s3in

aktualnie mam taki zestaw: Gigabyte GA-M61SME-E2 Sempron am2 3000+ 1gb ddr2 667 kingstone Geforce 7600 gts i tą zasiłke Deer 400W - http://www.arest.pl/index.php?inc=produkt&...4&grupa=206 To co, wszystko będzie ok?

Witam, chciałem zapytać czy procesor http://www.allegro.pl/item440253363_amd_at...tanio_lodz.html jest dobrym zakupem?, nie wiem też czy wejdzie mi do płyty głównej - Gigabyte GA-M61SME-E2. Z góry dzięki za odpowiedzi i za wyrozumiałość o pewnie to łatwe pytanie.

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Log z combofix." ComboFix 08-08-29.02 - ola 2008-08-30 12:39:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.113 [GMT 2:00] Running from: C:\Documents and Settings\ola\Pulpit\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\akttzn.exe C:\WINDOWS\system32\anticipator.dll C:\WINDOWS\system32\awtoolb.dll C:\WINDOWS\system32\bdn.com C:\WINDOWS\system32\dpcproxy.exe C:\WINDOWS\system32\hoproxy.dll C:\WINDOWS\system32\hxiwlgpm.dat C:\WINDOWS\system32\hxiwlgpm.exe C:\WINDOWS\system32\msgp.exe C:\WINDOWS\system32\mssecu.exe C:\WINDOWS\system32\mtr2.exe C:\WINDOWS\system32\mwin32.exe C:\WINDOWS\system32\netode.exe C:\WINDOWS\system32\newsd32.exe C:\WINDOWS\system32\ps1.exe C:\WINDOWS\system32\psoft1.exe C:\WINDOWS\system32\regm64.dll C:\WINDOWS\system32\Rundl1.exe C:\WINDOWS\system32\smp C:\WINDOWS\system32\smp\msrc.exe C:\WINDOWS\system32\ssvchost.exe C:\WINDOWS\system32\sysreq.exe C:\WINDOWS\system32\taack.dat C:\WINDOWS\system32\taack.exe C:\WINDOWS\system32\temp#01.exe C:\WINDOWS\system32\VBIEWER.OCX C:\WINDOWS\system32\winlogonpc.exe C:\WINDOWS\system32\winsystem.exe C:\WINDOWS\system32\WINWGPX.EXE C:\WINDOWS\system32\xd.txt . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))) . 2008-08-30 12:07 . 2008-08-30 12:07 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-29 18:25 . 2008-08-29 18:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-29 18:25 . 2008-08-29 18:25 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-27 13:34 . 2008-08-30 12:43 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-08-27 13:33 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-27 13:33 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-27 13:33 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-27 13:33 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-27 13:32 . 2008-08-29 11:08 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-08-27 13:32 . 2008-08-27 13:32 <DIR> d-------- C:\Documents and Settings\ola\Dane aplikacji\PC Tools 2008-08-27 10:56 . 2008-08-27 11:17 <DIR> d-------- C:\Program Files\SkanerOnline 2008-08-27 00:13 . 2008-08-30 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-08-26 23:20 . 2008-08-26 23:20 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-26 23:20 . 2008-08-26 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-08-26 23:16 . 2008-08-26 23:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-26 20:04 . 2008-08-26 20:04 <DIR> d-------- C:\Program Files\Alwil Software 2008-08-26 19:53 . 2008-08-26 19:53 0 --ah----- C:\WINDOWS\.security 2008-08-26 19:53 . 2008-08-26 19:53 0 --ah----- C:\.security 2008-08-25 20:48 . 2008-08-25 20:48 126 --a------ C:\Documents and Settings\ola\delself.bat 2008-08-25 19:07 . 2008-08-25 19:07 <DIR> d-------- C:\Program Files\ugltkzd 2008-08-25 19:07 . 2008-08-27 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\vypgjuny 2008-08-25 19:07 . 2008-08-25 19:07 90,112 --a------ C:\WINDOWS\system32\bqjsjina.exe 2008-07-09 19:37 . 2008-08-27 11:40 <DIR> d-------- C:\Downloads 2008-07-09 19:37 . 2008-07-09 19:37 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-30 10:33 --------- d-----w C:\Program Files\Eset 2008-08-30 10:13 --------- d-----w C:\Documents and Settings\ola\Dane aplikacji\Skype 2008-08-28 12:07 --------- d-----w C:\Documents and Settings\ola\Dane aplikacji\Tlen.pl 2008-08-27 08:44 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-03-23 18:39 4,766 ----a-w C:\Program Files\INSTALL.LOG 2008-03-05 15:30 97,288 ----a-w C:\Documents and Settings\DirectX 9.0\DSETUP.dll 2008-03-05 15:30 527,880 ----a-w C:\Documents and Settings\DirectX 9.0\DXSETUP.exe 2008-03-05 15:30 1,694,728 ----a-w C:\Documents and Settings\DirectX 9.0\dsetup32.dll 1998-04-30 13:56 129,024 ----a-w C:\Program Files\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-29 00:00 13312] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-30 21:39 68856] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 14:47 25366056] "infodbsrv"="C:\WINDOWS\system32\bqjsjina.exe" [2008-08-25 19:07 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-08 03:45 188416] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-07-16 09:16 1166216] "SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 577536 C:\WINDOWS\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-29 00:00 13312] C:\Documents and Settings\ola\Menu Start\Programy\Autostart\ .security [2008-08-26 19:53:13 0] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ .security [2008-08-26 19:53:13 0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "setsys"= {40D0A797-9377-16BF-EA0C-03F8091657A9} - C:\Program Files\ugltkzd\setsys.dll [2008-08-25 19:07 131072] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Osv71.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\explorer.exe"= *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . - - - - ORPHANS REMOVED - - - - HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe Notify-lstream - lstream.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\ola\Dane aplikacji\Mozilla\Firefox\Profiles\arpur1w1.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-30 12:43:13 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-30 12:49:07 ComboFix-quarantined-files.txt 2008-08-30 10:49:02 Pre-Run: 4,111,122,432 bajtów wolnych Post-Run: 4,172,685,312 bajtów wolnych 144

Mam problem z wirusem - trojan-spy.win32.keylogger.aa, nie mogę go niczym usunąć (avast, nod32, s&d, ad-aware) Jakieś rozwiązania?

Witam, chce reinstalować system w nastepujacy sposób - mam dwa dyski z czego jeden podzielony na partycje (C z winda i D z plikami) i drugi caly wolny. Chce zrzucic wszystkie potrzebne mi pliki na ten pierwszy dysk ze starym windowsem, zainstalowac windowsa xp na drugim, czystym, pozniej przekopiowac na dysk ze swiezym windowsem te pliki i wyjac dysk (bo juz swoje przezyl staruszek). Czy takie cos zadziala? jak uruchomi sie komputer przez zainstalowaniu drugiego windowsa na drugim dysku? zapyta mnie ktorego chce wybrac? prosze o szybka odpowiedz

Chciałem zapytać czy istnieje program do zabezpieczania plików np. przed przypadkowym wyrzuceniem (używając konta administratora)?

Wielkie dzięki, pozdro:)

właśnie nie wiem jak to zrobić, zazwyczaj tworzyłem partycje w tym biosowym menu przy instalacji windy.

Witam, podłączyłem dysk Seagate 500GB SATA, komputer podczas włączania widzi go, tak samo w menedżerze urządzeń, ale w moim komputerze go już nie ma;/. Co zrobić?

Wie ktoś gdzie mogę dostać etui plastikowe przezroczyste do mp4 Pentagram Vanqish R Touch? Takie jak ma np. Creative zeby go nie poobijać/zbić szybki.

No ok XaD, folder już wyrzucam, service pack wrzucę na nockę a zamiast wmp zainstalowałem foobara2000. Jaki audio codecpack będzie najlepszy?

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "SDFIX log" SDFix: Version 1.182 Run by Administrator on 2008-05-18 at 16:53 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 16:56:59 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\Program Files\\The All-Seeing Eye\\eye.exe"="D:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye" "D:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent" "D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "D:\\Program Files\\ICQ6\\ICQ.exe"="D:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Finished!

