 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] -- a-- -- -- 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] -- a-- -- -- 2008-08-11 08:31 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] -- a-- -- -- 2005-12-07 22:57 30208 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] -- a-- -- -- 2007-09-14 02:52 2595480 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] -- a-- -- -- 2001-10-02 00:42 10752 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] -- a-- -- -- 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Spamihilator\\cdcc.exe"= "c:\\Program Files\\Spamihilator\\dccproc.exe"= "c:\\Program Files\\Spamihilator\\spamihilator.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-18 64160] R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-07-22 151592] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-23 28544] R1 lnsfw1;lnsfw1;c:\windows\system32\drivers\lnsfw1.sys [2008-12-28 77184] R2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\DrWeb\spider.sys [2009-03-24 268040] R2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe [2009-03-24 197896] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296] R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-11-04 36864] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296] S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;i:\firebird\Firebird_1_5\bin\fbguard.exe -s -- > i:\firebird\Firebird_1_5\bin\fbguard.exe -s [?] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;i:\firebird\Firebird_1_5\bin\fbserver.exe -s -- > i:\firebird\Firebird_1_5\bin\fbserver.exe -s [?] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\ks-959.sys [2005-07-23 19034] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-24 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-24 8320] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920] S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-11-04 178913] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{521142a4-c6ba-11dd-9b11-000000000000}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b08c2893-aa51-11dd-a53b-806d6172696f}] \Shell\AutoRun\command - M:\setup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" .. Zawartość folderu 'Zaplanowane zadania' 2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:06] 2009-03-23 c:\windows\Tasks\Norton Security Scan for Darek.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] .. - - - - USUNIĘTO PUSTE WPISY - - - - Notify-efcbCSkj - efcbCSkj.dll MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-UVS11 Preload - e:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe .. -- -- -- - Skan uzupełniający -- -- -- - .. uStart Page = about:blank uInternet Settings,ProxyOverride = .local IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm LSP: c:\windows\system32\DRWEBSP.DLL FF - ProfilePath - c:\documents and settings\Darek\Dane aplikacji\Mozilla\Firefox\Profiles\zx5x027r.default\ FF - prefs.js: browser.startup.homepage - www.google.pl FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGetRt.dll .. *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-24 10:00:22 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ********************************************************************** .. -- -- -- -- -- -- -- -- -- -- - Pliki DLL ładowane pod uruchomionymi procesami -- -- -- -- -- -- -- -- -- -- - - - - - - - - > 'lsass.exe'(1204) c:\windows\system32\relog_ap.dll c:\windows\system32\DRWEBSP.DLL .. -- -- -- -- -- -- -- -- -- -- -- -- Pozostałe uruchomione procesy -- -- -- -- -- -- -- -- -- -- -- -- .. c:\windows\system32\savedump.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe c:\documents and settings\Darek\Menu Start\Programy\Autostart\Spyware Doctor Updater.exe c:\windows\system32\CTSVCCDA.EXE c:\documents and settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\DrWeb\spidernt.exe c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe c:\program files\DrWeb\drwebupw.exe .. ************************************************************************ .. Czas ukończenia: 2009-03-24 10:01:55 - komputer został uruchomiony ponownie [Darek] ComboFix-quarantined-files.txt 2009-03-24 09:01:52 Przed: 2 921 869 312 bajtów wolnych Po: 4,011,827,200 bajtów wolnych Pozdro -- -- -- -- -- -- -- -- -- -- -- -- Negatyw negatyw001(małpa)o2.pl -- -- -- -- -- -- -- -- -- -- --

	Data: 2009-03-24 02:43:54
Autor: staszek
Problem z restartami
To zostaje w HiJacku: O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative \SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 09 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\.. \{12090D13-3BD7-40E3-8257-8A5C676B4824}: NameServer = 78.152.23.66,78.152.23.67 O17 - HKLM\System\CS1\Services\Tcpip\.. \{12090D13-3BD7-40E3-8257-8A5C676B4824}: NameServer = 78.152.23.66,78.152.23.67 O17 - HKLM\System\CS2\Services\Tcpip\.. \{12090D13-3BD7-40E3-8257-8A5C676B4824}: NameServer = 78.152.23.66,78.152.23.67 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL Reszta zaznacz budki i zfixuj. budek 023 nie musisz zaznaczać bo usuwa sie je inaczej. Start>uruchom> wpisz msconfig <enter> zakładka usługi (nadole masz ukryj wszystkie Microsoft) i tam odznaczasz co nie ma sie uruchamiać razem z windą Możesz smiało wywalić Apple, InterVideo, Firebird, Java, Light Scribe, Cyberlink,Acronis formatc. Co do Combofixa konsola czasami jest przydatna to narzędzi M$ coś jak tryb awaryjny z wiersza poleceń nie koniecznie musisz instalować. No i po tych operacjach jakis antywirus najlepiej zainstaluj jakis na nowo bo nie wiadomo czy obecny nie jest zarażony polecam kasperski chociażby wersje - 30 dniowa. Lub darmowy AVIRA Pozdrwaiam i powodzenia w czyszczenu. On 24 Mar, 10:08, "Negatyw" <negatyw...@USUNTO.o2.pl.invalid> wrote: Użytkownik "staszek" <staszek...@gmail.com> napisał w wiadomościnews:9f918ff9-e232-4889-806b-5a82306ec94b33g2000yqm.googlegroups.com... > 2. HiJack -odznacz wszystkie swiństwa (które niepotrzebnie się uruchamiają > w systemem) i z fix-uj Nie bardzo mówiąc szczerze jarzę, co jest OK a co NIE... No i nie mam zainstalowanej kontroli odzyskiwania - czym by to nie było. Tu masz loga z tego: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:47:22, on 2009-03-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\totalcmd\TOTALCMD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page > R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName > R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE" O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe" O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -http://edownload.grisoft.cz/ewidoOnlineScan.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/... O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff..cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client... O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa..cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) -http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -http://ax.emsisoft.com/asquared.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) -https://asp.photoprintit.de/microsite/1289/defaults/activex/ips/IPSUp... O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{12090D13-3BD7-40E3-8257-8A5C676B4824}: NameServer = 78.152.23.66,78.152.23.67 O17 - HKLM\System\CS1\Services\Tcpip\..\{12090D13-3BD7-40E3-8257-8A5C676B4824}: NameServer = 78.152.23.66,78.152.23.67 O17 - HKLM\System\CS2\Services\Tcpip\..\{12090D13-3BD7-40E3-8257-8A5C676B4824}: NameServer = 78.152.23.66,78.152.23.67 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: efcbCSkj - efcbCSkj.dll (file missing) O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - I:\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - I:\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe > 4. COMBOFIX najnowszy zawsze na instalki.pl > 5. Restart > 6. Tryb normalny ComboFix 09-03-22.01 - Administrator 2009-03-24 9:56:32.