Coś jeszcze jest? » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Combofix log" ComboFix 08-05-15.3 - Sejn 2008-05-18 16:37:50.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.622 [GMT 2:00] Running from: C:\Documents and Settings\Sejn\Pulpit\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))) . 2008-05-18 16:33 . 2008-05-13 02:57 <DIR> d----c--- C:\SDFix 2008-05-14 20:15 . 2008-05-14 20:15 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-12 23:03 . 2008-05-12 23:04 <DIR> d-------- C:\WINDOWS\NV13242528.TMP 2008-05-12 23:03 . 2008-04-30 23:32 181,927 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-05-12 21:21 . 2008-05-12 21:21 <DIR> d-------- C:\Program Files\Google 2008-05-10 14:51 . 2008-05-10 14:51 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Avg8 2008-05-06 23:01 . 2008-05-06 23:01 <DIR> d-------- C:\Program Files\Lavasoft 2008-05-06 23:01 . 2008-05-06 23:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-06 22:45 . 2008-05-06 22:45 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion 2008-05-06 22:07 . 2008-05-06 22:07 <DIR> d-------- C:\Program Files\AVG 2008-05-06 22:07 . 2008-05-06 22:07 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\AVGTOOLBAR 2008-05-05 22:43 . 2008-05-06 21:53 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\GanymedeNet 2008-05-05 22:42 . 2008-05-05 22:43 <DIR> d-------- C:\Program Files\Ganymede 2008-05-05 18:54 . 2008-05-05 18:54 <DIR> d-------- C:\Program Files\Yahoo! 2008-05-05 15:24 . 2008-05-05 15:24 <DIR> d-------- C:\WINDOWS\SoftR 2008-05-04 11:45 . 2008-05-18 11:53 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\Draco Organizer 2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-21 15:08 . 2008-04-21 15:08 13,144 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 13:30 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-05-18 13:30 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-05-16 22:41 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\uTorrent 2008-05-12 13:11 --------- d-----w C:\Program Files\DScaler 2008-05-06 20:18 --------- d-----w C:\Program Files\SkanerOnline 2008-04-23 15:19 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-04-17 16:34 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\mIRC 2008-04-17 14:11 --------- d-----w C:\Program Files\RivaTuner v2.08 2008-04-17 14:11 --------- d-----w C:\Program Files\mnProjects 2008-04-17 14:11 --------- d-----w C:\Program Files\ICQToolbar 2008-04-17 07:38 --------- d-----w C:\Program Files\marbit 2008-04-16 18:28 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-04-16 07:47 --------- d-----w C:\Program Files\Java 2008-04-16 07:44 --------- d-----w C:\Program Files\Common Files\Java 2008-04-16 04:59 --------- dc--a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-04-15 04:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-15 04:31 --------- d-----w C:\Program Files\Elfin 2008-04-15 04:30 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-14 19:12 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\ICQ Toolbar 2008-04-14 17:22 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-04-14 17:22 249,856 ------w C:\WINDOWS\Setup1.exe 2008-04-14 16:51 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-04-10 19:28 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\ICQ 2008-04-04 15:45 37,888 ----a-w C:\WINDOWS\system32\rar.exe 2008-04-03 13:17 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-04-03 13:15 --------- d-----w C:\Program Files\MSBuild 2008-04-03 13:15 --------- d-----w C:\Program Files\Microsoft Works 2008-04-01 19:10 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-03-30 18:32 --------- d-----w C:\Program Files\uTorrent 2008-03-27 16:33 --------- d-----w C:\Program Files\Reflex 2008-03-25 17:08 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-25 17:07 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\InterTrust 2008-03-24 17:46 --------- d-----w C:\Program Files\eMule 2008-03-23 15:19 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-03-20 16:26 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Media Player Classic 2008-03-20 07:23 263,384 ----a-w C:\WINDOWS\system32\drivers\cfosbc.sys 2008-03-17 17:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2001-11-23 12:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-04-30 23:32 13529088] "nwiz"="nwiz.exe" [2008-04-30 23:32 1630208 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-04-30 23:32 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="regsvr32 /s /n /i:U shell32" [] "nltide_3"="advpack.dll" [2008-01-24 11:42 124928 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-16 20:28:08 839680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 1 (0x1) "MemCheckBoxInRunDlg"= 0 (0x0) "NoAutoTrayNotify"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoResolveSearch"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] -ra------ 2002-07-12 18:33 1581056 C:\WINDOWS\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChrisTV Agent] --a------ 2008-02-11 13:31 275456 C:\Program Files\ChrisTV PVR\ChrisTV_Agent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] --a------ 2005-12-14 16:14 176128 C:\Program Files\A4Tech\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule] --a------ 2005-09-30 06:48 319488 D:\Program Files\WinFast\WFTVFM\WFWIZ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "UleadBurningHelper"=2 (0x2) "Spooler"=2 (0x2) "wuauserv"=3 (0x3) "wscsvc"=2 (0x2) "UPS"=3 (0x3) "SCardSvr"=3 (0x3) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableOvverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\The All-Seeing Eye\\eye.exe"= "D:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "D:\\Program Files\\ICQ6\\ICQ.exe"= R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 10:04] R2 NetTimeSvc;NetTime;D:\Program Files\NetTime\NeTmSvNT.exe [2000-12-31 14:42] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 10:04] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 10:04] R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 08:33] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 08:37] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 20:38] S3 WFIOCTL;WFIOCTL;D:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 14:25] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 16:38:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-18 16:39:59 ComboFix-quarantined-files.txt 2008-05-18 14:39:54 ComboFix2.txt 2008-05-15 18:49:16 Pre-Run: 2,687,102,976 bajtów wolnych Post-Run: 2,722,418,688 bajtów wolnych 168 » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Hijackthis log" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:41:28, on 2008-05-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe D:\Program Files\NetTime\NeTmSvNT.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9D0606B7-53E0-48AC-8550-3504E2D019F3}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: NetTime (NetTimeSvc) - Subjective Software - D:\Program Files\NetTime\NeTmSvNT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 3517 bytes

Nadal to samo;/ Jakieś pomysły?