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3327.3060 [GMT 1:00] Uruchomiony z: c:\10\ComboFix.exe AV: Doctor Web Anti-Virus On-access scanning disabled (Updated) FW: Look 'n' Stop 2.06 (Soft4Ever) enabled UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Darek\Dane aplikacji\inst.exe c:\windows\system32\micr0st.dll . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -- -- -- -\Legacy_ISODRIVE -- -- -- -\Service_ISODrive ((((((((((((((((((((((((( Pliki utworzone od 2009-02-24 do 009-03-24 ))))))))))))))))))))))))))))))) . 2009-03-24 09:47 . 2009-03-24 09:47 <DIR> d-- -- -- -- c:\program files\Trend Micro 2009-03-24 09:36 . 2009-03-24 09:36 <DIR> d-- -- -- -- c:\documents and settings\All Users\Dane aplikacji\Simply Super Software 2009-03-24 09:36 . 2006-05-25 15:52 162,304 -- a-- -- -- c:\windows\system32\ztvunrar36.dll 2009-03-24 09:36 . 2003-02-02 20:06 153,088 -- a-- -- -- c:\windows\system32\UNRAR3.dll 2009-03-24 09:36 . 2005-08-26 01:50 77,312 -- a-- -- -- c:\windows\system32\ztvunace26.dll 2009-03-24 09:36 . 2002-03-06 01:00 75,264 -- a-- -- -- c:\windows\system32\unacev2.dll 2009-03-24 09:36 . 2006-06-19 13:01 69,632 -- a-- -- -- c:\windows\system32\ztvcabinet.dll 2009-03-24 09:28 . 2009-03-24 09:33 <DIR> d-- -- -- -- C:\10 2009-03-24 09:01 . 2009-03-24 09:01 <DIR> d-- -- -- -- c:\program files\MCS Studios 2009-03-24 09:01 . 2005-12-14 22:16 237,568 -- a-- -- -- c:\windows\system32\mcstabs.ocx 2009-03-24 09:01 . 1998-06-18 00:00 89,360 -- a-- -- -- c:\windows\system32\VB5DB.DLL 2009-03-24 07:45 . 2009-03-24 09:25 <DIR> d-- -- -- -- c:\program files\DrWeb 2009-03-24 07:45 . 2009-03-24 07:46 77,824 -- a-- -- t- c:\windows\system32\DRWEBSP.DLL 2009-03-23 18:44 . 2009-03-24 10:00 4,958,588 -- a-- -- -- c:\windows\{00000005-00000000-00000001-00001102-00000004-10071102}.BAK 2009-03-23 18:44 . 2009-03-24 09:44 31,056 -- a-- -- -- c:\windows\system32\BMXStateBkp-{00000005-00000000-00000001-00001102-000000 04-10071102}.rfx 2009-03-23 18:44 . 2009-03-24 09:44 31,056 -- a-- -- -- c:\windows\system32\BMXState-{00000005-00000000-00000001-00001102-00000004- 10071102}.rfx 2009-03-23 18:44 . 2009-03-24 09:44 30,528 -- a-- -- -- c:\windows\system32\BMXCtrlState-{00000005-00000000-00000001-00001102-00000 004-10071102}.rfx 2009-03-23 18:44 . 2009-03-24 09:44 30,528 -- a-- -- -- c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00 000004-10071102}.rfx 2009-03-23 18:44 . 2009-03-24 09:44 11,564 -- a-- -- -- c:\windows\system32\DVCState-{00000005-00000000-00000001-00001102-00000004- 10071102}.rfx 2009-03-23 18:44 . 2009-03-23 18:44 1,080 -- a-- -- -- c:\windows\system32\settingsbkup.sfm 2009-03-23 18:44 . 2009-03-23 18:44 1,080 -- a-- -- -- c:\windows\system32\settings.sfm 2009-03-23 18:41 . 2009-03-24 10:00 4,958,588 -- a-- -- -- c:\windows\{00000005-00000000-00000001-00001102-00000004-10071102}.CDF 2009-03-23 18:37 . 1998-01-08 01:00 1,048,576 -- -- -- -- - c:\windows\system32\SFMAN.DAT 2009-03-23 18:37 . 1995-01-13 14:10 149,504 -- -- -- -- - c:\windows\system32\MFCANS32.DLL 2009-03-23 18:37 . 1995-01-13 14:10 108,032 -- -- -- -- - c:\windows\system32\MFCUIA32.DLL 2009-03-23 18:37 . 2000-05-11 01:00 90,112 -- -- -- -- - c:\windows\Updreg.EXE 2009-03-23 18:37 . 1998-06-05 02:00 84,992 -- -- -- -- - c:\windows\system32\SFCVRT32.DLL 2009-03-23 18:37 . 1995-08-30 02:02 82,432 -- -- -- -- - c:\windows\system32\CTWFLT32.DLL 2009-03-23 18:37 . 1998-10-20 16:05 54,784 -- -- -- -- - c:\windows\system32\INETWH32.DLL 2009-03-23 18:37 . 1994-12-05 03:11 53,552 -- -- -- -- - c:\windows\CTCCW.DLL 2009-03-23 18:37 . 1995-07-13 02:01 26,768 -- -- -- -- - c:\windows\system32\CTL3D.DLL 2009-03-23 18:37 . 1996-05-23 02:24 24,976 -- -- -- -- - c:\windows\CTRES.DLL 2009-03-23 18:37 . 1999-01-14 14:04 231 -- -- -- -- - c:\windows\AC3API.INI 2009-03-23 18:34 . 2002-02-20 03:00 331,776 -- -- -- -- - c:\windows\system32\CTMEDENG.DLL 2009-03-23 18:34 . 2001-09-18 03:00 139,264 -- a-- -- -- c:\windows\system32\Video.skn 2009-03-23 18:34 . 2001-03-30 02:00 62,976 -- a-- -- -- c:\windows\system32\CTDetres.dll 2009-03-23 18:34 . 2000-04-20 01:00 24,576 -- a-- -- -- c:\windows\system32\CTMERes.DLL 2009-03-23 18:34 . 1998-09-17 01:52 17,350 -- a-- -- -- c:\windows\system32\CTDetect.hlp 2009-03-23 18:34 . 1998-09-17 01:52 641 -- a-- -- -- c:\windows\system32\CTDetect.cnt 2009-03-23 18:34 . 2009-03-23 18:37 136 -- a-- -- -- c:\windows\SBWIN.INI 2009-03-23 18:32 . 2003-03-05 12:19 15,840 -- -- -- -- - c:\windows\system32\pfmodnt.sys 2009-03-23 18:25 . 2009-03-24 09:43 2,145,386,496 -- a-- -- -- c:\windows\MEMORY.DMP 2009-03-23 17:53 . 2005-04-20 20:31 1,712,128 -- -- -c-- - c:\windows\system32\dllcache\netshell.dll 2009-03-23 17:53 . 2005-04-20 20:31 474,624 -- -- -c-- - c:\windows\system32\dllcache\wzcsvc.dll 2009-03-23 17:53 . 2005-04-20 20:31 381,952 -- -- -c-- - c:\windows\system32\dllcache\wzcdlg.dll 2009-03-23 17:53 . 2005-04-20 20:31 52,736 -- -- -c-- - c:\windows\system32\dllcache\wzcsapi.dll 2009-03-23 17:53 . 2005-04-20 00:54 14,592 -- -- -c-- - c:\windows\system32\dllcache\ndisuio.sys 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-- -- - c:\windows\WindowsShell.Manifest 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-- -- - c:\windows\system32\wuaucpl.cpl.manifest 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-- -- - c:\windows\system32\sapi.cpl.manifest 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-- -- - c:\windows\system32\nwc.cpl.manifest 2009-03-23 17:51 . 2009-03-23 17:51 749 -rah-- -- - c:\windows\system32\ncpa.cpl.manifest 2009-03-23 17:51 . 2009-03-23 17:51 488 -rah-- -- - c:\windows\system32\logonui.exe.manifest 2009-03-23 17:47 . 2006-09-13 18:18 153,088 -- a-- -- -- c:\windows\system32\irftp.exe 2009-03-23 17:47 . 2006-09-13 18:18 87,424 -- a-- -- -- c:\windows\system32\drivers\irda.sys 2009-03-23 17:47 . 2006-09-13 18:19 27,648 -- a-- -- -- c:\windows\system32\irmon.dll 2009-03-23 17:47 . 2006-09-13 18:18 8,192 -- a-- -- -- c:\windows\system32\wshirda.dll 2009-03-23 17:38 . 2008-10-07 13:33 201,157 -- a-- -- -- c:\windows\system32\nvapps.nvb 2009-03-23 17:33 . 2006-09-13 18:17 19,584 -- a-- -- -- c:\windows\system32\drivers\rasirda.sys 2009-03-23 17:32 . 2001-10-26 19:29 24,661 -- a-- -- -- c:\windows\system32\spxcoins.dll 2009-03-23 17:32 . 2001-10-26 19:29 13,312 -- a-- -- -- c:\windows\system32\irclass.dll 2009-03-23 17:31 . 2004-08-04 01:27 1,896,400 -- a-- c-- - c:\windows\system32\dllcache\NT5.CAT 2009-03-23 17:31 . 2004-08-04 01:27 1,086,058 -- a-- c-- - c:\windows\system32\dllcache\NTPRINT.CAT 2009-03-23 17:31 . 2004-08-04 01:27 1,086,058 -ra-- -- -- c:\windows\SET95.tmp 2009-03-23 17:31 . 2004-08-04 01:32 1,014,483 -ra-- -- -- c:\windows\SET92.tmp 2009-03-23 17:31 . 2004-08-04 01:27 620,500 -- a-- c-- - c:\windows\system32\dllcache\NT5INF.CAT 2009-03-23 17:31 . 2004-08-04 01:28 141,702 -- a-- c-- - c:\windows\system32\dllcache\netfx.cat 2009-03-23 17:31 . 2004-08-04 01:32 102,826 -- a-- c-- - c:\windows\system32\dllcache\tabletpc.cat 2009-03-23 17:31 . 2004-08-04 01:27 31,965 -- a-- c-- - c:\windows\system32\dllcache\mediactr.cat 2009-03-23 17:31 . 2004-08-04 01:27 30,983 -- a-- c-- - c:\windows\system32\dllcache\FP4.CAT 2009-03-23 17:31 . 2004-08-04 01:26 14,043 -- a-- c-- - c:\windows\system32\dllcache\IMS.CAT 2009-03-23 17:31 . 2004-08-04 01:26 14,043 -ra-- -- -- c:\windows\SETA1.tmp 2009-03-23 17:31 . 2004-08-04 01:27 7,245 -- a-- c-- - c:\windows\system32\dllcache\MSTSWEB.CAT 2009-03-23 16:38 . 2009-03-23 16:38 <DIR> d-- -- -- -- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-03-23 11:00 . 