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:45:17, on 2008-05-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE D:\Program Files\NetTime\NeTmSvNT.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\Gadu-Gadu\gg.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (file missing) O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9D0606B7-53E0-48AC-8550-3504E2D019F3}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: NetTime (NetTimeSvc) - Subjective Software - D:\Program Files\NetTime\NeTmSvNT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 4646 bytes » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - ComboFix ComboFix 08-05-12.1 - Sejn 2008-05-15 20:47:00.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.647 [GMT 2:00] Running from: C:\Documents and Settings\Sejn\Pulpit\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))) . 2008-05-15 14:24 . 2008-05-15 14:24 <DIR> d----c--- C:\_OTMoveIt 2008-05-14 20:15 . 2008-05-14 20:15 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-12 23:03 . 2008-05-12 23:04 <DIR> d-------- C:\WINDOWS\NV13242528.TMP 2008-05-12 23:03 . 2008-04-30 23:32 181,927 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-05-12 21:21 . 2008-05-12 21:21 <DIR> d-------- C:\Program Files\Google 2008-05-10 14:51 . 2008-05-10 14:51 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Avg8 2008-05-06 23:01 . 2008-05-06 23:01 <DIR> d-------- C:\Program Files\Lavasoft 2008-05-06 23:01 . 2008-05-06 23:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-06 22:45 . 2008-05-06 22:45 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion 2008-05-06 22:07 . 2008-05-06 22:07 <DIR> d-------- C:\Program Files\AVG 2008-05-06 22:07 . 2008-05-06 22:07 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\AVGTOOLBAR 2008-05-05 22:43 . 2008-05-06 21:53 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\GanymedeNet 2008-05-05 22:42 . 2008-05-05 22:43 <DIR> d-------- C:\Program Files\Ganymede 2008-05-05 18:54 . 2008-05-05 18:54 <DIR> d-------- C:\Program Files\Yahoo! 2008-05-05 15:24 . 2008-05-05 15:24 <DIR> d-------- C:\WINDOWS\SoftR 2008-05-04 11:45 . 2008-05-15 14:37 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\Draco Organizer 2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-21 15:08 . 2008-04-21 15:08 13,144 --a------ C:\WINDOWS\system32\lsdelete.exe 2008-04-17 15:23 . 2008-02-12 12:46 285,912 --------- C:\WINDOWS\system32\cfosspeed.dll 2008-04-17 09:38 . 2008-04-17 09:38 <DIR> d-------- C:\Program Files\marbit 2008-04-16 12:03 . 2008-03-20 09:23 263,384 --a------ C:\WINDOWS\system32\drivers\cfosbc.sys 2008-04-16 10:30 . 2008-05-06 22:18 <DIR> d-------- C:\Program Files\SkanerOnline 2008-04-16 09:52 . 2008-04-16 09:52 <DIR> d-------- C:\WINDOWS\Sun 2008-04-16 09:52 . 2008-04-16 10:29 <DIR> d-------- C:\Documents and Settings\Sejn\.housecall6.6 2008-04-16 09:47 . 2008-04-16 09:47 <DIR> d-------- C:\Program Files\Java 2008-04-16 09:47 . 2008-03-25 00:07 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-16 09:44 . 2008-04-16 09:44 <DIR> d-------- C:\Program Files\Common Files\Java 2008-04-15 06:31 . 2008-04-15 06:31 <DIR> d-------- C:\Program Files\Elfin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-15 12:33 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-05-15 12:33 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-05-14 00:27 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\uTorrent 2008-05-12 13:11 --------- d-----w C:\Program Files\DScaler 2008-04-23 15:19 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-04-17 16:34 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\mIRC 2008-04-17 14:11 --------- d-----w C:\Program Files\RivaTuner v2.08 2008-04-17 14:11 --------- d-----w C:\Program Files\mnProjects 2008-04-17 14:11 --------- d-----w C:\Program Files\ICQToolbar 2008-04-16 18:28 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-04-16 04:59 --------- dc--a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-04-15 04:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-15 04:30 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-14 19:12 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\ICQ Toolbar 2008-04-14 17:22 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-04-14 17:22 249,856 ------w C:\WINDOWS\Setup1.exe 2008-04-14 16:51 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-04-10 19:28 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\ICQ 2008-04-04 15:45 37,888 ----a-w C:\WINDOWS\system32\rar.exe 2008-04-03 13:17 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-04-03 13:15 --------- d-----w C:\Program Files\MSBuild 2008-04-03 13:15 --------- d-----w C:\Program Files\Microsoft Works 2008-04-01 19:10 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-03-30 18:32 --------- d-----w C:\Program Files\uTorrent 2008-03-27 16:33 --------- d-----w C:\Program Files\Reflex 2008-03-25 17:08 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-25 17:07 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\InterTrust 2008-03-24 17:46 --------- d-----w C:\Program Files\eMule 2008-03-23 15:19 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-03-20 16:26 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Media Player Classic 2008-03-17 21:05 --------- d-----w C:\Program Files\Damian Pasternak 2008-03-17 20:17 --------- d-----w C:\Program Files\ChrisTV PVR 2008-03-17 20:13 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems 2008-03-17 20:13 --------- d-----w C:\Program Files\WinFast 2008-03-17 20:13 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2008-03-17 20:00 --------- d-----w C:\Program Files\C-Media 2008-03-17 19:57 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\InstallShield 2008-03-17 18:01 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Talkback 2008-03-17 18:00 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Gadu-Gadu 2008-03-17 17:22 --------- d-----w C:\Program Files\SAGEM 2008-03-17 17:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-03-17 16:47 --------- d-----w C:\Program Files\A4Tech 2008-03-17 15:38 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-17 15:37 --------- d-----w C:\Program Files\MSXML 6.0 2008-03-17 15:37 --------- d-----w C:\Program Files\MSXML 4.0 2008-03-17 15:35 --------- d-----w C:\Program Files\Usługi online 2008-03-17 15:32 --------- d-----w C:\Program Files\Windows Media Connect 2 2001-11-23 12:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((( snapshot@2008-05-15_ 0.15.36,01 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-14 16:07:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-15 18:35:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-04-30 23:32 13529088] "nwiz"="nwiz.exe" [2008-04-30 23:32 1630208 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-04-30 23:32 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="regsvr32 /s /n /i:U shell32" [] "nltide_3"="advpack.dll" [2008-01-24 11:42 124928 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-16 20:28:08 839680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 1 (0x1) "MemCheckBoxInRunDlg"= 0 (0x0) "NoAutoTrayNotify"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoResolveSearch"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] -ra------ 2002-07-12 18:33 1581056 C:\WINDOWS\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChrisTV Agent] --a------ 2008-02-11 13:31 275456 C:\Program Files\ChrisTV PVR\ChrisTV_Agent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] --a------ 2005-12-14 16:14 176128 C:\Program Files\A4Tech\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule] --a------ 2005-09-30 06:48 319488 D:\Program Files\WinFast\WFTVFM\WFWIZ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "UleadBurningHelper"=2 (0x2) "Spooler"=2 (0x2) "wuauserv"=3 (0x3) "wscsvc"=2 (0x2) "UPS"=3 (0x3) "SCardSvr"=3 (0x3) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableOvverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\The All-Seeing Eye\\eye.exe"= "D:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "D:\\Program Files\\ICQ6\\ICQ.exe"= R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 10:04] R2 NetTimeSvc;NetTime;D:\Program Files\NetTime\NeTmSvNT.exe [2000-12-31 14:42] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 10:04] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 10:04] R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 08:33] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 08:37] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 20:38] S3 WFIOCTL;WFIOCTL;D:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 14:25] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-15 20:48:04 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-15 20:49:15 ComboFix-quarantined-files.txt 2008-05-15 18:49:11 ComboFix2.txt 2008-05-14 22:15:49 Pre-Run: 2,751,344,640 bajtów wolnych Post-Run: 2,743,304,192 bajtów wolnych 191 a w SDFIX'ie 0 procesów ukrytych itp.