2009-03-23 11:00 <DIR> d-- -- -- -- c:\program files\Seagate 2009-03-23 08:18 . 2008-06-19 16:24 28,544 -- a-- -- -- c:\windows\system32\drivers\pavboot.sys 2009-03-23 08:17 . 2009-03-23 08:17 <DIR> d-- -- -- -- c:\program files\Panda Security 2009-03-22 11:35 . 2009-03-22 11:35 <DIR> d-- -- -- -- c:\program files\Common Files\Wise Installation Wizard 2009-03-20 17:29 . 2009-03-20 17:29 <DIR> d-- -- -- -- c:\windows\system32\HouseCall 6.6 2009-03-20 17:29 . 2009-03-20 17:29 <DIR> d-- -- -- -- c:\documents and settings\Darek\Dane aplikacji\HouseCall 6.6 2009-03-20 15:41 . 2009-03-20 15:41 13,137,952 -- a-- -- -- C:\cureit.exe 2009-03-19 08:18 . 2009-03-19 08:29 278 -- a-- -- -- c:\windows\HAFASWIN.INI 2009-03-19 08:18 . 2009-03-19 08:18 21 -- a-- -- -- c:\windows\progman.ini 2009-03-19 07:21 . 2009-03-19 07:23 31 -- a-- -- -- c:\windows\bluevoda.ini 2009-03-18 23:04 . 2009-03-18 23:03 737,280 -- a-- -- -- c:\windows\iun6002.exe 2009-03-18 22:59 . 2009-03-18 22:59 <DIR> d-- -- -- -- c:\documents and settings\Darek\Dane aplikacji\GibbHill Properties Ltd 2009-03-18 20:02 . 2009-03-09 20:06 15,688 -- a-- -- -- c:\windows\system32\lsdelete.exe 2009-03-18 19:37 . 2009-03-23 08:18 78,362 -- a-- -- -- c:\windows\setupapi.old 2009-03-18 19:37 . 2009-03-09 20:06 64,160 -- a-- -- -- c:\windows\system32\drivers\Lbd.sys 2009-03-18 19:36 . 2009-03-18 19:36 <DIR> d-- -- -- -- c:\program files\Lavasoft 2009-03-18 19:36 . 2009-03-18 19:36 <DIR> d-- h-c-- - c:\documents and settings\All Users\Dane aplikacji\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-03-16 00:02 . 2007-04-11 21:52 185,344 -- a-- -- -- c:\windows\system32\iwpsetup.exe 2009-03-16 00:02 . 1997-01-16 00:00 29,696 -- a-- -- -- c:\windows\system32\VB5STKIT.DLL 2009-03-16 00:02 . 1997-01-16 13:42 6,114 -- a-- -- -- c:\windows\system32\SHELLLNK.TLB 2009-03-11 17:48 . 2009-03-19 10:13 <DIR> d-- -- -- -- C:\7 2009-03-11 17:39 . 2009-03-15 23:38 <DIR> d-- -- -- -- c:\program files\Blockstar 2009-03-11 16:58 . 2009-03-11 17:46 <DIR> d-- -- -- -- c:\documents and settings\Darek\Dane aplikacji\Cream Software 2009-02-26 09:16 . 2009-03-11 17:06 <DIR> d-- -- -- -- C:\6 2009-02-24 21:57 . 2009-02-24 21:57 <DIR> d-- -- -- -- c:\program files\Skype 2009-02-24 21:57 . 2009-02-24 21:57 <DIR> d-- -- -- -- c:\program files\Common Files\Skype 2009-02-24 08:50 . 2009-02-24 08:50 <DIR> d-- -- -- -- C:\5 . (((((((((((((((((((((((((((((((((((((((( Sekcja nd3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-24 08:42 -- -- -- -- - d-- -a-w c:\documents and settings\All Users\Dane aplikacji\Temp 2009-03-24 08:42 -- -- -- -- - d-- -- -w c:\program files\Trojan Remover 2009-03-24 08:27 -- -- -- -- - d-- -- -w c:\program files\GetRight 2009-03-24 08:18 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\Spamihilator 2009-03-24 06:45 -- -- -- -- - d-- h-- w c:\program files\InstallShield Installation Information 2009-03-23 18:26 360,576 -- -- a-w c:\windows\system32\drivers\tcpip.sys 2009-03-23 18:24 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\ZoomBrowser EX 2009-03-23 18:24 -- -- -- -- - d-- -- -w c:\documents and settings\All Users\Dane aplikacji\ZoomBrowser 2009-03-23 17:53 -- -- -- -- - d-- -- -w c:\program files\Creative 2009-03-21 07:58 -- -- -- -- - d-- -- -w c:\program files\Create-Ringtone 2009-03-20 16:23 -- -- -- -- - d-- -- -w c:\program files\Spybot - Search & Destroy 2009-03-20 16:23 -- -- -- -- - d-- -- -w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-03-20 10:12 -- -- -- -- - d-- -- -w c:\program files\SkanerOnline 2009-03-19 19:10 -- -- -- -- - d-- -- -w c:\program files\Spyware Doctor 2009-03-19 09:14 -- -- -- -- - d-- -- -w c:\program files\emule 2009-03-19 06:44 -- -- -- -- - d-- -- -w c:\program files\PeerGuardian2 2009-03-19 06:44 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\uTorrent 