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - ComboFix ComboFix 08-05-12.1 - Sejn 2008-05-15 0:13:39.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.562 [GMT 2:00] Running from: C:\Documents and Settings\Sejn\Pulpit\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))) . 2008-05-14 20:15 . 2008-05-14 20:15 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-12 23:03 . 2008-05-12 23:04 <DIR> d-------- C:\WINDOWS\NV13242528.TMP 2008-05-12 23:03 . 2008-04-30 23:32 181,927 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-05-12 21:21 . 2008-05-12 21:21 <DIR> d-------- C:\Program Files\Google 2008-05-10 14:51 . 2008-05-10 14:51 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Avg8 2008-05-06 23:01 . 2008-05-06 23:01 <DIR> d-------- C:\Program Files\Lavasoft 2008-05-06 23:01 . 2008-05-06 23:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-06 22:45 . 2008-05-06 22:45 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion 2008-05-06 22:07 . 2008-05-06 22:07 <DIR> d-------- C:\Program Files\AVG 2008-05-06 22:07 . 2008-05-06 22:07 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\AVGTOOLBAR 2008-05-05 22:43 . 2008-05-06 21:53 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\GanymedeNet 2008-05-05 22:42 . 2008-05-05 22:43 <DIR> d-------- C:\Program Files\Ganymede 2008-05-05 18:54 . 2008-05-05 18:54 <DIR> d-------- C:\Program Files\Yahoo! 2008-05-05 15:24 . 2008-05-05 15:24 <DIR> d-------- C:\WINDOWS\SoftR 2008-05-04 11:45 . 2008-05-14 18:14 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\Draco Organizer 2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-21 15:08 . 2008-04-21 15:08 13,144 --a------ C:\WINDOWS\system32\lsdelete.exe 2008-04-17 15:23 . 2008-02-12 12:46 285,912 --------- C:\WINDOWS\system32\cfosspeed.dll 2008-04-17 09:38 . 2008-04-17 09:38 <DIR> d-------- C:\Program Files\marbit 2008-04-16 12:03 . 2008-03-20 09:23 263,384 --a------ C:\WINDOWS\system32\drivers\cfosbc.sys 2008-04-16 10:30 . 2008-05-06 22:18 <DIR> d-------- C:\Program Files\SkanerOnline 2008-04-16 09:52 . 2008-04-16 09:52 <DIR> d-------- C:\WINDOWS\Sun 2008-04-16 09:52 . 2008-04-16 10:29 <DIR> d-------- C:\Documents and Settings\Sejn\.housecall6.6 2008-04-16 09:47 . 2008-04-16 09:47 <DIR> d-------- C:\Program Files\Java 2008-04-16 09:47 . 2008-03-25 00:07 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-16 09:44 . 2008-04-16 09:44 <DIR> d-------- C:\Program Files\Common Files\Java 2008-04-15 06:31 . 2008-04-15 06:31 <DIR> d-------- C:\Program Files\Elfin 2008-04-14 21:12 . 2008-04-14 21:12 <DIR> d-------- C:\Documents and Settings\Sejn\Dane aplikacji\ICQ Toolbar 2008-04-14 19:22 . 2008-04-14 19:22 249,856 --------- C:\WINDOWS\Setup1.exe 2008-04-14 19:22 . 2008-04-14 19:22 73,216 --a------ C:\WINDOWS\ST6UNST.EXE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-14 17:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-05-14 17:52 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-05-14 00:27 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\uTorrent 2008-05-12 13:11 --------- d-----w C:\Program Files\DScaler 2008-04-23 15:19 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2008-04-17 16:34 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\mIRC 2008-04-17 14:11 --------- d-----w C:\Program Files\RivaTuner v2.08 2008-04-17 14:11 --------- d-----w C:\Program Files\mnProjects 2008-04-17 14:11 --------- d-----w C:\Program Files\ICQToolbar 2008-04-16 18:28 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-04-16 04:59 --------- dc--a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-04-15 04:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-15 04:30 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-14 16:51 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-04-10 19:28 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\ICQ 2008-04-04 15:45 37,888 ----a-w C:\WINDOWS\system32\rar.exe 2008-04-03 13:17 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-04-03 13:15 --------- d-----w C:\Program Files\MSBuild 2008-04-03 13:15 --------- d-----w C:\Program Files\Microsoft Works 2008-04-01 19:10 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-03-30 18:32 --------- d-----w C:\Program Files\uTorrent 2008-03-27 16:33 --------- d-----w C:\Program Files\Reflex 2008-03-25 17:08 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-25 17:07 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\InterTrust 2008-03-24 17:46 --------- d-----w C:\Program Files\eMule 2008-03-23 15:19 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-03-20 16:26 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Media Player Classic 2008-03-17 21:05 --------- d-----w C:\Program Files\Damian Pasternak 2008-03-17 20:17 --------- d-----w C:\Program Files\ChrisTV PVR 2008-03-17 20:13 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems 2008-03-17 20:13 --------- d-----w C:\Program Files\WinFast 2008-03-17 20:13 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2008-03-17 20:00 --------- d-----w C:\Program Files\C-Media 2008-03-17 19:57 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\InstallShield 2008-03-17 18:01 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Talkback 2008-03-17 18:00 --------- d-----w C:\Documents and Settings\Sejn\Dane aplikacji\Gadu-Gadu 2008-03-17 17:22 --------- d-----w C:\Program Files\SAGEM 2008-03-17 17:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-03-17 16:47 --------- d-----w C:\Program Files\A4Tech 2008-03-17 15:38 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-17 15:37 --------- d-----w C:\Program Files\MSXML 6.0 2008-03-17 15:37 --------- d-----w C:\Program Files\MSXML 4.0 2008-03-17 15:35 --------- d-----w C:\Program Files\Usługi online 2008-03-17 15:32 --------- d-----w C:\Program Files\Windows Media Connect 2 2001-11-23 12:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-04-30 23:32 13529088] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 01:58 144784] "nwiz"="nwiz.exe" [2008-04-30 23:32 1630208 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-04-30 23:32 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="regsvr32 /s /n /i:U shell32" [] "nltide_3"="advpack.dll" [2008-01-24 11:42 124928 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-16 20:28:08 839680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 1 (0x1) "MemCheckBoxInRunDlg"= 0 (0x0) "NoAutoTrayNotify"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoResolveSearch"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "Windows Printing Driver"= WinPrint.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] -ra------ 2002-07-12 18:33 1581056 C:\WINDOWS\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChrisTV Agent] --a------ 2008-02-11 13:31 275456 C:\Program Files\ChrisTV PVR\ChrisTV_Agent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse] --a------ 2005-12-14 16:14 176128 C:\Program Files\A4Tech\Mouse\Amoumain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule] --a------ 2005-09-30 06:48 319488 D:\Program Files\WinFast\WFTVFM\WFWIZ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "UleadBurningHelper"=2 (0x2) "Spooler"=2 (0x2) "wuauserv"=3 (0x3) "wscsvc"=2 (0x2) "UPS"=3 (0x3) "SCardSvr"=3 (0x3) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableOvverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\The All-Seeing Eye\\eye.exe"= "D:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "D:\\Program Files\\ICQ6\\ICQ.exe"= R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 10:04] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 10:04] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 10:04] R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 08:33] S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 08:37] S2 NetTimeSvc;NetTime;D:\Program Files\NetTime\NeTmSvNT.exe [2000-12-31 14:42] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 20:38] S3 WFIOCTL;WFIOCTL;D:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 14:25] *Newly Created Service* - CATCHME *Newly Created Service* - PNKBSTRK . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-15 00:14:41 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-15 0:15:48 ComboFix-quarantined-files.txt 2008-05-14 22:15:43 Pre-Run: 2,720,980,992 bajtów wolnych Post-Run: 2,733,273,088 bajtów wolnych 190

Yo, mam następujące problemy - Włączam ściąganie filmu np. na noc. Kiedy po ściągnięciu włączam go często jest go tylko ok. 75%, pasek czasu do końca filmu leci a sam obraz/dźwięk już nie. - Od pewnego czasu pewna część piosenek na moim kompie które wcześniej działały teraz nie są do odtworzenia - wyskakują z błędem "Program Windows Media Player nie może uzyskać dostępu do pliku. Plik może być w użyciu, nie masz dostępu do komputera, na którym jest przechowywany plik lub ustawienia serwera proxy są niepoprawne. - Strasznie opóźnienie internetu, warpy w grach Domyślam się że chociaż część z tych problemów związana jest z jakimiś wirusami / spyware. Wklejam log hicjacka, jeżeli z czegoś jeszcze mam wkleić logi to mówcie. pozdrawiam » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:31:36, on 2008-05-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Program Files\Gadu-Gadu\gg.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\Program Files\ICQ6\ICQ.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9D0606B7-53E0-48AC-8550-3504E2D019F3}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: NetTime (NetTimeSvc) - Subjective Software - D:\Program Files\NetTime\NeTmSvNT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 6116 bytes

Witam, mam dziwny problem z Cfosspeedem. Mianowicie po zainstalowaniu i wyrzuceniu CfosBC (tego nowego programu) zainstalowałem cfosspeeda. Klikam prawym na ikonke, robie połącz z 'nazwa połączenia', wszystko ładnie się łączy, program pyta czy ma modelować to połączenie - klikam tak no i to by było na tyle. Bo tak naprawde Cfos nic nie robi a w opcjach nie ma zadnego aktywnego połączenia;/ Co robić?