2009-03-17 21:04 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\Skype 2009-03-17 21:01 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\skypePM 2009-03-17 06:31 -- -- -- -- - d-- -- -w c:\program files\Microsoft ActiveSync 2009-03-14 15:34 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\Vso 2009-03-08 10:22 -- -- -- -- - d-- -- -w c:\program files\Soulseek 2009-02-24 20:57 -- -- -- -- - d-- -- -w c:\documents and settings\All Users\Dane aplikacji\Skype 2009-02-22 23:55 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\foobar2000 2009-02-22 10:44 -- -- -- -- - d-- -- -w c:\program files\Magic Video Converter 2009-02-18 22:57 -- -- -- -- - d-- -- -w c:\program files\foobar2000 2009-02-18 21:13 -- -- -- -- - d-- -- -w c:\program files\MediaFACE II 2009-02-18 20:59 -- -- -- -- - d-- -- -w c:\program files\ALLPlayer 2009-02-18 20:22 -- -- -- -- - d-- -- -w c:\documents and settings\Darek\Dane aplikacji\Moyea 2009-02-18 20:18 -- -- -- -- - d-- -- -w c:\program files\Moyea 2009-02-18 20:08 -- -- -- -- - d-- -- -w c:\program files\FLVPlayer 2009-02-18 20:04 -- -- -- -- - d-- -- -w c:\program files\Smallvideosoft 2009-02-10 20:58 -- -- -- -- - d-- -- -w c:\program files\Yahoo! 2009-02-09 14:20 -- -- -- -- - d-- -- -w c:\program files\eSkiMoS R2 2009-02-06 20:23 -- -- -- -- - d-- -- -w c:\documents and settings\All Users\Dane aplikacji\DVD Shrink 2008-11-30 13:23 47,360 -- -- a-w c:\documents and settings\Darek\Dane aplikacji\pcouffin.sys 2007-04-04 20:40 221 -- -- a-w c:\program files\Common Files\max.kk 2006-06-24 06:48 32,768 -- -- a-r c:\windows\inf\UpdateUSB.exe . -- -- -- - Sigcheck -- -- -- - 2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2009-03-23 19:26 360576 e7dfcffa380749b8626ad71e8f367dcb c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe jestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . Uwaga puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm..exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656] "Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23 1321984] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "Look 'n' Stop"="c:\program files\Soft4Ever\looknstop\looknstop.exe" [2008-12-28 512070] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol..exe" [2002-10-29 49152] "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056] "SpIDerNT"="c:\progra~1\DrWeb\spiderui.exe" [2008-10-23 197896] "DrWebScheduler"="c:\program files\DrWeb\DRWEBSCD.EXE" [2008-05-06 283888] "SpIDerMail"="c:\program files\DrWeb\spiderml.exe" [2008-06-10 501080] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Darek\Menu Start\Programy\Autostart\ Spyware Doctor Updater.exe [2008-10-30 29228] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavas oft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01 000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Darek^Menu Start^Programy^Autostart^Express Assist Check.lnk] path=c:\documents and settings\Darek\Menu Start\Programy\Autostart\Express Assist Check.lnk backup=c:\windows\pss\Express Assist Check.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] -- a-- -- -- 2007-09-14 02:55 140568 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] -- a-- -- -- 2007-09-14 03:02 905056 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] -- a-- -- -- 2009-03-09 20:06 515416 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] -- a-- -- -- 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] -- a-- -- -- 2008-11-24 20:44 869888 c:\program files\ALLPlayer\ALLUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] -- a-- -- -- 2003-06-18 01:00 45056 c:\program files\Creative\DVDAudio\CTDVDDET.