COMBOFIX LOG -> ComboFix 08-03-14.4 - Administrator 2008-03-16 21:24:10.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.671 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\rrqss.ini2 . ((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))) . 2008-03-16 21:08 . 2007-03-08 16:38 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-03-16 21:07 . 2008-03-16 21:07 <DIR> d----c--- C:\WINDOWS\ERUNT 2008-03-16 20:48 . 2008-03-16 21:18 <DIR> d----c--- C:\SDFix 2008-03-16 00:39 . 2001-08-17 20:11 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys 2008-03-16 00:26 . 2001-10-26 17:01 899,530 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-03-16 00:25 . 2001-07-21 23:23 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-03-16 00:24 . 2001-07-21 23:23 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex 2008-03-15 21:32 . 2008-03-15 21:32 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\Grisoft 2008-03-15 21:31 . 2008-03-15 21:31 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2008-03-15 21:31 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-15 21:24 . 2008-03-15 21:24 <DIR> d----c--- C:\Program Files\jv16 PowerTools 2008-03-15 21:23 . 2008-03-15 21:23 63 --a------ C:\WINDOWS\system32\0060c3ca 2008-03-15 21:03 . 2008-03-15 21:03 <DIR> d----c--- C:\Program Files\PrevxCSI 2008-03-15 21:03 . 2008-03-15 21:04 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\PrevxCSI 2008-03-15 21:03 . 2008-03-15 21:03 10,752 --a------ C:\WINDOWS\system32\drivers\pxark.sys 2008-03-15 00:56 . 2008-03-15 00:56 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\PC Tools 2008-03-15 00:56 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-03-15 00:56 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-03-15 00:56 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-03-15 00:56 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-03-15 00:15 . 2008-03-15 00:15 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\SUPERAntiSpyware.com 2008-03-15 00:13 . 2001-10-26 17:29 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll 2008-03-15 00:12 . 2004-08-04 00:44 1,036,288 --a--c--- C:\WINDOWS\system32\dllcache\conf.exe 2008-03-15 00:11 . 2008-03-15 00:11 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\SUPERAntiSpyware.com 2008-03-15 00:11 . 2001-10-26 18:28 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll 2008-03-15 00:10 . 2004-08-04 00:43 1,888,992 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll 2008-03-15 00:09 . 2001-10-26 17:29 45,056 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll 2008-03-15 00:06 . 2004-08-04 00:44 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll 2008-03-12 00:34 . 2008-03-12 00:34 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\AdobeUM 2008-03-12 00:29 . 2006-11-24 14:47 40,136 --a------ C:\WINDOWS\system32\drivers\ET5Drv.sys 2008-03-12 00:28 . 2008-03-12 00:28 <DIR> d----c--- C:\Program Files\Gigabyte 2008-03-12 00:28 . 1998-10-02 19:00 327,168 --a--c--- C:\WINDOWS\IsUninst.exe 2008-03-12 00:25 . 2008-03-12 00:25 <DIR> d----c--- C:\Program Files\Realtek 2008-03-10 22:40 . 2008-03-10 22:40 <DIR> d----c--- C:\Program Files\Lavalys 2008-03-09 22:31 . 2008-03-09 22:31 <DIR> d----c--- C:\Documents and Settings\Administrator\.thumbnails 2008-03-09 22:29 . 2008-03-09 22:31 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\gtk-2.0 2008-03-09 22:28 . 2008-03-09 22:46 <DIR> d----c--- C:\Documents and Settings\Administrator\.gimp-2.4 2008-03-09 22:27 . 2008-03-09 22:27 <DIR> d----c--- C:\Program Files\GIMP-2.0 2008-03-05 17:18 . 2007-12-05 06:41 5,611,520 --a------ C:\WINDOWS\system32\nvdispsr.dll 2008-03-05 17:18 . 2007-12-05 06:41 3,715,072 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2008-03-05 17:18 . 2007-12-05 06:41 3,334,144 --a------ C:\WINDOWS\system32\nvgamesr.dll 2008-03-05 17:18 . 2007-12-05 06:41 2,854,912 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2008-03-05 17:18 . 2007-12-05 06:41 2,519,040 --a------ C:\WINDOWS\system32\nvwssr.dll 2008-03-05 17:18 . 2007-12-05 06:41 458,752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2008-03-05 15:22 . 2008-03-05 17:26 <DIR> d----c--- C:\WINDOWS\nview 2008-03-05 15:22 . 2008-03-05 17:26 164,081 --a------ C:\WINDOWS\system32\nvapps.xml 2008-03-05 15:22 . 2007-12-05 06:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-03-05 00:14 . 2008-03-05 00:14 38 --a--c--- C:\WINDOWS\avisplitter.INI 2008-03-04 23:55 . 2008-03-04 23:55 360,576 --a--c--- C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-03-04 23:46 . 2008-03-15 22:46 <DIR> d-a--c--- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-03-04 23:46 . 2008-03-04 23:46 37,888 --a------ C:\WINDOWS\system32\rar.exe 2008-03-04 23:33 . 2008-03-04 23:33 <DIR> d----c--- C:\Documents and Settings\All Users\Szablony 2008-03-04 23:32 . 2008-03-04 23:32 <DIR> dr-h-c--- C:\MSOCache 2008-03-04 23:30 . 2008-03-04 23:37 <DIR> d----c--- C:\WINDOWS\NV13161524.TMP 2008-03-04 23:04 . 2008-03-04 23:04 <DIR> d----c--- C:\Program Files\SystemRequirementsLab 2008-03-04 23:03 . 2008-03-04 23:03 <DIR> d----c--- C:\Documents and Settings\Administrator\SystemRequirementsLab 2008-03-04 22:57 . 2008-03-04 22:57 <DIR> d----c--- C:\NV16641484.TMP 2008-03-04 22:54 . 2008-03-04 22:54 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield 2008-03-04 01:46 . 2008-03-04 01:46 <DIR> d----c--- C:\Program Files\Malicious Software Removal Tool 2008-03-04 01:44 . 2008-03-04 01:44 <DIR> d----c--- C:\Program Files\PowerMenu 2008-03-04 01:41 . 2008-03-04 01:41 <DIR> d----c--- C:\Program Files\MSXML 6.0 2008-03-04 01:40 . 2008-03-04 01:40 <DIR> d----c--- C:\Program Files\Windows Media Connect 2 2008-03-04 01:39 . 2008-03-04 01:39 <DIR> d----c--- C:\Program Files\MarBit 2008-03-04 01:31 . 2008-03-04 23:42 <DIR> d----c--- C:\Program Files\Unlocker 2008-03-04 01:18 . 2008-03-04 01:18 <DIR> d----c--- C:\Program Files\CWShredder 2008-03-04 01:18 . 2005-09-01 19:02 6,998 --a------ C:\WINDOWS\system32\oemlogo.bmp 2008-03-04 01:17 . 2008-03-04 01:17 <DIR> d----c--- C:\Program Files\Dir2File 2008-03-04 01:16 . 2008-03-04 01:16 <DIR> d----c--- C:\Program Files\Microsoft Bootvis 2008-03-04 01:14 . 2008-03-04 01:14 <DIR> d----c--- C:\Program Files\HighMAT CD Writing Wizard 2008-03-04 01:13 . 2008-03-04 01:13 <DIR> d----c--- C:\Program Files\AutoPatcher Tools 2008-03-04 00:43 . 2008-03-16 09:38 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2008-03-03 23:59 . 2008-03-03 23:59 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\Talkback 2008-03-03 23:55 . 2008-03-03 23:55 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic 2008-03-03 23:39 . 2008-03-03 23:39 <DIR> d----c--- C:\Program Files\C-Media 2008-03-03 23:39 . 2008-03-03 23:39 <DIR> d----c--- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 2008-03-03 23:35 . 2008-03-03 23:35 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\NVIDIA 2008-03-03 23:32 . 2008-03-03 23:32 <DIR> d----c--- C:\Program Files\DIFX 2008-03-03 23:27 . 2008-03-03 23:27 <DIR> d----c--- C:\Documents and Settings\Administrator\Gadu-Gadu 2008-03-03 22:32 . 2008-03-04 22:57 0 --------- C:\WINDOWS\system32\nvide.nvu 2008-03-03 22:27 . 2006-10-24 13:13 1,732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin 2008-03-03 22:26 . 2006-10-05 16:35 35,840 --a------ C:\WINDOWS\system32\NVCOI.DLL 2008-03-03 22:25 . 2006-11-27 16:33 895,744 --a------ C:\WINDOWS\system32\drivers\nvnrm.sys 2008-03-03 22:25 . 2006-11-27 16:33 261,632 --a------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2008-03-03 22:25 . 2006-11-27 16:33 110,592 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys 2008-03-03 22:25 . 2006-11-07 14:58 35,840 --a------ C:\WINDOWS\system32\nvconrm.dll 2008-03-03 22:25 . 2006-11-27 16:33 19,968 --a------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2008-03-03 22:25 . 2006-11-27 16:31 9,216 --a------ C:\WINDOWS\system32\bdco1.dll 2008-03-03 22:08 . 2008-03-04 01:22 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Ustawienia lokalne 2008-03-03 22:08 . 2008-03-03 22:08 <DIR> dr---c--- C:\Documents and Settings\Administrator\Ulubione 2008-03-03 22:08 . 2007-11-06 16:45 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Szablony 2008-03-03 22:08 . 2008-03-16 21:25 <DIR> d----c--- C:\Documents and Settings\Administrator\Pulpit 2008-03-03 22:08 . 2007-07-05 21:08 <DIR> dr---c--- C:\Documents and Settings\Administrator\Menu Start 2008-03-03 22:08 . 2008-03-15 21:32 <DIR> dr-h-c--- C:\Documents and Settings\Administrator\Dane aplikacji 2008-03-03 22:07 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ustawienia lokalne 2008-03-03 22:07 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ustawienia lokalne 2008-03-03 22:07 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji\Microsoft 2008-03-03 22:07 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji 2008-03-03 22:07 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji 2008-03-03 22:07 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ustawienia lokalne 2008-03-03 22:07 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ustawienia lokalne . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-16 16:40 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-03-04 22:55 360,576 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2008-03-04 22:34 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-03-04 21:34 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-03-04 21:34 --------- dc----w C:\Program Files\Wintergarten Privat 2008-03-04 21:34 --------- dc----w C:\Program Files\Microsoft Visual Studio 8 2008-03-04 21:34 --------- dc----w C:\Program Files\DivX 2008-03-04 21:34 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\InterVideo 2008-03-04 21:34 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink 2008-03-04 20:47 737,280 -c--a-w C:\WINDOWS\iun6002.exe 2008-03-04 00:44 --------- dc----w C:\Program Files\Java 2008-03-04 00:13 --------- dc----w C:\Program Files\Microsoft CopyProfile 2008-03-03 23:55 --------- dc----w C:\Program Files\SMSFREE 2008-03-03 22:29 14,656 -c--a-w C:\WINDOWS\gdrv.sys 2008-03-03 20:37 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-03-03 20:34 23,238,688 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-03 20:11 867,872 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-03 19:58 83,288 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-03 19:58 316,172 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-20 18:53 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-01-27 14:45 --------- dc----w C:\Program Files\Trend Micro 2008-01-25 05:57 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2008-01-08 17:55 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin 2004-09-28 02:00 26,240 -c--a-w C:\WINDOWS\inf\RAMDSK.SYS 2001-11-23 12:08 712,704 -c--a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ------- Sigcheck ------- 2008-03-04 23:55 360576 e7dfcffa380749b8626ad71e8f367dcb C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-03-04 23:55 360576 e7dfcffa380749b8626ad71e8f367dcb C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39 2119104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 06:41 8523776] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "RunStartupScriptSync"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoChangeKeyboardNavigationIndicators"= 0 (0x0) "NoSMBalloonTip"= 1 (0x1) "MemCheckBoxInRunDlg"= 0 (0x0) "NoAutoTrayNotify"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoResolveSearch"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^PrevxCSI.lnk] path=C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\PrevxCSI.lnk backup=C:\WINDOWS\pss\PrevxCSI.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] --a------ 2007-06-11 10:25 6731312 D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch] --a------ 2002-03-19 17:30 45632 C:\WINDOWS\system32\taskswitch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV] --a--c--- 2007-08-14 14:10 20480 C:\Program Files\Gigabyte\ET5\ETcall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a--c--- 2007-12-05 06:41 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-02-29 16:03 1481968 D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\Gadu-Gadu\\gg.exe"= "D:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-03-15 21:03] R0 Ramdisk;Ramdisk Driver;C:\WINDOWS\system32\DRIVERS\ramdsk.sys [2004-09-28 03:00] R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 12:34] R2 NMSAccessU;NMSAccessU;D:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 12:34] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 12:34] R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 13:47] S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-03-03 23:29] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08] S3 WFIOCTL;WFIOCTL;D:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 16:55] . Contents of the 'Scheduled Tasks' folder "2007-11-03 18:53:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-03 18:53:08 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 21:27:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe . ************************************************************************** . Completion time: 2008-03-16 21:30:02 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-16 20:29:47 SDFIX LOG -> SDFix: Version 1.158 Run by Administrator on 2008-03-16 at 21:09 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\SYSTEM32\NVUIDE.EXE - Deleted C:\WINDOWS\SYSTEM32\NVUNRM.EXE - Deleted C:\WINDOWS\autorun.inf - Deleted C:\WINDOWS\system32\NTSpool.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-16 21:17:48 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 "NoPopUpsOnBoot"=dword:00000001 "Error Mode"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] "Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,.. scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\Program Files\\Gadu-Gadu\\gg.exe"="D:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny" "D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 4 Aug 2004 60,928 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Fri 17 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Finished! Pliki niestety nadal nie działają, not found, 'nie moge otworzyć <scieżka>' przy rarach ;/, co jeszcze moge zrobić?! One muszą działać;/[/b]

Deckard's System Scanner v20071014.68 Run by Administrator on 2008-03-15 23:46:43 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:46:53, on 2008-03-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PnkBstrB.exe D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\Winamp\winamp.exe C:\Documents and Settings\Administrator\Pulpit\dss.exe C:\PROGRA~1\Trend Micro\HijackThis\Administrator.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - Global Startup: Kalendarz XP.lnk = D:\Program Files\Kalendarz XP\Kalendarz.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F13EA4E9-6540-4AAF-A418-8C0F62DCF248}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 2671 bytes -- Files created between 2008-02-15 and 2008-03-15 ----------------------------- 2008-03-15 22:27:36 0 d------c- C:\WINDOWS\LastGood 2008-03-15 21:24:44 0 d------c- C:\Program Files\jv16 PowerTools 2008-03-15 21:23:55 181982 --ahs---- C:\WINDOWS\system32\rrqss.ini2 2008-03-15 21:23:54 63 --a------ C:\WINDOWS\system32\0060c3ca 2008-03-15 21:03:47 10752 --a------ C:\WINDOWS\system32\drivers\pxark.sys <Not Verified; ; Prevx CSI> 2008-03-15 21:03:47 0 d------c- C:\Program Files\PrevxCSI 2008-03-12 00:28:49 0 d------c- C:\Program Files\Gigabyte 2008-03-12 00:28:47 327168 --a----c- C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2008-03-12 00:25:45 0 d------c- C:\Program Files\Realtek 2008-03-10 22:40:40 0 d------c- C:\Program Files\Lavalys 2008-03-09 22:27:34 0 d------c- C:\Program Files\GIMP-2.0 2008-03-05 15:22:47 0 d------c- C:\WINDOWS\nview 2008-03-04 23:46:02 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System> 2008-03-04 23:32:43 0 dr-h---c- C:\MSOCache 2008-03-04 23:30:14 0 d------c- C:\WINDOWS\NV13161524.TMP 2008-03-04 23:04:02 0 d------c- C:\Program Files\SystemRequirementsLab 2008-03-04 22:57:43 0 d------c- C:\NV16641484.TMP 2008-03-04 01:46:08 0 d------c- C:\Program Files\Malicious Software Removal Tool 2008-03-04 01:44:52 0 d------c- C:\Program Files\PowerMenu 2008-03-04 01:41:32 0 d------c- C:\Program Files\MSXML 6.0 2008-03-04 01:40:41 0 d------c- C:\Program Files\Windows Media Connect 2 2008-03-04 01:39:59 0 d------c- C:\Program Files\MarBit 2008-03-04 01:18:47 0 d------c- C:\Program Files\CWShredder 2008-03-04 01:17:34 0 d------c- C:\Program Files\Dir2File 2008-03-04 01:16:25 0 d------c- C:\Program Files\Microsoft Bootvis 2008-03-04 01:14:01 0 d------c- C:\Program Files\HighMAT CD Writing Wizard 2008-03-04 01:13:09 0 d------c- C:\Program Files\AutoPatcher Tools 2008-03-03 23:39:02 0 d------c- C:\Program Files\C-Media 2008-03-03 23:32:55 0 d------c- C:\Program Files\DIFX 2008-03-03 22:32:45 0 --a------ C:\WINDOWS\system32\nvuide.exe 2008-03-03 22:27:10 1732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin 2008-03-03 22:27:09 0 --a------ C:\WINDOWS\system32\nvunrm.exe 2008-03-03 22:25:58 35840 --a------ C:\WINDOWS\system32\nvconrm.dll 2008-03-03 22:25:58 110592 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys 2008-03-03 22:25:58 261632 --a------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2008-03-03 22:25:58 895744 --a------ C:\WINDOWS\system32\drivers\nvnrm.sys 2008-03-03 22:25:58 19968 --a------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2008-03-03 22:25:57 9216 --a------ C:\WINDOWS\system32\bdco1.dll 2008-03-03 17:13:39 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter> 2008-03-03 15:48:57 68096 --a------ C:\WINDOWS\system32\zip.exe 2008-03-03 15:48:57 98816 --a------ C:\WINDOWS\system32\sed.exe 2008-03-03 15:48:57 80412 --a------ C:\WINDOWS\system32\grep.exe 2008-03-03 15:48:56 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-03-02 15:30:16 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-01 20:43:03 0 d------c- C:\Program Files\Winamp Remote 2008-02-25 23:44:39 23552 --a------ C:\WINDOWS\system32\SYNSOACC.dll 2008-02-23 00:13:48 164352 --a------ C:\WINDOWS\system32\unrar.dll 2008-02-23 00:13:46 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec> 2008-02-23 00:13:46 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv> 2008-02-23 00:13:45 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-02-23 00:13:45 755027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-02-23 00:13:45 612864 --a------ C:\WINDOWS\system32\x264vfw.dll 2008-02-23 00:13:45 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70> 2008-02-23 00:13:45 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6> 2008-02-23 00:13:45 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software> 2008-02-23 00:13:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-02-23 00:13:44 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-02-23 00:13:44 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-02-23 00:13:44 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®> 2008-02-20 23:44:13 679936 --a------ C:\WINDOWS\system\xvidcore.dll 2008-02-20 23:41:31 376832 --a------ C:\WINDOWS\system\xvid.dll 2008-02-20 19:14:09 198144 -----n--- C:\WINDOWS\system32\_psisdecd.dll 2008-02-20 19:11:57 0 d------c- C:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP 2008-02-20 18:56:52 0 d--h---c- C:\WINDOWS\PIF 2008-02-20 18:15:35 691545 --a----c- C:\WINDOWS\unins000.exe 2008-02-20 18:15:35 2539 --a----c- C:\WINDOWS\unins000.dat 2008-02-17 16:48:41 0 d------c- C:\Program Files\Elfin -- Find3M Report --------------------------------------------------------------- 2008-03-15 21:32:12 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Grisoft 2008-03-15 21:04:04 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\PrevxCSI 2008-03-15 00:57:37 597148 --a------ C:\WINDOWS\system32\perfh015.dat 2008-03-15 00:57:37 115894 --a------ C:\WINDOWS\system32\perfc015.dat 2008-03-15 00:56:11 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\PC Tools 2008-03-15 00:11:31 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\SUPERAntiSpyware.com 2008-03-12 00:34:35 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\AdobeUM 2008-03-09 22:31:39 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\gtk-2.0 2008-03-07 13:38:04 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2008-03-04 23:46:02 753664 --a------ C:\WINDOWS\system32\NTSpool.exe 2008-03-04 22:54:39 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield 2008-03-04 22:38:35 0 d------c- C:\Program Files\Common Files 2008-03-04 22:34:54 0 d--h---c- C:\Program Files\InstallShield Installation Information 2008-03-04 22:34:54 0 d------c- C:\Program Files\DivX 2008-03-04 22:34:47 0 d------c- C:\Program Files\Microsoft Visual Studio 8 2008-03-04 22:34:40 0 d------c- C:\Program Files\Wintergarten Privat 2008-03-04 21:47:19 737280 --a----c- C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module> 2008-03-04 01:44:04 0 d------c- C:\Program Files\Java 2008-03-04 01:43:00 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Sun 2008-03-04 01:42:02 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Macromedia 2008-03-04 01:42:00 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Adobe 2008-03-04 01:41:50 2529 --a----c- C:\WINDOWS\mozver.dat 2008-03-04 01:40:10 2508 --a----c- C:\Documents and Settings\Administrator\Dane aplikacji\$_hpcst$.hpc 2008-03-04 01:13:18 0 d------c- C:\Program Files\Microsoft CopyProfile 2008-03-04 00:55:51 0 d------c- C:\Program Files\SMSFREE 2008-03-03 23:59:00 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Talkback 2008-03-03 23:58:48 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla 2008-03-03 23:55:20 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic 2008-03-03 23:39:37 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 2008-03-03 00:41:18 219648 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®> 2008-01-27 15:45:22 0 d------c- C:\Program Files\Trend Micro 2008-01-08 18:55:24 8192 --ahs--c- C:\WINDOWS\o2cLicStore.bin -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 06:41] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "RunStartupScriptSync"=0 (0x0) "SynchronousMachineGroupPolicy"=0 (0x0) "SynchronousUserGroupPolicy"=0 (0x0) "DisableStatusMessages"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) "NoColorChoice"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispCPL"=0 (0x0) "NoDispSettingsPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoVisualStyleChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) "DisableTaskMgr"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRemoteRecursiveEvents"=1 (0x1) "NoStrCmpLogical"=1 (0x1) "NoClose"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=01000000 "NoSMConfigurePrograms"=1 (0x1) "NoChangeKeyboardNavigationIndicators"=0 (0x0) "ClearRecentDocsOnExit"=1 (0x1) "NoSMBalloonTip"=1 (0x1) "NoSaveSettings"=0 (0x0) "NoRecentDocsHistory"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) "MemCheckBoxInRunDlg"=0 (0x0) "NoClose"=0 (0x0) "NoAutoTrayNotify"=0 (0x0) "NoResolveTrack"=0 (0x0) "NoResolveSearch"=1 (0x1) "LinkResolveIgnoreLinkInfo"=1 (0x1) "NoStartBanner"=01000000 "NoWelcomeScreen"=1 (0x1) "NoRecentDocsNetHood"=1 (0x1) "NoDesktopCleanupWizard"=1 (0x1) "NoSharedDocuments"=1 (0x1) "NoThemesTab"=0 (0x0) "NoFind"=01000000 "NoViewContextMenu"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqrr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^PrevxCSI.lnk] path=C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\PrevxCSI.lnk backup=C:\WINDOWS\pss\PrevxCSI.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch] C:\WINDOWS\system32\taskswitch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe *Newly Created Service* - PNKBSTRB *Newly Created Service* - PNKBSTRK -- End of Deckard's System Scanner: finished at 2008-03-15 23:47:25 ------------ Chyba wszystko usunięte... a otworzyć dalej nie moge pewnych plików - filmy zdjecia niektóre, rary ;/ Co dalej robić?;/