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series] -- a-- -- -- 2007-04-12 07:00 182272 c:\windows\system32\spool\drivers\w32x86\3\E_FATICDE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] -- a-- -- -- 2006-04-13 11:09 49152 c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] -- a-- -- -- 2006-01-12 16:40 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] -- a-- -- -- 2008-06-17 16:00 1249280 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] -- a-- -- -- 2008-10-07 13:33 13574144 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] -- a-- -- -- 2008-10-07 13:33 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] -- a-- -- -- 2008-08-11 08:31 1124352 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] -- a-- -- -- 2005-12-07 22:57 30208 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] -- a-- -- -- 2007-09-14 02:52 2595480 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] -- a-- -- -- 2001-10-02 00:42 10752 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] -- a-- -- -- 2008-10-07 13:33 1630208 c:\windows\system32\nwiz.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Aut horizedApplications\List] "%windir%\\system32\\sessmgr.exe"> "%windir%\\Network Diagnostic\\xpnetdiag.exe"> "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"> "c:\\Program Files\\uTorrent\\uTorrent.exe"> "c:\\Program Files\\Bonjour\\mDNSResponder.exe"> "c:\\Program Files\\Gadu-Gadu\\gg.exe"> "c:\\Program Files\\Soulseek\\slsk.exe"> "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Spamihilator\\cdcc.exe"> "c:\\Program Files\\Spamihilator\\dccproc.exe"> "c:\\Program Files\\Spamihilator\\spamihilator.exe"> "c:\\Program Files\\Skype\\Phone\\Skype.exe"> [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glo ballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-18 64160] R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-07-22 151592] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-23 28544] R1 lnsfw1;lnsfw1;c:\windows\system32\drivers\lnsfw1.sys [2008-12-28 77184] R2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\DrWeb\spider.sys [2009-03-24 268040] R2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\DrWeb\spidernt.exe [2009-03-24 197896] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296] R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-11-04 36864] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296] S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;i:\firebird\Firebird_1_5\bin\fbguard.exe -s -- > i:\firebird\Firebird_1_5\bin\fbguard.exe -s [?] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;i:\firebird\Firebird_1_5\bin\fbserver.exe -s -- > i:\firebird\Firebird_1_5\bin\fbserver.exe -s [?] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\ks-959.sys [2005-07-23 19034] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-24 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-24 8320] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-23 356920] S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-11-04 178913] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mount points2\{521142a4-c6ba-11dd-9b11-000000000000}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mount points2\{b08c2893-aa51-11dd-a53b-806d6172696f}] \Shell\AutoRun\command - M:\setup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Zawartość folderu 'Zaplanowane zadania' 2009-03-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:06] 2009-03-23 c:\windows\Tasks\Norton Security Scan for Darek.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18] . - - - - USUNIĘTO PUSTE WPISY - - - - Notify-efcbCSkj - efcbCSkj.dll MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-UVS11 Preload - e:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe . -- -- -- - Skan uzupełniający -- -- -- - . uStart Page = about:blank uInternet Settings,ProxyOverride = .local IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm LSP: c:\windows\system32\DRWEBSP.DLL FF - ProfilePath - c:\documents and settings\Darek\Dane aplikacji\Mozilla\Firefox\Profiles\zx5x027r.default\ FF - prefs.js: browser.startup.homepage -www.google.pl FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGetRt.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net Rootkit scan 2009-03-24 10:00:22 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ********************************************************************** . -- -- -- -- -- -- -- -- -- -- - Pliki DLL ładowane pod uruchomionymi procesami -- -- -- -- -- -- -- -- -- -- - - - - - - - - > 'lsass.exe'(1204) c:\windows\system32\relog_ap.dll c:\windows\system32\DRWEBSP.DLL . -- -- -- -- -- -- -- -- -- -- -- -- Pozostałe uruchomione procesy -- -- -- -- -- -- -- -- -- -- -- -- . c:\windows\system32\savedump.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe c:\documents and settings\Darek\Menu Start\Programy\Autostart\Spyware Doctor Updater.exe c:\windows\system32\CTSVCCDA.EXE c:\documents and settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\DrWeb\spidernt.exe c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wscntfy.exe c:\program files\DrWeb\drwebupw.exe . ************************************************************************ . Czas ukończenia: 2009-03-24 10:01:55 - komputer został uruchomiony ponownie [Darek] ComboFix-quarantined-files.txt 2009-03-24 09:01:52 Przed: 2 921 869 312 bajtów wolnych Po: 4,011,827,200 bajtów wolnych Pozdro -- -- -- -- -- -- -- -- -- -- -- -- Negatyw negatyw001(małpa)o2.pl -- -- -- -- -- -- -- -- -- -- --

	Data: 2009-03-25 23:13:49
Autor: Negatyw
Problem z restartami
Użytkownik "staszek" <staszek666@gmail.com> napisał w wiadomości news:43d72462-4864-4ae8-b4e1-48ebc14f25d4z9g2000yqi.googlegroups.com... To zostaje w HiJacku: Dzięki za pomoc :) Wstał, choć sp3 już nie udało mi się zainstalować. Widać xp'ek już jest dość mocno poszatkowany... Pozdro -- -- -- -- -- -- -- -- -- -- -- -- Negatyw negatyw001(małpa)o2.pl -- -- -- -- -- -- -- -- -- -- --

	Data: 2009-03-24 08:22:05
Autor: Washi
Problem z restartami
Użytkownik "Negatyw" <negatyw001@USUNTO.o2.pl.invalid> napisał w wiadomości news:gqa0nc$9a8$1inews.gazeta.pl... Czy macie jakieś pomysły? Moze sprobuj jakis AV portable odpalic z pendrivea?? Np. ClamWin Portable. Jesli masz mozliwosc zainstalowac na jakims dysku czysty OS + antywirus mozesz wtedy podpiac zainfekowane dyski i je przeskanowac. Washi -- Porozmawiajmy o wirtualizacji -> http://www.virtual-it.pl/ http://forum.virtual-it.pl/
	Data: 2009-03-24 08:42:48
Autor: Washi
Problem z restartami
Użytkownik "Negatyw" <negatyw001@USUNTO.o2.pl.invalid> napisał w wiadomości news:gqa0nc$9a8$1inews.gazeta.pl... Czy macie jakieś pomysły? Warto przeskanowac jeszcze dyski jakimis programami do usowania rootkitow, trojanow np. HijackThis. Washi -- Porozmawiajmy o wirtualizacji -> http://www.virtual-it.pl/ http://forum.virtual-it.pl/
	Data: 2009-03-26 10:30:31
Autor: Chichotek
Problem z restartami
Był 24 marzec (wtorek) gdy o godz. 8:05 Negatyw napisał(a): Czy macie jakieś pomysły? Jeśli masz legalnego windowsa polecam skanowanie Windows Defenderem -- Pozdrawiam, Chichotek P5Q Pro, E8400@Scythe Ninja, Szafir HD4870 512MB, 2x2GB A-Data Vitesta 800+, 2x Seagate 250/400GB, Topower P3 450W EZ, Enermax Chakra, 21" Gateway, Razer DeathAdder+Destructor, Logitech UltraX Flat, Windows XP Pro
	Data: 2009-03-26 21:24:29
Autor: Negatyw
Problem z restartami
Użytkownik "Chichotek" <zy@yvsr.cy> napisał w wiadomości news:13l8qxsn41tc1.dlgchichot.truposza.pl... Windows Defenderem Mam problem z zainstalowaniem sp3. Instalator po prostu zamyka okno podczas instalacji. Mam ciekawą sytuację: http://img172.imageshack.us/img172/8540/xp1.jpg - niby więc sp3 jest A system mówi co innego: http://img172.imageshack.us/img172/4031/xp2.jpg - twierdzi, że jest sp2 Czy da się to jakoś rozwiązać? Pozdro -- -- -- -- -- -- -- -- -- -- -- -- Negatyw negatyw001(małpa)o2.pl -- -- -- -- -- -- -- -- -- -- --