Deckard's System Scanner v20071014.68 Run by Administrator on 2008-03-15 15:13:58 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 2 Restore Point(s) -- 2: 2008-03-15 14:14:02 UTC - RP21 - Deckard's System Scanner Restore Point 1: 2008-03-14 23:46:06 UTC - RP20 - Installed SUPERAntiSpyware Free Edition Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:14:52, on 2008-03-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Gigabyte\ET5\GUI.exe C:\WINDOWS\system32\taskmgr.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\Administrator\Pulpit\dss.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\Trend Micro\HijackThis\Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [sUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - Global Startup: Kalendarz XP.lnk = D:\Program Files\Kalendarz XP\Kalendarz.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F13EA4E9-6540-4AAF-A418-8C0F62DCF248}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 3017 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\Trend Micro\HijackThis\backups\) ------ backup-20080127-154754-558 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm backup-20080127-154754-703 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 backup-20080314-141029-406 F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* .ini - inifile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 .txt - txtfile - shell\open\command - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 Ramdisk (Ramdisk Driver) - c:\windows\system32\drivers\ramdsk.sys <Not Verified; Totalidea Software; RAMDisk> R2 BT848 (WinFast TV2000 XP WDM Video Capture) - c:\windows\system32\drivers\wf2kvcap.sys <Not Verified; Leadtek Research Inc.; WinFast TV2000 XP WDM Video Capture Driver.> R3 SASENUM - d:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> R3 ULCDRHlp - c:\windows\system32\drivers\ulcdrhlp.sys <Not Verified; Ulead Systems, Inc.; Ulead CD/DVD Burning Engine> S3 WFIOCTL - d:\program files\winfast\wftvfm\wfioctl.sys <Not Verified; Leadtek Research Inc.; WinFast MultiMedia Device Driver (Windows 2000/XP)> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5} Description: Inne urządzenia typu mostek PCI Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_E0001458&REV_A2\3&2411E6FE&0&38 Manufacturer: Name: Inne urządzenia typu mostek PCI PNP Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_E0001458&REV_A2\3&2411E6FE&0&38 Service: -- Scheduled Tasks ------------------------------------------------------------- 2007-11-03 19:53:08 410 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job 2007-11-03 19:53:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-02-15 and 2008-03-15 ----------------------------- 2008-03-14 14:26:50 0 d------c- C:\ComboFix(4) 2008-03-14 14:20:45 0 d------c- C:\ComboFix(2) 2008-03-12 17:41:10 70207 -rahs--c- C:\host.exe <Not Verified; ; BindFile ????> 2008-03-12 17:41:10 1211 -rahs--c- C:\copy.exe 2008-03-12 17:41:08 1211 -rahs--c- C:\WINDOWS\xcopy.exe 2008-03-12 00:28:49 0 d------c- C:\Program Files\Gigabyte 2008-03-12 00:28:47 327168 --a----c- C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2008-03-12 00:25:45 0 d------c- C:\Program Files\Realtek 2008-03-10 22:40:40 0 d------c- C:\Program Files\Lavalys 2008-03-09 22:27:34 0 d------c- C:\Program Files\GIMP-2.0 2008-03-05 15:22:47 0 d------c- C:\WINDOWS\nview 2008-03-04 23:46:02 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System> 2008-03-04 23:32:43 0 dr-h---c- C:\MSOCache 2008-03-04 23:30:14 0 d------c- C:\WINDOWS\NV13161524.TMP 2008-03-04 23:04:02 0 d------c- C:\Program Files\SystemRequirementsLab 2008-03-04 22:57:43 0 d------c- C:\NV16641484.TMP 2008-03-04 01:46:08 0 d------c- C:\Program Files\Malicious Software Removal Tool 2008-03-04 01:44:52 0 d------c- C:\Program Files\PowerMenu 2008-03-04 01:41:32 0 d------c- C:\Program Files\MSXML 6.0 2008-03-04 01:40:41 0 d------c- C:\Program Files\Windows Media Connect 2 2008-03-04 01:39:59 0 d------c- C:\Program Files\MarBit 2008-03-04 01:18:47 0 d------c- C:\Program Files\CWShredder 2008-03-04 01:17:34 0 d------c- C:\Program Files\Dir2File 2008-03-04 01:16:25 0 d------c- C:\Program Files\Microsoft Bootvis 2008-03-04 01:14:01 0 d------c- C:\Program Files\HighMAT CD Writing Wizard 2008-03-04 01:13:09 0 d------c- C:\Program Files\AutoPatcher Tools 2008-03-03 23:39:02 0 d------c- C:\Program Files\C-Media 2008-03-03 23:32:55 0 d------c- C:\Program Files\DIFX 2008-03-03 22:32:45 0 --a------ C:\WINDOWS\system32\nvuide.exe 2008-03-03 22:27:10 1732 --a------ C:\WINDOWS\system32\drivers\nvphy.bin 2008-03-03 22:27:09 0 --a------ C:\WINDOWS\system32\nvunrm.exe 2008-03-03 22:25:58 35840 --a------ C:\WINDOWS\system32\nvconrm.dll 2008-03-03 22:25:58 110592 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys 2008-03-03 22:25:58 261632 --a------ C:\WINDOWS\system32\drivers\nvsnpu.sys 2008-03-03 22:25:58 895744 --a------ C:\WINDOWS\system32\drivers\nvnrm.sys 2008-03-03 22:25:58 19968 --a------ C:\WINDOWS\system32\drivers\nvnetbus.sys 2008-03-03 22:25:57 9216 --a------ C:\WINDOWS\system32\bdco1.dll 2008-03-03 17:13:39 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter> 2008-03-03 15:48:57 68096 --a------ C:\WINDOWS\system32\zip.exe 2008-03-03 15:48:57 98816 --a------ C:\WINDOWS\system32\sed.exe 2008-03-03 15:48:57 80412 --a------ C:\WINDOWS\system32\grep.exe 2008-03-03 15:48:56 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-03-02 15:30:16 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-01 20:43:03 0 d------c- C:\Program Files\Winamp Remote 2008-02-25 23:44:39 23552 --a------ C:\WINDOWS\system32\SYNSOACC.dll 2008-02-23 00:13:48 164352 --a------ C:\WINDOWS\system32\unrar.dll 2008-02-23 00:13:46 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec> 2008-02-23 00:13:46 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv> 2008-02-23 00:13:45 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-02-23 00:13:45 755027 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-02-23 00:13:45 612864 --a------ C:\WINDOWS\system32\x264vfw.dll 2008-02-23 00:13:45 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70> 2008-02-23 00:13:45 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6> 2008-02-23 00:13:45 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software> 2008-02-23 00:13:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-02-23 00:13:44 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-02-23 00:13:44 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-02-23 00:13:44 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®> 2008-02-20 23:44:13 679936 --a------ C:\WINDOWS\system\xvidcore.dll 2008-02-20 23:41:31 376832 --a------ C:\WINDOWS\system\xvid.dll 2008-02-20 19:14:09 198144 -----n--- C:\WINDOWS\system32\_psisdecd.dll 2008-02-20 19:11:57 0 d------c- C:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP 2008-02-20 18:56:52 0 d--h---c- C:\WINDOWS\PIF 2008-02-20 18:15:35 691545 --a----c- C:\WINDOWS\unins000.exe 2008-02-20 18:15:35 2539 --a----c- C:\WINDOWS\unins000.dat 2008-02-17 16:48:41 0 d------c- C:\Program Files\Elfin -- Find3M Report --------------------------------------------------------------- 2008-03-15 00:57:37 597148 --a------ C:\WINDOWS\system32\perfh015.dat 2008-03-15 00:57:37 115894 --a------ C:\WINDOWS\system32\perfc015.dat 2008-03-15 00:56:11 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\PC Tools 2008-03-15 00:11:31 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\SUPERAntiSpyware.com 2008-03-12 00:34:35 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\AdobeUM 2008-03-09 22:31:39 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\gtk-2.0 2008-03-07 13:38:04 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2008-03-04 23:46:02 753664 --a------ C:\WINDOWS\system32\NTSpool.exe 2008-03-04 22:54:39 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield 2008-03-04 22:38:35 0 d------c- C:\Program Files\Common Files 2008-03-04 22:34:54 0 d--h---c- C:\Program Files\InstallShield Installation Information 2008-03-04 22:34:54 0 d------c- C:\Program Files\DivX 2008-03-04 22:34:47 0 d------c- C:\Program Files\Microsoft Visual Studio 8 2008-03-04 22:34:40 0 d------c- C:\Program Files\Wintergarten Privat 2008-03-04 21:47:19 737280 --a----c- C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module> 2008-03-04 01:44:04 0 d------c- C:\Program Files\Java 2008-03-04 01:43:00 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Sun 2008-03-04 01:42:02 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Macromedia 2008-03-04 01:42:00 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Adobe 2008-03-04 01:41:50 2529 --a----c- C:\WINDOWS\mozver.dat 2008-03-04 01:40:10 2508 --a----c- C:\Documents and Settings\Administrator\Dane aplikacji\$_hpcst$.hpc 2008-03-04 01:13:18 0 d------c- C:\Program Files\Microsoft CopyProfile 2008-03-04 00:55:51 0 d------c- C:\Program Files\SMSFREE 2008-03-03 23:59:00 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Talkback 2008-03-03 23:58:48 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla 2008-03-03 23:55:20 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Media Player Classic 2008-03-03 23:39:37 0 d------c- C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 2008-03-03 00:41:18 219648 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; System operacyjny Microsoft® Windows®> 2008-01-27 15:45:22 0 d------c- C:\Program Files\Trend Micro 2008-01-08 18:55:24 8192 --ahs--c- C:\WINDOWS\o2cLicStore.bin -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 06:41] "nwiz"="nwiz.exe" [2007-12-05 06:41 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41] "EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2007-08-14 14:10] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39] "SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "RunStartupScriptSync"=0 (0x0) "SynchronousMachineGroupPolicy"=0 (0x0) "SynchronousUserGroupPolicy"=0 (0x0) "DisableStatusMessages"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) "NoColorChoice"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispCPL"=0 (0x0) "NoDispSettingsPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoVisualStyleChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) "DisableTaskMgr"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRemoteRecursiveEvents"=1 (0x1) "NoStrCmpLogical"=1 (0x1) "NoClose"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"=01000000 "NoSMConfigurePrograms"=1 (0x1) "NoChangeKeyboardNavigationIndicators"=0 (0x0) "ClearRecentDocsOnExit"=1 (0x1) "NoSMBalloonTip"=1 (0x1) "NoSaveSettings"=0 (0x0) "NoRecentDocsHistory"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) "MemCheckBoxInRunDlg"=0 (0x0) "NoClose"=0 (0x0) "NoAutoTrayNotify"=0 (0x0) "NoResolveTrack"=0 (0x0) "NoResolveSearch"=1 (0x1) "LinkResolveIgnoreLinkInfo"=1 (0x1) "NoStartBanner"=01000000 "NoWelcomeScreen"=1 (0x1) "NoRecentDocsNetHood"=1 (0x1) "NoDesktopCleanupWizard"=1 (0x1) "NoSharedDocuments"=1 (0x1) "NoThemesTab"=0 (0x0) "NoFind"=01000000 "NoViewContextMenu"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f7fbb5-ea9f-11dc-8f9d-4d6564696130}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe *Newly Created Service* - MARKFUN_NT -- End of Deckard's System Scanner: finished at 2008-03-15 15:15:25 ------------ A katalogi dllcache nie usuwałem, tak - mam płytke z sp2 kompilacja z 2008, i nie wyskakuje mi nic ze to nie ta płyta tylko jest cos na zasadzie że klikam ok, okienko znika na troche, i znowu sie pojawia - i tak w kółko

No ok, więc co, nie mam wszystkich plików systemowych że mi to okienko wyskakuje? Jak je skopiować? Bo próbowałem dwiema płytami z winda xp i nie idzie, cały czas wyskakuje. 'W takim razie sprawdz Dss zamiast combofix.' co to jest to DSS, link bym prosił.

Dss ? Cóż to? a po wpisaniu tego sfc /scannow mignelo mi jakies okienko, i pozniej wyskoczyla ochrona plików systemowych Pliki wymagane do prawidłowego działania systemu windows musza zostać skopiowane do Buforu DLL - i nie moge wyłączyć tego okienka;/

Chętnie dałbym loga z combofixa ale kiedy go uruchamiam, wyskakuje konsolka programu w ktorej napisane jest ze wersja ta jest niekompatybilna z moim systemem, program tylko dla wind 2k i xp - ALE JA MAM WŁAŚNIE XP :blink:

Jestem na koncie Admina bo tylko to konto mi zostało po odzyskiwaniu. Pozostały tylko pojedyncze pliki starego profilu...;/ Unlocker nic nie widzi. W opcjach folderów odznacz "uzyj prostego udostepniania plików" - zrobiłem i nadal nic. Ponadto w dodaj usuń po odzyskaniu kompa nie było żadnych programów, mimo że ich pliki były oraz same działały - tylko wszystkie miały defaultowe ustawienia. Log z hijacka - Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:32:39, on 2008-03-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\temp1.exe C:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Gigabyte\ET5\GUI.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Policies\Explorer\Run: [Windows Security Tool] WinSecure.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - Global Startup: Kalendarz XP.lnk = D:\Program Files\Kalendarz XP\Kalendarz.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F13EA4E9-6540-4AAF-A418-8C0F62DCF248}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 2609 bytes